Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
giLqLXLHs3.exe

Overview

General Information

Sample Name:giLqLXLHs3.exe
Analysis ID:738927
MD5:d7f34f1712688bb9564296842355a8b9
SHA1:1245a185de18808ef075297fc4740d7a3b7b6381
SHA256:c9944c04100d2b5d75b8bff00359b3bef6481bdb72d965032ac800d99cb4fe1a
Tags:exe
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for domain / URL
Yara detected Costura Assembly Loader
Uses known network protocols on non-standard ports
Machine Learning detection for sample
Uses dynamic DNS services
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Detected TCP or UDP traffic on non-standard ports
Internet Provider seen in connection with other malware
Binary contains a suspicious time stamp
Enables debug privileges

Classification

Process Tree

  • System is w10x64
  • giLqLXLHs3.exe (PID: 6084 cmdline: C:\Users\user\Desktop\giLqLXLHs3.exe MD5: D7F34F1712688BB9564296842355A8B9)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
giLqLXLHs3.exeJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.520653994.0000000002DF1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000000.00000000.241342686.00000000007F2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        Process Memory Space: giLqLXLHs3.exe PID: 6084JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.0.giLqLXLHs3.exe.7f0000.0.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for domain / URL
            Source: klanet.duckdns.orgVirustotal: Detection: 5%Perma Link
            Machine Learning detection for sample
            Source: giLqLXLHs3.exeJoe Sandbox ML: detected
            Source: giLqLXLHs3.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: giLqLXLHs3.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: costura.mahapps.metro.iconpacks.core.pdb.compressed source: giLqLXLHs3.exe
            Source: Binary string: hl3costura.mahapps.metro.iconpacks.core.pdb.compressed source: giLqLXLHs3.exe, 00000000.00000002.520653994.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: costura.costura.pdb.compressed|||Costura.pdb|9D79504DE51E115DB26ED0175610FEF704182CDD|2608 source: giLqLXLHs3.exe
            Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: giLqLXLHs3.exe
            Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256 source: giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: hl$costura.htmltextblock.pdb.compressed source: giLqLXLHs3.exe, 00000000.00000002.520653994.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: costura.mahapps.metro.iconpacks.core.pdb.compressed|||MahApps.Metro.IconPacks.Core.pdb|9E10B3D9F7E753F984E8BFE09417371A7F52DCA0|81408 source: giLqLXLHs3.exe
            Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: C:\projects\mahapps-metro-iconpacks\src\MahApps.Metro.IconPacks\obj\Release\MahApps.Metro.IconPacks.Material\net47\MahApps.Metro.IconPacks.Material.pdb source: giLqLXLHs3.exe, 00000000.00000003.275151839.0000000004179000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532888552.0000000005590000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.283786696.00000000047D9000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: costura.htmltextblock.pdb.compressed source: giLqLXLHs3.exe
            Source: Binary string: D:\source\GF\GFAlarmUpdater\obj\Release\GFAlarmUpdater.pdb source: giLqLXLHs3.exe
            Source: Binary string: costura.costura.pdb.compressed source: giLqLXLHs3.exe
            Source: Binary string: hl7costura.mahapps.metro.iconpacks.material.pdb.compressed source: giLqLXLHs3.exe, 00000000.00000002.520653994.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: costura.mahapps.metro.iconpacks.material.pdb.compressed source: giLqLXLHs3.exe
            Source: Binary string: htmltextblockIcostura.htmltextblock.dll.compressedIcostura.htmltextblock.pdb.compressed9mahapps.metro.iconpacks.coregcostura.mahapps.metro.iconpacks.core.dll.compressedgcostura.mahapps.metro.iconpacks.core.pdb.compressedAmahapps.metro.iconpacks.materialocostura.mahapps.metro.iconpacks.material.dll.compressedocostura.mahapps.metro.iconpacks.material.pdb.compressed source: giLqLXLHs3.exe
            Source: Binary string: /_/src/MahApps.Metro.IconPacks.Core/obj/Release/net47/MahApps.Metro.IconPacks.Core.pdb source: giLqLXLHs3.exe, 00000000.00000002.537357922.0000000005A20000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: costura.mahapps.metro.iconpacks.material.pdb.compressed|||MahApps.Metro.IconPacks.Material.pdb|820140E5CD1F78B1B22706BEBC6182C6B8D36E7C|44544 source: giLqLXLHs3.exe
            Source: Binary string: costura.htmltextblock.pdb.compressed|||HtmlTextBlock.pdb|18E9F604D8CE1318CCE807BC9B87E6DC42F547B8|60928 source: giLqLXLHs3.exe

            Networking

            barindex
            Uses known network protocols on non-standard ports
            Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 663
            Source: unknownNetwork traffic detected: HTTP traffic on port 663 -> 49687
            Uses dynamic DNS services
            Source: unknownDNS query: name: klanet.duckdns.org
            Source: global trafficTCP traffic: 192.168.2.7:49687 -> 221.157.45.236:663
            Source: Joe Sandbox ViewASN Name: KIXS-AS-KRKoreaTelecomKR KIXS-AS-KRKoreaTelecomKR
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
            Source: giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
            Source: giLqLXLHs3.exe, 00000000.00000002.525163252.000000000330F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://klanet.duckdns.org:663
            Source: giLqLXLHs3.exe, 00000000.00000002.525163252.000000000330F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://klanet.duckdns.org:663/resource/version.tsv
            Source: giLqLXLHs3.exeString found in binary or memory: http://klanet.duckdns.org:663/resource/version.tsv#downloadVoicePack#WindowBorderBrush
            Source: giLqLXLHs3.exeString found in binary or memory: http://klanet.duckdns.org:663/version
            Source: giLqLXLHs3.exeString found in binary or memory: http://metro.mahapps.com/winfx/xaml/iconpacks
            Source: giLqLXLHs3.exe, 00000000.00000002.520653994.0000000002DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://metro.mahapps.com/winfx/xaml/iconpackseup
            Source: giLqLXLHs3.exe, 00000000.00000002.520653994.0000000002DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://metro.mahapps.com/winfx/xaml/iconpacksp
            Source: giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nlog-project.org/dummynamespace/
            Source: giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nlog-project.org/ws/
            Source: giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nlog-project.org/ws/3
            Source: giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nlog-project.org/ws/5
            Source: giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nlog-project.org/ws/ILogReceiverOneWayServer/ProcessLogMessages
            Source: giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesResponsep
            Source: giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesT
            Source: giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nlog-project.org/ws/T
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0K
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
            Source: giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
            Source: giLqLXLHs3.exe, 00000000.00000002.525163252.000000000330F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
            Source: giLqLXLHs3.exe, 00000000.00000002.544818086.000000000A24E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: giLqLXLHs3.exeString found in binary or memory: http://www.quickzip.org/BaseControls
            Source: giLqLXLHs3.exe, 00000000.00000002.520653994.0000000002DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quickzip.org/BaseControlsx
            Source: giLqLXLHs3.exe, 00000000.00000002.544818086.000000000A24E000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.544737200.000000000A232000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: giLqLXLHs3.exe, 00000000.00000003.254202440.0000000005DEB000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.254322553.0000000005DEB000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.254180030.0000000005DEB000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.254271837.0000000005DEB000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.544737200.000000000A232000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://design.google
            Source: giLqLXLHs3.exeString found in binary or memory: https://design.googleGoogle
            Source: giLqLXLHs3.exe, 00000000.00000002.525163252.000000000330F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gall.dcinside.com/
            Source: giLqLXLHs3.exe, 00000000.00000002.525163252.000000000330F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gall.dcinside.com/micateam/1644952)
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
            Source: giLqLXLHs3.exe, 00000000.00000003.275151839.0000000004179000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532888552.0000000005590000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.537357922.0000000005A20000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.283786696.00000000047D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/MahApps/MahApps.Metro.IconPacks.git
            Source: giLqLXLHs3.exe, 00000000.00000002.537357922.0000000005A20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/MahApps/MahApps.Metro.IconPacks.git&
            Source: giLqLXLHs3.exe, 00000000.00000003.275151839.0000000004179000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.521156580.0000000002E80000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532888552.0000000005590000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.283786696.00000000047D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Templarian/MaterialDesign/blob/master/LICENSE
            Source: giLqLXLHs3.exe, 00000000.00000003.275151839.0000000004179000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532888552.0000000005590000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.283786696.00000000047D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Templarian/MaterialDesign/blob/master/LICENSE-
            Source: giLqLXLHs3.exe, 00000000.00000003.283786696.00000000047D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://materialdesignicons.com/
            Source: giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nlog-project.org/
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/json
            Source: giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
            Source: giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/NLog.Web.AspNetCore
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
            Source: unknownDNS traffic detected: queries for: klanet.duckdns.org
            Source: global trafficHTTP traffic detected: GET /resource/version.tsv HTTP/1.1User-Agent: requestHost: klanet.duckdns.org:663Connection: Keep-Alive
            Source: giLqLXLHs3.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: _originalFileName vs giLqLXLHs3.exe
            Source: giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNLog.dll: vs giLqLXLHs3.exe
            Source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs giLqLXLHs3.exe
            Source: giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs giLqLXLHs3.exe
            Source: giLqLXLHs3.exe, 00000000.00000002.520653994.0000000002DF1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs giLqLXLHs3.exe
            Source: giLqLXLHs3.exe, 00000000.00000003.275151839.0000000004179000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMahApps.Metro.IconPacks.Material.dllP vs giLqLXLHs3.exe
            Source: giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: _originalFileName vs giLqLXLHs3.exe
            Source: giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNLog.dll: vs giLqLXLHs3.exe
            Source: giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs giLqLXLHs3.exe
            Source: giLqLXLHs3.exe, 00000000.00000002.532888552.0000000005590000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMahApps.Metro.IconPacks.Material.dllP vs giLqLXLHs3.exe
            Source: giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: _originalFileName vs giLqLXLHs3.exe
            Source: giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNLog.dll: vs giLqLXLHs3.exe
            Source: giLqLXLHs3.exe, 00000000.00000002.537357922.0000000005A20000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMahApps.Metro.IconPacks.Core.dllP vs giLqLXLHs3.exe
            Source: giLqLXLHs3.exe, 00000000.00000003.283786696.00000000047D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMahApps.Metro.IconPacks.Material.dllP vs giLqLXLHs3.exe
            Source: giLqLXLHs3.exeBinary or memory string: OriginalFilenameGFAlarmUpdater.exe> vs giLqLXLHs3.exe
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeFile read: C:\Users\user\Desktop\giLqLXLHs3.exe:Zone.IdentifierJump to behavior
            Source: giLqLXLHs3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: giLqLXLHs3.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32Jump to behavior
            Source: classification engineClassification label: mal64.troj.evad.winEXE@1/0@1/1
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: giLqLXLHs3.exeStatic file information: File size 2366976 > 1048576
            Source: giLqLXLHs3.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: giLqLXLHs3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: giLqLXLHs3.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x239e00
            Source: giLqLXLHs3.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: giLqLXLHs3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: costura.mahapps.metro.iconpacks.core.pdb.compressed source: giLqLXLHs3.exe
            Source: Binary string: hl3costura.mahapps.metro.iconpacks.core.pdb.compressed source: giLqLXLHs3.exe, 00000000.00000002.520653994.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: costura.costura.pdb.compressed|||Costura.pdb|9D79504DE51E115DB26ED0175610FEF704182CDD|2608 source: giLqLXLHs3.exe
            Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: giLqLXLHs3.exe
            Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256 source: giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: hl$costura.htmltextblock.pdb.compressed source: giLqLXLHs3.exe, 00000000.00000002.520653994.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: costura.mahapps.metro.iconpacks.core.pdb.compressed|||MahApps.Metro.IconPacks.Core.pdb|9E10B3D9F7E753F984E8BFE09417371A7F52DCA0|81408 source: giLqLXLHs3.exe
            Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: giLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: C:\projects\mahapps-metro-iconpacks\src\MahApps.Metro.IconPacks\obj\Release\MahApps.Metro.IconPacks.Material\net47\MahApps.Metro.IconPacks.Material.pdb source: giLqLXLHs3.exe, 00000000.00000003.275151839.0000000004179000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532888552.0000000005590000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.283786696.00000000047D9000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: costura.htmltextblock.pdb.compressed source: giLqLXLHs3.exe
            Source: Binary string: D:\source\GF\GFAlarmUpdater\obj\Release\GFAlarmUpdater.pdb source: giLqLXLHs3.exe
            Source: Binary string: costura.costura.pdb.compressed source: giLqLXLHs3.exe
            Source: Binary string: hl7costura.mahapps.metro.iconpacks.material.pdb.compressed source: giLqLXLHs3.exe, 00000000.00000002.520653994.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: costura.mahapps.metro.iconpacks.material.pdb.compressed source: giLqLXLHs3.exe
            Source: Binary string: htmltextblockIcostura.htmltextblock.dll.compressedIcostura.htmltextblock.pdb.compressed9mahapps.metro.iconpacks.coregcostura.mahapps.metro.iconpacks.core.dll.compressedgcostura.mahapps.metro.iconpacks.core.pdb.compressedAmahapps.metro.iconpacks.materialocostura.mahapps.metro.iconpacks.material.dll.compressedocostura.mahapps.metro.iconpacks.material.pdb.compressed source: giLqLXLHs3.exe
            Source: Binary string: /_/src/MahApps.Metro.IconPacks.Core/obj/Release/net47/MahApps.Metro.IconPacks.Core.pdb source: giLqLXLHs3.exe, 00000000.00000002.537357922.0000000005A20000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: costura.mahapps.metro.iconpacks.material.pdb.compressed|||MahApps.Metro.IconPacks.Material.pdb|820140E5CD1F78B1B22706BEBC6182C6B8D36E7C|44544 source: giLqLXLHs3.exe
            Source: Binary string: costura.htmltextblock.pdb.compressed|||HtmlTextBlock.pdb|18E9F604D8CE1318CCE807BC9B87E6DC42F547B8|60928 source: giLqLXLHs3.exe

