Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe

Overview

General Information

Sample Name:2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe
Analysis ID:1338927
MD5:66e51a7bdc0e564e87b21187d385e73c
SHA1:75ca0cc99719db0770603fedc6cc6b05e462c0a6
SHA256:2c8cda2ccc942b4eda8e1ee37a8f68c557fee80e14244f1a401321ccf1091e83
Tags:exeQuasarRATRAT
Infos:

Detection

Quasar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Yara detected Quasar RAT
Snort IDS alert for network traffic
Machine Learning detection for sample
Yara detected Generic Downloader
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Quasar RAT, QuasarRATQuasar RAT is a malware family written in .NET which is used by a variety of attackers. The malware is fully functional and open source, and is often packed to make analysis of the source more difficult.
  • APT33
  • Dropping Elephant
  • Stone Panda
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.quasar_rat

Malware Configuration

Threatname: Quasar

{"Version": "1.4.1", "Host:Port": "212.23.222.42:7332;", "SubDirectory": "SubDir", "InstallName": "Client.exe", "MutexName": "8e6c6c66-0494-4473-a1b5-36eb0ef84dde", "StartupKey": "Quasar Client Startup", "Tag": "7332", "LogDirectoryName": "Logs", "ServerSignature": "lXm/Cu2LcXcWSFHeO+yped1BEV074Y/77mApvDmv+4u/vExuUO+sSQirU+a76b5r6nJQoMTE9PrygR2KO5wK4PBPIyniSYcLp7g1rDcxUlSrc0YZ3barFigPXy0UCHtvUXSiootHw+64ngE0WGfB5HtZJ2EAy+u/VW/A9K+Eh1epXNBOFOv1MygYHV7lP8BEiQQt4rcS9Ko9sw4ZNT7/ClMdIoSSD9Ikk0TukAE8SNQMFbYk1Ud2EvfKe/DMU0Yl/h384nbTUk48qyAjmW5JzttMdhVGktSyR+jD0G+GUv68U2Ea2KYS2Y7CFYxpz6YUnvMH6mRy2LPiSh1drwekADs9/9VYdZHVNDsS0iPHI8LOj3MJpXbWlWMe+ejcABeNM1xrXeSSAWn+UTc3BSJB1vg9/J2pYRI9c5YKurlGNDVUCsOYESsjM6nA9Qk9pU6fpkYb4OzsstcAypXjXpXGI5SCMrALutCAKod16XOJpHsl+ExOTPtsAT11Wkwpb60AyMM22vpKfjZQpYYTp33CcR4rO8GxGTdOXQxtavqVp6/g9QSM2dENUSduKzTvFi48WSiV0IltIlIvq0kkiX9pT+6QKOj4Omarv2ee6TzttnXPIXJ8nCMYDAod4sjdb8daYaZtlLv0ZCpxmlioaFlX3+i85FFDUa9CcZex4/IOreg=", "ServerCertificate": "MIIE9DCCAtygAwIBAgIQALrtZqGv9sx0zQTGjlLAbTANBgkqhkiG9w0BAQ0FADAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMCAXDTIzMDQyNzE5MTIyNVoYDzk5OTkxMjMxMjM1OTU5WjAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuStj+OQuXMrPbNMO6BWIBzGMDjye1qhv32TUaQ4r2Dy96vYzVt5DsaCiYzXALPEaZvRID5hM7Y6AdfS5JU33XG3sJfdWkxIOuNIkjET+E1Fiq/Wy2pR1y/aZ24I2cQlJX9jCJqxiY9IEjt0dihxBTOQDH68wX5zjC4MPZgIe4Ar/ON04K4tGQy0HvPqfHIUvD56weWnOFPc+wv/cuGi8RGjF15wdJ29KZ8krqNvM4S74phepsUzuXmzMvGpzbBCXB2G8V2cv5XDPYfTeCNH/84PZXR1K6JsfLh4H15opmW5VSXpxrZqq/32D4kBuYwGJqVz5FAZbnhKwICovttMhJRPYsiGKoeEDrCAhwqWtSwSYEvUam/vTUrYdz68MGMOHy979D+4Z7lou5IQvIcnMHrT94iQ0gjuGQiWlSFTMmf689syeLnsIMa8ZFQdFW5CFdfAh0xq/w5u478nmg8+yDLuOR7gyNqwkFxGG7TRg7MrdQ+XMmlvv9KOIdizAYTSlN11wnp7cYfOoYN/yT851eKVXPtMwpdsx2bEeaNGBkcuxUz9n3H/WnCJ/LmiP5gKzWHnUA4Pg55rUtyjcHR5gpw5eVZ8RYttZjY8ow8zkPuFodq4fTbPgGnVBRLvr663yYxnPtiq7SV5yJGdtN3R6CJ8kDkLydWaSwDNOGWY8fmECAwEAAaMyMDAwHQYDVR0OBBYEFGruLSiPz/6k7yQqF6m26rVkd3pgMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAAFaDSRebPLOwx0OYW92VWQxXKb16xnbAJq3euzRs5N3V37wfRQVGVdP4PTrqE10kONRxvJZCQe3gnNFDnkhPBddn7FYw7K1Kmfa2BdYXYLWgQilFDO2HOAfueuZU0VZlIjY+ppvhLwjYJjb3kAMFwUsBqOnx+QVg+0jExNyqNNDwhWjUcaGes372jRBr5lnq/D9R95mJHS7mJ3F98q6d04fA7hS8AVZycr8fGOE0ohRxSCx9N2MEyCm9a5tCUDBOjVri1D7aUrB8WpuqtinAjGGM649fRysjyxHp15lJ2/FR3WUhj3ij91k4cJBED3vjpGyVdzKEo9LpyPInoz6qHUyYDQTAlBtxJXqjC7DTgONOUp/klnS695lJnQ/TRbkhCMYG+jTxABlYEVgyV0ARtgoJ0fd3xtg180eTwFe9zr5zS0Y6ThFYwyP7ziEJR6pCntZtiCD1Y/qemVXmubit/ONrZyZxj/YBLqEwgGrh7ifxEn1ooNzZziCqCBF1yu/9mpq+vVtypB0DO7Vx8Poltdy0lEs9j70BScFpS3am5Fxs+MuWbHnsSIhivYp8qj7EW8uB2losLptcQuP+qF9hmriQ17TXNmYHL2MRMAf3g0h2Mka3OPgJd5/5zl0rfKzVoFqF3Pcawewn50jk6AIILybjxORAMq6mq3+pe8m9HCq"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeJoeSecurity_QuasarYara detected Quasar RATJoe Security
    2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeMAL_QuasarRAT_May19_1Detects QuasarRAT malwareFlorian Roth
      • 0x28ee9d:$x1: Quasar.Common.Messages
      • 0x29f1c6:$x1: Quasar.Common.Messages
      • 0x2ab826:$x4: Uninstalling... good bye :-(
      • 0x2ad01b:$xc2: 00 70 00 69 00 6E 00 67 00 20 00 2D 00 6E 00 20 00 31 00 30 00 20 00 6C 00 6F 00 63 00 61 00 6C 00 68 00 6F 00 73 00 74 00 20 00 3E 00 20 00 6E 00 75 00 6C 00 0D 00 0A 00 64 00 65 00 6C 00 20 ...
      2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeINDICATOR_SUSPICIOUS_GENInfoStealerDetects executables containing common artifcats observed in infostealersditekSHen
      • 0x2aadd8:$f1: FileZilla\recentservers.xml
      • 0x2aae18:$f2: FileZilla\sitemanager.xml
      • 0x2aae5a:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions
      • 0x2ab0a6:$b1: Chrome\User Data\
      • 0x2ab0fc:$b1: Chrome\User Data\
      • 0x2ab3d4:$b2: Mozilla\Firefox\Profiles
      • 0x2ab4d0:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
      • 0x2fd454:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
      • 0x2ab628:$b4: Opera Software\Opera Stable\Login Data
      • 0x2ab6e2:$b5: YandexBrowser\User Data\
      • 0x2ab750:$b5: YandexBrowser\User Data\
      • 0x2ab424:$s4: logins.json
      • 0x2ab15a:$a1: username_value
      • 0x2ab178:$a2: password_value
      • 0x2ab464:$a3: encryptedUsername
      • 0x2fd398:$a3: encryptedUsername
      • 0x2ab488:$a4: encryptedPassword
      • 0x2fd3b6:$a4: encryptedPassword
      • 0x2fd334:$a5: httpRealm
      2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeMALWARE_Win_QuasarStealerDetects Quasar infostealerditekshen
      • 0x164f16:$s1: PGma.System.MouseKeyHook, Version=5.6.130.0, Culture=neutral, PublicKeyToken=null
      • 0x2ab910:$s3: Process already elevated.
      • 0x28eb9c:$s4: get_PotentiallyVulnerablePasswords
      • 0x278c58:$s5: GetKeyloggerLogsDirectory
      • 0x29e925:$s5: GetKeyloggerLogsDirectory
      • 0x28ebbf:$s6: set_PotentiallyVulnerablePasswords
      • 0x2fea82:$s7: BQuasar.Client.Extensions.RegistryKeyExtensions+<GetKeyValues>

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.2509660485.0000000002C44000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
        00000000.00000000.1258962424.0000000000780000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
          00000000.00000002.2509660485.0000000002A71000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
            00000000.00000000.1258597979.0000000000462000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
              Process Memory Space: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe PID: 7640JoeSecurity_QuasarYara detected Quasar RATJoe Security

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.0.2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe.460000.0.unpackJoeSecurity_QuasarYara detected Quasar RATJoe Security
                  0.0.2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe.460000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                    0.0.2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe.460000.0.unpackMAL_QuasarRAT_May19_1Detects QuasarRAT malwareFlorian Roth
                    • 0x28ee9d:$x1: Quasar.Common.Messages
                    • 0x29f1c6:$x1: Quasar.Common.Messages
                    • 0x2ab826:$x4: Uninstalling... good bye :-(
                    • 0x2ad01b:$xc2: 00 70 00 69 00 6E 00 67 00 20 00 2D 00 6E 00 20 00 31 00 30 00 20 00 6C 00 6F 00 63 00 61 00 6C 00 68 00 6F 00 73 00 74 00 20 00 3E 00 20 00 6E 00 75 00 6C 00 0D 00 0A 00 64 00 65 00 6C 00 20 ...
                    0.0.2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe.460000.0.unpackINDICATOR_SUSPICIOUS_GENInfoStealerDetects executables containing common artifcats observed in infostealersditekSHen
                    • 0x2aadd8:$f1: FileZilla\recentservers.xml
                    • 0x2aae18:$f2: FileZilla\sitemanager.xml
                    • 0x2aae5a:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions
                    • 0x2ab0a6:$b1: Chrome\User Data\
                    • 0x2ab0fc:$b1: Chrome\User Data\
                    • 0x2ab3d4:$b2: Mozilla\Firefox\Profiles
                    • 0x2ab4d0:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
                    • 0x2fd454:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
                    • 0x2ab628:$b4: Opera Software\Opera Stable\Login Data
                    • 0x2ab6e2:$b5: YandexBrowser\User Data\
                    • 0x2ab750:$b5: YandexBrowser\User Data\
                    • 0x2ab424:$s4: logins.json
                    • 0x2ab15a:$a1: username_value
                    • 0x2ab178:$a2: password_value
                    • 0x2ab464:$a3: encryptedUsername
                    • 0x2fd398:$a3: encryptedUsername
                    • 0x2ab488:$a4: encryptedPassword
                    • 0x2fd3b6:$a4: encryptedPassword
                    • 0x2fd334:$a5: httpRealm
                    0.0.2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe.460000.0.unpackMALWARE_Win_QuasarStealerDetects Quasar infostealerditekshen
                    • 0x164f16:$s1: PGma.System.MouseKeyHook, Version=5.6.130.0, Culture=neutral, PublicKeyToken=null
                    • 0x2ab910:$s3: Process already elevated.
                    • 0x28eb9c:$s4: get_PotentiallyVulnerablePasswords
                    • 0x278c58:$s5: GetKeyloggerLogsDirectory
                    • 0x29e925:$s5: GetKeyloggerLogsDirectory
                    • 0x28ebbf:$s6: set_PotentiallyVulnerablePasswords
                    • 0x2fea82:$s7: BQuasar.Client.Extensions.RegistryKeyExtensions+<GetKeyValues>

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    Timestamp:212.23.222.42192.168.2.107332497032035595 11/08/23-10:41:11.525851
                    SID:2035595
                    Source Port:7332
                    Destination Port:49703
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeMalware Configuration Extractor: Quasar {"Version": "1.4.1", "Host:Port": "212.23.222.42:7332;", "SubDirectory": "SubDir", "InstallName": "Client.exe", "MutexName": "8e6c6c66-0494-4473-a1b5-36eb0ef84dde", "StartupKey": "Quasar Client Startup", "Tag": "7332", "LogDirectoryName": "Logs", "ServerSignature": "lXm/Cu2LcXcWSFHeO+yped1BEV074Y/77mApvDmv+4u/vExuUO+sSQirU+a76b5r6nJQoMTE9PrygR2KO5wK4PBPIyniSYcLp7g1rDcxUlSrc0YZ3barFigPXy0UCHtvUXSiootHw+64ngE0WGfB5HtZJ2EAy+u/VW/A9K+Eh1epXNBOFOv1MygYHV7lP8BEiQQt4rcS9Ko9sw4ZNT7/ClMdIoSSD9Ikk0TukAE8SNQMFbYk1Ud2EvfKe/DMU0Yl/h384nbTUk48qyAjmW5JzttMdhVGktSyR+jD0G+GUv68U2Ea2KYS2Y7CFYxpz6YUnvMH6mRy2LPiSh1drwekADs9/9VYdZHVNDsS0iPHI8LOj3MJpXbWlWMe+ejcABeNM1xrXeSSAWn+UTc3BSJB1vg9/J2pYRI9c5YKurlGNDVUCsOYESsjM6nA9Qk9pU6fpkYb4OzsstcAypXjXpXGI5SCMrALutCAKod16XOJpHsl+ExOTPtsAT11Wkwpb60AyMM22vpKfjZQpYYTp33CcR4rO8GxGTdOXQxtavqVp6/g9QSM2dENUSduKzTvFi48WSiV0IltIlIvq0kkiX9pT+6QKOj4Omarv2ee6TzttnXPIXJ8nCMYDAod4sjdb8daYaZtlLv0ZCpxmlioaFlX3+i85FFDUa9CcZex4/IOreg=", "ServerCertificate": "MIIE9DCCAtygAwIBAgIQALrtZqGv9sx0zQTGjlLAbTANBgkqhkiG9w0BAQ0FADAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMCAXDTIzMDQyNzE5MTIyNVoYDzk5OTkxMjMxMjM1OTU5WjAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuStj+OQuXMrPbNMO6BWIBzGMDjye1qhv32TUaQ4r2Dy96vYzVt5DsaCiYzXALPEaZvRID5hM7Y6AdfS5JU33XG3sJfdWkxIOuNIkjET+E1Fiq/Wy2pR1y/aZ24I2cQlJX9jCJqxiY9IEjt0dihxBTOQDH68wX5zjC4MPZgIe4Ar/ON04K4tGQy0HvPqfHIUvD56weWnOFPc+wv/cuGi8RGjF15wdJ29KZ8krqNvM4S74phepsUzuXmzMvGpzbBCXB2G8V2cv5XDPYfTeCNH/84PZXR1K6JsfLh4H15opmW5VSXpxrZqq/32D4kBuYwGJqVz5FAZbnhKwICovttMhJRPYsiGKoeEDrCAhwqWtSwSYEvUam/vTUrYdz68MGMOHy979D+4Z7lou5IQvIcnMHrT94iQ0gjuGQiWlSFTMmf689syeLnsIMa8ZFQdFW5CFdfAh0xq/w5u478nmg8+yDLuOR7gyNqwkFxGG7TRg7MrdQ+XMmlvv9KOIdizAYTSlN11wnp7cYfOoYN/yT851eKVXPtMwpdsx2bEeaNGBkcuxUz9n3H/WnCJ/LmiP5gKzWHnUA4Pg55rUtyjcHR5gpw5eVZ8RYttZjY8ow8zkPuFodq4fTbPgGnVBRLvr663yYxnPtiq7SV5yJGdtN3R6CJ8kDkLydWaSwDNOGWY8fmECAwEAAaMyMDAwHQYDVR0OBBYEFGruLSiPz/6k7yQqF6m26rVkd3pgMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAAFaDSRebPLOwx0OYW92VWQxXKb16xnbAJq3euzRs5N3V37wfRQVGVdP4PTrqE10kONRxvJZCQe3gnNFDnkhPBddn7FYw7K1Kmfa2BdYXYLWgQilFDO2HOAfueuZU0VZlIjY+ppvhLwjYJjb3kAMFwUsBqOnx+QVg+0jExNyqNNDwhWjUcaGes372jRBr5lnq/D9R95mJHS7mJ3F98q6d04fA7hS8AVZycr8fGOE0ohRxSCx9N2MEyCm9a5tCUDBOjVri1D7aUrB8WpuqtinAjGGM649fRysjyxHp15lJ2/FR3WUhj3ij91k4cJBED3vjpGyVdzKEo9LpyPInoz6qHUyYDQTAlBtxJXqjC7DTgONOUp/klnS695lJnQ/TRbkhCMYG+jTxABlYEVgyV0ARtgoJ0fd3xtg180eTwFe9zr5zS0Y6ThFYwyP7ziEJR6pCntZtiCD1Y/qemVXmubit/ONrZyZxj/YBLqEwgGrh7ifxEn1ooNzZziCqCBF1yu/9mpq+vVtypB0DO7Vx8Poltdy0lEs9j70BScFpS3am5Fxs+MuWbHnsSIhivYp8qj7EW8uB2losLptcQuP+qF9hmriQ17TXNmYHL2MRMAf3g0h2Mka3OPgJd5/5zl0rfKzVoFqF3Pcawewn50jk6AIILybjxORAMq6mq3+pe8m9HCq"}
                    Multi AV Scanner detection for submitted file
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeVirustotal: Detection: 79%Perma Link
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeReversingLabs: Detection: 76%
                    Antivirus / Scanner detection for submitted sample
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeAvira: detected
                    Antivirus detection for URL or domain
                    Source: 212.23.222.42Avira URL Cloud: Label: malware
                    Multi AV Scanner detection for domain / URL
                    Source: 212.23.222.42Virustotal: Detection: 10%Perma Link
                    Yara detected Quasar RAT
                    Source: Yara matchFile source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe.460000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2509660485.0000000002C44000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000000.1258962424.0000000000780000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2509660485.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000000.1258597979.0000000000462000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe PID: 7640, type: MEMORYSTR
                    Machine Learning detection for sample
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeJoe Sandbox ML: detected
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 147.135.36.89:443 -> 192.168.2.10:49705 version: TLS 1.2
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Networking

                    barindex
                    Snort IDS alert for network traffic
                    Source: TrafficSnort IDS: 2035595 ET TROJAN Generic AsyncRAT Style SSL Cert 212.23.222.42:7332 -> 192.168.2.10:49703
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe.460000.0.unpack, type: UNPACKEDPE
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 212.23.222.42
                    Source: Joe Sandbox ViewASN Name: TMRDE TMRDE
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0Host: ipwho.isConnection: Keep-Alive
                    Source: global trafficTCP traffic: 192.168.2.10:49703 -> 212.23.222.42:7332
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownTCP traffic detected without corresponding DNS query: 212.23.222.42
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000002.2512217948.000000001B75E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microY
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000002.2508569482.0000000000BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000002.2511850391.000000001B43B000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000002.2509660485.0000000002BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ipwho.is
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000002.2509660485.0000000002C44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000002.2509660485.0000000002A71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeString found in binary or memory: https://api.ipify.org/
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000002.2509660485.0000000002BDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipwho.is
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeString found in binary or memory: https://ipwho.is/
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000002.2509660485.0000000002BDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipwho.is0
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeString found in binary or memory: https://stackoverflow.com/q/2152978/23354sCannot
                    Source: unknownDNS traffic detected: queries for: ipwho.is
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0Host: ipwho.isConnection: Keep-Alive
                    Source: unknownHTTPS traffic detected: 147.135.36.89:443 -> 192.168.2.10:49705 version: TLS 1.2

                    E-Banking Fraud

                    barindex
                    Yara detected Quasar RAT
                    Source: Yara matchFile source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe.460000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2509660485.0000000002C44000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000000.1258962424.0000000000780000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2509660485.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000000.1258597979.0000000000462000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe PID: 7640, type: MEMORYSTR