            Data Obfuscation

            barindex
            Yara detected Costura Assembly Loader
            Source: Yara matchFile source: giLqLXLHs3.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.giLqLXLHs3.exe.7f0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.520653994.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000000.241342686.00000000007F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: giLqLXLHs3.exe PID: 6084, type: MEMORYSTR
            Source: giLqLXLHs3.exeStatic PE information: 0x81A88C7C [Tue Dec 7 03:54:36 2038 UTC]

            Hooking and other Techniques for Hiding and Protection

            barindex
            Uses known network protocols on non-standard ports
            Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 663
            Source: unknownNetwork traffic detected: HTTP traffic on port 663 -> 49687
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: giLqLXLHs3.exe, 00000000.00000002.539968379.0000000005F0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll'
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Users\user\Desktop\giLqLXLHs3.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\giLqLXLHs3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
            Disable or Modify Tools            		OS Credential Dumping1
            Security Software Discovery            		Remote ServicesData from Local SystemExfiltration Over Other Network Medium11
            Non-Standard Port            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Timestomp            		LSASS Memory12
            System Information Discovery            		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
            Non-Application Layer Protocol            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager1
            Remote System Discovery            		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration12
            Application Layer Protocol            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
            Ingress Tool Transfer            		SIM Card SwapCarrier Billing Fraud

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            giLqLXLHs3.exe0%ReversingLabs
            giLqLXLHs3.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            klanet.duckdns.org5%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://klanet.duckdns.org:663/resource/version.tsv#downloadVoicePack#WindowBorderBrush0%Avira URL Cloudsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://metro.mahapps.com/winfx/xaml/iconpacksp0%Avira URL Cloudsafe
            http://www.quickzip.org/BaseControlsx0%Avira URL Cloudsafe
            http://klanet.duckdns.org:663/resource/version.tsv#downloadVoicePack#WindowBorderBrush3%VirustotalBrowse
            http://metro.mahapps.com/winfx/xaml/iconpackseup0%Avira URL Cloudsafe
            http://james.newtonking.com/projects/json0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://metro.mahapps.com/winfx/xaml/iconpacks0%VirustotalBrowse
            http://klanet.duckdns.org:6630%Avira URL Cloudsafe
            http://www.quickzip.org/BaseControls0%Avira URL Cloudsafe
            http://klanet.duckdns.org:663/version0%Avira URL Cloudsafe
            http://klanet.duckdns.org:663/resource/version.tsv0%Avira URL Cloudsafe
            http://metro.mahapps.com/winfx/xaml/iconpacks0%Avira URL Cloudsafe
            https://design.googleGoogle0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            klanet.duckdns.org
            		221.157.45.236
            		truetrueunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://klanet.duckdns.org:663/resource/version.tsvtrue
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://github.com/Templarian/MaterialDesign/blob/master/LICENSEgiLqLXLHs3.exe, 00000000.00000003.275151839.0000000004179000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.521156580.0000000002E80000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532888552.0000000005590000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.283786696.00000000047D9000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://design.googlegiLqLXLHs3.exe, 00000000.00000003.254202440.0000000005DEB000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.254322553.0000000005DEB000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.254180030.0000000005DEB000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.254271837.0000000005DEB000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.544737200.000000000A232000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://github.com/MahApps/MahApps.Metro.IconPacks.git&giLqLXLHs3.exe, 00000000.00000002.537357922.0000000005A20000.00000004.08000000.00040000.00000000.sdmpfalse
                  		high
                  http://klanet.duckdns.org:663/resource/version.tsv#downloadVoicePack#WindowBorderBrushgiLqLXLHs3.exetrue
                  • 3%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://materialdesignicons.com/giLqLXLHs3.exe, 00000000.00000003.283786696.00000000047D9000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.quickzip.org/BaseControlsxgiLqLXLHs3.exe, 00000000.00000002.520653994.0000000002DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/soap/envelope/giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://metro.mahapps.com/winfx/xaml/iconpackspgiLqLXLHs3.exe, 00000000.00000002.520653994.0000000002DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://nlog-project.org/giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://www.newtonsoft.com/jsongiLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpfalse
                          		high
                          https://github.com/MahApps/MahApps.Metro.IconPacks.gitgiLqLXLHs3.exe, 00000000.00000003.275151839.0000000004179000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532888552.0000000005590000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.537357922.0000000005A20000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.283786696.00000000047D9000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://metro.mahapps.com/winfx/xaml/iconpacksgiLqLXLHs3.exefalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://metro.mahapps.com/winfx/xaml/iconpackseupgiLqLXLHs3.exe, 00000000.00000002.520653994.0000000002DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.goodfont.co.krgiLqLXLHs3.exe, 00000000.00000002.544818086.000000000A24E000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://www.nuget.org/packages/NLog.Web.AspNetCoregiLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://design.googleGooglegiLqLXLHs3.exefalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://james.newtonking.com/projects/jsongiLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://klanet.duckdns.org:663giLqLXLHs3.exe, 00000000.00000002.525163252.000000000330F000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://nlog-project.org/ws/TgiLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesResponsepgiLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://gall.dcinside.com/micateam/1644952)giLqLXLHs3.exe, 00000000.00000002.525163252.000000000330F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://klanet.duckdns.org:663/versiongiLqLXLHs3.exetrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://nlog-project.org/dummynamespace/giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://nlog-project.org/ws/ILogReceiverOneWayServer/ProcessLogMessagesgiLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.newtonsoft.com/jsonschemagiLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpfalse
                                          		high
                                          https://www.nuget.org/packages/Newtonsoft.Json.BsongiLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpfalse
                                            		high
                                            http://nlog-project.org/ws/giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.sandoll.co.krgiLqLXLHs3.exe, 00000000.00000002.544818086.000000000A24E000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.544737200.000000000A232000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesTgiLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.quickzip.org/BaseControlsgiLqLXLHs3.exefalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namegiLqLXLHs3.exe, 00000000.00000002.525163252.000000000330F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://gall.dcinside.com/giLqLXLHs3.exe, 00000000.00000002.525163252.000000000330F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/Templarian/MaterialDesign/blob/master/LICENSE-giLqLXLHs3.exe, 00000000.00000003.275151839.0000000004179000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532888552.0000000005590000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.283786696.00000000047D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://nlog-project.org/ws/3giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://nlog-project.org/ws/5giLqLXLHs3.exe, 00000000.00000002.537390197.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.529086758.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.530861599.0000000004059000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/JamesNK/Newtonsoft.JsongiLqLXLHs3.exe, 00000000.00000003.245106817.0000000004059000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000003.244673513.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, giLqLXLHs3.exe, 00000000.00000002.532173168.00000000053A0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                            		high

                                                            World Map of Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public IPs

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            221.157.45.236
                                                            		klanet.duckdns.orgKorea Republic of
                                                            		4766KIXS-AS-KRKoreaTelecomKRtrue

                                                            General Information

                                                            Joe Sandbox Version:36.0.0 Rainbow Opal
                                                            Analysis ID:738927
                                                            Start date and time:2022-11-05 20:03:28 +01:00
                                                            Joe Sandbox Product:CloudBasic
                                                            Overall analysis duration:0h 7m 16s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Sample file name:giLqLXLHs3.exe
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                            Number of analysed new started processes analysed:11
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:0
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • HDC enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Detection:MAL
                                                            Classification:mal64.troj.evad.winEXE@1/0@1/1
                                                            EGA Information:Failed
                                                            HDC Information:Failed
                                                            HCA Information:
                                                            • Successful, ratio: 98%
                                                            • Number of executed functions: 123
                                                            • Number of non-executed functions: 0
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .exe

                                                            Warnings

                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com
                                                            • Execution Graph export aborted for target giLqLXLHs3.exe, PID 6084 because it is empty
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                            Simulations

                                                            Behavior and APIs

                                                            No simulations

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            No context

                                                            Domains

                                                            No context

                                                            ASNs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                            KIXS-AS-KRKoreaTelecomKRfile.dllGet hashmaliciousBrowse
                                                            • 183.111.227.137
                                                            file.dllGet hashmaliciousBrowse
                                                            • 183.111.227.137
                                                            file.dllGet hashmaliciousBrowse
                                                            • 183.111.227.137
                                                            file.dllGet hashmaliciousBrowse
                                                            • 183.111.227.137
                                                            file.dllGet hashmaliciousBrowse
                                                            • 183.111.227.137
                                                            file.dllGet hashmaliciousBrowse
                                                            • 183.111.227.137
                                                            file.dllGet hashmaliciousBrowse
                                                            • 183.111.227.137
                                                            file.dllGet hashmaliciousBrowse
                                                            • 183.111.227.137
                                                            file.dllGet hashmaliciousBrowse
                                                            • 183.111.227.137
                                                            file.dllGet hashmaliciousBrowse
                                                            • 183.111.227.137
                                                            file.dllGet hashmaliciousBrowse
                                                            • 183.111.227.137
                                                            file.dllGet hashmaliciousBrowse
                                                            • 183.111.227.137
                                                            aMLjTIhBvevLGx.dll.dllGet hashmaliciousBrowse
                                                            • 121.163.73.215
                                                            aMLjTIhBvevLGx.dll.dllGet hashmaliciousBrowse
                                                            • 121.163.73.215
                                                            ZeiSBCNAjO.elfGet hashmaliciousBrowse
                                                            • 121.188.36.254
                                                            Qa6ZrSMSAj.elfGet hashmaliciousBrowse
                                                            • 14.88.168.67
                                                            83uOpJxN4z.elfGet hashmaliciousBrowse
                                                            • 118.234.3.68
                                                            NUC8Bc61HA.elfGet hashmaliciousBrowse
                                                            • 221.146.233.2
                                                            n022mxlPcCMhU.dll.dllGet hashmaliciousBrowse
                                                            • 183.111.227.137
                                                            n022mxlPcCMhU.dll.dllGet hashmaliciousBrowse
                                                            • 183.111.227.137

                                                            JA3 Fingerprints

                                                            No context

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            No created / dropped files found

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Entropy (8bit):7.864152844370486
                                                            TrID:
                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                            • Windows Screen Saver (13104/52) 0.07%
                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                            File name:giLqLXLHs3.exe
                                                            File size:2366976
                                                            MD5:d7f34f1712688bb9564296842355a8b9
                                                            SHA1:1245a185de18808ef075297fc4740d7a3b7b6381
                                                            SHA256:c9944c04100d2b5d75b8bff00359b3bef6481bdb72d965032ac800d99cb4fe1a
                                                            SHA512:686e1a19c760f48dc029d7fea8a523817a88e05f503780b7e0270787d7dd2e87fdc0d080ba711bc38dbfecf2d8d001cd011d80f3826156eb4fe8728f56077ae1
                                                            SSDEEP:49152:TcGa5dzwr9jrwnkUeZw+W7SCYFllu0DcJ:LuUr9jrwn7eq2Fl/4J
                                                            TLSH:90B50218B2DABE2DDBAB25FD46B5E2A9DD77615D1319821F3047F322E8290C00F446DE
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|............."...0...#..~........#.. ........@.. .......................`$...........`................................

                                                            File Icon

                                                            Icon Hash:ceb292d2d2d2d2d2

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x63bc1e
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x81A88C7C [Tue Dec 7 03:54:36 2038 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:4
                                                            OS Version Minor:0
                                                            File Version Major:4
                                                            File Version Minor:0
                                                            Subsystem Version Major:4
                                                            Subsystem Version Minor:0
                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                            Entrypoint Preview

                                                            Instruction
                                                            jmp dword ptr [00402000h]
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x23bbd00x4b.text
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x23c0000x7a6c.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x2440000xc.reloc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x23bb440x38.text
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x20000x239c240x239e00unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .rsrc0x23c0000x7a6c0x7c00False0.44137474798387094data6.562813008648801IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .reloc0x2440000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountry
                                                            RT_ICON0x23c1800x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024
                                                            RT_ICON0x23c5f80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304
                                                            RT_ICON0x23cf900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096
                                                            RT_ICON0x23e0480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216
                                                            RT_ICON0x2406000x23a8PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                            RT_GROUP_ICON0x2429b80x4cdata
                                                            RT_VERSION0x242a140x34cdata
                                                            RT_MANIFEST0x242d700xcf8XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

                                                            Imports

                                                            DLLImport
                                                            mscoree.dll_CorExeMain

                                                            Network Behavior

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Nov 5, 2022 20:04:33.673718929 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:33.928922892 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:33.929167032 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:33.955842972 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.210021973 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.210508108 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.210542917 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.210567951 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.210593939 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.210614920 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.210617065 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.210640907 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.210664034 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.210685968 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.210690975 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.210690975 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.210707903 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.210731030 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.210740089 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.210774899 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.464986086 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465080023 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465141058 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465190887 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465192080 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.465245008 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.465277910 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465320110 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465359926 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465395927 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.465399027 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465440989 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465440989 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.465482950 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465527058 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465533972 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.465568066 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465606928 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465615988 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.465646982 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465687037 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465691090 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.465727091 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465764999 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465770006 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.465804100 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465856075 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.465857029 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465898037 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.465949059 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.720782042 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.720823050 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.720845938 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.720869064 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.720911980 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.720953941 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.720993996 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.721034050 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.721067905 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.721072912 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.721112967 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:04:34.721148968 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:04:34.721196890 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:05:39.212266922 CET66349687221.157.45.236192.168.2.7
                                                            Nov 5, 2022 20:05:39.212785959 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:06:14.806737900 CET49687663192.168.2.7221.157.45.236
                                                            Nov 5, 2022 20:06:15.061157942 CET66349687221.157.45.236192.168.2.7

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Nov 5, 2022 20:04:33.538115025 CET5834653192.168.2.78.8.8.8
                                                            Nov 5, 2022 20:04:33.651215076 CET53583468.8.8.8192.168.2.7

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Nov 5, 2022 20:04:33.538115025 CET192.168.2.78.8.8.80xd662Standard query (0)klanet.duckdns.orgA (IP address)IN (0x0001)false

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Nov 5, 2022 20:04:33.651215076 CET8.8.8.8192.168.2.70xd662No error (0)klanet.duckdns.org221.157.45.236A (IP address)IN (0x0001)false