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, type: SAMPLEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, type: SAMPLEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, type: SAMPLEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Source: 0.0.2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe.460000.0.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 0.0.2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe.460000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 0.0.2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe.460000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, type: SAMPLEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, type: SAMPLEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: 0.0.2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe.460000.0.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 0.0.2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe.460000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 0.0.2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe.460000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BB8A610_2_00007FF7C1BB8A61
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BC6A260_2_00007FF7C1BC6A26
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BCEC900_2_00007FF7C1BCEC90
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BB5BE10_2_00007FF7C1BB5BE1
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BB4DC60_2_00007FF7C1BB4DC6
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BCA5CB0_2_00007FF7C1BCA5CB
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BCB07B0_2_00007FF7C1BCB07B
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BC77D20_2_00007FF7C1BC77D2
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BBA7CD0_2_00007FF7C1BBA7CD
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BC51FD0_2_00007FF7C1BC51FD
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1C823910_2_00007FF7C1C82391
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000000.1258962424.0000000000780000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameClient.exe. vs 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeBinary or memory string: OriginalFilenameClient.exe. vs 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeVirustotal: Detection: 79%
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeReversingLabs: Detection: 76%
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/2@1/2
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeMutant created: \Sessions\1\BaseNamedObjects\Local\8e6c6c66-0494-4473-a1b5-36eb0ef84dde
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeString found in binary or memory: HasSubValue3Conflicting item/add type
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeStatic file information: File size 3266048 > 1048576
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x31c600
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C182D2A5 pushad ; iretd 0_2_00007FF7C182D2A6
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1947964 push ebx; retf 0_2_00007FF7C194796A
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C19474CB push ebx; iretd 0_2_00007FF7C194756A
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BD22F0 push esp; iretd 0_2_00007FF7C1BD22F1
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BD23AF push edi; iretd 0_2_00007FF7C1BD23B0
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BD6DB1 push ebx; retf 0_2_00007FF7C1BD796A
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BD0DBE push cs; iretd 0_2_00007FF7C1BD0DBF
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BD0D57 push cs; iretd 0_2_00007FF7C1BD0D58
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BD0D44 push cs; iretd 0_2_00007FF7C1BD0D45
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeCode function: 0_2_00007FF7C1BB6547 push ebp; ret 0_2_00007FF7C1BB6548

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeFile opened: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe TID: 8128Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeWindow / User API: threadDelayed 877Jump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeWindow / User API: threadDelayed 386Jump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS
                    Source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000002.2512217948.000000001B744000.00000004.00000020.00020000.00000000.sdmp, 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000002.2512217948.000000001B630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeQueries volume information: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Quasar RAT
                    Source: Yara matchFile source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe.460000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2509660485.0000000002C44000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000000.1258962424.0000000000780000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2509660485.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000000.1258597979.0000000000462000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe PID: 7640, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected Quasar RAT
                    Source: Yara matchFile source: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe.460000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2509660485.0000000002C44000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000000.1258962424.0000000000780000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2509660485.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000000.1258597979.0000000000462000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe PID: 7640, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
                    Valid Accounts21
                    Windows Management Instrumentation                    		Path InterceptionPath Interception2
                    Virtualization/Sandbox Evasion                    		OS Credential Dumping11
                    Security Software Discovery                    		Remote Services1
                    Archive Collected Data                    		Exfiltration Over Other Network Medium11
                    Encrypted Channel                    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
                    Default Accounts2
                    Command and Scripting Interpreter                    		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                    Disable or Modify Tools                    		LSASS Memory2
                    Virtualization/Sandbox Evasion                    		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
                    Non-Standard Port                    		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
                    Domain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                    Hidden Files and Directories                    		Security Account Manager1
                    Application Window Discovery                    		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                    Ingress Tool Transfer                    		Data Encrypted for ImpactDNS ServerEmail Addresses
                    Local AccountsCronLogin HookLogin Hook1
                    Obfuscated Files or Information                    		NTDS23
                    System Information Discovery                    		Distributed Component Object ModelInput CaptureTraffic Duplication2
                    Non-Application Layer Protocol                    		Data DestructionVirtual Private ServerEmployee Names
                    Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsInternet Connection DiscoverySSHKeyloggingScheduled Transfer113
                    Application Layer Protocol                    		Data Encrypted for ImpactServerGather Victim Network Information

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe79%VirustotalBrowse
                    2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe76%ReversingLabsByteCode-MSIL.Trojan.Quasar
                    2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe100%AviraTR/Agent.qnymr
                    2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    ipwho.is0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    http://schemas.datacontract.org/2004/07/0%URL Reputationsafe
                    http://crl.microY0%Avira URL Cloudsafe
                    https://ipwho.is00%Avira URL Cloudsafe
                    212.23.222.42100%Avira URL Cloudmalware
                    212.23.222.4210%VirustotalBrowse
                    https://ipwho.is/0%VirustotalBrowse
                    http://ipwho.is0%Avira URL Cloudsafe
                    https://ipwho.is/0%Avira URL Cloudsafe
                    https://ipwho.is0%Avira URL Cloudsafe
                    https://ipwho.is0%VirustotalBrowse
                    http://ipwho.is0%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    ipwho.is
                    		147.135.36.89
                    		truefalseunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://ipwho.is/false
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    212.23.222.42true
                    • 10%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://api.ipify.org/2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exefalse
                      		high
                      http://crl.microY2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000002.2512217948.000000001B75E000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://stackoverflow.com/q/14436606/233542C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exefalse
                        		high
                        https://stackoverflow.com/q/2152978/23354sCannot2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exefalse
                          		high
                          https://ipwho.is02C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000002.2509660485.0000000002BDB000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.datacontract.org/2004/07/2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000002.2509660485.0000000002C44000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000002.2509660485.0000000002A71000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://ipwho.is2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000002.2509660485.0000000002BF5000.00000004.00000800.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://stackoverflow.com/q/11564914/23354;2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exefalse
                              		high
                              https://ipwho.is2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe, 00000000.00000002.2509660485.0000000002BDB000.00000004.00000800.00020000.00000000.sdmpfalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              147.135.36.89
                              		ipwho.isUnited States
                              		16276OVHFRfalse
                              212.23.222.42
                              		unknownunknown
                              		12329TMRDEtrue

                              General Information

                              Joe Sandbox Version:38.0.0 Ammolite
                              Analysis ID:1338927
                              Start date and time:2023-11-08 10:40:18 +01:00
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 5m 25s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:12
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample file name:2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe
                              Detection:MAL
                              Classification:mal100.troj.evad.winEXE@1/2@1/2
                              EGA Information:
                              • Successful, ratio: 100%
                              HCA Information:
                              • Successful, ratio: 80%
                              • Number of executed functions: 157
                              • Number of non-executed functions: 1
                              Cookbook Comments:
                              • Found application associated with file extension: .exe

                              Warnings

                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
                              • Excluded IPs from analysis (whitelisted): 8.252.68.126, 8.240.115.126, 8.252.193.126, 8.240.38.254, 8.252.194.126
                              • Excluded domains from analysis (whitelisted): fg.download.windowsupdate.com.c.footprint.net, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              10:41:12API Interceptor1x Sleep call for process: 2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              147.135.36.89XS3sNotzzw.exeGet hashmaliciousUnknownBrowse
                              • /?output=json
                              XS3sNotzzw.exeGet hashmaliciousUnknownBrowse
                              • /?output=json

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              ipwho.isXS3sNotzzw.exeGet hashmaliciousUnknownBrowse
                              • 147.135.36.89
                              XS3sNotzzw.exeGet hashmaliciousUnknownBrowse
                              • 147.135.36.89
                              http://matthiasparks.site/4930%20New/Win08Ay0Er08d8d77/index.htmlGet hashmaliciousTechSupportScamBrowse
                              • 147.135.36.89
                              https://errorfilexxxrunr002.z9.web.core.windows.net/Win08ShDMeEr0887/index.htmlGet hashmaliciousTechSupportScamBrowse
                              • 15.204.213.5
                              Pgqa38l8Zj.exeGet hashmaliciousQuasarBrowse
                              • 15.204.213.5
                              https://d1d45mn9eemjc7.cloudfront.net/Get hashmaliciousUnknownBrowse
                              • 15.204.213.5
                              https://cdn.discordapp.com/attachments/1167807485307002965/1167807812047478854/bet2023.exe?ex=654f78c7&is=653d03c7&hm=d31a6ed3bb0b57c45062f127164116feb7b3623fdd73879bed9662bb9c9e4c5aGet hashmaliciousUnknownBrowse
                              • 15.204.213.5
                              PingOptimizerMain.batGet hashmaliciousQuasarBrowse
                              • 15.204.213.5
                              WJJEBk9bRN.exeGet hashmaliciousQuasarBrowse
                              • 15.204.213.5
                              https://terebinajeenafb10.s3.ap-south-1.amazonaws.com/Win08SmtDaEr08d8d77/index.html#Get hashmaliciousTechSupportScamBrowse
                              • 15.204.213.5
                              RX3Ct1J80p.exeGet hashmaliciousQuasarBrowse
                              • 15.204.213.5
                              NatureSetup.exeGet hashmaliciousUnknownBrowse
                              • 108.181.47.111
                              NatureSetup.exeGet hashmaliciousUnknownBrowse
                              • 108.181.47.111
                              0tWeniTjn8.exeGet hashmaliciousQuasarBrowse
                              • 108.181.47.111
                              https://main.d1erbr0kr8l3kj.amplifyapp.com/?msclkid=0e251eb477dc1c8b8aab7b9d1b75e823Get hashmaliciousTechSupportScamBrowse
                              • 108.181.47.111
                              https://winusalerterrore4.z13.web.core.windows.netGet hashmaliciousTechSupportScamBrowse
                              • 108.181.47.111
                              msjO.htaGet hashmaliciousQuasarBrowse
                              • 108.181.47.111
                              bubvsZfsrS.exeGet hashmaliciousNanocore, AveMaria, Quasar, UACMe, zgRATBrowse
                              • 108.181.98.179
                              java_done.exeGet hashmaliciousNanocore, AveMaria, Quasar, UACMe, zgRATBrowse
                              • 108.181.98.179
                              payload.exeGet hashmaliciousNanocore, AveMaria, Quasar, UACMeBrowse
                              • 108.181.98.179

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              TMRDEHilix.mips.elfGet hashmaliciousMiraiBrowse
                              • 185.245.176.189
                              BiU282bjyR.exeGet hashmaliciousRemcosBrowse
                              • 212.23.211.238
                              https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.esGet hashmaliciousHTMLPhisherBrowse
                              • 212.23.144.169
                              wx7x7YkSI8.elfGet hashmaliciousUnknownBrowse
                              • 185.249.170.212
                              2DLd2J82an.elfGet hashmaliciousMiraiBrowse
                              • 212.23.154.151
                              5vFyCZCGL7.elfGet hashmaliciousUnknownBrowse
                              • 212.23.212.254
                              Remittance_ACH_20220630.HTMLGet hashmaliciousUnknownBrowse
                              • 212.23.201.50
                              JIzNxwvQm7.dllGet hashmaliciousWannacryBrowse
                              • 212.23.152.51
                              9YQ4q9wIEn.dllGet hashmaliciousWannacryBrowse
                              • 62.221.232.243
                              4EYEHNO35o.exeGet hashmaliciousUnknownBrowse
                              • 212.23.202.95
                              jJZlHQhj5F.exeGet hashmaliciousUnknownBrowse
                              • 212.23.202.95
                              Factura0522.lnkGet hashmaliciousUnknownBrowse
                              • 212.23.221.7
                              ZhtkM8DmjwGet hashmaliciousMiraiBrowse
                              • 185.245.176.163
                              vYwp8FNhH1Get hashmaliciousMiraiBrowse
                              • 185.245.176.192
                              VUpggVyNKXGet hashmaliciousMiraiBrowse
                              • 185.245.176.185
                              arm5Get hashmaliciousMirai MoobotBrowse
                              • 185.11.56.21
                              OVHFR169943178533feba1546c2ec816c8259dccc89b2dbacd2fe78f688ea6c051c3bce2b85fea7109.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                              • 193.70.18.144
                              Items_Request_For_Quotation.vbsGet hashmaliciousAgentTeslaBrowse
                              • 193.70.18.144
                              Ordina_articoli.vbsGet hashmaliciousAgentTeslaBrowse
                              • 193.70.18.144
                              Transferencia-2354878090658095444717750-044802-sanlccjavap0003-8881.exeGet hashmaliciousAgentTeslaBrowse
                              • 51.222.47.76
                              https://notifications.google.com/g/p/ANiao5poVL0h_j-a2eO0VXzWimS5Ch26I-kjEe_u64Vybhf-NThJ3n2oBnbp9BGK0ven8mPou_uz_Y7KcMq28hgDO2kEJu1wVZ1e57zLd9AjWmB2wci7VNDwm3lbQVeyyVOmLQL-tWvFwzGpQA9MkhdmFDJMGfqmrvGDl5no4fFLtEdaGGlHtvQyCdM1ZpcsxgPlO_ARNsd4pj2akKpuG-GVDY2gz3mybcZ6sv9UjoUVZWUGet hashmaliciousUnknownBrowse
                              • 5.135.113.252
                              XS3sNotzzw.exeGet hashmaliciousUnknownBrowse
                              • 147.135.36.89
                              XS3sNotzzw.exeGet hashmaliciousUnknownBrowse
                              • 147.135.36.89
                              New Order_pdf.exeGet hashmaliciousAgentTeslaBrowse
                              • 51.222.47.76
                              R8N4RLC.zipGet hashmaliciousCryptOneBrowse
                              • 51.195.232.97
                              OH8FRaSl51.exeGet hashmaliciousUnknownBrowse
                              • 51.38.43.18
                              http://matthiasparks.site/4930%20New/Win08Ay0Er08d8d77/index.htmlGet hashmaliciousTechSupportScamBrowse
                              • 147.135.36.89
                              o262c9f5e298820cde946d2eeaa2785.exeGet hashmaliciousAveMaria, Gurcu Stealer, WhiteSnake StealerBrowse
                              • 192.99.44.107
                              OH8FRaSl51.exeGet hashmaliciousUnknownBrowse
                              • 51.178.66.33
                              file.exeGet hashmaliciousXmrigBrowse
                              • 139.99.102.73
                              PO_1337.vbsGet hashmaliciousQuasarBrowse
                              • 51.83.126.129
                              SecuriteInfo.com.Trojan.DownLoader46.28712.20685.13375.exeGet hashmaliciousUnknownBrowse
                              • 146.59.70.14
                              PO_TKHA-A8816001.exeGet hashmaliciousFormBookBrowse
                              • 51.91.236.193
                              Kwserhekrq.exeGet hashmaliciousFormBookBrowse
                              • 198.50.249.216
                              Yr7pYbz4E7.exeGet hashmaliciousPrivateLoader, RedLine, SmokeLoader, Vidar, onlyLoggerBrowse
                              • 37.187.122.227
                              file.exeGet hashmaliciousGlupteba, RedLine, VidarBrowse
                              • 151.80.38.159

                              JA3 Fingerprints

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              3b5074b1b5d032e5620f69f9f700ff0eRemittance_Advice.exeGet hashmaliciousAgentTeslaBrowse
                              • 147.135.36.89
                              SecuriteInfo.com.Win32.PWSX-gen.27408.4168.exeGet hashmaliciousAgentTeslaBrowse
                              • 147.135.36.89
                              16994321449b5d87caf658afbfe178cb9c8422736bcc47ae132c88fa1893a91c088bd24282963.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                              • 147.135.36.89
                              QUOTATION_NOVQTRFA00541#U00b7PDF.scr.exeGet hashmaliciousAgentTeslaBrowse
                              • 147.135.36.89
                              newpurchaseorder_07112023.exeGet hashmaliciousAgentTeslaBrowse
                              • 147.135.36.89
                              EUF5089#5_(1).xlsGet hashmaliciousUnknownBrowse
                              • 147.135.36.89
                              Items_Request_For_Quotation.vbsGet hashmaliciousAgentTeslaBrowse
                              • 147.135.36.89
                              EUF5089#5_(2).xlsGet hashmaliciousUnknownBrowse
                              • 147.135.36.89
                              EUF5089#4.xlsGet hashmaliciousUnknownBrowse
                              • 147.135.36.89
                              WT9054432300.vbsGet hashmaliciousAgentTeslaBrowse
                              • 147.135.36.89
                              Ordina_articoli.vbsGet hashmaliciousAgentTeslaBrowse
                              • 147.135.36.89
                              IMO_ISB_MEMO.pdf.exeGet hashmaliciousNanocore, zgRATBrowse
                              • 147.135.36.89
                              Sodyq.exeGet hashmaliciousUnknownBrowse
                              • 147.135.36.89
                              nf.msiGet hashmaliciousUnknownBrowse
                              • 147.135.36.89
                              Vessels_details.exeGet hashmaliciousSnake KeyloggerBrowse
                              • 147.135.36.89
                              dekont01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                              • 147.135.36.89
                              SU_RECEIPTS.exeGet hashmaliciousSnake KeyloggerBrowse
                              • 147.135.36.89
                              hesap_hareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                              • 147.135.36.89
                              Sodyq.exeGet hashmaliciousUnknownBrowse
                              • 147.135.36.89
                              _Top_Urg.exeGet hashmaliciousAgentTeslaBrowse
                              • 147.135.36.89

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                              Download File
                              Process:C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe
                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 63165 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                              Category:dropped
                              Size (bytes):63165
                              Entropy (8bit):7.996024649033599
                              Encrypted:true
                              SSDEEP:1536:RfhMeKBlsociYZAT+4oGNk2rb2oX3bUH+uOlEU:RhV0WXvAa4XNoeudU
                              MD5:F3441B8572AAE8801C04F3060B550443
                              SHA1:4EF0A35436125D6821831EF36C28FFAF196CDA15
                              SHA-256:6720349E7D82EE0A8E73920D3C2B7CB2912D9FCF2EDB6FD98F2F12820158B0BF
                              SHA-512:5BA01BA421B50030E380AE6BBCD2F681F2A91947FE7FEDB3C8E6B5F24DCE9517ABF57B1CF26CC6078D4BB53BDE6FCFB2561591337C841F8F2CB121A3D71661B9
                              Malicious:false
                              Reputation:moderate, very likely benign file
                              Preview:MSCF............,...................I.......\..........V. .authroot.stl....Pv5..CK..8U.......t.%.-d.\D.][d..%k.%;-"IZH.....M.KBC..E..DE...{o.t......9...}.....wA...edY.h.8..3...I7..`...r0..$..........M..Yd.a..We....H7.QvF.o..Y.Xpp.....|..J.."...Ti.Z...A...N......{....T.K..*.'...!.xx....[....3..F.;..L.....]...F.)z|...'....x..E...{..n.hz..m.<........8./..,.w!.He.H.\..j.n...E).r#.!.$.W...'.......N>.**{#xm...ynyb$...?........C!P.....P...,A+...<A_.xf=.9W......p...O...aP4.A.......3Y.BG?.P.4Q0|MD.3I....GH.1.h....p..(D..B.D.QVFfp......K.l..a*.....9...5;d........b...T. ..C......v@..*E...}.pL..",.B?z.......(.9.@V....!k.. ...|\A;.....$.Z_y.Cp..;.dYrq.oP.;...._X*@......YM?a\.A.......i....X,...bE.o.0.^.az.4.e$o.......Sm....ypM..uI.W..q..>}.....(.l\?0"A..RxJm.....3V....'.9..#.f?.m...6Z3....?.J..v.-.mjS..9.y7j.HuxR.._..{....1......&S5..T....I(....R..D=..n.X.c.!E....".Y..,.En....v...@....T'.A.....v.....fW.X....c...F./........3....T.g!..`..

                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                              Download File
                              Process:C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):330
                              Entropy (8bit):3.1217278663444534
                              Encrypted:false
                              SSDEEP:6:kKHa07N+SkQlPlEGYRMY9z+4KlDA3RUeoMmlb:P8kPlE99SNxAhUeor
                              MD5:2CB70C791169C0A38C75E2D523379D51
                              SHA1:187C53C3217FAF5B33AC59C3424A6B1762D53DF1
                              SHA-256:BCE965444271256A56032C708E7C3F2BE753B6DF4257385C4EBC034F1D6CEAEB
                              SHA-512:45F50E37FCCB9AC47597235DF06E34D95CE9012E674C849B347199D03FC6EA2042977D2BE911D8EFE5B02D47B21AA1735072925092D9A38601E803998562E050
                              Malicious:false
                              Reputation:low
                              Preview:p...... ........a>..'...(....................................................... ........?:.".......(...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.0.6.7.8.6.d.1.2.2.d.5.d.9.1.:.0."...

                              Static File Info

                              General

                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Entropy (8bit):6.083676411749408
                              TrID:
                              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                              • Win32 Executable (generic) a (10002005/4) 49.75%
                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                              • Windows Screen Saver (13104/52) 0.07%
                              • Generic Win/DOS Executable (2004/3) 0.01%
                              File name:2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe
                              File size:3'266'048 bytes
                              MD5:66e51a7bdc0e564e87b21187d385e73c
                              SHA1:75ca0cc99719db0770603fedc6cc6b05e462c0a6
                              SHA256:2c8cda2ccc942b4eda8e1ee37a8f68c557fee80e14244f1a401321ccf1091e83
                              SHA512:0c9009bcf2478959b229ee588bedbee1fd4ec94ac0034fb60db51c887288a2f1add7a910a65a2cdb7fc35c3f2bb94c483f4da1600c0dc5f413ae2dc449cd62a5
                              SSDEEP:49152:KvWI22SsaNYfdPBldt698dBcjHDwRJ6zbR3LoGdhyTHHB72eh2NT:Kv722SsaNYfdPBldt6+dBcjHDwRJ6lR
                              TLSH:C4E56B143BF85E27E1BBE277A5B0041267F0FC1AF363EB0B6581677A1C53B5098426A7
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d..................1...........1.. ........@.. .......................@2...........@................................

                              File Icon

                              Icon Hash:90cececece8e8eb0

                              Static PE Info

                              General

                              Entrypoint:0x71e40e
                              Entrypoint Section:.text
                              Digitally signed:false
                              Imagebase:0x400000
                              Subsystem:windows gui
                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Time Stamp:0x640DFAE7 [Sun Mar 12 16:16:39 2023 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:4
                              OS Version Minor:0
                              File Version Major:4
                              File Version Minor:0
                              Subsystem Version Major:4
                              Subsystem Version Minor:0
                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                              Entrypoint Preview

                              Instruction
                              jmp dword ptr [00402000h]
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0x31e3bc0x4f.text
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x3200000xa93.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x3220000xc.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x20000x31c4140x31c600unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rsrc0x3200000xa930xc00False0.36328125data4.653972105845318IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .reloc0x3220000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              RT_VERSION0x3200a00x31cdata0.4484924623115578
                              RT_MANIFEST0x3203bc0x6d7XML 1.0 document, Unicode text, UTF-8 (with BOM) text0.40319817247287265

                              Imports

                              DLLImport
                              mscoree.dll_CorExeMain

                              Network Behavior

                              Snort IDS Alerts

                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                              212.23.222.42192.168.2.107332497032035595 11/08/23-10:41:11.525851TCP2035595ET TROJAN Generic AsyncRAT Style SSL Cert733249703212.23.222.42192.168.2.10

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Nov 8, 2023 10:41:10.843106031 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:41:11.175867081 CET733249703212.23.222.42192.168.2.10
                              Nov 8, 2023 10:41:11.175966024 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:41:11.186903954 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:41:11.525851011 CET733249703212.23.222.42192.168.2.10
                              Nov 8, 2023 10:41:11.525877953 CET733249703212.23.222.42192.168.2.10
                              Nov 8, 2023 10:41:11.525995016 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:41:11.532283068 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:41:11.868036032 CET733249703212.23.222.42192.168.2.10
                              Nov 8, 2023 10:41:11.921895027 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:41:12.795444012 CET49705443192.168.2.10147.135.36.89
                              Nov 8, 2023 10:41:12.795483112 CET44349705147.135.36.89192.168.2.10
                              Nov 8, 2023 10:41:12.795561075 CET49705443192.168.2.10147.135.36.89
                              Nov 8, 2023 10:41:12.797084093 CET49705443192.168.2.10147.135.36.89
                              Nov 8, 2023 10:41:12.797102928 CET44349705147.135.36.89192.168.2.10
                              Nov 8, 2023 10:41:13.282740116 CET44349705147.135.36.89192.168.2.10
                              Nov 8, 2023 10:41:13.282877922 CET49705443192.168.2.10147.135.36.89
                              Nov 8, 2023 10:41:13.287729979 CET49705443192.168.2.10147.135.36.89
                              Nov 8, 2023 10:41:13.287759066 CET44349705147.135.36.89192.168.2.10
                              Nov 8, 2023 10:41:13.288144112 CET44349705147.135.36.89192.168.2.10
                              Nov 8, 2023 10:41:13.328171968 CET49705443192.168.2.10147.135.36.89
                              Nov 8, 2023 10:41:13.351948023 CET49705443192.168.2.10147.135.36.89
                              Nov 8, 2023 10:41:13.397259951 CET44349705147.135.36.89192.168.2.10
                              Nov 8, 2023 10:41:13.511378050 CET44349705147.135.36.89192.168.2.10
                              Nov 8, 2023 10:41:13.511553049 CET44349705147.135.36.89192.168.2.10
                              Nov 8, 2023 10:41:13.511621952 CET49705443192.168.2.10147.135.36.89
                              Nov 8, 2023 10:41:13.638461113 CET49705443192.168.2.10147.135.36.89
                              Nov 8, 2023 10:41:13.934115887 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:41:14.306660891 CET733249703212.23.222.42192.168.2.10
                              Nov 8, 2023 10:41:14.306781054 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:41:14.640320063 CET733249703212.23.222.42192.168.2.10
                              Nov 8, 2023 10:41:14.687606096 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:41:15.020366907 CET733249703212.23.222.42192.168.2.10
                              Nov 8, 2023 10:41:15.062621117 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:41:40.031301022 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:41:40.363946915 CET733249703212.23.222.42192.168.2.10
                              Nov 8, 2023 10:41:40.396730900 CET733249703212.23.222.42192.168.2.10
                              Nov 8, 2023 10:41:40.396826982 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:42:05.375071049 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:42:05.707729101 CET733249703212.23.222.42192.168.2.10
                              Nov 8, 2023 10:42:05.731678009 CET733249703212.23.222.42192.168.2.10
                              Nov 8, 2023 10:42:05.731825113 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:42:30.718959093 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:42:31.052037001 CET733249703212.23.222.42192.168.2.10
                              Nov 8, 2023 10:42:31.064800978 CET733249703212.23.222.42192.168.2.10
                              Nov 8, 2023 10:42:31.064857006 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:42:56.062643051 CET497037332192.168.2.10212.23.222.42
                              Nov 8, 2023 10:42:56.400120974 CET733249703212.23.222.42192.168.2.10
                              Nov 8, 2023 10:42:56.400238037 CET733249703212.23.222.42192.168.2.10
                              Nov 8, 2023 10:42:56.400315046 CET497037332192.168.2.10212.23.222.42

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Nov 8, 2023 10:41:12.634078979 CET5313753192.168.2.101.1.1.1
                              Nov 8, 2023 10:41:12.789889097 CET53531371.1.1.1192.168.2.10

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Nov 8, 2023 10:41:12.634078979 CET192.168.2.101.1.1.10x95f7Standard query (0)ipwho.isA (IP address)IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Nov 8, 2023 10:41:12.789889097 CET1.1.1.1192.168.2.100x95f7No error (0)ipwho.is147.135.36.89A (IP address)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • ipwho.is

                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              0192.168.2.1049705147.135.36.89443C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe
                              TimestampkBytes transferredDirectionData
                              2023-11-08 09:41:13 UTC0OUTGET / HTTP/1.1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0
                              Host: ipwho.is
                              Connection: Keep-Alive
                              2023-11-08 09:41:13 UTC0INHTTP/1.1 200 OK
                              Date: Wed, 08 Nov 2023 09:41:13 GMT
                              Content-Type: application/json; charset=utf-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Server: ipwhois
                              Access-Control-Allow-Headers: *
                              X-Robots-Tag: noindex
                              2023-11-08 09:41:13 UTC0INData Raw: 34 30 33 0d 0a 7b 0a 20 20 20 20 22 41 62 6f 75 74 20 55 73 22 3a 20 22 68 74 74 70 73 3a 5c 2f 5c 2f 69 70 77 68 6f 69 73 2e 69 6f 22 2c 0a 20 20 20 20 22 69 70 22 3a 20 22 31 35 36 2e 31 34 36 2e 34 39 2e 31 36 38 22 2c 0a 20 20 20 20 22 73 75 63 63 65 73 73 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 22 74 79 70 65 22 3a 20 22 49 50 76 34 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 20 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 22 3a 20 22 4e 41 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 57 61 73 68
                              Data Ascii: 403{ "About Us": "https:\/\/ipwhois.io", "ip": "156.146.49.168", "success": true, "type": "IPv4", "continent": "North America", "continent_code": "NA", "country": "United States", "country_code": "US", "region": "Wash


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              System Behavior

                              General

                              Target ID:0
                              Start time:10:41:07
                              Start date:08/11/2023
                              Path:C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Users\user\Desktop\2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe
                              Imagebase:0x460000
                              File size:3'266'048 bytes
                              MD5 hash:66E51A7BDC0E564E87B21187D385E73C
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:.Net C# or VB.NET
                              Yara matches:
                              • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000002.2509660485.0000000002C44000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000000.1258962424.0000000000780000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000002.2509660485.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000000.1258597979.0000000000462000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                              Reputation:low
                              Has exited:false

                              Disassembly

                              Reset < >

                                Execution Graph

                                Execution Coverage:5.5%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:0%
                                Total number of Nodes:3
                                Total number of Limit Nodes:0
                                execution_graph 42299 7ff7c1943569 42300 7ff7c1943571 DeleteFileW 42299->42300 42302 7ff7c1943616 42300->42302