                                                            HTTP Request Dependency Graph

                                                            • klanet.duckdns.org:663

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            0192.168.2.749687221.157.45.236663C:\Users\user\Desktop\giLqLXLHs3.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 5, 2022 20:04:33.955842972 CET91OUTGET /resource/version.tsv HTTP/1.1
                                                            User-Agent: request
                                                            Host: klanet.duckdns.org:663
                                                            Connection: Keep-Alive
                                                            Nov 5, 2022 20:04:34.210508108 CET93INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Sat, 05 Nov 2022 19:04:34 GMT
                                                            Content-Type: application/octet-stream
                                                            Content-Length: 50906
                                                            Last-Modified: Sat, 05 Nov 2022 06:25:20 GMT
                                                            Connection: keep-alive
                                                            Keep-Alive: timeout=20
                                                            ETag: "636601d0-c6da"
                                                            Accept-Ranges: bytes
                                                            Data Raw: 76 32 2e 37 30 0d 0a e2 96 a0 20 ec 8b a0 ea b7 9c 20 ea b8 b0 eb 8a a5 0d 0a 2d 20 eb af b8 eb 8b 88 eb a7 b5 20 ea b8 b0 eb 8a a5 0d 0a 2d 20 ec 9e 90 ec 9b 90 20 ed 91 9c ec 8b 9c 20 ea b8 b0 eb 8a a5 0d 0a 2d 20 ed 94 84 eb a1 9d ec 8b 9c 20 ec a0 91 ec 86 8d 20 ec 9d b8 ec a6 9d 0d 0a 2d 20 ec a7 80 ed 9c 98 ea b4 80 20 eb b3 b4 eb 84 88 ec 8a a4 20 22 ec 8b ac ed 99 94 20 ed 95 99 ec 8a b5 22 20 ec b6 94 ea b0 80 20 28 ec 9a 94 ec a0 95 20 ea b2 bd ed 97 98 ec b9 98 20 ec 83 81 ec 8a b9 29 0d 0a e2 96 a0 20 eb b2 84 ea b7 b8 20 ec 88 98 ec a0 95 0d 0a 2d 20 eb 8c 80 eb a7 8c 20 ec 84 9c eb b2 84 20 ec a3 bc ec 86 8c 20 eb af b8 ec 9d b8 ec 8b 9d 20 eb b2 84 ea b7 b8 20 ec 88 98 ec a0 95 0d 0a 2d 20 5b ec a0 9c eb 8c 80 20 ed 83 ad 5d 20 ec 9d b8 ed 98 95 2f ec 9a 94 ec a0 95 20 ec a6 9d ec 8b 9d 20 eb b2 84 ea b7 b8 20 ec 88 98 ec a0 95 0d 0a 2d 20 5b ec 9e 84 eb ac b4 20 ed 83 ad 5d 20 e3 85 87 e3 85 87 20 ec b2 98 ec b9 98 20 ec 9e 84 eb ac b4 ea b0 80 20 ec b9 b4 ec 9a b4 ed 8c 85 eb 90 98 ec a7 80 20 ec 95 8a eb 8a 94 20 eb b2 84 ea b7 b8 20 ec 88 98 ec a0 95 20 28 33 ec 84 b8 eb a0 a5 20 ec b2 98 eb a6 ac 29 0d 0a e2 96 a0 20 ea b8 b0 ed 83 80 20 ec 88 98 ec a0 95 0d 0a 2d 20 5b ec 9e 84 eb ac b4 20 ed 83 ad 5d 20 ea b7 b8 eb a3 b9 20 ec 88 9c ec 84 9c 20 eb b3 80 ea b2 bd 20 ea b8 b0 eb 8a a5 20 ec b6 94 ea b0 80 0d 0a 2d 20 ec 96 b8 ec 96 b4 20 ec 84 a4 ec a0 95 20 ec 8b 9c 20 ec 8b 9c ec 9e 91 20 eb a9 94 eb 89 b4 20 eb 8b a4 eb a5 b8 20 ec 96 b8 ec 96 b4 eb a1 9c 20 eb 90 9c 20 eb b0 94 eb a1 9c ea b0 80 ea b8 b0 20 ec 82 ad ec a0 9c 0d 0a 2d 20 ec 82 ac ec 9a a9 20 eb a9 94 eb aa a8 eb a6 ac 20 ec b5 9c ec a0 81 ed 99 94 20 28 eb af b8 eb 8b 88 eb a7 b5 20 ed 85 8c ec 8a a4 ed 8a b8 20 eb b2 84 ec a0 84 20 ea b8 b0 ec a4 80 20 34 30 30 4d 42 e2 86 92 31 30 30 4d 42 eb 8c 80 eb a1 9c 20 ec b5 9c ec a0 81 ed 99 94 29 0d 0a 2d 20 eb 8d b0 ec 9d b4 ed 84 b0 20 ec b5 9c ec 8b a0 ed 99 94 0d 0a 76 32 2e 37 31 0d 0a e2 96 a0 20 eb b2 84 ea b7 b8 20 ec 88 98 ec a0 95 0d 0a 2d 20 5b eb af b8 eb 8b 88 eb a7 b5 5d 20 ec 95 84 eb a0 88 ec 8a a4 20 eb 93 b1 20 eb 88 84 eb 9d bd eb 90 9c 20 ec 8a a4 ed 8c 8c ec 9d b8 20 ec 9d b4 eb af b8 ec a7 80 20 ec b6 94 ea b0 80 0d 0a 2d 20 5b eb af b8 eb 8b 88 eb a7 b5 5d 20 ec 9e ac ec a0 91 20 ec 8b 9c 20 ec 95 84 ea b5 b0 2d 33 ec 84 b8 eb a0 a5 20 ec a0 9c eb 8c 80 20 ea b0 84 20 ec a0 84 ed 88 ac ea b0 80 20 eb b2 8c ec 96 b4 ec a7 84 20 ea b2 bd ec 9a b0 20 ec b2 98 eb a6 ac 20 eb 88 84 eb 9d bd eb 90 98 eb 8a 94 20 eb b2 84 ea b7 b8 20 ec 88 98 ec a0 95 20 28 ec 98 88 3a 20 eb b9 84 ea b2 bd ec 88 98 ec 9c 84 20 ec 95 84 ea b5 b0 2d ec 83 81 eb 8b a8 20 ed 83 80 ec 9d b4 ed 8f b0 20 ea b0 84 20 ec a0 84 ed 88 ac 29 0d 0a 2d 20 5b eb af b8 eb 8b 88 eb a7 b5 5d 20 ed 8a b9 ec a0 95 20 eb a7 b5 ec 97 90 20 eb 8b ab ed 9e 8c 20 ec 9d bc eb b0 98 20 ea b1 b0 ec a0 90 20 ec 98 88 ec 99 b8 20 ec b2 98 eb a6 ac 20 28 ec 98 88 3a 20 31 32 2d 33 45 29 0d 0a 2d 20 5b eb af b8 eb 8b 88 eb a7 b5 5d 20 ec a3 bc ea b0 84 20 ec a0 84 ec 97 ad 20 ec 9d
                                                            Data Ascii: v2.70 - - - - " " ( ) - - [ ] / - [ ] (3 ) - [ ] - - ( 400MB100MB )- v2.71 - [] - [] -3 (: - )- [] (: 12-3E)- []


                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            System Behavior

                                                            General

                                                            Target ID:0
                                                            Start time:20:04:25
                                                            Start date:05/11/2022
                                                            Path:C:\Users\user\Desktop\giLqLXLHs3.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\Desktop\giLqLXLHs3.exe
                                                            Imagebase:0x7f0000
                                                            File size:2366976 bytes
                                                            MD5 hash:D7F34F1712688BB9564296842355A8B9
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:.Net C# or VB.NET
                                                            Yara matches:
                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.520653994.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000000.241342686.00000000007F2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                            Reputation:low