                                Executed Functions

                                Function 00007FF7C1C82391 Relevance: 6.9, Strings: 1, Instructions: 5634COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID: H
                                • API String ID: 0-2852464175
                                • Opcode ID: 2acb29c8ee9d64d77076a02f94a5c589b4ae747cd572f7043d169c182f3a833e
                                • Instruction ID: 3997cbd8083c5afee18b5613694dcbfca75d5180e5257577c49e14bc31ee2e40
                                • Opcode Fuzzy Hash: 2acb29c8ee9d64d77076a02f94a5c589b4ae747cd572f7043d169c182f3a833e
                                • Instruction Fuzzy Hash: D073A060718D4B4FE7A5AB2D40A4379F7D2FF9C2657A5417AD01EC3A86DE78EC428380
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCEC90 Relevance: 3.8, Strings: 2, Instructions: 1296COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID: $
                                • API String ID: 0-227171996
                                • Opcode ID: e966581ed4fb5e910103ad49a43c8597f02d591c88c7dd05acee0334741e01d9
                                • Instruction ID: e70452290824a4651ba4a52bf19647709aa65bdbe57d2b5b0ace5fdd8f94b876
                                • Opcode Fuzzy Hash: e966581ed4fb5e910103ad49a43c8597f02d591c88c7dd05acee0334741e01d9
                                • Instruction Fuzzy Hash: ED82D131A189498FEBA8EF2CC469A7477E1FF58311B5401F9E04EC72A2DE68EC45CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB4DC6 Relevance: 1.3, Instructions: 1268COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d14562e8d5870cd2b353832659969de6a6184cdd58674bd3b17f800e0413fbcd
                                • Instruction ID: 4a92b445977cb4109d0e5401bf9f9dfac721f3ad6fc5d30d2d2b269eafa81e2e
                                • Opcode Fuzzy Hash: d14562e8d5870cd2b353832659969de6a6184cdd58674bd3b17f800e0413fbcd
                                • Instruction Fuzzy Hash: 0592A770A18A098FDF98EF18C484BA9B7E2FF58710F5441B8D44ED7696CE35E882CB45
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBA7CD Relevance: .9, Instructions: 933COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4da7e4603f7eae8a92e8f4532fd2f954fd1caf39f58a110b7daa9feff9a4c226
                                • Instruction ID: 779b475095052a025a2d3365ac619749303cda27c8dfb33748b2d662078e7df4
                                • Opcode Fuzzy Hash: 4da7e4603f7eae8a92e8f4532fd2f954fd1caf39f58a110b7daa9feff9a4c226
                                • Instruction Fuzzy Hash: 7D627030A08A498FEB98EF2CC455B69B7E1FF99310F5445BAE44DC73A2DE34E8418B45
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCB07B Relevance: .8, Instructions: 773COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c1a6397e33758cb2f0551d22c583a3600c0096794c85095f41fe19de07300b0b
                                • Instruction ID: d7affc287b027f0cfcdcab5bd8828d59e26fd4d84b606df539c6c8676811a04d
                                • Opcode Fuzzy Hash: c1a6397e33758cb2f0551d22c583a3600c0096794c85095f41fe19de07300b0b
                                • Instruction Fuzzy Hash: C6321830B1CA4A4FE759EF2884956B9B7E1FF95350F8405B9D48EC3286DE24F842CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCA5CB Relevance: .7, Instructions: 739COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 01853aefa3ce05cf4b6f5740e5b70a0435520c6125de290c6b38a01d5b281322
                                • Instruction ID: 945827a64753243161460af084994eff3a6e89bbe790fbabc79188327dbfc5c2
                                • Opcode Fuzzy Hash: 01853aefa3ce05cf4b6f5740e5b70a0435520c6125de290c6b38a01d5b281322
                                • Instruction Fuzzy Hash: F032C430A18A4A8FDB98EF2884556B5F3E1FF58360F940679D44EC7682DE74F842CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB8A61 Relevance: .7, Instructions: 691COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7eb47aa828c93c6f1079e421741b154788218fd132ef597553d3a7f0affcfb9b
                                • Instruction ID: 294dcc7b5c0d4014811e04de26bdc668dc040c7132e67cabd23068bcd36ad5e5
                                • Opcode Fuzzy Hash: 7eb47aa828c93c6f1079e421741b154788218fd132ef597553d3a7f0affcfb9b
                                • Instruction Fuzzy Hash: 8E22A230A18A094FEB98EF2C84557B9B3E2FF98310F94417DD84ED3692DE74E8468B54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB5BE1 Relevance: .7, Instructions: 679COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1232d2892c2a938e8ec78e9e7941fec1fe8248ebf093073d1de25eeaadfaee95
                                • Instruction ID: 8e8ef8aa2bccc35b6e380b9c41799a6b63cf51f99dd01604868a25d0f15a66b9
                                • Opcode Fuzzy Hash: 1232d2892c2a938e8ec78e9e7941fec1fe8248ebf093073d1de25eeaadfaee95
                                • Instruction Fuzzy Hash: C3324C30A18A198FEB94EF18C885BA9B3E1FF98310F5045B9D44ED3691DB74EC828F55
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC6A26 Relevance: .5, Instructions: 470COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c474a275fde87e6efc568c3a0b7dd8b650d37123ac7461adf16eee2fdd4816a2
                                • Instruction ID: 50a81aaf722942b8233edba509ac444bd7077e5d2426f5b7f67854b5ae0ecab7
                                • Opcode Fuzzy Hash: c474a275fde87e6efc568c3a0b7dd8b650d37123ac7461adf16eee2fdd4816a2
                                • Instruction Fuzzy Hash: ADF17330908A8E8FEBA8EF28C855BE977E1FF54310F44427AD84DC7295DB74A945CB81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC77D2 Relevance: .5, Instructions: 465COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4c7d747f632860d4c8ebec6dcf61e21a441dd82af7f771c6e9af09f8fa590162
                                • Instruction ID: 5d1b1ec84d456303dd4d4178f7084190d04d1492289169fa59447d81b1e5f82b
                                • Opcode Fuzzy Hash: 4c7d747f632860d4c8ebec6dcf61e21a441dd82af7f771c6e9af09f8fa590162
                                • Instruction Fuzzy Hash: 3EF1A330908A8E8FEBA8EF28C8557E977D1FF54320F54427AE84DC7291DB74A945CB81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB2440 Relevance: 1.8, Strings: 1, Instructions: 514COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1232 7ff7c1bb2440-7ff7c1bca074 1234 7ff7c1bca373-7ff7c1bca37d 1232->1234 1235 7ff7c1bca07a-7ff7c1bca07f 1232->1235 1242 7ff7c1bca37e-7ff7c1bca3ee 1234->1242 1236 7ff7c1bca081-7ff7c1bca086 call 7ff7c1bb2438 1235->1236 1237 7ff7c1bca08b-7ff7c1bca0a4 1235->1237 1236->1237 1240 7ff7c1bca0a6-7ff7c1bca0b2 1237->1240 1241 7ff7c1bca0b8-7ff7c1bca0e5 1237->1241 1240->1241 1241->1242 1244 7ff7c1bca0eb-7ff7c1bca0f6 1241->1244 1270 7ff7c1bca3f0-7ff7c1bca3f6 1242->1270 1271 7ff7c1bca40b-7ff7c1bca41c 1242->1271 1246 7ff7c1bca1b4-7ff7c1bca1b9 1244->1246 1247 7ff7c1bca0fc-7ff7c1bca10a 1244->1247 1250 7ff7c1bca1bf-7ff7c1bca1c9 1246->1250 1251 7ff7c1bca23e-7ff7c1bca248 1246->1251 1247->1242 1249 7ff7c1bca110-7ff7c1bca121 1247->1249 1252 7ff7c1bca123-7ff7c1bca146 1249->1252 1253 7ff7c1bca189-7ff7c1bca1a0 1249->1253 1250->1242 1256 7ff7c1bca1cf-7ff7c1bca1e3 1250->1256 1254 7ff7c1bca26a-7ff7c1bca271 1251->1254 1255 7ff7c1bca24a-7ff7c1bca268 call 7ff7c1bb2458 1251->1255 1260 7ff7c1bca14c-7ff7c1bca15f 1252->1260 1261 7ff7c1bca1e8-7ff7c1bca1ed 1252->1261 1253->1242 1262 7ff7c1bca1a6-7ff7c1bca1ae 1253->1262 1258 7ff7c1bca274-7ff7c1bca27e 1254->1258 1255->1254 1256->1258 1258->1242 1263 7ff7c1bca284-7ff7c1bca29c 1258->1263 1264 7ff7c1bca163-7ff7c1bca187 1260->1264 1261->1264 1262->1246 1262->1247 1263->1242 1266 7ff7c1bca2a2-7ff7c1bca2ba 1263->1266 1264->1253 1278 7ff7c1bca1f2-7ff7c1bca1f5 1264->1278 1266->1242 1269 7ff7c1bca2c0-7ff7c1bca2e5 1266->1269 1269->1242 1290 7ff7c1bca2eb-7ff7c1bca2fe 1269->1290 1274 7ff7c1bca451-7ff7c1bca494 call 7ff7c1bb6a10 1270->1274 1275 7ff7c1bca3f8-7ff7c1bca409 1270->1275 1276 7ff7c1bca42d-7ff7c1bca450 1271->1276 1277 7ff7c1bca41e-7ff7c1bca42b 1271->1277 1295 7ff7c1bca496-7ff7c1bca4ae 1274->1295 1296 7ff7c1bca4b0 1274->1296 1275->1270 1275->1271 1277->1276 1279 7ff7c1bca20b-7ff7c1bca218 1278->1279 1280 7ff7c1bca1f7-7ff7c1bca207 1278->1280 1279->1242 1282 7ff7c1bca21e-7ff7c1bca23d 1279->1282 1280->1279 1293 7ff7c1bca300-7ff7c1bca30b 1290->1293 1294 7ff7c1bca361-7ff7c1bca372 1290->1294 1293->1294 1300 7ff7c1bca30d-7ff7c1bca324 1293->1300 1295->1296 1299 7ff7c1bca4b7-7ff7c1bca4d9 1296->1299 1302 7ff7c1bca335-7ff7c1bca35c call 7ff7c1bb2458 1300->1302 1303 7ff7c1bca326-7ff7c1bca333 1300->1303 1302->1294 1303->1302
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID: d
                                • API String ID: 0-2564639436
                                • Opcode ID: b5ad1ab4fedf2b8ca5aa4cfb28fa108f73ae01af6a594b04d60adf9931335664
                                • Instruction ID: bbbde390b633aa564afbcfb31eb373f064005af9e23733f12cf85fd8b9b3572a
                                • Opcode Fuzzy Hash: b5ad1ab4fedf2b8ca5aa4cfb28fa108f73ae01af6a594b04d60adf9931335664
                                • Instruction Fuzzy Hash: 6DF1EF30A18A0A8FD748EF28C495675B3E1FF98364B6446BDD44AC7296DE74FC42CB81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCE03F Relevance: 1.7, Strings: 1, Instructions: 419COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1307 7ff7c1bce03f-7ff7c1bce0c7 1311 7ff7c1bce314-7ff7c1bce31d 1307->1311 1312 7ff7c1bce0cd-7ff7c1bce0d5 1307->1312 1313 7ff7c1bce323-7ff7c1bce32b 1311->1313 1314 7ff7c1bce1a1-7ff7c1bce1cf 1311->1314 1315 7ff7c1bce0e4-7ff7c1bce0fb 1312->1315 1316 7ff7c1bce0d7-7ff7c1bce0dc 1312->1316 1313->1314 1318 7ff7c1bce331-7ff7c1bce342 1313->1318 1324 7ff7c1bce1d5-7ff7c1bce1f6 1314->1324 1325 7ff7c1bcdd67-7ff7c1bcdd73 1314->1325 1320 7ff7c1bce101-7ff7c1bce193 1315->1320 1321 7ff7c1bce24e-7ff7c1bce295 1315->1321 1316->1315 1318->1314 1326 7ff7c1bce348-7ff7c1bce378 1318->1326 1327 7ff7c1bce19a-7ff7c1bce19b 1320->1327 1332 7ff7c1bce2b2-7ff7c1bce2bb 1321->1332 1333 7ff7c1bce297-7ff7c1bce2a6 1321->1333 1324->1325 1335 7ff7c1bcde22-7ff7c1bcde29 1325->1335 1336 7ff7c1bcdd79-7ff7c1bcdd91 1325->1336 1326->1314 1337 7ff7c1bce3e1-7ff7c1bce400 call 7ff7c1bce402 1326->1337 1327->1314 1334 7ff7c1bce2be-7ff7c1bce305 1332->1334 1341 7ff7c1bce2ad-7ff7c1bce2b0 1333->1341 1342 7ff7c1bce30c-7ff7c1bce30f 1334->1342 1335->1337 1338 7ff7c1bcde33-7ff7c1bcde61 1335->1338 1344 7ff7c1bce37d-7ff7c1bce395 1336->1344 1345 7ff7c1bcdd97-7ff7c1bcddc2 1336->1345 1341->1334 1342->1314 1344->1338 1350 7ff7c1bce39b-7ff7c1bce3da 1344->1350 1349 7ff7c1bcddc9-7ff7c1bcdddd 1345->1349 1355 7ff7c1bcdddf-7ff7c1bcddf0 1349->1355 1356 7ff7c1bcddf2-7ff7c1bcde20 1349->1356 1350->1337 1355->1335 1355->1356 1356->1335
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID: H
                                • API String ID: 0-2852464175
                                • Opcode ID: 47e2b0afa05ad80b90ec8335ca29eaf260fdb664051e012b3b477a3967917542
                                • Instruction ID: f363913370310ea88c964e315078459ab2b130527c4753082579c27bcf57b721
                                • Opcode Fuzzy Hash: 47e2b0afa05ad80b90ec8335ca29eaf260fdb664051e012b3b477a3967917542
                                • Instruction Fuzzy Hash: 15D15074A18A498FDB88EF1CC4957B9B7E1FF98714F540169E84AC7286CE34F852CB81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB3F3D Relevance: 1.6, Strings: 1, Instructions: 397COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1361 7ff7c1bb3f3d-7ff7c1bb3f3e 1362 7ff7c1bb3f9f-7ff7c1bb3fa6 1361->1362 1363 7ff7c1bb3f40-7ff7c1bb3f47 1361->1363 1364 7ff7c1bb3fa8-7ff7c1bb3fa9 1362->1364 1365 7ff7c1bb3fab-7ff7c1bb3fbd 1362->1365 1364->1365 1367 7ff7c1bb3fbf-7ff7c1bb3fc7 1365->1367 1368 7ff7c1bb400d-7ff7c1bb400e 1365->1368 1369 7ff7c1bb4002-7ff7c1bb4008 1367->1369 1370 7ff7c1bb3fc9-7ff7c1bb3fcc 1367->1370 1372 7ff7c1bb4015-7ff7c1bb401d 1368->1372 1371 7ff7c1bb4513-7ff7c1bb4525 1369->1371 1370->1369 1373 7ff7c1bb3fce-7ff7c1bb3ff6 1370->1373 1376 7ff7c1bb4526-7ff7c1bb4539 1371->1376 1374 7ff7c1bb401f-7ff7c1bb4034 1372->1374 1375 7ff7c1bb4038-7ff7c1bb403e 1372->1375 1382 7ff7c1bb3ffd 1373->1382 1374->1375 1377 7ff7c1bb4044-7ff7c1bb4058 1375->1377 1378 7ff7c1bb4379-7ff7c1bb4380 1375->1378 1377->1378 1380 7ff7c1bb4382-7ff7c1bb4385 1378->1380 1381 7ff7c1bb4387-7ff7c1bb4393 1378->1381 1383 7ff7c1bb4395-7ff7c1bb4398 1380->1383 1381->1383 1382->1376 1385 7ff7c1bb43a5-7ff7c1bb43ad 1383->1385 1386 7ff7c1bb439a-7ff7c1bb43a0 1383->1386 1387 7ff7c1bb43b3-7ff7c1bb43d0 1385->1387 1388 7ff7c1bb450d 1385->1388 1386->1376 1390 7ff7c1bb43d2-7ff7c1bb43e2 call 7ff7c1bb3020 1387->1390 1391 7ff7c1bb43f7-7ff7c1bb4402 1387->1391 1388->1371 1390->1391 1403 7ff7c1bb43e4-7ff7c1bb43f2 1390->1403 1392 7ff7c1bb44c2-7ff7c1bb44c5 1391->1392 1393 7ff7c1bb4408-7ff7c1bb440d 1391->1393 1392->1388 1397 7ff7c1bb44c7-7ff7c1bb44cd 1392->1397 1395 7ff7c1bb440f 1393->1395 1396 7ff7c1bb4414-7ff7c1bb4417 1393->1396 1395->1396 1399 7ff7c1bb4419-7ff7c1bb4423 1396->1399 1400 7ff7c1bb4427-7ff7c1bb442a 1396->1400 1401 7ff7c1bb44cf-7ff7c1bb44d4 1397->1401 1402 7ff7c1bb44d6 1397->1402 1399->1400 1404 7ff7c1bb447a-7ff7c1bb447d 1400->1404 1405 7ff7c1bb442c-7ff7c1bb442f 1400->1405 1406 7ff7c1bb44db-7ff7c1bb450b 1401->1406 1402->1406 1403->1391 1410 7ff7c1bb447f-7ff7c1bb4488 1404->1410 1411 7ff7c1bb448a-7ff7c1bb448f 1404->1411 1407 7ff7c1bb4451-7ff7c1bb4454 1405->1407 1408 7ff7c1bb4431-7ff7c1bb444b 1405->1408 1406->1376 1413 7ff7c1bb4456-7ff7c1bb445c 1407->1413 1414 7ff7c1bb4464-7ff7c1bb446a 1407->1414 1408->1407 1420 7ff7c1bb453a-7ff7c1bb4561 1408->1420 1412 7ff7c1bb4493-7ff7c1bb44c0 1410->1412 1411->1412 1412->1376 1413->1414 1416 7ff7c1bb445e-7ff7c1bb4461 1413->1416 1414->1404 1418 7ff7c1bb446c-7ff7c1bb4476 1414->1418 1416->1414 1418->1404 1423 7ff7c1bb4563-7ff7c1bb4576 1420->1423 1424 7ff7c1bb4578-7ff7c1bb459c 1420->1424 1427 7ff7c1bb459e-7ff7c1bb4614 1423->1427 1424->1427 1432 7ff7c1bb4616-7ff7c1bb4618 1427->1432 1433 7ff7c1bb4619-7ff7c1bb463e 1427->1433 1432->1433
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID: @
                                • API String ID: 0-2766056989
                                • Opcode ID: 5be6060110bc02e4d451e6c19c84df90ff896c917deb675748e3b9d3bfbf79e3
                                • Instruction ID: 0482ca9225599093122160cf71800fb8fed600158165ee940f01c6bdf5c2e46a
                                • Opcode Fuzzy Hash: 5be6060110bc02e4d451e6c19c84df90ff896c917deb675748e3b9d3bfbf79e3
                                • Instruction Fuzzy Hash: EBC14A30A0CB494FE755EF289455374FBE1FF46320F4412BAC88AC76D2DE68AC468B55
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1943525 Relevance: 1.6, APIs: 1, Instructions: 133fileCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1434 7ff7c1943525-7ff7c194352f 1435 7ff7c1943571-7ff7c19435d8 1434->1435 1436 7ff7c1943531-7ff7c1943562 1434->1436 1441 7ff7c19435da-7ff7c19435df 1435->1441 1442 7ff7c19435e2-7ff7c1943614 DeleteFileW 1435->1442 1436->1435 1441->1442 1443 7ff7c194361c-7ff7c194364a 1442->1443 1444 7ff7c1943616 1442->1444 1444->1443
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2513604362.00007FF7C1940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1940000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID: DeleteFile
                                • String ID:
                                • API String ID: 4033686569-0
                                • Opcode ID: 4e6351a882a8203d294456b943392acf9ef65bc4527d1d0b05084d983dd4c685
                                • Instruction ID: 98bde8d55f91fc118097eb389f3916d1766d065b29d96470ea4aff59320caa2d
                                • Opcode Fuzzy Hash: 4e6351a882a8203d294456b943392acf9ef65bc4527d1d0b05084d983dd4c685
                                • Instruction Fuzzy Hash: BA41043190CB9C8FDB09EF6888496E9BBF0FF56311F0482ABC049C7292CB74A845C791
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1943569 Relevance: 1.6, APIs: 1, Instructions: 109fileCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1446 7ff7c1943569-7ff7c19435d8 1451 7ff7c19435da-7ff7c19435df 1446->1451 1452 7ff7c19435e2-7ff7c1943614 DeleteFileW 1446->1452 1451->1452 1453 7ff7c194361c-7ff7c194364a 1452->1453 1454 7ff7c1943616 1452->1454 1454->1453
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2513604362.00007FF7C1940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1940000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID: DeleteFile
                                • String ID:
                                • API String ID: 4033686569-0
                                • Opcode ID: ae0fdb56f9143745cec4f4434a82921489172df7c2f282b9c2dcbb136439e901
                                • Instruction ID: 9f2b69e48c5ff972780cfcffc66939122b95aadc08cc8db9fc8c683498a592fd
                                • Opcode Fuzzy Hash: ae0fdb56f9143745cec4f4434a82921489172df7c2f282b9c2dcbb136439e901
                                • Instruction Fuzzy Hash: 9031EF7190CB5C8FDB59DB6888496E9BBF0FF65320F04826BC049D3292CB74A805CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCA021 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1456 7ff7c1bca021-7ff7c1bca074 1458 7ff7c1bca373-7ff7c1bca37d 1456->1458 1459 7ff7c1bca07a-7ff7c1bca07f 1456->1459 1466 7ff7c1bca37e-7ff7c1bca3ee 1458->1466 1460 7ff7c1bca081-7ff7c1bca086 call 7ff7c1bb2438 1459->1460 1461 7ff7c1bca08b-7ff7c1bca0a4 1459->1461 1460->1461 1464 7ff7c1bca0a6-7ff7c1bca0b2 1461->1464 1465 7ff7c1bca0b8-7ff7c1bca0e5 1461->1465 1464->1465 1465->1466 1468 7ff7c1bca0eb-7ff7c1bca0f6 1465->1468 1494 7ff7c1bca3f0-7ff7c1bca3f6 1466->1494 1495 7ff7c1bca40b-7ff7c1bca41c 1466->1495 1470 7ff7c1bca1b4-7ff7c1bca1b9 1468->1470 1471 7ff7c1bca0fc-7ff7c1bca10a 1468->1471 1474 7ff7c1bca1bf-7ff7c1bca1c9 1470->1474 1475 7ff7c1bca23e-7ff7c1bca248 1470->1475 1471->1466 1473 7ff7c1bca110-7ff7c1bca121 1471->1473 1476 7ff7c1bca123-7ff7c1bca146 1473->1476 1477 7ff7c1bca189-7ff7c1bca1a0 1473->1477 1474->1466 1480 7ff7c1bca1cf-7ff7c1bca1e3 1474->1480 1478 7ff7c1bca26a-7ff7c1bca271 1475->1478 1479 7ff7c1bca24a-7ff7c1bca268 call 7ff7c1bb2458 1475->1479 1484 7ff7c1bca14c-7ff7c1bca15f 1476->1484 1485 7ff7c1bca1e8-7ff7c1bca1ed 1476->1485 1477->1466 1486 7ff7c1bca1a6-7ff7c1bca1ae 1477->1486 1482 7ff7c1bca274-7ff7c1bca27e 1478->1482 1479->1478 1480->1482 1482->1466 1487 7ff7c1bca284-7ff7c1bca29c 1482->1487 1488 7ff7c1bca163-7ff7c1bca187 1484->1488 1485->1488 1486->1470 1486->1471 1487->1466 1490 7ff7c1bca2a2-7ff7c1bca2ba 1487->1490 1488->1477 1502 7ff7c1bca1f2-7ff7c1bca1f5 1488->1502 1490->1466 1493 7ff7c1bca2c0-7ff7c1bca2e5 1490->1493 1493->1466 1514 7ff7c1bca2eb-7ff7c1bca2fe 1493->1514 1498 7ff7c1bca451-7ff7c1bca494 call 7ff7c1bb6a10 1494->1498 1499 7ff7c1bca3f8-7ff7c1bca409 1494->1499 1500 7ff7c1bca42d-7ff7c1bca450 1495->1500 1501 7ff7c1bca41e-7ff7c1bca42b 1495->1501 1519 7ff7c1bca496-7ff7c1bca4ae 1498->1519 1520 7ff7c1bca4b0 1498->1520 1499->1494 1499->1495 1501->1500 1503 7ff7c1bca20b-7ff7c1bca218 1502->1503 1504 7ff7c1bca1f7-7ff7c1bca207 1502->1504 1503->1466 1506 7ff7c1bca21e-7ff7c1bca23d 1503->1506 1504->1503 1517 7ff7c1bca300-7ff7c1bca30b 1514->1517 1518 7ff7c1bca361-7ff7c1bca372 1514->1518 1517->1518 1524 7ff7c1bca30d-7ff7c1bca324 1517->1524 1519->1520 1523 7ff7c1bca4b7-7ff7c1bca4d9 1520->1523 1526 7ff7c1bca335-7ff7c1bca35c call 7ff7c1bb2458 1524->1526 1527 7ff7c1bca326-7ff7c1bca333 1524->1527 1526->1518 1527->1526
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID: d
                                • API String ID: 0-2564639436
                                • Opcode ID: 07a0ef3b24a4d7fcc8686168c9e75ecaa48b51f6160a67d56b59696355a37f3a
                                • Instruction ID: f0fb798be804df92ba3c3cb9b0010485dfdd82e3abb37ddfcff33948c9be00b3
                                • Opcode Fuzzy Hash: 07a0ef3b24a4d7fcc8686168c9e75ecaa48b51f6160a67d56b59696355a37f3a
                                • Instruction Fuzzy Hash: DCA1EF30618A098FDB08EF18C495A76B3E1FF99354B6446BDD84AC7286DA75FC43CB81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB3510 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1591 7ff7c1bb3510-7ff7c1bb355b call 7ff7c1bb3490 1594 7ff7c1bb359f-7ff7c1bb35b0 1591->1594 1595 7ff7c1bb355d-7ff7c1bb3577 1591->1595 1596 7ff7c1bb35b2 1594->1596 1597 7ff7c1bb35b7-7ff7c1bb35e0 call 7ff7c1bb3490 1594->1597 1600 7ff7c1bb3590-7ff7c1bb359e 1595->1600 1601 7ff7c1bb3579-7ff7c1bb3586 1595->1601 1596->1597 1605 7ff7c1bb3622-7ff7c1bb3632 1597->1605 1606 7ff7c1bb35e2-7ff7c1bb35fc 1597->1606 1601->1600 1603 7ff7c1bb3588-7ff7c1bb358e 1601->1603 1603->1600 1610 7ff7c1bb3634-7ff7c1bb3636 1605->1610 1611 7ff7c1bb3638-7ff7c1bb3659 1605->1611 1612 7ff7c1bb3615-7ff7c1bb361d 1606->1612 1613 7ff7c1bb35fe-7ff7c1bb360b 1606->1613 1615 7ff7c1bb3663-7ff7c1bb3666 1610->1615 1618 7ff7c1bb3660-7ff7c1bb3661 1611->1618 1614 7ff7c1bb36a7-7ff7c1bb36be call 7ff7c1bb36bf 1612->1614 1613->1612 1616 7ff7c1bb360d-7ff7c1bb3613 1613->1616 1619 7ff7c1bb36a3-7ff7c1bb36a4 1615->1619 1620 7ff7c1bb3668-7ff7c1bb369c 1615->1620 1616->1612 1618->1615 1619->1614 1620->1619
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID: %_L
                                • API String ID: 0-1469106525
                                • Opcode ID: 380aec6c5bbb18e78986f9ca8a5833ff53c344b2d70981a96dd8e8f94fa85736
                                • Instruction ID: 76a3c1961ccc739674c49ad18494373bcf09c8a6ed2a21ba3b31d88e1bb0e745
                                • Opcode Fuzzy Hash: 380aec6c5bbb18e78986f9ca8a5833ff53c344b2d70981a96dd8e8f94fa85736
                                • Instruction Fuzzy Hash: C251B030A18A194FDBA8FF6884556B9F3E1FF98321B50457AD40ED3692DE34E8468B80
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBC349 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1625 7ff7c1bbc349-7ff7c1bbc3fe 1632 7ff7c1bbc400-7ff7c1bbc408 1625->1632 1633 7ff7c1bbc478-7ff7c1bbc4e7 call 7ff7c1bb6690 1625->1633 1634 7ff7c1bbc441-7ff7c1bbc461 1632->1634 1635 7ff7c1bbc40a-7ff7c1bbc438 1632->1635 1643 7ff7c1bbc4f1-7ff7c1bbc52f 1633->1643 1635->1634
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID: a%_H
                                • API String ID: 0-3648799560
                                • Opcode ID: 270146d521089ac809c2af30abcb79c7cb9a8a2afec6ac32813a952b29797a31
                                • Instruction ID: 72e3a7f8ffc7f71eb31825117396659cebb3dacaa155d3d0c1d29d54328c9a4b
                                • Opcode Fuzzy Hash: 270146d521089ac809c2af30abcb79c7cb9a8a2afec6ac32813a952b29797a31
                                • Instruction Fuzzy Hash: 5A519071618E4A8FD789EB288091BA5F391FF88354B50457DD45ED3683DE28F9428B80
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C182ED65 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1646 7ff7c182ed65-7ff7c182ed67 1647 7ff7c182ed69-7ff7c182ed7b 1646->1647 1648 7ff7c182ed87-7ff7c182edb5 1646->1648 1647->1648 1651 7ff7c182edb6-7ff7c182edb9 1648->1651 1653 7ff7c182edca-7ff7c182edcc 1651->1653 1654 7ff7c182edbb-7ff7c182edc5 1651->1654 1656 7ff7c182edcd-7ff7c182ee1b 1653->1656 1655 7ff7c182edc7 1654->1655 1654->1656 1655->1653 1656->1651 1658 7ff7c182ee1d-7ff7c182ee3b 1656->1658 1659 7ff7c182ee3d-7ff7c182ee44 1658->1659 1660 7ff7c182ee6b-7ff7c182ee80 1659->1660 1661 7ff7c182ee46-7ff7c182ee5f 1659->1661 1662 7ff7c182ee63-7ff7c182ee69 1661->1662 1662->1659
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2513339826.00007FF7C182D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C182D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c182d000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID: xr_!
                                • API String ID: 0-2851125908
                                • Opcode ID: 8185b78a929db0818914e1f53f888f5306019a469409ca95e841f134d17c766d
                                • Instruction ID: 35026c9539bcac39aa5c87414c8d783f96b724fec00eaea855d7922ab028eee4
                                • Opcode Fuzzy Hash: 8185b78a929db0818914e1f53f888f5306019a469409ca95e841f134d17c766d
                                • Instruction Fuzzy Hash: B441903180DB848FD7579F2C98459627FF0EF53220B1905EFD088CB1A3D668A85AC7A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB20E2 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1663 7ff7c1bb20e2-7ff7c1bb2149 1671 7ff7c1bb216e-7ff7c1bb2215 1663->1671 1672 7ff7c1bb214b-7ff7c1bb216d 1663->1672 1682 7ff7c1bb2217-7ff7c1bb2220 1671->1682 1683 7ff7c1bb222d-7ff7c1bb2235 1671->1683 1672->1671 1684 7ff7c1bb2227-7ff7c1bb222b 1682->1684 1684->1682 1684->1683
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID: #&_^
                                • API String ID: 0-519297270
                                • Opcode ID: 3850bcbc1fcad32f0afbbb219c41f24dc244028c38f60601831704eb7c371d24
                                • Instruction ID: 680ea618ed68e406cf3622090c071a3146a5d6ddb3f94311ac9b9348096e9b8e
                                • Opcode Fuzzy Hash: 3850bcbc1fcad32f0afbbb219c41f24dc244028c38f60601831704eb7c371d24
                                • Instruction Fuzzy Hash: 4531197BA085254BC300BE7DF885AE8B350DF867377488677C1DCCA283DA2878C586E4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB20D7 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1685 7ff7c1bb20d7-7ff7c1bb20d9 1686 7ff7c1bb20fe-7ff7c1bb2149 1685->1686 1687 7ff7c1bb20db-7ff7c1bb20df 1685->1687 1691 7ff7c1bb216e-7ff7c1bb2215 1686->1691 1692 7ff7c1bb214b-7ff7c1bb216d 1686->1692 1687->1686 1702 7ff7c1bb2217-7ff7c1bb2220 1691->1702 1703 7ff7c1bb222d-7ff7c1bb2235 1691->1703 1692->1691 1704 7ff7c1bb2227-7ff7c1bb222b 1702->1704 1704->1702 1704->1703
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID: #&_^
                                • API String ID: 0-519297270
                                • Opcode ID: 426a3b3ec2e3936ab68b754cc107c58ab4c87e9b055810ecc4686f69f16ad925
                                • Instruction ID: 3e11475cfc1a2ce325ae2fe560cc3ee6d1b5b89dac879beb052c6f60f72286bf
                                • Opcode Fuzzy Hash: 426a3b3ec2e3936ab68b754cc107c58ab4c87e9b055810ecc4686f69f16ad925
                                • Instruction Fuzzy Hash: F431F67BB085294BD311BE7DF885AE8B390DF8673674846B7C1D8CA283D91878C586E4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB20CF Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1705 7ff7c1bb20cf-7ff7c1bb2149 1711 7ff7c1bb216e-7ff7c1bb2215 1705->1711 1712 7ff7c1bb214b-7ff7c1bb216d 1705->1712 1722 7ff7c1bb2217-7ff7c1bb2220 1711->1722 1723 7ff7c1bb222d-7ff7c1bb2235 1711->1723 1712->1711 1724 7ff7c1bb2227-7ff7c1bb222b 1722->1724 1724->1722 1724->1723
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID: #&_^
                                • API String ID: 0-519297270
                                • Opcode ID: 8065544ecc9869f270bfb6512db833c15c3b7a83d06af5e3ef40e62e78c90e14
                                • Instruction ID: a03138c1ef19dc21b47e1803744550cdd9874217ccf53a9edb84e843334dcda3
                                • Opcode Fuzzy Hash: 8065544ecc9869f270bfb6512db833c15c3b7a83d06af5e3ef40e62e78c90e14
                                • Instruction Fuzzy Hash: 44310D7BB085194BC301BD7DF8856E8B790DF867377544677C1D8CA283D91878C586E4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C801BA Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1725 7ff7c1c801ba-7ff7c1c801c1 1726 7ff7c1c8079d-7ff7c1c80805 1725->1726 1727 7ff7c1c801c7-7ff7c1c80203 1725->1727 1729 7ff7c1c80209-7ff7c1c80212 1727->1729 1731 7ff7c1c8022c-7ff7c1c80266 1729->1731 1732 7ff7c1c80214-7ff7c1c80222 1729->1732 1731->1726 1732->1731 1733 7ff7c1c80224-7ff7c1c8022a 1732->1733 1733->1731
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID: "$_L
                                • API String ID: 0-1450318517
                                • Opcode ID: 84cf8c29885e12de1bcd65fb57a328a586aa1cb1eaba24a4edae5ed7df791b41
                                • Instruction ID: e963a0f1486a8884a4e9a1b77ced98a55f72f8f89df04538f2a2b0da33278414
                                • Opcode Fuzzy Hash: 84cf8c29885e12de1bcd65fb57a328a586aa1cb1eaba24a4edae5ed7df791b41
                                • Instruction Fuzzy Hash: 8F31F030B1CA494FE398EB2C58663B4F7C1FB59321F5402BEE04AC3693DE54AC528786
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C182ED80 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1741 7ff7c182ed80-7ff7c182edb5 1744 7ff7c182edb6-7ff7c182edb9 1741->1744 1745 7ff7c182edca-7ff7c182edcc 1744->1745 1746 7ff7c182edbb-7ff7c182edc5 1744->1746 1748 7ff7c182edcd-7ff7c182ee1b 1745->1748 1747 7ff7c182edc7 1746->1747 1746->1748 1747->1745 1748->1744 1750 7ff7c182ee1d-7ff7c182ee3b 1748->1750 1751 7ff7c182ee3d-7ff7c182ee44 1750->1751 1752 7ff7c182ee6b-7ff7c182ee80 1751->1752 1753 7ff7c182ee46-7ff7c182ee5f 1751->1753 1754 7ff7c182ee63-7ff7c182ee69 1753->1754 1754->1751
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2513339826.00007FF7C182D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C182D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c182d000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID: xr_!
                                • API String ID: 0-2851125908
                                • Opcode ID: fcd1f3998b5c5c417e2a519236df14e100e1bccb0a2adbf28f3c090a0700ca03
                                • Instruction ID: fb0e0aff1d496c5182400ae5c8df2623a8377b256f57ecfe63d843c6e54ce053
                                • Opcode Fuzzy Hash: fcd1f3998b5c5c417e2a519236df14e100e1bccb0a2adbf28f3c090a0700ca03
                                • Instruction Fuzzy Hash: CC31AD7080DBC49FD7579B2C88559627FF0EF57320B1905EED088CB1A3D668A84AC7A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBD6D4 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID: N%_H
                                • API String ID: 0-556661792
                                • Opcode ID: e863d198c2105bef8d338059ea2742979efc37c39a20509d2695bdbca4594f05
                                • Instruction ID: cc9391ed4d63278522967015e215fdc539191eb45b461bd4631e30f4786056d8
                                • Opcode Fuzzy Hash: e863d198c2105bef8d338059ea2742979efc37c39a20509d2695bdbca4594f05
                                • Instruction Fuzzy Hash: 4C213671B0C6094FE3185B2D981A1B5BBD2EF8A325B45426FE44EC7393DD35AC438684
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCBDF0 Relevance: 1.2, Instructions: 1160COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: afd4e5eaa3885dd96daadfa4359566bcdc6d4476992d7124f170f6a1eabf6b86
                                • Instruction ID: 64fd9ef092653f2c40099bb1114f7c344b5df0efb07f93f55c52e2ff7cd39182
                                • Opcode Fuzzy Hash: afd4e5eaa3885dd96daadfa4359566bcdc6d4476992d7124f170f6a1eabf6b86
                                • Instruction Fuzzy Hash: 80824E7190C6854FD765EF2C88665A8BBE0EF9A330F4401F9D48DCB593DA687C0ACB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCC7D0 Relevance: 1.0, Instructions: 1005COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8daaf4d8c7f860a27548faf75992bacf36850215c429d1af21f4071d7a2a8768
                                • Instruction ID: 364fddd6cd193c0631b7acce768f83384adceee760d013f312931afe5b1573ac
                                • Opcode Fuzzy Hash: 8daaf4d8c7f860a27548faf75992bacf36850215c429d1af21f4071d7a2a8768
                                • Instruction Fuzzy Hash: 7C62C630A1894A8FDB98EF1CC456AA9B7E1FFA8310F500179E44DC7296CE74F856CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCFB50 Relevance: 1.0, Instructions: 994COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c54f036c181d7f4ff1a44738784994db4d1fcf1b96a062b2052a449abc2dce96
                                • Instruction ID: acf1fe7d76fa7241bc552b6993f9d147e8ca92ca8d2931f86f8eecf5ae664b1c
                                • Opcode Fuzzy Hash: c54f036c181d7f4ff1a44738784994db4d1fcf1b96a062b2052a449abc2dce96
                                • Instruction Fuzzy Hash: 7272057181D6C64FE369BF2484166A4BFE0EF56320F4415FDD48DCB4A3DA9CA80ACB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BD185C Relevance: .8, Instructions: 806COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8eba1664b26a99306f75df3498b5b08c652b88e5f8cb15e506ddb4966665db0f
                                • Instruction ID: 78a1f8824b3856c563a36417e18a291144be848d13d3d11ee88b26ffce297231
                                • Opcode Fuzzy Hash: 8eba1664b26a99306f75df3498b5b08c652b88e5f8cb15e506ddb4966665db0f
                                • Instruction Fuzzy Hash: E3425D30B18A598FDB98FF2884557A9B7E2FF59310F5041B9D04EC7296CE74AC82CB85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCC9B0 Relevance: .8, Instructions: 769COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 983566ab5b740000352818dbe31173f292b9ca3626cc24ca3aa9f7f98bbe3494
                                • Instruction ID: 3441f1d00d2c8b34b92dafb02e9a4d717f5fa97996a11410c412733ecd57c46a
                                • Opcode Fuzzy Hash: 983566ab5b740000352818dbe31173f292b9ca3626cc24ca3aa9f7f98bbe3494
                                • Instruction Fuzzy Hash: DE42403061894D8FDB98EF2CC4A5AA9B7E1FF68354F5001B9E40DC7296CE75E852CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB97C0 Relevance: .7, Instructions: 728COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6e17bd032657dabac2977a78b5011612c384d691f522e6f896fe090d4c798bcc
                                • Instruction ID: 8337937ae58bc3d5bb0f2875bd8506dc0f58617c19edb7cb84671c6c49c7a8e2
                                • Opcode Fuzzy Hash: 6e17bd032657dabac2977a78b5011612c384d691f522e6f896fe090d4c798bcc
                                • Instruction Fuzzy Hash: 4A22C270B189094FEB98FF2C9455AB9B3E1FF99310F4101B9D84EC72A2DE64EC428B55
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC2A17 Relevance: .7, Instructions: 657COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4de93289fec2f8f1731ccd58d7bd5a3bc2879d88699cb0603312b812a5e8923b
                                • Instruction ID: c1f2406dc816d0be6179b3ffed6179bf7e87ea4de9e0b6a142610f0069774b15
                                • Opcode Fuzzy Hash: 4de93289fec2f8f1731ccd58d7bd5a3bc2879d88699cb0603312b812a5e8923b
                                • Instruction Fuzzy Hash: C0F17E71D08A5A8EEB99EF6884557BDB7F1FF59310F9001BAD00DD7282CE38A981CB11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BD18A1 Relevance: .5, Instructions: 524COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bc16431101ca3a674a4384bdb8e5d90e372e2e1a07ab2053aa9721f2925f3dce
                                • Instruction ID: ff0d0a497c7c6c3343f1b8c3a70e9ababf147420232249dd9dcfe9adf6c854b0
                                • Opcode Fuzzy Hash: bc16431101ca3a674a4384bdb8e5d90e372e2e1a07ab2053aa9721f2925f3dce
                                • Instruction Fuzzy Hash: 6EF13C30A18A598FDB98FF2894557A9B7E2FF59310F5041BAD00DC3296DE74AC82CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC9640 Relevance: .5, Instructions: 499COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 028d5878c88092c8cdcbee6d074681167f0743b3f9cb240b6f2351179ac74042
                                • Instruction ID: 9ceb4e4ec1678c8bcd60faa04222a43f801ec7212b723dfa3b661da85b353233
                                • Opcode Fuzzy Hash: 028d5878c88092c8cdcbee6d074681167f0743b3f9cb240b6f2351179ac74042
                                • Instruction Fuzzy Hash: 5DF1B230A0894E8FDF95EF6CC8556AEB7E1FF99310B54017AD40AC7286CE74AC42CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB9763 Relevance: .4, Instructions: 443COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7e85c8a1a0e4cf3401daec5c127f1724080697a06acf6a2745d4dcf11268d17b
                                • Instruction ID: 3e4688412ee7de87048125d6445efe6dd21d98764857d5ab31b9899b649d3aca
                                • Opcode Fuzzy Hash: 7e85c8a1a0e4cf3401daec5c127f1724080697a06acf6a2745d4dcf11268d17b
                                • Instruction Fuzzy Hash: 39D18F706189098FEB98FF2CC458A79B7E1FF59310B4101B9E84EC72A2DE64EC42CB55
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB2C10 Relevance: .4, Instructions: 411COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a08c7435da67cfa9dbcdeb6142111724f2297f415d7cedac62eb1687f2f2b6a3
                                • Instruction ID: a42dc47d492169a5225f595a282445357d30ae729b3bae2ebe85f850cf85df96
                                • Opcode Fuzzy Hash: a08c7435da67cfa9dbcdeb6142111724f2297f415d7cedac62eb1687f2f2b6a3
                                • Instruction Fuzzy Hash: E8C15931A0CD894FE765FF2988556A8B7D0FF98320B8401F9D44DC7692DD6CBC068B51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBF76B Relevance: .4, Instructions: 399COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e42b063e445948dd9047a32892e8563619b73a294c5c45a45f760e2e2dd86c9c
                                • Instruction ID: 6739d620bad809153b59e774daedfabed6e589f3443d084457adff5cf495e1da
                                • Opcode Fuzzy Hash: e42b063e445948dd9047a32892e8563619b73a294c5c45a45f760e2e2dd86c9c
                                • Instruction Fuzzy Hash: CAD1B334A0891A8FEB94EF28C494775B7E2FF54310F9492B9C44DC3995DA78EC81CB94
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB8C13 Relevance: .4, Instructions: 397COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0f6c2106f10168c44c0e54b33ab02bb04efe36371fadc597c32c35b3308ce9e4
                                • Instruction ID: 44290d118a769399a6aec2e4a153f5256dd8c3a03fe07a18f5b744faff35c8c9
                                • Opcode Fuzzy Hash: 0f6c2106f10168c44c0e54b33ab02bb04efe36371fadc597c32c35b3308ce9e4
                                • Instruction Fuzzy Hash: C8D12520A0CA4A4FE795EF2C84557B8B7D1FF54320F9401BDD88EC75D3DE68A8468B28
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB26FA Relevance: .4, Instructions: 365COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4eb1271f91eb84b36f97131c8ae9d2cbbd7aaca9b60b9eaf2482eecd3013bf8d
                                • Instruction ID: 96a78ab8584502f683b940034e3faa4185ddacf12bfdf310c2f4bf0010d70ec6
                                • Opcode Fuzzy Hash: 4eb1271f91eb84b36f97131c8ae9d2cbbd7aaca9b60b9eaf2482eecd3013bf8d
                                • Instruction Fuzzy Hash: 22415B61A1DA854FE745BB388C912E5BBA0FF4A315B4441B7D04EC72D3CE28BC4AC7A1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB93C1 Relevance: .4, Instructions: 353COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 42d5a05746afa02e85e7fd71cf72576de173fa60203ddb990034fe24f71f517b
                                • Instruction ID: ef65090fbd868795d2540c46fbb3b9f1906078708c34c2e1e1564c2d8e8c0045
                                • Opcode Fuzzy Hash: 42d5a05746afa02e85e7fd71cf72576de173fa60203ddb990034fe24f71f517b
                                • Instruction Fuzzy Hash: 75A1C270B1C9594FEB98EF2C845977977D1FF99320F4401BAE44EC7292CE68AC428B41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBA450 Relevance: .3, Instructions: 349COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2e6d0969e02e02f0d6d1a4adc598c944b0b12f027ce8e8000d1e9c42dcf0ea81
                                • Instruction ID: 700b7d22f50f245c64d7f1107846715ba3bf9a6e86f266503cf437550d7cc919
                                • Opcode Fuzzy Hash: 2e6d0969e02e02f0d6d1a4adc598c944b0b12f027ce8e8000d1e9c42dcf0ea81
                                • Instruction Fuzzy Hash: 95B17D30E18A098FDBA8EF28C485BB9B7E1FF98311F544179D44ED7692DF34A8818B40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BD1536 Relevance: .3, Instructions: 328COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b79353395963fb83a7ed71add069b290f83d47a4dd94730cb8cb1d91af2cd4fd
                                • Instruction ID: b3da86332c9d8a125a32473b75a8bcefa482f0bd955e79f132f57f65a3c95749
                                • Opcode Fuzzy Hash: b79353395963fb83a7ed71add069b290f83d47a4dd94730cb8cb1d91af2cd4fd
                                • Instruction Fuzzy Hash: 4DB10B30A1891D8FDB98FF28C891BA9B3A1FF59310F5051B9D00DD3296CE75AD86CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC1889 Relevance: .3, Instructions: 327COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 780c6f47d2863ada970e0ad35d42793749c39b2f507ef28f762a93773105b043
                                • Instruction ID: 30588ffb37561ca03948365507226e8a1796b31a1e10e0c383ba71e7bb76261c
                                • Opcode Fuzzy Hash: 780c6f47d2863ada970e0ad35d42793749c39b2f507ef28f762a93773105b043
                                • Instruction Fuzzy Hash: B0A15575A08A494FD784FF2898967E9B7A0FF59314F44017AE06DC7293CE28B881CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB3140 Relevance: .3, Instructions: 326COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7d01e75b3cd00064b97cc870c13720bb6daaf9151378b5cd051542e14997e72d
                                • Instruction ID: d308200b908de5d4bd52b19c15090e4226ce3049beb87154f6ed5dc0fe79bf19
                                • Opcode Fuzzy Hash: 7d01e75b3cd00064b97cc870c13720bb6daaf9151378b5cd051542e14997e72d
                                • Instruction Fuzzy Hash: 18A18D30A18A098FDB98FF2CD4516B9B3E1FF88324F504179E85ED3692CE75E8128B54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC18A0 Relevance: .3, Instructions: 319COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 18b3782c05dcb96bb99f60fe30fb816de177533eea1cbb9d7833190dc46f8ce5
                                • Instruction ID: 199653985af164fd85f2177ea6b85df1eb7775b632611e02d1c7d8008aec8a23
                                • Opcode Fuzzy Hash: 18b3782c05dcb96bb99f60fe30fb816de177533eea1cbb9d7833190dc46f8ce5
                                • Instruction Fuzzy Hash: 89A13675A089094FDB84FF6C98567E9B390FF59315F44453AE02DC7293CE28B881CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC13E9 Relevance: .3, Instructions: 317COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7540ea205f8924309f171cd5b54328d98c2076c5417b1cfdd52bade2a850f79d
                                • Instruction ID: d695021018e44152f413e3a1dc32f2ab1dc6dc874f88e041ea1bc2910a63f489
                                • Opcode Fuzzy Hash: 7540ea205f8924309f171cd5b54328d98c2076c5417b1cfdd52bade2a850f79d
                                • Instruction Fuzzy Hash: C6A13D71E08A46CFE754EF2888A61B4F7D1FF56720B88117DD44DD7282DE68A807CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC18D3 Relevance: .3, Instructions: 312COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 09a5d672d64e9232a1f0cd1371d99fbe12b912e33885e75cf4c52dc19c00d3b2