                                                            Disassembly

                                                            Reset < >

                                                              Executed Functions

                                                              Function 01401B68 Relevance: 2.6, Strings: 2, Instructions: 132COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $%il$$%il
                                                              • API String ID: 0-1010214175
                                                              • Opcode ID: 4a6acd60a45700d94f972a070b25b30999ce0b963c68498c0b43b378940df201
                                                              • Instruction ID: 021f12258f6e2c02f3502ab7cb602661cdffb2c4d60b1fcfbf8746e261fb2d4c
                                                              • Opcode Fuzzy Hash: 4a6acd60a45700d94f972a070b25b30999ce0b963c68498c0b43b378940df201
                                                              • Instruction Fuzzy Hash: 50516D302106059FC716EB31D8546ABB7A2FF86748F018E2DD05A4F295EF36E81ACBC5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01401B78 Relevance: 2.6, Strings: 2, Instructions: 126COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $%il$$%il
                                                              • API String ID: 0-1010214175
                                                              • Opcode ID: e4a00f1ef3fd0acbaa2a78e17ebef309d3baff02384bfa6c25a3a2eae71bdca6
                                                              • Instruction ID: 57d4779f0e1c51fa21fac0821f68a237e993a823871f7b6d369a78146a00b99a
                                                              • Opcode Fuzzy Hash: e4a00f1ef3fd0acbaa2a78e17ebef309d3baff02384bfa6c25a3a2eae71bdca6
                                                              • Instruction Fuzzy Hash: 544139302106059FC716EB31D8546ABB7A2FB86748F018E2DD05A4F295EF76E81A8BC5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 066619B0 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: d
                                                              • API String ID: 0-2564639436
                                                              • Opcode ID: 01f9dd2641097cbba5b1f61059d8fff55f392e7d0295b66652bbde084105fffd
                                                              • Instruction ID: aa9b2d4a8375cf6297d52f6779d796498e2bd4e87f5d4948f39979375b2c52cc
                                                              • Opcode Fuzzy Hash: 01f9dd2641097cbba5b1f61059d8fff55f392e7d0295b66652bbde084105fffd
                                                              • Instruction Fuzzy Hash: 85918834A00A069FDB14DF1AD48096AF7B2FF89314B14CA28E96A9B751D730FC56CBD0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014079B0 Relevance: .3, Instructions: 317COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2b3bd4a0f02249c7ea8789539e572db61cb808d443bfb89945efc0989b1a6dd7
                                                              • Instruction ID: 5f35bc147c2934ba118cd446c25cc88f531328f4a236824e83631f7a8069ccdd
                                                              • Opcode Fuzzy Hash: 2b3bd4a0f02249c7ea8789539e572db61cb808d443bfb89945efc0989b1a6dd7
                                                              • Instruction Fuzzy Hash: D7E14874600219CFDB21DF69C988A9A77F2BF48325F014665E445AB3B2D738EC85CF91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014079A0 Relevance: .3, Instructions: 308COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 876ac3faa61f6625eb8f48d9839b64357bf09aed4847740b9d5b02951e2e8c47
                                                              • Instruction ID: 043a3b2eeb45d84262c42872d711c6d9cc4f586861ca10146fff9186c1d335f3
                                                              • Opcode Fuzzy Hash: 876ac3faa61f6625eb8f48d9839b64357bf09aed4847740b9d5b02951e2e8c47
                                                              • Instruction Fuzzy Hash: C2D16974600219CFDB21CF69C988A9AB7F2BF48325F014665E445AB3B2D738EC45CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014070B8 Relevance: .2, Instructions: 183COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2a47bc25c893278328105692b67ac5b577139c0b1471785445cfca40f0a62ffd
                                                              • Instruction ID: fcd6e1b178df63fe859b95b90f0a13c158c6e29d3cb885d301d9d8f285ef1909
                                                              • Opcode Fuzzy Hash: 2a47bc25c893278328105692b67ac5b577139c0b1471785445cfca40f0a62ffd
                                                              • Instruction Fuzzy Hash: F561A330A002099FCB05DFA9C4909AEBBF6EF89204F15846DE505EB3A1DF71AD06CF91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 06664490 Relevance: .2, Instructions: 181COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 558aa08330a826e76db758224c863a9d326a191b004937a3f5752c83f7d2feb5
                                                              • Instruction ID: f6ee6f7182e5fe7b749f8490c5d8786aa44b17e1edb044c0bc05ee7286f29168
                                                              • Opcode Fuzzy Hash: 558aa08330a826e76db758224c863a9d326a191b004937a3f5752c83f7d2feb5
                                                              • Instruction Fuzzy Hash: 658137B420124A9FDB14FF60E495C893B62FB893593118E24D601873BDCB742C8A9F94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 066644A0 Relevance: .2, Instructions: 177COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cdd7423d756a6f8c3c70b6ae6ad61d2426ef0350298fc9757e3470023b3278e1
                                                              • Instruction ID: ef483fbf097c05018abaac47f09fe6b49f137260cd05a7603151f80a978cefcf
                                                              • Opcode Fuzzy Hash: cdd7423d756a6f8c3c70b6ae6ad61d2426ef0350298fc9757e3470023b3278e1
                                                              • Instruction Fuzzy Hash: ED8126B420110AAFDB14FF60E495C893B66FB893593118E24E601873BDCB782DCA9FD4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 06663310 Relevance: .2, Instructions: 165COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1bf8ac7bc8c13a504e033a944b4e6bae1b171706ea5fcaddd35311463bd481e9
                                                              • Instruction ID: 5bbd632cc32804b38c54ba45e970c76d8820514c859788ef674404748ac49c60
                                                              • Opcode Fuzzy Hash: 1bf8ac7bc8c13a504e033a944b4e6bae1b171706ea5fcaddd35311463bd481e9
                                                              • Instruction Fuzzy Hash: 0D51C9795143809FCBC62BB6ECAA6193FB1FF4120034414DAF802E7352EF369805DB99
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01405ACF Relevance: .2, Instructions: 161COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7db6bbd9b8ef66e723a759e3f883377128f73e26168dedd44737efcc0e57e31e
                                                              • Instruction ID: 0d68f49c0b817c49fe779298906d84840f1c19c015f098a947dec4b8a43374a2
                                                              • Opcode Fuzzy Hash: 7db6bbd9b8ef66e723a759e3f883377128f73e26168dedd44737efcc0e57e31e
                                                              • Instruction Fuzzy Hash: 26712935611209CFCB15EF70E891AAE7776FB8930CF90892CD5056B398DB32AC59CB94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01405AE0 Relevance: .2, Instructions: 154COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ce7c568b264936329722a4a6fa0f874e469f6e64b6269c075c8ffba3ae2ca57c
                                                              • Instruction ID: 95775916fa978439f9842145a00baf182d25edb265fcb12fc1b92367eaf988e1
                                                              • Opcode Fuzzy Hash: ce7c568b264936329722a4a6fa0f874e469f6e64b6269c075c8ffba3ae2ca57c
                                                              • Instruction Fuzzy Hash: 73611935610209CFCB14EF70E891AAE7776FB89308F90892CD5056B398DB32AD59CF94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 06662A10 Relevance: .1, Instructions: 142COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 560761ddd49895850e4e25082f742e7c4ed180524822e079d4a9fe5fcaf40ed3
                                                              • Instruction ID: 7b29f5a2deea73fb242f4ea7f66c77e8a275f4db7f1073582d1cbed16061d9f1
                                                              • Opcode Fuzzy Hash: 560761ddd49895850e4e25082f742e7c4ed180524822e079d4a9fe5fcaf40ed3
                                                              • Instruction Fuzzy Hash: 24411570B001059FDB14DF66E464ABE7ABBEFC9254F108428E406EB394CE718D85CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 06661C70 Relevance: .1, Instructions: 141COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 51eb6e702c599ab8294ee5f17c9c3fa21af596b61f6a2c0d1120545d3169aa49
                                                              • Instruction ID: a9908de1ae3c0768d6c9c92d3c09c0b7138156c22387f3316822ca7102354bb1
                                                              • Opcode Fuzzy Hash: 51eb6e702c599ab8294ee5f17c9c3fa21af596b61f6a2c0d1120545d3169aa49
                                                              • Instruction Fuzzy Hash: 53517974A006068FD710CF5AD484A6AFBB6FB85314F14CA79E529CB3A5C730E896CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01408241 Relevance: .1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: accb1cff7ca5213740a8d33768d13db821c39c9e736441a9c55430e7c5d806ff
                                                              • Instruction ID: 02f6aa79509a9fef417031116daea082967f9dc5ab2f55e8b76e933eb5332f0e
                                                              • Opcode Fuzzy Hash: accb1cff7ca5213740a8d33768d13db821c39c9e736441a9c55430e7c5d806ff
                                                              • Instruction Fuzzy Hash: C441AE3AB10124CFCB05DF69D95896D77B2EB8871870504A9FA06EB3A5DB31EC02CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 066651AF Relevance: .1, Instructions: 107COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3756018d3bff9f796f03f0699082ec4666c182f85aa4ccc0c60e224eaf7d49f2
                                                              • Instruction ID: 2f3faa086292330c3bccf048fa28ff7841b48cb576090be4517868e2d3fa318c
                                                              • Opcode Fuzzy Hash: 3756018d3bff9f796f03f0699082ec4666c182f85aa4ccc0c60e224eaf7d49f2
                                                              • Instruction Fuzzy Hash: C941CF347012119FCB05EF74E994AAE77E3EF86608F518969D009DB396DF31AC068BD1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 066651C0 Relevance: .1, Instructions: 102COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bf9cc022c1c29c33a1fb011ea8a69ac206321438d226d08ba0ead0adfdf6f75e
                                                              • Instruction ID: d38e76d76c3cb6198b9a1a21a910c1a0a69eee72df4f5dcd995f662fe73202a0
                                                              • Opcode Fuzzy Hash: bf9cc022c1c29c33a1fb011ea8a69ac206321438d226d08ba0ead0adfdf6f75e
                                                              • Instruction Fuzzy Hash: C231AE347102559FCB04EB74E894A6EB7E3EBC6608F508569D0099B396DF31AC068BD1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014074E8 Relevance: .1, Instructions: 99COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2f80072311a912d42acd02296b67ce0af92fe34f06c890c38f21bfa723ac3b13
                                                              • Instruction ID: f832c53a856106634df8895e0ae74728444fbcf1e4d324f642b514f9c945f6eb
                                                              • Opcode Fuzzy Hash: 2f80072311a912d42acd02296b67ce0af92fe34f06c890c38f21bfa723ac3b13
                                                              • Instruction Fuzzy Hash: 0D41C030A001498FDB15CFA9D558ADDBBF1AF4C314F2484AAE449BB3A1CB35AD45CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0121E1C8 Relevance: .1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519705918.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_121d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c1265fb7784868c1885d719cb8fb8e2c332faa51d5f3a0ade1ceeed34748d14e
                                                              • Instruction ID: 5b8a7ff08982d4c16e4812fdec51be8bc85bb0beacb760e23d0a031b4cc933af
                                                              • Opcode Fuzzy Hash: c1265fb7784868c1885d719cb8fb8e2c332faa51d5f3a0ade1ceeed34748d14e
                                                              • Instruction Fuzzy Hash: C931D1B2514200EFDF16DF44CDC0FA6BFA6FB98310F258598EE080A21AC376C865DB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014051F1 Relevance: .1, Instructions: 85COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f2ac3d704f749f2ed55f48a49761c7a4ffc7e4a3366795d6d226256d5e2f9335
                                                              • Instruction ID: 49bd63d529d310cdbd2e0a09e0f8d775dbffade2269db6cff2623ca97ea13c66
                                                              • Opcode Fuzzy Hash: f2ac3d704f749f2ed55f48a49761c7a4ffc7e4a3366795d6d226256d5e2f9335
                                                              • Instruction Fuzzy Hash: 9231F835A0011ACFCB54DFA8D4849ADB7F1FF48308B158969D419EB366DB34AD05CF94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0121E0BC Relevance: .1, Instructions: 83COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519705918.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_121d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eca1dd6fab194033858fda1f330e0c6ee7426963235488ad2d3f79e28f29ab15
                                                              • Instruction ID: 92697c70a75ef036673bab93be520a86531aedfce5719c9173bc3af388537a22
                                                              • Opcode Fuzzy Hash: eca1dd6fab194033858fda1f330e0c6ee7426963235488ad2d3f79e28f29ab15
                                                              • Instruction Fuzzy Hash: 7831ADB2514200EFDF06CF54CDC0B66BBA6FB58314F2586A8EE094A25AC336D855CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0121EB90 Relevance: .1, Instructions: 83COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519705918.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_121d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 20cf3aa7d7adb60e38738e118b200da26988072e865370d4249bd0bfb82dbcdb
                                                              • Instruction ID: e4119328281d30f5cc6ddf81097ffb04b76d9d0c872626b5b435368384ffc5b0
                                                              • Opcode Fuzzy Hash: 20cf3aa7d7adb60e38738e118b200da26988072e865370d4249bd0bfb82dbcdb
                                                              • Instruction Fuzzy Hash: 6931F5B2514244EFDF06DF44CDC0F56BFA6FB98324F2585A8EE094A21AC336D855CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0121EA94 Relevance: .1, Instructions: 80COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519705918.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_121d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a97d42775f9f92c0faac844f671d0f0ede472e01124b27c1f02bd851d081a9c5
                                                              • Instruction ID: 6c49bf0c4474cfd035dd14f21d398780499d378c16152149152cf0331c764390
                                                              • Opcode Fuzzy Hash: a97d42775f9f92c0faac844f671d0f0ede472e01124b27c1f02bd851d081a9c5
                                                              • Instruction Fuzzy Hash: E92126B2514200EFCF06CF54DCC0F16BBA5FB98314F2586A9EE0A4B20AC336D855CB61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0121DED8 Relevance: .1, Instructions: 80COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519705918.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_121d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0f961d2cd6927bb2c25d682e973c1df51533b28a8cbcbd56ce1088187614732d
                                                              • Instruction ID: 1009035197791b129c3f06a2bdf1940aac1c0c37b67f128e27530bde5bac4a05
                                                              • Opcode Fuzzy Hash: 0f961d2cd6927bb2c25d682e973c1df51533b28a8cbcbd56ce1088187614732d
                                                              • Instruction Fuzzy Hash: D6212CB2514204DFCF05CF94D8C4F56BBA5FB98314F248669EA084F24AC336D555CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0121D680 Relevance: .1, Instructions: 78COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519705918.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_121d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eceb192b6b808b7506cf86ebe93f3e188c7daa21530e9492295d3be5ec02f988
                                                              • Instruction ID: d0d4f7d36c278bb62e772bf16eafc428abb3943ac2ed2e5182c5ee4b3c314078
                                                              • Opcode Fuzzy Hash: eceb192b6b808b7506cf86ebe93f3e188c7daa21530e9492295d3be5ec02f988
                                                              • Instruction Fuzzy Hash: 60213B75514284DFDF05CF44D9C8F26BBE5FB98314F2486A8E9084F20AC336D816CB61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0120D054 Relevance: .1, Instructions: 77COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519604750.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_120d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 70091cb78c2cd690d46df8cd2ce880d8e693a69af0c7440b61558ad4157f4582
                                                              • Instruction ID: 8eb24bc90b07168e78279dbd3b61927eec1a20a82434240a361fe11ae98ae63b
                                                              • Opcode Fuzzy Hash: 70091cb78c2cd690d46df8cd2ce880d8e693a69af0c7440b61558ad4157f4582
                                                              • Instruction Fuzzy Hash: BE2136B5514248DFDF16CF94D8C0B26BB66FB88314F248768EA084B287C376D816CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014068A8 Relevance: .1, Instructions: 77COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0c893a88950580089ebf4b54115c166284b04e69917badd858e7e9fb4ed704af
                                                              • Instruction ID: a1f6d7890381ca69c34a29ccf12b8ac787f45ae43dbd8180c2f42553a9d44269
                                                              • Opcode Fuzzy Hash: 0c893a88950580089ebf4b54115c166284b04e69917badd858e7e9fb4ed704af
                                                              • Instruction Fuzzy Hash: 6921E7397003218FDB16963AA8106AF33DADFC475DF054036E906DBBA5EB71DC428690
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0666199F Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ebf81db480c24f6e7142c14ce17cbfb9e03d0b34faad30c3e0ea7cb5b02814a4
                                                              • Instruction ID: 135298bd86ff6bf7df0f91c888b7619839bf15f5a6da01d00c3cfdad1b072fb3
                                                              • Opcode Fuzzy Hash: ebf81db480c24f6e7142c14ce17cbfb9e03d0b34faad30c3e0ea7cb5b02814a4
                                                              • Instruction Fuzzy Hash: F821AE71A006069FDB10DF1AD984A6AFBB6FF84310B14C629E829D7340D730F954CBD4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0120D5AC Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519604750.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_120d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5fd076ea6fbdea6178a2f5097801c7d7aed14e148d4a6cdd92d7b2d29ac501f1
                                                              • Instruction ID: 3b1d9ad779a270bbed6a8d7b56f8a7bfefa24ae1a3587e733cdb87af95612718
                                                              • Opcode Fuzzy Hash: 5fd076ea6fbdea6178a2f5097801c7d7aed14e148d4a6cdd92d7b2d29ac501f1
                                                              • Instruction Fuzzy Hash: 9C2148B1514208DFDB02CF94EDC0B26BF65FB88324F248669EA094B287C336D446CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0121D01C Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519705918.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_121d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 92d3a8b86a167218a7834a4853eb2d1419e0171920161cd475c10f8d3b0f3593
                                                              • Instruction ID: d545ef1567581dc0dd3bcfbe95b5cee859f5ca29fec2274e3b85624b4d01d825
                                                              • Opcode Fuzzy Hash: 92d3a8b86a167218a7834a4853eb2d1419e0171920161cd475c10f8d3b0f3593
                                                              • Instruction Fuzzy Hash: 98216775518208DFCB10CF54D8C8B22BBA1FB98354F20C96DD9094B24AC33BD847CA61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014009A8 Relevance: .1, Instructions: 71COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a443a83a2b11e436f9174746b499460b48a9df793c60d7faf52dc59f0b381c9e
                                                              • Instruction ID: ee571ad7c82cbf37ba3c404f60467ee57d7b2e3278f786adf331f27f0cf1fb0b
                                                              • Opcode Fuzzy Hash: a443a83a2b11e436f9174746b499460b48a9df793c60d7faf52dc59f0b381c9e
                                                              • Instruction Fuzzy Hash: 2A213879700204CFDB55DF69D984A6A77B0FB88695B018179FA0ACB3A2E730EC41CB60
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 06665361 Relevance: .1, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 99d15dff63c0c8b491e5ddff8eb735c6fd947a4efcfc912f4f3677dc36226b70
                                                              • Instruction ID: 4ba36a9e0388c871c8c847747c52f7551f98a9b5e334977df77e88f880443353
                                                              • Opcode Fuzzy Hash: 99d15dff63c0c8b491e5ddff8eb735c6fd947a4efcfc912f4f3677dc36226b70
                                                              • Instruction Fuzzy Hash: 76212539B002248FCB54DF68D499A9D7BF2AF8E719F1540A9E506EB365CB749C01CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01400CE0 Relevance: .1, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 51ec9a4d44c7e2436c90eb4d88282bbb184627bce053ea1d33c64de1f22fd6fb
                                                              • Instruction ID: 6211d70b5bbfa1dc6e0f5b6778e8a8ecb745cf733d4fb2f0565b319e0594e783
                                                              • Opcode Fuzzy Hash: 51ec9a4d44c7e2436c90eb4d88282bbb184627bce053ea1d33c64de1f22fd6fb
                                                              • Instruction Fuzzy Hash: D5218E317501149FDB14DBA9D818BAEBBF6AFC9614F25006AE501EB3A0CFB0DD018BA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01400A60 Relevance: .1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f41f16bc8b1af5e120cbd7a43007e44ecb8b0a5cf1cdb96e676a619170d1f883
                                                              • Instruction ID: 5e4d67a5f9303d72e9af25f23a3f7220a435491c508d1c69591e613544485f9f
                                                              • Opcode Fuzzy Hash: f41f16bc8b1af5e120cbd7a43007e44ecb8b0a5cf1cdb96e676a619170d1f883
                                                              • Instruction Fuzzy Hash: 54212A70A00605DFDB15DF6AD558BADBBB1AB48344F10816AE401A73A1DB719D85CFA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 066648A5 Relevance: .1, Instructions: 67COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 97ea966485d9dfbd4e7596124c296b5b68904ce775d0becffa3f26f2e4aabcc7
                                                              • Instruction ID: 7940dbda7ab195da5fdf018c05df06ac09d52a43861f15382faa15aa65e65a6e
                                                              • Opcode Fuzzy Hash: 97ea966485d9dfbd4e7596124c296b5b68904ce775d0becffa3f26f2e4aabcc7
                                                              • Instruction Fuzzy Hash: AE3103B0D00208DFDB14CF9AD984BDDBBF1AF48318F148529E405AB250DB745945CF95
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014067E9 Relevance: .1, Instructions: 67COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 520e798dc3c06cb8e067b16514007ee63c1464ec6d806a66b4f89b9bc3d3e6f8
                                                              • Instruction ID: 7a5aa0048761fddf13841d77f381e1766f808a0a5143ddd0eaea6e1f051c9835
                                                              • Opcode Fuzzy Hash: 520e798dc3c06cb8e067b16514007ee63c1464ec6d806a66b4f89b9bc3d3e6f8
                                                              • Instruction Fuzzy Hash: 1211C8B6B116028FE70A8A2B84547767BEAAFC4244B06C47FE407CB3F5EA34CD458760
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 066648B0 Relevance: .1, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dd436d36d8ba609d988227e4842dfd6663584a1e2699b0cfb3e55b970bbe4ca7
                                                              • Instruction ID: dada9fc441b70c27e8ba0fe360f1f15e3d4e362e26aae9064c9f79a0f545a28a
                                                              • Opcode Fuzzy Hash: dd436d36d8ba609d988227e4842dfd6663584a1e2699b0cfb3e55b970bbe4ca7
                                                              • Instruction Fuzzy Hash: 8B31F2B0D00208DFDB54CF9AD984BCEBBF5AF48318F148519E404AB250DB746945CB95
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 066635B8 Relevance: .1, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3ca3f61b05e2550b7d8453073049133a12063a0e8f12f9125995df5ea19f0871
                                                              • Instruction ID: 8b0782b3e2ff2950f5cc9d40e0cec79817eedb1e08a09406667cdd1f69671401
                                                              • Opcode Fuzzy Hash: 3ca3f61b05e2550b7d8453073049133a12063a0e8f12f9125995df5ea19f0871
                                                              • Instruction Fuzzy Hash: 75216AB2E002488FDB10CFAAE9407DEBBF0AF88224F14845AD419B7740C335A505CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01400A50 Relevance: .1, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c77113f05bdc072ddd895a720d5027a2c99d6bebc12c8ee66da8e8140e877ec3
                                                              • Instruction ID: c78b41157479b71736f1e6a8945643245b1e8787141b871a97ef3588a193b356
                                                              • Opcode Fuzzy Hash: c77113f05bdc072ddd895a720d5027a2c99d6bebc12c8ee66da8e8140e877ec3
                                                              • Instruction Fuzzy Hash: AB218E70A00605DFDB15DF6AC548BAAB7F1FF48344F10856AE401A73A1DB719D82CFA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01400CD1 Relevance: .1, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d620f8daaa054a9eb7bcb004286bd49c914db7a471f7fe87c90dca3ed7a3fe84