                                • Instruction ID: 4c19d331e9ae031c98e54d2b65131f722b39c98b058c8e411c776c333b6f90e8
                                • Opcode Fuzzy Hash: 09a5d672d64e9232a1f0cd1371d99fbe12b912e33885e75cf4c52dc19c00d3b2
                                • Instruction Fuzzy Hash: 1CA12475A189094FDB84FF6898557E9B391FF99315F44453AE02DC7293CE28F881CB81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB8D89 Relevance: .3, Instructions: 300COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 28a8d7d802bb716837ada6c22ea155e63c678eef4dc02843dd163f21c4b8202f
                                • Instruction ID: 999d457561b0d02fe1b61e26909a15e4bfd44fe4d26a4e609270b89f3f2dc102
                                • Opcode Fuzzy Hash: 28a8d7d802bb716837ada6c22ea155e63c678eef4dc02843dd163f21c4b8202f
                                • Instruction Fuzzy Hash: 07916330A089094FEB98EE1D84957B8B3E2FF98314F90517DD84EC36D3DE69E8468B54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB8D58 Relevance: .3, Instructions: 298COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: af26227d0a13383bed83c18f3127a559048a76ad8570dd72afd9e94cca73e873
                                • Instruction ID: b96c12ba9e2b6e2adbbdc449405884ebfbdec9416e9127b9453b66c551e50800
                                • Opcode Fuzzy Hash: af26227d0a13383bed83c18f3127a559048a76ad8570dd72afd9e94cca73e873
                                • Instruction Fuzzy Hash: 66918530A089094FEB98EE1D84557B8B3E2FF98314F94517DD84EC36D3DE68E8458B58
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCE519 Relevance: .3, Instructions: 298COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1e9233298c806b3d241c1a64e9ba8801f3f9942014855caa50cc60033e228be0
                                • Instruction ID: d9d1c5adf665ed91c25ec6a1f7ec8bdb352fa3aed2cd72a296d12ba5ef502025
                                • Opcode Fuzzy Hash: 1e9233298c806b3d241c1a64e9ba8801f3f9942014855caa50cc60033e228be0
                                • Instruction Fuzzy Hash: 2A810761B1C9498FEB99EB2D88257787BD1FF99350B5400B9E08EC72D3DD58AC02C791
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCB8E5 Relevance: .3, Instructions: 297COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5cacf1a233ff9ca623d75862244e14876884dfa4fb8319c23085095c088bfa4c
                                • Instruction ID: 5d5bddc2fc2184cca0c52bc45f28ab68a82ad57a167d257b19f65c2026aec7cf
                                • Opcode Fuzzy Hash: 5cacf1a233ff9ca623d75862244e14876884dfa4fb8319c23085095c088bfa4c
                                • Instruction Fuzzy Hash: F4914E30A0CA4D4FEB55EF3C84556A8BBE1FF59362F4501BAD44DCB193CE68A806CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB8CE8 Relevance: .3, Instructions: 296COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c9f2c80532d9b25bc9b1d08d7ee7ca5c1185c93ae5046f842badfa9719228827
                                • Instruction ID: 0d8bdf8d1a91487edea6769e5f1547049d953f68bcce776db70de5c77d9d1b56
                                • Opcode Fuzzy Hash: c9f2c80532d9b25bc9b1d08d7ee7ca5c1185c93ae5046f842badfa9719228827
                                • Instruction Fuzzy Hash: D8919530A089094FEB98EE1D84557B8B3D2FF98314F90517CD84EC36D3DE68E8468B58
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB8D01 Relevance: .3, Instructions: 296COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2c2eea4147656b57ae6345e5ebd3ff59a0e7b249227f1a27e217423544afd8c8
                                • Instruction ID: c669c635722c34a4f779937029b530f792076f13eed758c8758f96362addc375
                                • Opcode Fuzzy Hash: 2c2eea4147656b57ae6345e5ebd3ff59a0e7b249227f1a27e217423544afd8c8
                                • Instruction Fuzzy Hash: 15918520A089094FEB98EE2D84557B8B7E2FF98314F90517DD84EC36D3DE68EC458B58
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB8D45 Relevance: .3, Instructions: 292COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: db10a4d6170a9403d7fea92e0a6532290a18fa625708addfc2afd8f3feb6ef65
                                • Instruction ID: e517b3154e215271f5e0b6e9c59e3f8ce56fd4ca00a218288b0172c54e7f7055
                                • Opcode Fuzzy Hash: db10a4d6170a9403d7fea92e0a6532290a18fa625708addfc2afd8f3feb6ef65
                                • Instruction Fuzzy Hash: 36917430A089094FEB98EE2D84557B8B3E2FF98314F90517DD84EC36D3DE69E8458B58
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB6FC5 Relevance: .3, Instructions: 285COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 29a41e47a7e70a5f41054540ac39ae0f95380c80347b1d96be33847db3ebcc4d
                                • Instruction ID: 0d344c1245c68ba93833409354d1fb98b38cd948eb11a1ef9c2fe5f5ef83685e
                                • Opcode Fuzzy Hash: 29a41e47a7e70a5f41054540ac39ae0f95380c80347b1d96be33847db3ebcc4d
                                • Instruction Fuzzy Hash: 7A715631B1C9494FE798FA2CA8496B577D2EF89320B4411BAE44EC7693DD24EC438791
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCCE8F Relevance: .3, Instructions: 275COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e36ba50ecd409dad6cce6b76eda109304d1e7de32410fcb1ba05ce0eedfe874b
                                • Instruction ID: 9d23516aa3feb26790ab1a9e1c8301298c47c8f3ac9047ebe716caf94649a610
                                • Opcode Fuzzy Hash: e36ba50ecd409dad6cce6b76eda109304d1e7de32410fcb1ba05ce0eedfe874b
                                • Instruction Fuzzy Hash: F191DE307189098FDB98EF2CD495AA9B7E2FF98355B504179E40DC7296CE35EC92CB80
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C820ED Relevance: .3, Instructions: 273COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c46f9a0312453aceeaeb3c65d8ee094605f95dedf603f4ae86ca8af744638e2d
                                • Instruction ID: 0906c8bcff015bff57961f0eebac28406f92d0d613c41e41ff825802e0bf5ad5
                                • Opcode Fuzzy Hash: c46f9a0312453aceeaeb3c65d8ee094605f95dedf603f4ae86ca8af744638e2d
                                • Instruction Fuzzy Hash: 21818211B28E9A0FF799FF5C44A6375A696EF99720F940079D20CC76C7CE98EC0183A1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC426B Relevance: .3, Instructions: 272COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 41a8e47b0876f91ffcb6269ac4a92d0c43a88e4d06ea64b827267ef4f6eea439
                                • Instruction ID: 29fc4cb66208ffbf5c76f7855e6452c6fa4c9c85ebbcbbf08fcbfd2e24bec2c1
                                • Opcode Fuzzy Hash: 41a8e47b0876f91ffcb6269ac4a92d0c43a88e4d06ea64b827267ef4f6eea439
                                • Instruction Fuzzy Hash: 4671B071D08A5C8FDB55EF28D855BE9BBB1EF59310F0082AAD04DD7282DE34A985CF81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCDC82 Relevance: .3, Instructions: 270COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 216ebd2ca003ec1ac0affea71c2a744500b961662eadfa1ac80be6fc57d20085
                                • Instruction ID: 96be99d6e13facde29e5bafb0045da0fd4dbed6a0ef8d7dd83ee36154db1558d
                                • Opcode Fuzzy Hash: 216ebd2ca003ec1ac0affea71c2a744500b961662eadfa1ac80be6fc57d20085
                                • Instruction Fuzzy Hash: 8B719071B1894A8FEB88EF1C94957B9B3D2FF98750B544179D44EC7286DE24AC4287C0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBCD75 Relevance: .3, Instructions: 269COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e912ae438db3f1c4556688e7aaa9e8584e3106e3ed610a51d2b1178e47cdc7fc
                                • Instruction ID: 4ad22f9b95b8744f31448a28009ee04a86adb3e6702695b4a302379300a8c819
                                • Opcode Fuzzy Hash: e912ae438db3f1c4556688e7aaa9e8584e3106e3ed610a51d2b1178e47cdc7fc
                                • Instruction Fuzzy Hash: 1981B231A18A4E8FDB94EF28C8516B577E1FF49324F8401BAE40DC7592DA29F846CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BD038F Relevance: .3, Instructions: 264COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 040d68ec4ea5120cbd469ee69f9a7608e48bfefe34bd57aa4bf4b422b0b1cc7b
                                • Instruction ID: cb92b96a941ee2cfc0c8311b7daed243e8a0049fb130e27089356e94a97d0281
                                • Opcode Fuzzy Hash: 040d68ec4ea5120cbd469ee69f9a7608e48bfefe34bd57aa4bf4b422b0b1cc7b
                                • Instruction Fuzzy Hash: BC718D3071CD498FD789FF2C9495A69B7E1FF98320B9411B9E44DC32A6CE64EC428B81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BD0170 Relevance: .3, Instructions: 256COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7306de4e889f284784ed256d9be53977dec731564689bc059ba5803cdeaba449
                                • Instruction ID: b4bb1c224b54fc28f65b39fd1f17dc7143fddaaa5fffc413cd22699842e2b0f1
                                • Opcode Fuzzy Hash: 7306de4e889f284784ed256d9be53977dec731564689bc059ba5803cdeaba449
                                • Instruction Fuzzy Hash: 3F710A6180F7C60FD76EBE3448162A5BFD0EF86220F9415FEC4C9CB597D958980A87A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBD231 Relevance: .2, Instructions: 244COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7b4e7fbdd1727ce9603b000e9c0d1f140c99cd9d8e2d5f9c16834c3c449fcdd4
                                • Instruction ID: 7c858faed0e8e193c71855e0089f542555ed1e8551d9b7fbbaffa529437ba372
                                • Opcode Fuzzy Hash: 7b4e7fbdd1727ce9603b000e9c0d1f140c99cd9d8e2d5f9c16834c3c449fcdd4
                                • Instruction Fuzzy Hash: 1A71A371B1C9894FDB88EF2CC455AA9B7E2FF99315B0401B9E44EC7296CE64EC41CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB6C31 Relevance: .2, Instructions: 232COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ac3c4c24796603b4a44f0eb3fa722aa107679f5bc3dc20882711ae07ce53a861
                                • Instruction ID: 3ecf75299fd5a12a64d89cea28208fd14fe0487a1a65af8e9b0f64453709986f
                                • Opcode Fuzzy Hash: ac3c4c24796603b4a44f0eb3fa722aa107679f5bc3dc20882711ae07ce53a861
                                • Instruction Fuzzy Hash: F261D371B18D0A8FE799EF2C8455679B7E2FF99364B8401B9D00EC3692CE68BC428744
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBBD32 Relevance: .2, Instructions: 232COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fc5f957f66748d433961312788bfb4974df32b1b4a428e39d9b93884dfe80a4d
                                • Instruction ID: 9eb5d3e021381400972be778beb932428c531091046af2589a9988466fe1b6f2
                                • Opcode Fuzzy Hash: fc5f957f66748d433961312788bfb4974df32b1b4a428e39d9b93884dfe80a4d
                                • Instruction Fuzzy Hash: D461B330608A494FEB95EF28C858BB577E1FF49310F4505B6D84DC72A2DA78EC45CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBF7D7 Relevance: .2, Instructions: 224COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4b4a286266c4f5ccbab91af458897f90d5ca8780ec9d99cfda4ed6bc4a78161d
                                • Instruction ID: 6872adf9b2dd673a6cef66e0e02389351309fe20c9d570e50b558b433997942a
                                • Opcode Fuzzy Hash: 4b4a286266c4f5ccbab91af458897f90d5ca8780ec9d99cfda4ed6bc4a78161d
                                • Instruction Fuzzy Hash: 43719024A1C9179BE794EF15C4906B5E2A2FF94320F9492B9C44DC2986DF78FC81CB94
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC0F98 Relevance: .2, Instructions: 216COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1e62cbf29d879d5b6d0d88d5ab6f47e0d0b5bb831a9d11be12844e588fbb7350
                                • Instruction ID: 9afa00e3b7027263098524a824e05010b2cb4be3421164b8682a018c96403e2d
                                • Opcode Fuzzy Hash: 1e62cbf29d879d5b6d0d88d5ab6f47e0d0b5bb831a9d11be12844e588fbb7350
                                • Instruction Fuzzy Hash: 497172FB80D1924BD3817BB8BC527E8BB509F1337AB884576D0AC89393DD1C78C68695
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC91D9 Relevance: .2, Instructions: 210COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 327b19b3a956704fd1e4981dad7abf8e079b1be793ca83c575d8a57715f7be5d
                                • Instruction ID: 0e633ad01b717293ed9cc91c75dabf85d4909c70e123a475a92199d5f92041a1
                                • Opcode Fuzzy Hash: 327b19b3a956704fd1e4981dad7abf8e079b1be793ca83c575d8a57715f7be5d
                                • Instruction Fuzzy Hash: 0C516E71A0DE8A4FE7569B3848256A5FBE1FF9632074442FAC04EC72C3DE58AC46C791
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB36F5 Relevance: .2, Instructions: 181COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0e65ea94bb7db1db8816758c1869e78e3ae3654fa52eb1aa4e90b8b84fedd86e
                                • Instruction ID: 9de17bd8b6318cfa9f2fd1f8afd9d7bd2d254dee7993492cdbcdcf343f9608c6
                                • Opcode Fuzzy Hash: 0e65ea94bb7db1db8816758c1869e78e3ae3654fa52eb1aa4e90b8b84fedd86e
                                • Instruction Fuzzy Hash: 6951473090CA894FEB55FF289841675BBD0EF86334F50527ED88DC35E2DE69A8028796
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBC15F Relevance: .2, Instructions: 179COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 260ff030d0f40109de4d75304603835c60a205933cde9bf60b646f9cd86b8c7e
                                • Instruction ID: 92541ac2652bf4b964a8f21a3a45b418549b18ae5422c97094485e136287c7f2
                                • Opcode Fuzzy Hash: 260ff030d0f40109de4d75304603835c60a205933cde9bf60b646f9cd86b8c7e
                                • Instruction Fuzzy Hash: 39513071718E498FE79AEB288051BE5B392FF89385B50417EC81ED2247DE35F952CB80
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC07F2 Relevance: .2, Instructions: 167COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 408a1f503c47e67761085e12abaa318cc7cbf3e1bf6299b3c7be9aecb0c6fa1b
                                • Instruction ID: e8d71de08d28c3dbb9f3484e0cedf746ed725c5d2dd7bf7efb3943d196051931
                                • Opcode Fuzzy Hash: 408a1f503c47e67761085e12abaa318cc7cbf3e1bf6299b3c7be9aecb0c6fa1b
                                • Instruction Fuzzy Hash: 81518ABB90C1594FD740BB6CAC517E9B720DF42335B854177D0AD8A393DD28BC82C294
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCAEAE Relevance: .2, Instructions: 157COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8958e996288c6a45fffe7168d6cd10999fc5064f7a0a9517a67d5d10cddcd861
                                • Instruction ID: b056ccc0036dd2f1d5db7ea331c084e92d7d7d74341bdf2dc30843d1dc2d49c6
                                • Opcode Fuzzy Hash: 8958e996288c6a45fffe7168d6cd10999fc5064f7a0a9517a67d5d10cddcd861
                                • Instruction Fuzzy Hash: B2412631B1DA854FD7699F2D9855676BBE0EF9A221B0441BFD04EC3283DE24A806CBD1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB6E69 Relevance: .2, Instructions: 154COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 67235d7c59a6cff2ee3076774f07206d8de507587b8efb5f2a62e1899b385f34
                                • Instruction ID: 55f84b95304e45eb353d72decaed99337672d4a909d1762db206a5754652cb9b
                                • Opcode Fuzzy Hash: 67235d7c59a6cff2ee3076774f07206d8de507587b8efb5f2a62e1899b385f34
                                • Instruction Fuzzy Hash: 1E412520A1DA854FE745EB3C98646A4BFE1EF9A310F8804FAD489C71E3D9599C86C741
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC8091 Relevance: .2, Instructions: 152COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2bed29bf2f8fc5ebf2ba756ff344ac19c2d4dbef100037ee82b52699269bfcd7
                                • Instruction ID: d48a5b9f3e060420cd3b19177a457c08c43b122c83cd5db6b86b180a480a3d2c
                                • Opcode Fuzzy Hash: 2bed29bf2f8fc5ebf2ba756ff344ac19c2d4dbef100037ee82b52699269bfcd7
                                • Instruction Fuzzy Hash: EE416F30A08A1D8FEB94EF6884696B9B7F1FF58315F80057AD40DD3292DF75A841CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB4720 Relevance: .1, Instructions: 149COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4675d4758a3a51b805a615b6f60b9ee072696787b3aace08c13014d2886e9f23
                                • Instruction ID: dae1c4b63618503ecef063fa4a0c696119eeec082043b2210e1c9616aa69798e
                                • Opcode Fuzzy Hash: 4675d4758a3a51b805a615b6f60b9ee072696787b3aace08c13014d2886e9f23
                                • Instruction Fuzzy Hash: 2241AD3170CC1D8FEAA4FE5CE495AB5B3D0FF59320B4101BAD80EC3292DA56EC428795
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C80090 Relevance: .1, Instructions: 147COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 89e27409e439eb73797fa5672bcd65ee070d1fbfc33cb00fba5bd9e5e61ed278
                                • Instruction ID: 6e66190901ca0856ea7ef6e5d04de9240bf865921cf0e173c8145b1a1ccad8c3
                                • Opcode Fuzzy Hash: 89e27409e439eb73797fa5672bcd65ee070d1fbfc33cb00fba5bd9e5e61ed278
                                • Instruction Fuzzy Hash: 7231263160CA880FE759AB289C55A717BE1EB56330F1502BFD48EC76A3DA58EC168391
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBE089 Relevance: .1, Instructions: 142COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b9945e757da0c9a5ae2e9cafdd0fc08b17514a1d71a34efdf5ebec243cc04993
                                • Instruction ID: db8e64a52954447e9fc68d5c485cc45f71317acd421947ed7d00479fd92990d8
                                • Opcode Fuzzy Hash: b9945e757da0c9a5ae2e9cafdd0fc08b17514a1d71a34efdf5ebec243cc04993
                                • Instruction Fuzzy Hash: BE41A475A2898A8FDB85EF34C8916E6B760FF59355B4041B6E40AC3287DE34F846C780
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCE402 Relevance: .1, Instructions: 137COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 30cf9b86b32904c3b38709300e0bf2deac9d1c3ad4ef7e226a860ff41683a73f
                                • Instruction ID: 621026eab35273c1420f9ad6b27f7881f51f1d70c3ad9d8aaae50f279a184dfd
                                • Opcode Fuzzy Hash: 30cf9b86b32904c3b38709300e0bf2deac9d1c3ad4ef7e226a860ff41683a73f
                                • Instruction Fuzzy Hash: E3314A3160DBC95FD71AAB249C45AF6BBA0EF57324B0402BEE08AC7193DE65B807C751
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB4CD5 Relevance: .1, Instructions: 132COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2a466aa37af92fd7920bb4e8700da6c8d2c0f3932dac34500e077e7280e5d8d8
                                • Instruction ID: 3d60da302492857ac627c81ea81f40ab4d41123e6b77d0649bc47ecb4eab059b
                                • Opcode Fuzzy Hash: 2a466aa37af92fd7920bb4e8700da6c8d2c0f3932dac34500e077e7280e5d8d8
                                • Instruction Fuzzy Hash: 8B41253061DA8A4FDB86EF2C8454665FBE1FFAA310B4441BAD40ECB192CA64EC44C795
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C806E6 Relevance: .1, Instructions: 123COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9f7549a658e06eb55a46cf27117d84a911b9e94e890f0edad672b32b89a9efe5
                                • Instruction ID: 9a4002ed92aa8d8e562a9623b464c20f552c244cbd4d6cc67716d67a30f8a7c9
                                • Opcode Fuzzy Hash: 9f7549a658e06eb55a46cf27117d84a911b9e94e890f0edad672b32b89a9efe5
                                • Instruction Fuzzy Hash: 6331F431B1CA494FE798AB2C58567B4B7C1FF59321F5402BED04EC3693CE28AC528786
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC85B1 Relevance: .1, Instructions: 117COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a9e4cdf3a0a932f16f4a598f3ee9f5a2a3415a407ebca0fbd36df77214da1c13
                                • Instruction ID: 765e402d0b9a8c1ca4484d24673a29b9422c3d46548b24600fd08ffd29880c19
                                • Opcode Fuzzy Hash: a9e4cdf3a0a932f16f4a598f3ee9f5a2a3415a407ebca0fbd36df77214da1c13
                                • Instruction Fuzzy Hash: 5F315E31A08A198FEB94EF6884696B9B7E1FF58311F84147AE40DD32A2DF799840CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC8341 Relevance: .1, Instructions: 116COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8824c18a69cdad62832f50ad046e8f3bb7c739319485351ce60d4f49c2ddcd4c
                                • Instruction ID: ec43188631ce05e46bf45c51d3a9842cbc7894271ba450bfa8b90fc90db7470c
                                • Opcode Fuzzy Hash: 8824c18a69cdad62832f50ad046e8f3bb7c739319485351ce60d4f49c2ddcd4c
                                • Instruction Fuzzy Hash: B6313E31A18D198FEB94FF2C94996BCB3E1FF98311B84117AE40DD32A1DE68AC51CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB3730 Relevance: .1, Instructions: 116COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d1cd8ae8830b2f9449037a7dde894ee49a23187573ef6128e3e0a304408170cd
                                • Instruction ID: 95901bd03b1db097220b90709d04834a546cda6f62590d44d5482620f432602d
                                • Opcode Fuzzy Hash: d1cd8ae8830b2f9449037a7dde894ee49a23187573ef6128e3e0a304408170cd
                                • Instruction Fuzzy Hash: 9531E330A1CD094FFB88FF2C9845A7573D1EF99324B41427DE84EC32A2EE69E8024795
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC8365 Relevance: .1, Instructions: 112COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4bd14f0fb6b75d718dad102a568555cb44731d60e410502ace7cefdfdf2ae2ce