                                                              • Instruction ID: a0c6a1c24f242ffc679cf11cf9a59138846533152be5e929ad4601d008e18926
                                                              • Opcode Fuzzy Hash: d620f8daaa054a9eb7bcb004286bd49c914db7a471f7fe87c90dca3ed7a3fe84
                                                              • Instruction Fuzzy Hash: 4B21A131700214DFDB14DBA9D819BAE7BF2AF89714F24046EE501AB3A0CBB09C018BE5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0121E1C7 Relevance: .1, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519705918.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_121d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ff3f0d1bbf2a9ed3bcb7efbee08d8af8196bd3a95ea9995510580762091753ac
                                                              • Instruction ID: b9d4ce7003b51003c22784c924f43c8853c64e6024cfd22c17baa0d606f37fca
                                                              • Opcode Fuzzy Hash: ff3f0d1bbf2a9ed3bcb7efbee08d8af8196bd3a95ea9995510580762091753ac
                                                              • Instruction Fuzzy Hash: 5E214C76400140EFDF56CF44D9C0B55BFB2FB88310F258699EE040A62AC337D465DB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0121EB8B Relevance: .1, Instructions: 64COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519705918.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_121d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9600be50cf3956ed6d774d8c4e89b4d2cd1878bfe6b054d047489b4df3541ec7
                                                              • Instruction ID: afedf0e93a9514622f59cc68e16a45eee677f8b92cb4df021958a2f5f84033a2
                                                              • Opcode Fuzzy Hash: 9600be50cf3956ed6d774d8c4e89b4d2cd1878bfe6b054d047489b4df3541ec7
                                                              • Instruction Fuzzy Hash: 24219072400240DFCF02CF44DDC0B56BFB2FB48320F258299EE040A22AC336D466DB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01407710 Relevance: .1, Instructions: 62COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 96e46ec41637d87f08a99d24d8d1812c613dc089af8c8ede60da40d18e474492
                                                              • Instruction ID: 4a418dbac56ff46184f11eca6ac5630a4e5354a96da8c48924765c4adbb24905
                                                              • Opcode Fuzzy Hash: 96e46ec41637d87f08a99d24d8d1812c613dc089af8c8ede60da40d18e474492
                                                              • Instruction Fuzzy Hash: D5012D777092104FE7119A99B844AEBBBDEDF80266F14443BE105D7291DA72E80483A0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0121E0BB Relevance: .1, Instructions: 62COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519705918.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_121d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c76b68ea052405eb1dcd74308aab1247606d8b21b6ed4bc07b46af0e1625826e
                                                              • Instruction ID: 114f9493857220a0efb26fcf97606ad32b69d0c969ed06d358c8ece73587e08a
                                                              • Opcode Fuzzy Hash: c76b68ea052405eb1dcd74308aab1247606d8b21b6ed4bc07b46af0e1625826e
                                                              • Instruction Fuzzy Hash: 82216876500240EFDF06CF54D9C0B55BFB2FB48314F2486A9EE090A26AC336D8A6DB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014084F1 Relevance: .1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 295fae4a550c67977c094a964bd1d4540b3630e8f09e1e8c5fdd777ef5eb4c86
                                                              • Instruction ID: 237809df38c160e2c1e2d0405affe7eeaf5103690c7f6fc6ec83ffa04e26339c
                                                              • Opcode Fuzzy Hash: 295fae4a550c67977c094a964bd1d4540b3630e8f09e1e8c5fdd777ef5eb4c86
                                                              • Instruction Fuzzy Hash: 17217C3D260251CFC305EF56F8AAF157BA5F388309F04861CF5528F399DA725885CB95
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0121EA8F Relevance: .1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519705918.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_121d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a1ab2d54acebd3c0f2e6e499f0acf47ea400b5a359ff45a866e4f66737bf7d59
                                                              • Instruction ID: c237052bf20ab7c7ecd7a8b860fdf8ad5e3df1bbd2212f7859b6873e505b4d49
                                                              • Opcode Fuzzy Hash: a1ab2d54acebd3c0f2e6e499f0acf47ea400b5a359ff45a866e4f66737bf7d59
                                                              • Instruction Fuzzy Hash: E3218E72404240DFCF02CF54D9C4B56BFB2FB88324F2986A9DE094A65AC336D566CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0121DED3 Relevance: .1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519705918.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_121d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a1ab2d54acebd3c0f2e6e499f0acf47ea400b5a359ff45a866e4f66737bf7d59
                                                              • Instruction ID: 9572f6068841430801a5be1821a4a0a62df599d7fa8d8658031b1e621794c4f4
                                                              • Opcode Fuzzy Hash: a1ab2d54acebd3c0f2e6e499f0acf47ea400b5a359ff45a866e4f66737bf7d59
                                                              • Instruction Fuzzy Hash: 70219DB6404244DFCF06CF54D9C4B56BFB2FB88324F2486A9EA080A65AC336D566CF91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0140088F Relevance: .1, Instructions: 60COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 767940c12f7d678d28ede9bedc5fb7da7d2c73531c6d1ad038315441f4657279
                                                              • Instruction ID: 9347e3af31c0ae6d57f994537bedd0ec3af183c2363eb27c8508cd947eb72a51
                                                              • Opcode Fuzzy Hash: 767940c12f7d678d28ede9bedc5fb7da7d2c73531c6d1ad038315441f4657279
                                                              • Instruction Fuzzy Hash: 72218C35E0021A9FEB15DFA9E480BEEBBB1EF88354F104066E508E7390DB309905CF90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 06663348 Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 616f490234e90e4489a49c5e0cf909bd4012fea0e5339621d83c75c618739cc6
                                                              • Instruction ID: 1310086e2af7decaa6b778cebf053fedf3b0ae4db63eefc59b847320e09d70e1
                                                              • Opcode Fuzzy Hash: 616f490234e90e4489a49c5e0cf909bd4012fea0e5339621d83c75c618739cc6
                                                              • Instruction Fuzzy Hash: D311F4347202418BCF987BB2FD3E52D3EE9EF81546350597DB426971A0DF244D068F98
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01400999 Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 697ccc069277917fbb2fad4d002f268252e8051bf4ed52221dec3453b8a96df5
                                                              • Instruction ID: d8d9c43af15c8c5a07a7ddbf6a3c8010ee48b3c701691cab764ba384258a06da
                                                              • Opcode Fuzzy Hash: 697ccc069277917fbb2fad4d002f268252e8051bf4ed52221dec3453b8a96df5
                                                              • Instruction Fuzzy Hash: E3114C34700205CFDB55DF69D894AAB7BB0FF85255B0041A9E909CB3A2E730EC418B60
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0121D67B Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519705918.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_121d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 81b9febe9cde636c9a9c52217d79dfd52929a03abf3e6df06fb8b84e30684063
                                                              • Instruction ID: 09ffcd3925ae10ab88100c0e124e8f6933ba810ab750af20e1408a4ccfd02775
                                                              • Opcode Fuzzy Hash: 81b9febe9cde636c9a9c52217d79dfd52929a03abf3e6df06fb8b84e30684063
                                                              • Instruction Fuzzy Hash: 1B21A276404284DFDF06CF54D9C8B56BFB2FB88314F2486A9D9480B65AC336D466CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0120D04F Relevance: .1, Instructions: 58COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519604750.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_120d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 978b985d7103e961c9f3c83ec6c6f091002c3da9c6e4f3838e356ae49b11d5eb
                                                              • Instruction ID: 948f2cfcb6a538802b7c41d47a2d94f653b19f2639bcd1ed2d77ca15290adfb4
                                                              • Opcode Fuzzy Hash: 978b985d7103e961c9f3c83ec6c6f091002c3da9c6e4f3838e356ae49b11d5eb
                                                              • Instruction Fuzzy Hash: A021CD76404284DFCF06CF84D9C4B16BF72FB88314F2886A9DA480B257C33AD466CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01406181 Relevance: .1, Instructions: 57COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 88fc538c61fe1b4d2c03981a2eb40e4177a2466098a6af45f58fc1158523f2fe
                                                              • Instruction ID: f59218633766dc22398526fcd94c0b1f6231dbfe4f867e91ead49e56841dc3c4
                                                              • Opcode Fuzzy Hash: 88fc538c61fe1b4d2c03981a2eb40e4177a2466098a6af45f58fc1158523f2fe
                                                              • Instruction Fuzzy Hash: 631154312142069FC721EF64D8949AA7BA6FF8520C711CE2DD109CF6A2DB71AD0D8B95
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0120D5A7 Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519604750.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_120d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b7cc86b5ff79ce043c803af90b915b5d7a1ca48b01667a36e239ea52a940d4d9
                                                              • Instruction ID: 1f89415e2e9c594a1fbd38935a910d0f936eb0c5996f70ed8bd3fb286c54e853
                                                              • Opcode Fuzzy Hash: b7cc86b5ff79ce043c803af90b915b5d7a1ca48b01667a36e239ea52a940d4d9
                                                              • Instruction Fuzzy Hash: E811B176405284CFDF02CF54E9C4B16BF72FB84320F2486A9D9080B657C336D456CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0140524D Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f206c428b2fc823e15a09ca1e4f0591a793da699626401ea1fb541326593c896
                                                              • Instruction ID: d195056eb033fc372fa9ad2858eae27ec13b0bb6c486a56ec539f8a76b4c1986
                                                              • Opcode Fuzzy Hash: f206c428b2fc823e15a09ca1e4f0591a793da699626401ea1fb541326593c896
                                                              • Instruction Fuzzy Hash: 8921E734A0010ACFCB15EBA4D4949EDB7F6BF88309B058969D44A9F3A6DB74AC05CF54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 06663480 Relevance: .1, Instructions: 55COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fda3cf8c1db998707e5cabfc9910de8ef2eb0196cdb7b0acbd4e1bcd82c8da45
                                                              • Instruction ID: a8f75bb9906c5040d784809bafef49d2411742ded538a3344ce91dbbf666a51f
                                                              • Opcode Fuzzy Hash: fda3cf8c1db998707e5cabfc9910de8ef2eb0196cdb7b0acbd4e1bcd82c8da45
                                                              • Instruction Fuzzy Hash: FA018431B002159B8765E77AE95097E73E7EBC856A3054128D909D3340EF38AC46CBD4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01406898 Relevance: .1, Instructions: 55COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a116a7c84a1324bb90c55e363bf16927589cf0efc514ef402a06461f49969e18
                                                              • Instruction ID: 67d7528240d91ab508ba4f485c9368c15d48ca1684833c9c5f7c22df4a84909b
                                                              • Opcode Fuzzy Hash: a116a7c84a1324bb90c55e363bf16927589cf0efc514ef402a06461f49969e18
                                                              • Instruction Fuzzy Hash: DD01F9397003118FDB16863A49143AA279B9FC4749F0A8077E906DBBE5EA71CC058240
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014077A1 Relevance: .1, Instructions: 54COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 139cc19102422cf1c038ad1d71643cced5f415038b1fc06748311ff7134c649a
                                                              • Instruction ID: dcad92548bb010790efbe3d1d2f85221a696ad92fce1ac4c9ad2323f531a00a7
                                                              • Opcode Fuzzy Hash: 139cc19102422cf1c038ad1d71643cced5f415038b1fc06748311ff7134c649a
                                                              • Instruction Fuzzy Hash: 6A119132A00105DBDB25CFAAE4496EDBBF5AF48201F10502BE542F7390CB799E01CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014077B0 Relevance: .1, Instructions: 54COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b3241077bd29a483b092675dbe7fdbb9bd2965b0a978868d1747e05d014c2118