                                • Instruction ID: 5b5623e28325cfd83ecc62b373a9384c786f701222ae573a44237d3f25c63fbd
                                • Opcode Fuzzy Hash: 4bd14f0fb6b75d718dad102a568555cb44731d60e410502ace7cefdfdf2ae2ce
                                • Instruction Fuzzy Hash: EE312231A18D198FEB94FF2C94996BCB3E1FF98311B8415B9D40DD32A2DE68AC51CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC8F25 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d3fc7b4601902632db8fb15b0c1baf3be8208005b931986434553f2f71428758
                                • Instruction ID: efb418b1d7a3429fd2bbe6f6bb0c81dda6aab489e3d3dc5bfef00aacb85401a5
                                • Opcode Fuzzy Hash: d3fc7b4601902632db8fb15b0c1baf3be8208005b931986434553f2f71428758
                                • Instruction Fuzzy Hash: 2E31B671A05A4D8FC785EF6CD8999E5BBF1FF9D32170502ABD00AC7263DA309842CB80
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C83E10 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e9a518bef21c93525901bd8edec2c93d09ada47e8a6d0ec58c92ae93462fb5d8
                                • Instruction ID: 594c0b6b0ca99df0aec2434c87e053b0b8a50c8389f9a962ec863427e773e621
                                • Opcode Fuzzy Hash: e9a518bef21c93525901bd8edec2c93d09ada47e8a6d0ec58c92ae93462fb5d8
                                • Instruction Fuzzy Hash: 2C21D360B08D4A5FE7A5AB3D54D42B8E2C3FFD82657A541BAD01EC36C6DD68EC428380
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB3F4C Relevance: .1, Instructions: 102COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e6a3c08eaa4bdf69792346cfa7aab220a5f204ded2987a7de4af922818b9aa65
                                • Instruction ID: d3d74d24a60d8cd2f17551a8df00cf69075171dac2acc7932a47e63f1c928395
                                • Opcode Fuzzy Hash: e6a3c08eaa4bdf69792346cfa7aab220a5f204ded2987a7de4af922818b9aa65
                                • Instruction Fuzzy Hash: 4B213D3160CA490FE358AB1C680A675B7D1EF8A230F4441BEE88EC32A3DD54AC438796
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C84AAE Relevance: .1, Instructions: 102COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 340bb90431a5a0e22701a2d719916ffbf9cec32c9e0e7148c4e6d52b2c852412
                                • Instruction ID: 09d2964370a57fb00aab08d8d365acddbfebd6f3596780177a92e224672f188d
                                • Opcode Fuzzy Hash: 340bb90431a5a0e22701a2d719916ffbf9cec32c9e0e7148c4e6d52b2c852412
                                • Instruction Fuzzy Hash: 2D21D360708E4A4FF7A9AB3D1495375E7C2FF882657A941BAD00EC3A87DD68EC464380
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C82CB2 Relevance: .1, Instructions: 102COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4bea5da0c269de308b0ff130a000fab7bafd09407bb570b83c8fa48ebe4b9afd
                                • Instruction ID: fba62df648f061344c75442a1b78a100ee984807b913902b4e0abbb94e6bafa4
                                • Opcode Fuzzy Hash: 4bea5da0c269de308b0ff130a000fab7bafd09407bb570b83c8fa48ebe4b9afd
                                • Instruction Fuzzy Hash: 92219160B08E4A4FF7A5AB3D5494374E7D2FF986257E5017AD00EC3697DE64EC428341
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C83FA2 Relevance: .1, Instructions: 102COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 68d6af49b31b0c1021411d16f5d15cca58bb43fe026142c82c314402b397137c
                                • Instruction ID: 52b872b2e095bfeb324e7f0c2016a44df03a35c6742c49738d37d94f6406f860
                                • Opcode Fuzzy Hash: 68d6af49b31b0c1021411d16f5d15cca58bb43fe026142c82c314402b397137c
                                • Instruction Fuzzy Hash: 0221E660B08D4B4FF7A5BB3C0495375E7C2FF886657A5417AD10EC3686DE64EC428380
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBD150 Relevance: .1, Instructions: 101COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4b9f2043d904bc86455d39c528a64e3e097c25a2c47e8cdf77dc1ac80130fe7c
                                • Instruction ID: 249db214875b5a1ff489f06f7d423ba32b54f36c6bc714f19042539563d69243
                                • Opcode Fuzzy Hash: 4b9f2043d904bc86455d39c528a64e3e097c25a2c47e8cdf77dc1ac80130fe7c
                                • Instruction Fuzzy Hash: 6C3165309089874FE769EE2DD854674B7D0EF45335F9411B9C84EC3992DDACE8828BA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C830A4 Relevance: .1, Instructions: 101COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 99559c1a7a4cc6190742bebb033472494e934e0e865f779e86282478c5c63551
                                • Instruction ID: 85b895dec5fa3524803f2b171c382cfb7cb9e842f23b35f0ea8c22237ed6dc33
                                • Opcode Fuzzy Hash: 99559c1a7a4cc6190742bebb033472494e934e0e865f779e86282478c5c63551
                                • Instruction Fuzzy Hash: FC21F620B08E4A4FF7E5BB2D4491374F2C2FF986257A4417AD10EC3686DEA8EC424380
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C85294 Relevance: .1, Instructions: 101COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 96a179bf98dbf30b0702cc1a3ae12ecff21f257be6b2227db88246091e51fb12
                                • Instruction ID: 668a3a4191e41d8f7467547bf546fe4df24cc92c5ae39e5bfddecd31e606355a
                                • Opcode Fuzzy Hash: 96a179bf98dbf30b0702cc1a3ae12ecff21f257be6b2227db88246091e51fb12
                                • Instruction Fuzzy Hash: A821E720B08E4A4FF7A5BB3D4495274E6C3FF986257E5417AD40EC3687DEA4EC428340
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C84398 Relevance: .1, Instructions: 100COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c5e4ff5b43c7cbde61c860c472a3485763ff7865e217989a6d4621a44999aa7f
                                • Instruction ID: a3f67faa256db07d1d96d8c238d4acafb51cc7f652287e0ee596640968daf8e8
                                • Opcode Fuzzy Hash: c5e4ff5b43c7cbde61c860c472a3485763ff7865e217989a6d4621a44999aa7f
                                • Instruction Fuzzy Hash: 4421B465B08D4A4FF7A5BB3D0495375E7C2FF986257A9017AD00EC3A87DEA8EC524340
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBCAC9 Relevance: .1, Instructions: 99COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6af027b9794e30814e0a17a209e8eabe7c7082e8f25a207320b397f19613ceae
                                • Instruction ID: 85be651be7d2b1d82b9562cb6ea5db661e8d1750a687494d82424b2259c77a4e
                                • Opcode Fuzzy Hash: 6af027b9794e30814e0a17a209e8eabe7c7082e8f25a207320b397f19613ceae
                                • Instruction Fuzzy Hash: D0214D2290EACA0FD356EF3854256E8BFA1EF4626074902FFC449CF0C3DD5858468391
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C825B5 Relevance: .1, Instructions: 99COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f293f5fb88b8b2da0758a1182cafa2ad0877b7e043e98f07a3e8befbe9fd82cd
                                • Instruction ID: c5eb28a1d2ce2dc781d8e03e5cfffaec61e09b062046b727b42a570ba8056ffa
                                • Opcode Fuzzy Hash: f293f5fb88b8b2da0758a1182cafa2ad0877b7e043e98f07a3e8befbe9fd82cd
                                • Instruction Fuzzy Hash: 6C21A161B08E4A5FF7A9AB2C5495275E2C2EFD82257A441BAD00EC3686DD64EC438381
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB7240 Relevance: .1, Instructions: 98COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 345f7887dec79bec2ba7a430c5f26ca8f2584b78ad41965c8482fe67759db69f
                                • Instruction ID: fa27d35b2ec44db0f91ed414296ce11a285d7bbd44da14ddbdd158cae9bd61dd
                                • Opcode Fuzzy Hash: 345f7887dec79bec2ba7a430c5f26ca8f2584b78ad41965c8482fe67759db69f
                                • Instruction Fuzzy Hash: 5221E431A18A490FEB84FF289444675B3D1FF98325F84167AEC4DD32E2DE68A8418755
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BD249C Relevance: .1, Instructions: 98COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3cd52601483bf7c8fa7394a783303d744e0e265e6de233294df70f21a9916329
                                • Instruction ID: e6153eeff8759d84e603a6eaa3ed21518432e8045a84123dc4a4c6506a6a384c
                                • Opcode Fuzzy Hash: 3cd52601483bf7c8fa7394a783303d744e0e265e6de233294df70f21a9916329
                                • Instruction Fuzzy Hash: 12318034608A4C8FCF54EF68C851ADABBA1FF99358F4501B8E40DC7296CB71E851CB80
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC08FA Relevance: .1, Instructions: 98COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3d839817b3216c50d7cdab84826963235770c73bb0bd779fe30f789e29eaf3d7
                                • Instruction ID: 46e4db536a4f00c6a1bce410209df529610844e5ba90b837198328485b8ea51a
                                • Opcode Fuzzy Hash: 3d839817b3216c50d7cdab84826963235770c73bb0bd779fe30f789e29eaf3d7
                                • Instruction Fuzzy Hash: 3D21347690C64A0FC744BF18AC916EAB7B0EF86331B440177E02DCB283C968AC92C791
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C859C2 Relevance: .1, Instructions: 95COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b21b5b3ef41f5560aaa3e62cce5915bbb5435d88e223dca7f111fe17c1430f7c
                                • Instruction ID: 4f91b55bbd40158d507b150f6762a0dee6dde6790edf6945a0ea50b5690834c3
                                • Opcode Fuzzy Hash: b21b5b3ef41f5560aaa3e62cce5915bbb5435d88e223dca7f111fe17c1430f7c
                                • Instruction Fuzzy Hash: 78219260B08E4A4FF7A5BB2C5495279E7C3EFD82257A9417AD00EC3797DDA8EC424381
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C855D0 Relevance: .1, Instructions: 93COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 673d4e5a1c116ad98904f74e823216904e00e081c6b436783becd71fcc8103d8
                                • Instruction ID: 6ac0e0338ee366349c82344892ec221bc2cd4ab3de64373eaa5f97742aa8fbf0
                                • Opcode Fuzzy Hash: 673d4e5a1c116ad98904f74e823216904e00e081c6b436783becd71fcc8103d8
                                • Instruction Fuzzy Hash: E721DA60B08E4A4FF7A9BB3C5495279E6C2EFC82157A50179D00EC3787DDA8EC424350
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C85762 Relevance: .1, Instructions: 93COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: be0eefca1355177f37dbf2d8f94f85d735795d7c1cb50a728b7a80ec17afa486
                                • Instruction ID: 30a9e4005641937e79db86a2953395e3beff270e956f61ea47119a8b70d44458
                                • Opcode Fuzzy Hash: be0eefca1355177f37dbf2d8f94f85d735795d7c1cb50a728b7a80ec17afa486
                                • Instruction Fuzzy Hash: A021C560B08E4A8FF7A5BB3C5495279E2C3EFD82257A9417AD50EC3787DD64EC428341
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C83968 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e671808be746f463357ec9fcb9db95ff178501b6a9e193c70e89a017200d15cd
                                • Instruction ID: 8291ca4179f1c026c8c0982ecac12a7cd556263722e63b9c5491a77ca7f9ef5c
                                • Opcode Fuzzy Hash: e671808be746f463357ec9fcb9db95ff178501b6a9e193c70e89a017200d15cd
                                • Instruction Fuzzy Hash: 8521D460B08E4A5FF7A9BB3C5495278E6C3EFDC2257A9417AD00EC3786DDA9EC424340
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C8299E Relevance: .1, Instructions: 91COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6bd6501462b341b1d5d2f86753524eb7d24436ee4376270fdba5523675f79f0b
                                • Instruction ID: 0128faedc83cd90146970114fbb32c40167176cbd50de22d1ed0db6f025b1771
                                • Opcode Fuzzy Hash: 6bd6501462b341b1d5d2f86753524eb7d24436ee4376270fdba5523675f79f0b
                                • Instruction Fuzzy Hash: C921C560B08E4A4FF7A5BB3C4495278E6C2FF986257A9417AD00EC3787DD68EC428340
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C83A37 Relevance: .1, Instructions: 91COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6036c707a4ba3f837a22b78206d26035ba5409253ed75a0f2900d19e0cb7990f
                                • Instruction ID: 37f8c935042d0bf081b8ada3dbaf9ade334f4a9761ff553897bc8c9f76a6f04a
                                • Opcode Fuzzy Hash: 6036c707a4ba3f837a22b78206d26035ba5409253ed75a0f2900d19e0cb7990f
                                • Instruction Fuzzy Hash: 4A21C220B08E4A4FF7A9BB3C54952B8E2C2EFC82657A9417ED00EC3686DD68EC424340
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C83C97 Relevance: .1, Instructions: 90COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dbc43698e710f14cf9794a3fa4142d27a346299ce126220c58d545311941ccac
                                • Instruction ID: 8697cdc15792d007334050703e27b456169f6d52c74944e8f2a44d2f1fc80b1e
                                • Opcode Fuzzy Hash: dbc43698e710f14cf9794a3fa4142d27a346299ce126220c58d545311941ccac
                                • Instruction Fuzzy Hash: 0721A474B0CE4A4FF7A5BB3C5495279E2D2FF882257A542BAD00EC3687DD68EC424341
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C83BCD Relevance: .1, Instructions: 90COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3460f7b11137c474b315923dfdd82370e8319daf6f0bef6d0f5c4d49957c08d9
                                • Instruction ID: 033397c39d64c94cf042d005f4a2940f89d1db3d0353b6cf17778d89f18c4019
                                • Opcode Fuzzy Hash: 3460f7b11137c474b315923dfdd82370e8319daf6f0bef6d0f5c4d49957c08d9
                                • Instruction Fuzzy Hash: 2821D420B08E4A5FF7A5BB3C5491279E7C2EFC82257A941BAD00EC3697DD78EC424350
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC9D70 Relevance: .1, Instructions: 89COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 06d0a30d24131e506f9250a83c361cf8d4dd1444c843aa5ec20e100a5eccee8a
                                • Instruction ID: 9ff7009b9ef50979ab7f3122320a63e0efb76a4c3f282f15ff4c363ccf9e99d8
                                • Opcode Fuzzy Hash: 06d0a30d24131e506f9250a83c361cf8d4dd1444c843aa5ec20e100a5eccee8a
                                • Instruction Fuzzy Hash: ED21F331B0CA494FE75CEE2D94512B6B6D5EF88325F40527EE44FC3282DD64AC128AD5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C8268A Relevance: .1, Instructions: 89COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d8de622c8b297ad771b6201dfa782c3de8283f88d2637bffd2bfa3887755774a
                                • Instruction ID: ef811199bf2e7bb164892240d8b0436a797a5cc1e62d6110f8585899f18494a7
                                • Opcode Fuzzy Hash: d8de622c8b297ad771b6201dfa782c3de8283f88d2637bffd2bfa3887755774a
                                • Instruction Fuzzy Hash: 0021A124B18E4A4FF3A9AB2D5495279E2C3FFC8225BA5417AD10EC3687DD68EC424345
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCFA71 Relevance: .1, Instructions: 88COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2f2a1d0a1bbebaa983359a611bbb02cd4fdf4c47f95f6fb6297c29035f1e08ae
                                • Instruction ID: 78956ac1c9d2529a90843365f694845ba22358acdc95e451a724dabf55d80739
                                • Opcode Fuzzy Hash: 2f2a1d0a1bbebaa983359a611bbb02cd4fdf4c47f95f6fb6297c29035f1e08ae
                                • Instruction Fuzzy Hash: 8721A231709D199FD759EB3C8859AA5B7E1FF9D31171042BAE00DC72A6CE25EC42CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB3F70 Relevance: .1, Instructions: 88COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ee5b73b575de1d56c80be140f3a35ef06252691ef2d1ad726fec45d36480dc7b
                                • Instruction ID: e742f197a99a8805e8bca220d8dfc7aa3aa31a83f07c658186cec864836cc685
                                • Opcode Fuzzy Hash: ee5b73b575de1d56c80be140f3a35ef06252691ef2d1ad726fec45d36480dc7b
                                • Instruction Fuzzy Hash: 4911C87170CA091FE75CBB1CA80A7B5B3D5EB89234F84417EE88EC3292DD54BC528696
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB75F0 Relevance: .1, Instructions: 86COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ba6bc6080b2d70fcd36317ef5ff1e6a84c7e2ff7a7bd661afb83716d29a05736
                                • Instruction ID: b06d2ff0ecd18ba2f2f204ee7f6601f6b3d344e80b8a1ddbadc9160f8a446cd7
                                • Opcode Fuzzy Hash: ba6bc6080b2d70fcd36317ef5ff1e6a84c7e2ff7a7bd661afb83716d29a05736
                                • Instruction Fuzzy Hash: 79115931B18D0D4F9398EA1D9846A75B3D1FFC836075512B9E40EC3386DD24BC428690
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC90F5 Relevance: .1, Instructions: 86COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 96674ff5988e8883df3350129232a2e213b90bf9ad624679c2d351ddda3e3e94
                                • Instruction ID: 0bc7d6b6802ec3e1091bc1554195f45df9e04533510043739365117b576dfb8d
                                • Opcode Fuzzy Hash: 96674ff5988e8883df3350129232a2e213b90bf9ad624679c2d351ddda3e3e94
                                • Instruction Fuzzy Hash: 9D110031A1CA981FDB18EB1DAC165E8B7A2FFD9630744027FE009C3282CD65A80683D1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB798D Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4785eaa5903325ff26f17c745900751d3b21a2c0d203e97d92818c13c5487531
                                • Instruction ID: 5c0373c84cec76c73574bb3a3fdbff166ca29ca49b8b926a288853b9a58fd153
                                • Opcode Fuzzy Hash: 4785eaa5903325ff26f17c745900751d3b21a2c0d203e97d92818c13c5487531
                                • Instruction Fuzzy Hash: 2E21623061CA098FDB98EF1CD4456B9B7E1FF98721F50117EE48AD3651CE71E8428B45
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC8D55 Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4c73e3b3cf7bed387963f51b765faefbbad8a46c359c54309351f129cffb3128
                                • Instruction ID: 871d05955fc2338b239c9acf7cd0009759d58af39b04cdedca917a281371cbed
                                • Opcode Fuzzy Hash: 4c73e3b3cf7bed387963f51b765faefbbad8a46c359c54309351f129cffb3128
                                • Instruction Fuzzy Hash: 7821C631A0D64D4FD785FF2C88256A9BBA1FF99320B5501BBD00DC7292CE39AC11CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBC466 Relevance: .1, Instructions: 82COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2840ca752777a7cbfcd346765eef3845b0e3a5780f884198d4f5679a170f55a9
                                • Instruction ID: 6f4c5002f9f2fbe9231c890abada7324fb49974040e4bfe54af8a02f9fd1d52c
                                • Opcode Fuzzy Hash: 2840ca752777a7cbfcd346765eef3845b0e3a5780f884198d4f5679a170f55a9
                                • Instruction Fuzzy Hash: 6F21D061B28D8A5FD789EB7884967B5F791FF58314B4041BAC04FC3683CE28F9068380
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC8C5D Relevance: .1, Instructions: 82COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a090afc5565201361d5fe0e2cf0c05bf54dd7f63ae6000c994a8bf6a2c0fff16
                                • Instruction ID: e06c54c8e3af6d6d9412f552fa8110d9f362a8390869b02318b1cb9ad7b2b64d
                                • Opcode Fuzzy Hash: a090afc5565201361d5fe0e2cf0c05bf54dd7f63ae6000c994a8bf6a2c0fff16
                                • Instruction Fuzzy Hash: D8313A30918A4E9FEB84FF6488656AABBA1FF58310F90457AD40DC7282DAB4A850CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC1468 Relevance: .1, Instructions: 81COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 530d44bc4da341881f0af3032c7839da680d199f0a909741a669a380fd46a11b
                                • Instruction ID: 3405d9cc8629f14129f2a5a56fa7ac731015f1bd1e210a09137b03d8421539f9
                                • Opcode Fuzzy Hash: 530d44bc4da341881f0af3032c7839da680d199f0a909741a669a380fd46a11b
                                • Instruction Fuzzy Hash: 8921F935D0C54A8FEB55EF2484611B8B6D0FF59331F94117DD04EE32C1DA6CA446CE61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C855BA Relevance: .1, Instructions: 80COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 26ebc51bb12230e7fb8eaa2517bbc0c9ff2f5f58b885e5bf6679469c73821188
                                • Instruction ID: bcd2d4191e8d646a77b2c144e9a8a22a0aea08373d489b685f5b50988e520bf5
                                • Opcode Fuzzy Hash: 26ebc51bb12230e7fb8eaa2517bbc0c9ff2f5f58b885e5bf6679469c73821188
                                • Instruction Fuzzy Hash: 4011D661708E4B4FFBA9A73C5491274E6C2FFC82297E9017AD50EC3A87DDA9EC424350
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C83966 Relevance: .1, Instructions: 79COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d95b2b1b25f2e8cfce3aff38ae7e33872f5262c4021ede70495565cca59c1adc
                                • Instruction ID: 33959d2b94a19b31430ea7790718e3a796bbb90755337cdf4744b4fffeaaee83
                                • Opcode Fuzzy Hash: d95b2b1b25f2e8cfce3aff38ae7e33872f5262c4021ede70495565cca59c1adc
                                • Instruction Fuzzy Hash: 1B21E470B08D4A5FF7A9BB3C44952B8E6C2EFD82257E94179D00EC3B86DDA9EC424350
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB2943 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6cb5526f2330122fe3b43c20b03b0939c8da867a477696d4c658f0fe94ace634
                                • Instruction ID: 4af1570da78de8b66ab4b6d3c286a55957f969d509aa295c1b784767c6f8e32b
                                • Opcode Fuzzy Hash: 6cb5526f2330122fe3b43c20b03b0939c8da867a477696d4c658f0fe94ace634
                                • Instruction Fuzzy Hash: 1A21A421B2894A4FEB58FB68C4917E6F3A1FB48305F90853AD04FC3687CD68F8468791
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBCCE5 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 57cb44d5790f232aa57732979fcb029c0d25d8c7fbdc963bc57777d7dec43f2e
                                • Instruction ID: 1943026364abea9d279f3d316240dcffba41d1d745810cd07bdc2e502c5d68e9
                                • Opcode Fuzzy Hash: 57cb44d5790f232aa57732979fcb029c0d25d8c7fbdc963bc57777d7dec43f2e
                                • Instruction Fuzzy Hash: C711A31148EACA1FD3466BB44C295E23FA5DF8B16031D42E7E085CF4A3C85C499B83B1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBCF6D Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d21f130be7ed46cc6c21cc56055a9f4a6c498637be60ebdb4cdad7bba8d1542b
                                • Instruction ID: 15632b59b7a4b482ee601f1ff855c167e4587a46258c25adfc6d75c3c330735b
                                • Opcode Fuzzy Hash: d21f130be7ed46cc6c21cc56055a9f4a6c498637be60ebdb4cdad7bba8d1542b
                                • Instruction Fuzzy Hash: DB11CE2158E6D61FC34297748C24AD27FE5DECB26430A42FAE089CB5A7C81D9887C761
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C82DC0 Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 04ba22ebfae8daa59830bfe2ef90c6be468648b1247c369eedbf33bed50cf3e9
                                • Instruction ID: 61e78b99157bbf1b40859083872b4c4dea100130e934e04f9c17d316eb5b3249
                                • Opcode Fuzzy Hash: 04ba22ebfae8daa59830bfe2ef90c6be468648b1247c369eedbf33bed50cf3e9
                                • Instruction Fuzzy Hash: 4E11AB21708E4A4FF7AAB73C5495274E6C2EFD8225BA9017AD40DC36D7DD65EC428350
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBE1ED Relevance: .1, Instructions: 67COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2ee364fd637c110d6531f93e1835a94346bc260a19dc64699fd57f0457e0f306
                                • Instruction ID: 44905e7d99c7286009d388c3208386dcd5e38be6ea74ea90350cf4afacccf101
                                • Opcode Fuzzy Hash: 2ee364fd637c110d6531f93e1835a94346bc260a19dc64699fd57f0457e0f306
                                • Instruction Fuzzy Hash: 93119A3190C6898FDB45DF6884546AABBF1FF99314F1006BFE08AC6292CA749945CB85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB2468 Relevance: .1, Instructions: 67COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5c7b392b23d0adc3cb0fb750e9274472e628d7dbc4742b39b5e72efbab14431e
                                • Instruction ID: b3caf3ef59f5d151aaf65eaf6654a695626a606d6fae56b551dae619a0a64097
                                • Opcode Fuzzy Hash: 5c7b392b23d0adc3cb0fb750e9274472e628d7dbc4742b39b5e72efbab14431e
                                • Instruction Fuzzy Hash: 40110A2181D9861BF315BF3498655E0BAE0EF46370BD801FAE489C7197DC5DB882C7A5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC9AF5 Relevance: .1, Instructions: 66COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ac73aa17d5079b3853988ab9eaad64a40400097beb209d918c40f8801da3c42c
                                • Instruction ID: c84e7ce9b7d8c95215f94eafff65131676153eae76b7673d3a1580549b4a8673
                                • Opcode Fuzzy Hash: ac73aa17d5079b3853988ab9eaad64a40400097beb209d918c40f8801da3c42c
                                • Instruction Fuzzy Hash: 8411063184D5C51FE3166B306C219E1BB64DF46361B8A01F7D489CB5A3C85D6982C7B5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC0D29 Relevance: .1, Instructions: 66COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f006109819393140f84089f9bb37d6aac534f33e355b898a97a0c7a5b0eadd72
                                • Instruction ID: 962ec55c67f78b32754695558d5dd9a014f53dac5fe4546f7c46ee0ab1d1f9ae
                                • Opcode Fuzzy Hash: f006109819393140f84089f9bb37d6aac534f33e355b898a97a0c7a5b0eadd72
                                • Instruction Fuzzy Hash: 1811E634519F888FD799EF3984E4AA5BBA0FF5931074806EDD44ACB2D3DA28F804CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCE488 Relevance: .1, Instructions: 65COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 107aa5ca5c9f31064dab62c7ea550a335fcad65dff4cb69ebd4e996ec9d82d6b
                                • Instruction ID: d5a1e2bc294df60f381973a5baea721d3c57468b388b9ee8350a6dca93d3c44f
                                • Opcode Fuzzy Hash: 107aa5ca5c9f31064dab62c7ea550a335fcad65dff4cb69ebd4e996ec9d82d6b
                                • Instruction Fuzzy Hash: DE01E531B2CE490BDB98B76894446F6F3D1EBA8315F00463EE44EC3296CE65B946C381
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC851E Relevance: .1, Instructions: 65COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 82870cc9c6c6589a31e1568c12bafea517efd521d0f8e469d39921aa4d7ea3cb
                                • Instruction ID: d8cc36774126797967ee65ad7fd3839df4d4bec05c83c32540bfade98e97cb1b
                                • Opcode Fuzzy Hash: 82870cc9c6c6589a31e1568c12bafea517efd521d0f8e469d39921aa4d7ea3cb
                                • Instruction Fuzzy Hash: 8211390048E7D20FE39353B898645927FE58E8B13074E41EBE584CE1A7D48E4C4BC363
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C823C4 Relevance: .1, Instructions: 65COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7a55120d0f0f301a6d42ac032dbc71c3030e2dcf59264a12043c75919ec89d9b
                                • Instruction ID: 1ec5798506a12b914ff1c4e305edbda4a7c483d6f0598bfbbbe98cc0e474cf8c
                                • Opcode Fuzzy Hash: 7a55120d0f0f301a6d42ac032dbc71c3030e2dcf59264a12043c75919ec89d9b
                                • Instruction Fuzzy Hash: 18115911A0E7C24FE363173818A02A0BFB09F97121BAA01FBC0C9CB5E3D8985C06C372
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC828D Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 83c3b98cc31e1c0fa6275e520f743d5754a1b8cf8632c85dbb716a4e64f099ba
                                • Instruction ID: efac46ce43649361d1915b7e6ee992a833fa70fa0dd6d59fa94a8820f735fe0f
                                • Opcode Fuzzy Hash: 83c3b98cc31e1c0fa6275e520f743d5754a1b8cf8632c85dbb716a4e64f099ba
                                • Instruction Fuzzy Hash: 6C118E2148E6D20FD3538BB48C64AD27FF49F8B22070E41EBE084CB5A3D54D894BC762
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC0D40 Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9ce4d9dc2a1b0e50e308acae5222e92f19f7c674fc1284e3e1effb86e202f1fd
                                • Instruction ID: 9352fdb5d5f29ceb922aa30c07ffe1b7a00b4c98b215d83bdf4db43e84e2faff
                                • Opcode Fuzzy Hash: 9ce4d9dc2a1b0e50e308acae5222e92f19f7c674fc1284e3e1effb86e202f1fd
                                • Instruction Fuzzy Hash: AC11E334618E494FD798EF3994D4AA5F7E0FF5831074402BDD84AC7292CD68F845CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBFB17 Relevance: .1, Instructions: 62COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a787e307556ea525b820abb02c619e18b6ddcfd74ad90e7627cd7b933c45ccd1
                                • Instruction ID: 87bd8615505f70298a5858215af176bd69c76e23d0387004c63ab75c6671302e
                                • Opcode Fuzzy Hash: a787e307556ea525b820abb02c619e18b6ddcfd74ad90e7627cd7b933c45ccd1
                                • Instruction Fuzzy Hash: 8F110035A28D4A8FCB94EB24C491AE6F3B1FF683107404666C00EC3A56CE20FC92CBC0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB22A9 Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f2952c19709568ce1460bc5d91eb3fe1eef77804938ca678b1e4a338d66c0d24
                                • Instruction ID: e66cb0cacb1a35f0c71aa198c87b81ccb8ef9d768d88599efbc563370dbd38ab
                                • Opcode Fuzzy Hash: f2952c19709568ce1460bc5d91eb3fe1eef77804938ca678b1e4a338d66c0d24
                                • Instruction Fuzzy Hash: 8C110231A1D7C94FD3569B3888590EABFF0EF8A310B4541FBD445C71A3DE28684AC751
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCF6E4 Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4275cb95be457556e1661640b2edb674481c96e90be82d0188ec57f4106c2356
                                • Instruction ID: a4a36a73167d57e96eb283b7d0849f59ee9c0fd6d5f2d607248185266ffebf29
                                • Opcode Fuzzy Hash: 4275cb95be457556e1661640b2edb674481c96e90be82d0188ec57f4106c2356
                                • Instruction Fuzzy Hash: 0B01623031DE488FCBA8EB3C8469A65B7E1EFA931531545AED05AC76A2CE20EC458781
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCB879 Relevance: .1, Instructions: 52COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d45b75d2cea10ddaf0b7bbc11aba681d9b73bcae0c6d723cb1cc40ea1b3384ec
                                • Instruction ID: 4dbb604be3a4f07eb78fde945fc87d6af5febf18809c734d70b96d76cf55f370
                                • Opcode Fuzzy Hash: d45b75d2cea10ddaf0b7bbc11aba681d9b73bcae0c6d723cb1cc40ea1b3384ec
                                • Instruction Fuzzy Hash: D501A211B1CA890FDB95A77854A55F6F7E1DF9932035446BBD04AC329BDC58A8468340
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC8E0A Relevance: .0, Instructions: 50COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6b1732f984ab65781cf14114a25d24000a30fa440d6040bb6ed8db177eece4d5
                                • Instruction ID: 68db4044bf381ef10703692ce7c9d32f86dceca119ad19c91c53f467f94d3144
                                • Opcode Fuzzy Hash: 6b1732f984ab65781cf14114a25d24000a30fa440d6040bb6ed8db177eece4d5
                                • Instruction Fuzzy Hash: 4D01A935558A4C9FD744FF59D8005D6B764FF89318F00027AE92CC3181DA35E525C795
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBCFF5 Relevance: .0, Instructions: 49COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9ac5d191548c4d72c9c7827204cf65f58a1c02cf9cd0b10913813348bf84960e
                                • Instruction ID: 127e6f5cbaee862c1f4e455b9253f68242211342dcb99499635e3f913839c2c2
                                • Opcode Fuzzy Hash: 9ac5d191548c4d72c9c7827204cf65f58a1c02cf9cd0b10913813348bf84960e
                                • Instruction Fuzzy Hash: E801847150D7848FC305DF24981559ABBF0BF8A318F0542AFE48DEB252D738EA05CB96
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB4C61 Relevance: .0, Instructions: 48COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fbba157b4942eb7521133abde495164efc9f58c76d805e390c879a7cf5f4df29
                                • Instruction ID: 642bf9060bcca155edbce95c82502e1a584c241e22af5757ba7510f846606a31
                                • Opcode Fuzzy Hash: fbba157b4942eb7521133abde495164efc9f58c76d805e390c879a7cf5f4df29
                                • Instruction Fuzzy Hash: D301283180DA855FE342FB2884452B9BFD1EF85234F484A7ED48DC60E2CDD84AC58397
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB223A Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ed79f1a4534ce3dc8a72eedc2f88fd4d0a40ede32580dc5c1bd092773b02809a
                                • Instruction ID: 7eea2ed5a0183005e296f7d4f99cd79362c2ce4376d64f188114eeea9dfa75f5
                                • Opcode Fuzzy Hash: ed79f1a4534ce3dc8a72eedc2f88fd4d0a40ede32580dc5c1bd092773b02809a
                                • Instruction Fuzzy Hash: 46F0C230908A885FEB419B7894586EABFB0EF45310F4540F7D848D6253CA3466558791
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC7FE0 Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ee309b37693c9a91a9c3bb3532fb55b0686ad64b34e6df029da188d9c9806651
                                • Instruction ID: 6e4f45e64f047d44a6b64a7faf068e4bb513a0611819dfc60305cfb2a6e5a059
                                • Opcode Fuzzy Hash: ee309b37693c9a91a9c3bb3532fb55b0686ad64b34e6df029da188d9c9806651
                                • Instruction Fuzzy Hash: C1F04F01E5DE8A0FF785B7BC18252A89AE1EF99264B8401B6D40CC32C7DD4CAC4183A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBC766 Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 44d5ffc9f5ee0f746754addc88bbdb3934d83aa5d71ee06532da89890cc9c5e6
                                • Instruction ID: 2f8aa69e75e2ac40049b66164bdd835f807b2e8e2e8f2d08b30b8163b903aff6
                                • Opcode Fuzzy Hash: 44d5ffc9f5ee0f746754addc88bbdb3934d83aa5d71ee06532da89890cc9c5e6
                                • Instruction Fuzzy Hash: 4501D125F18E8A4FD799FF3940516BAE392FF987107944579C44EC3686CE68B8078740
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BD097F Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f1aa0c609abe457293b3d1e4d274f37b659c4a1937cd4d346533997022bb5c39
                                • Instruction ID: e8200a60daf00f5d8db4f32639e5ca42239e392b09806f112dbe7b31294308d5
                                • Opcode Fuzzy Hash: f1aa0c609abe457293b3d1e4d274f37b659c4a1937cd4d346533997022bb5c39
                                • Instruction Fuzzy Hash: 62F07813E1D3CA0FE3626E382C911A5BF61DF52134F8812FEC1888A197E8A894428752
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BD0B46 Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6cc004f645a652f28cbb513a0ea8d4f539f2e8ad831712dcf2ea0dd2bf1dbc18
                                • Instruction ID: e390d69c7b92f3bb80800c92d606c64368903738d9421a86a89561e96740ae7e
                                • Opcode Fuzzy Hash: 6cc004f645a652f28cbb513a0ea8d4f539f2e8ad831712dcf2ea0dd2bf1dbc18
                                • Instruction Fuzzy Hash: F4F02432F0CA494FD7A4BD2C7C412B9B382FB88620B9005BED00DC324AC975E8814782
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCD25E Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c05a2b7b08e562c5d2b7af68046c44eca96a6e41de18ba786a610577053a1c72
                                • Instruction ID: dafbacf260f58166f73d190ae8c0eda635466e37c95ea6ee555ae05aa3648aa5
                                • Opcode Fuzzy Hash: c05a2b7b08e562c5d2b7af68046c44eca96a6e41de18ba786a610577053a1c72
                                • Instruction Fuzzy Hash: 35F08911F28D4B0B9BC5FB6854956F9D292FB9C355750417AD00EC328ADD1CE8868780
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB21D3 Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4f492ea357a60e105213e8c4aa36980d4aca71864c3218425454622e892bf135
                                • Instruction ID: 9651687b0ff5c93d62c3142bd43a4ac36e49858643944426d5d581a056b63996
                                • Opcode Fuzzy Hash: 4f492ea357a60e105213e8c4aa36980d4aca71864c3218425454622e892bf135
                                • Instruction Fuzzy Hash: B9F0272664DD5E1BE344FC9EA8815F1B380EB80331BC811BACE58C3946D9C9B85606A4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB3020 Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e4b9852b48da75e8971201e15eb3f5f1aab09d0eff0c737e37c59447745128b6
                                • Instruction ID: 76f6403b4be18fd8915f02433aeacd308ff38ccf1151dea37795d52d2925782c
                                • Opcode Fuzzy Hash: e4b9852b48da75e8971201e15eb3f5f1aab09d0eff0c737e37c59447745128b6
                                • Instruction Fuzzy Hash: 7EF02E307189890BE348BF3C9000376B3C1FF49219B804979D88DC7291CF34D8528381
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB340D Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 374506eaf0d70254364bfe332325dcccfb222f341837de77bbc6e26c450afb0a
                                • Instruction ID: aacd75b69b3a1f9ee9a3de034399f0c6b009cb4846461e0d7bffb1639696cbd9
                                • Opcode Fuzzy Hash: 374506eaf0d70254364bfe332325dcccfb222f341837de77bbc6e26c450afb0a
                                • Instruction Fuzzy Hash: 77F08C3190964C5FDB18FE99EC469EA77A8FF86228F40013AF44D82152DA656862CB60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC8049 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d734e3ad51901e48208ec0c8d1bf185e0c8648c7a1b7ec2435937ef98e54b03c
                                • Instruction ID: e9123383d2f240245c6f7cb06ee5ea77fc9412b9d4ed0fe7b96f8dbea69c9b26
                                • Opcode Fuzzy Hash: d734e3ad51901e48208ec0c8d1bf185e0c8648c7a1b7ec2435937ef98e54b03c
                                • Instruction Fuzzy Hash: 92F02B1090D9964FD751BB7C58516E0BBE4DF4A310BC941F2E008C7187D9089C5687B2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BB2F9F Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: eeb5981b0a81ca6a76570c67055b2b177614082552fe52d8fb86d70025f2badc
                                • Instruction ID: ee24939c238c0103a631e93316a013db7f1620308d3f28c192acb19a3b9ffad3
                                • Opcode Fuzzy Hash: eeb5981b0a81ca6a76570c67055b2b177614082552fe52d8fb86d70025f2badc
                                • Instruction Fuzzy Hash: D2E092307589098FDB48EE2CB8814A5B3D1EB8A324390817AC409C7245CD36A8578740
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC90C0 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d8434c6c869f18919048c258d22ae98ecba742f04672e1b49d87cecd01b5c63b
                                • Instruction ID: 7fbeb39c94a3ad2f089b6d87d021bdc1708415b90f0144f868e5919d4ba2dc53
                                • Opcode Fuzzy Hash: d8434c6c869f18919048c258d22ae98ecba742f04672e1b49d87cecd01b5c63b
                                • Instruction Fuzzy Hash: 24E08C1050EBCA4FE70B6A740CB14607F609F4728078A02E7C482CB0E3DC5D6849D762
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1C80F51 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2515238386.00007FF7C1C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1C80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1c80000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9dc35dd4d8490d637ac1b2a2c773f8fd7d41bafeefe7f28d66f1b021f890cba6
                                • Instruction ID: eb5c946568c0c0534b3da8ab9d865b831940469516588b5c58d49d8a3f6dcd29
                                • Opcode Fuzzy Hash: 9dc35dd4d8490d637ac1b2a2c773f8fd7d41bafeefe7f28d66f1b021f890cba6
                                • Instruction Fuzzy Hash: 8FD0C91172D86207F354398C68563F8F286DF88729FA0413BE509C26C7C8CE6CC243E2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BBC439 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d30c4254fd4bab0a3fa0c5f5de97c9d4f2be8f50b8f8debda05fe34466a7af7b
                                • Instruction ID: 1b89f305ea9a7e4eb7f9b603f172e38ffd173c1479f556cdea6db2d169170f90
                                • Opcode Fuzzy Hash: d30c4254fd4bab0a3fa0c5f5de97c9d4f2be8f50b8f8debda05fe34466a7af7b
                                • Instruction Fuzzy Hash: 27D02B63F081484BD740D728F8807E8F350FB46228F60423AC01E42003CD2550068781
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BCA4DD Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 672827cfeb81c041ea4a792d2c05c79e5657ba90dd355445a20bd7e283d19f7f
                                • Instruction ID: 81e66e1194539d997e4844f5e1f01cc42b88ba64db98444ffb462a25283e4b47
                                • Opcode Fuzzy Hash: 672827cfeb81c041ea4a792d2c05c79e5657ba90dd355445a20bd7e283d19f7f
                                • Instruction Fuzzy Hash: A3C0122240E2C01FC3124B708838AA1BFA40E870A031E81E3D0888B1A3D9289A0AC731
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC8A46 Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5f613de5295c10c34aa027ff79d112b7eb49623b12c60e521b2059d9eb89b389
                                • Instruction ID: dad3be6c6c6076589154a5ae69b00a70c89134ea046335de654b88b6a39a38d6
                                • Opcode Fuzzy Hash: 5f613de5295c10c34aa027ff79d112b7eb49623b12c60e521b2059d9eb89b389
                                • Instruction Fuzzy Hash: 78C01212B8A80A4A9A80BA5824222FCF240DB85230BC12436E22DC2082DC8A29208BD2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FF7C1BC1FD3 Relevance: .0, Instructions: 7COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 90e4e32d4db2f455517bb870f4655b0e202980e64083c3664bda339e7cb71ae7
                                • Instruction ID: e8dfca3a46e6e980e693e19dcb097dcdb3ac3a94648aea87d07753516a960be4
                                • Opcode Fuzzy Hash: 90e4e32d4db2f455517bb870f4655b0e202980e64083c3664bda339e7cb71ae7
                                • Instruction Fuzzy Hash: 3DA02202ACA00E008200388C38020C8F200C382030BC03332E80CC820A88CE08E20280
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Non-executed Functions

                                Function 00007FF7C1BC51FD Relevance: .4, Instructions: 416COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2514964436.00007FF7C1BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1BB0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff7c1bb0000_2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c7b4dae5a47d75f866c0d98e7b514d88c7cf3971fb3a7f31f3f889b1807e8274
                                • Instruction ID: f699fda3f44bcedf37de9e5d5383ce981bc03ec5a679a8a7f8b46707aaad7813
                                • Opcode Fuzzy Hash: c7b4dae5a47d75f866c0d98e7b514d88c7cf3971fb3a7f31f3f889b1807e8274
                                • Instruction Fuzzy Hash: 70C1E631A0CB4C4FDB19EFA89C456EDBBE1EF96321F04426FD049D7292CA746846CB91
                                Uniqueness

                                Uniqueness Score: -1.00%