                                                              • Instruction ID: 4c581966967321e5d49e321ea7b70228726d709d011cf911b6ae41d593787fff
                                                              • Opcode Fuzzy Hash: b3241077bd29a483b092675dbe7fdbb9bd2965b0a978868d1747e05d014c2118
                                                              • Instruction Fuzzy Hash: C2115131A00209DBDB25DF66D559BEEBBB5AB48301F10402AE542F7390DF75AE00CB95
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0666347E Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0b81368de88cdbfc6df7f36f453a67ed7d765786288e2189c6cf604cabd7ae4f
                                                              • Instruction ID: 3b3882caf0699e3fa5bee9a0ca5207abc57a54f4512f31f65c176c66eb55427c
                                                              • Opcode Fuzzy Hash: 0b81368de88cdbfc6df7f36f453a67ed7d765786288e2189c6cf604cabd7ae4f
                                                              • Instruction Fuzzy Hash: 43018435B002259B8765D7BAEA515BE73E7EBC815A3064129D909D3340EF38AC46CBC4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014003C8 Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a3fbcbeb0f6f98ef90fe9b92aa6372901bbdbe5e10a5c7c79bbe5194add3539c
                                                              • Instruction ID: a2f13d3d47d4e97d4a6ab5f048bf86f344bbfee73d010eec182dff45fecc06bf
                                                              • Opcode Fuzzy Hash: a3fbcbeb0f6f98ef90fe9b92aa6372901bbdbe5e10a5c7c79bbe5194add3539c
                                                              • Instruction Fuzzy Hash: 8B11C56744E3D50FD353A77898717C53F714F2762DF1A08EBC0CACA5A3E50888899326
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0121D017 Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519705918.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_121d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4e48e4748a45bc7b91dcd6aa8ebc28c847b65a88b089b38da77094b7edb9447c
                                                              • Instruction ID: 3a67ab3a7e3dae7fc75ebcc3f7b8e3881057554fe49b9a6704fab6ce9930c4db
                                                              • Opcode Fuzzy Hash: 4e48e4748a45bc7b91dcd6aa8ebc28c847b65a88b089b38da77094b7edb9447c
                                                              • Instruction Fuzzy Hash: E311BE75504284CFDB12CF18D5C8B15BBB1FB44314F24C6A9D9094B65AC33BD44ACBA2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01400750 Relevance: .1, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2526961759e35aa0dd115d4cbb19e715a0e3e4eceaacebfe9f99b9fcfbe6f69b
                                                              • Instruction ID: 8a2c2d2d0ba29a05902b9e2a29ea4c4257993e2d653bb3d63a0309adbf39a1ca
                                                              • Opcode Fuzzy Hash: 2526961759e35aa0dd115d4cbb19e715a0e3e4eceaacebfe9f99b9fcfbe6f69b
                                                              • Instruction Fuzzy Hash: B201B136B242541FD312E379604063E7BD7ABC2558B58C16ED509CF3D2CFBA9C0A93A2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01406190 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d7bb6dd80af1e53d2d1c93c41d2975d696fadbe16a1ac96cb2c90abf52b27614
                                                              • Instruction ID: 71d932deef8669c5c1e573d308bbce589d5a8b2c40818eb6a3efe96a93858682
                                                              • Opcode Fuzzy Hash: d7bb6dd80af1e53d2d1c93c41d2975d696fadbe16a1ac96cb2c90abf52b27614
                                                              • Instruction Fuzzy Hash: 4401523121420A9FC720EF64D88599BB7A6FF84218740CE2DD1098F6A5DF71B80D8BD9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01404EE7 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: db09ff4deb408f3d56fdde8e92bdb651ce2854db48fb2a39c50e08e45cf0f30f
                                                              • Instruction ID: acc8a3b79c1a118e3869bf7342e53b73f5bb6f2823af18d72c139dbfe9c9a63f
                                                              • Opcode Fuzzy Hash: db09ff4deb408f3d56fdde8e92bdb651ce2854db48fb2a39c50e08e45cf0f30f
                                                              • Instruction Fuzzy Hash: A8F0285740D2800FC303B778AC767D23F649F22219F0E45FBC18ACAA93D928451DCA67
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0140A868 Relevance: .0, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0892458f38935b6b2d048bd7f852311cfa1e93928dbf26aef14bc51121b4e349
                                                              • Instruction ID: 53fe46889406901f1edb4d2e8ab26f41ff66f78f03e22ccbda90846ed97fa022
                                                              • Opcode Fuzzy Hash: 0892458f38935b6b2d048bd7f852311cfa1e93928dbf26aef14bc51121b4e349
                                                              • Instruction Fuzzy Hash: 1C01A93BB002145FCB15AB7AF454AAFBBEAEBC4611750C07AEA09C7344DF3599028BD4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0120DA05 Relevance: .0, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519604750.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_120d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 162667582ecca0781cee2d1c27d66824d0f117197790218ad76974fdcb202499
                                                              • Instruction ID: 5d090b318e6033e2b9b2781c1f7453a61bf0368c6f4aa8fec72150ced08c425b
                                                              • Opcode Fuzzy Hash: 162667582ecca0781cee2d1c27d66824d0f117197790218ad76974fdcb202499
                                                              • Instruction Fuzzy Hash: 4301FC7141D3489EE7114E9ACCC4766BF98DF45264F08C259EE085B287C3749484C671
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01406979 Relevance: .0, Instructions: 44COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dbeb6ea78d122e52cf7c5f4f31429a5eddd1bebd87bb22914d6efe9d8bfab875
                                                              • Instruction ID: 06aa25703068d4e19fb4d8bbaa43087e6415fa51910d94662aa0d7028068f91e
                                                              • Opcode Fuzzy Hash: dbeb6ea78d122e52cf7c5f4f31429a5eddd1bebd87bb22914d6efe9d8bfab875
                                                              • Instruction Fuzzy Hash: 0301F932D1824E9FCF01EFB4D4944CD3BB9EF4620870185A9D209CF272EF3556088BA5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0120D8BB Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519604750.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_120d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cd3261fbd062304b6f59b446a226a60a295ecec479ee9dde8749693f5f21f87f
                                                              • Instruction ID: 4e0710b9bb9f2f3f5745d416282c49050bf54a2be3b53c41a8be4f50f5d91e24
                                                              • Opcode Fuzzy Hash: cd3261fbd062304b6f59b446a226a60a295ecec479ee9dde8749693f5f21f87f
                                                              • Instruction Fuzzy Hash: 6C011A72100A04AFD7619F4ACD40C23FBBAFF88720345855EE94A4BA22C272F851DFA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0120D8AC Relevance: .0, Instructions: 41COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519604750.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_120d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ef4547ac717bae667d8320a938686a8116e36da466f0ce21bfd25a5e389c4755
                                                              • Instruction ID: 14abdca4e2d05a3d276e47cd94c29fd1a05e8e35ceaf245fea56da61d08f47bf
                                                              • Opcode Fuzzy Hash: ef4547ac717bae667d8320a938686a8116e36da466f0ce21bfd25a5e389c4755
                                                              • Instruction Fuzzy Hash: 17011E36105740AFD7628F56CD40C23BFBAFF89720319898DE9864BA62C231F812DF60
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0666353E Relevance: .0, Instructions: 40COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0e805cd6d1193ea2c56536c52ef2f8e5873724dcef6f3f54a874753993d66d47
                                                              • Instruction ID: 45a9a9c9af495a688139a07302c7b6389b3cc16fc37fbaafc1f3ffe4830c8fad
                                                              • Opcode Fuzzy Hash: 0e805cd6d1193ea2c56536c52ef2f8e5873724dcef6f3f54a874753993d66d47
                                                              • Instruction Fuzzy Hash: 73F0B4727041209FE7149AE5AC50BBE62DAEBC9224F01443AD50DE7784DF759C0A43F6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01406988 Relevance: .0, Instructions: 40COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 30502a34769eccfce425be678dd0030d31a683347adda740b4d639e7da32dfa8
                                                              • Instruction ID: 5cd36f10f586e41c8a4cb418ce878a4f2d569c43a73d26d652f0c01b1afda52e
                                                              • Opcode Fuzzy Hash: 30502a34769eccfce425be678dd0030d31a683347adda740b4d639e7da32dfa8
                                                              • Instruction Fuzzy Hash: C4010C72E1420E9FCB00EFB4D49449E7BB9EF49208B018569D209DF235EF305A088BA5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01401D73 Relevance: .0, Instructions: 40COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e087337ebf3fe06ebace0eb924b9b3396a53320d486456c4072c88597a580708
                                                              • Instruction ID: d5732c3fe655bcd0e9881ee0e6993cbf07bc2e18271bd3cdfcda08f70a60e9af
                                                              • Opcode Fuzzy Hash: e087337ebf3fe06ebace0eb924b9b3396a53320d486456c4072c88597a580708
                                                              • Instruction Fuzzy Hash: F3F0F42175D3C05FD30253B564483E93FA28B92129F0D42FBC089CB293C66948078792
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01400DF2 Relevance: .0, Instructions: 40COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d9f5a2848e8f83d9ff3255fc59f908458ace8285da99a31017d8d442d8a5a614
                                                              • Instruction ID: 17289b7ba3d3420d8d2d1a97c4afda44954532447a55fe8aec4a8eda49973654
                                                              • Opcode Fuzzy Hash: d9f5a2848e8f83d9ff3255fc59f908458ace8285da99a31017d8d442d8a5a614
                                                              • Instruction Fuzzy Hash: 9DF096313046405FC311866AD844F577BE6EFCD660B2580BAF509CB772D970DC018790
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0140A859 Relevance: .0, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fdefd00829ebe3f3742a6bc320ab033fad439124192ecb9622b6f028a85273df
                                                              • Instruction ID: 73419b0996b09588da0ab39442dc66905a1075a9ec869eec71ee82d3b41d8199
                                                              • Opcode Fuzzy Hash: fdefd00829ebe3f3742a6bc320ab033fad439124192ecb9622b6f028a85273df
                                                              • Instruction Fuzzy Hash: EBF0447BF102109FCB15DF7994146AEBBBAEF8421171580BAE909D7345DF3499018F94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0120DA04 Relevance: .0, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.519604750.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_120d000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 81882745a7fa73d679e846372a23da3ca1993408a4197ae8310c58d369d5f820
                                                              • Instruction ID: 8986301bbf270abafca6bb1c3af603401948a7b9363c093bdd9f68afdfd3c0cb
                                                              • Opcode Fuzzy Hash: 81882745a7fa73d679e846372a23da3ca1993408a4197ae8310c58d369d5f820
                                                              • Instruction Fuzzy Hash: B0F068714092449EEB118E5ADCC4762FFA8EB45774F18C55AEE045B287C3755844CAB1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01407658 Relevance: .0, Instructions: 35COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a8c27049882711e7f952cdd7a4b9383b656ab62550520316aa2577e328c15290
                                                              • Instruction ID: f2080074d9d151fae7e8287f5db7fd5b37751d08135ac66c5e87503beab22cba
                                                              • Opcode Fuzzy Hash: a8c27049882711e7f952cdd7a4b9383b656ab62550520316aa2577e328c15290
                                                              • Instruction Fuzzy Hash: D2E0A03330021457A714095FA884BABBF9CEB846B2F14843BF64AC6291CA35D412C275
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014008D8 Relevance: .0, Instructions: 35COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a3bf21c3724840b8fde9c1923fb3304f95b1ce1dbda8ba06148414a331334ed0
                                                              • Instruction ID: 678bc97b724f94240deb17b76bc5b135e1f5f2066dbd2aceb6919e6e76174f83
                                                              • Opcode Fuzzy Hash: a3bf21c3724840b8fde9c1923fb3304f95b1ce1dbda8ba06148414a331334ed0
                                                              • Instruction Fuzzy Hash: 4101A274E043099FE716DF65E590BEEBBB1AF88304F214069E414A73A5DB709D05CF50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 06662A04 Relevance: .0, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fecc8a11f3d281952cb09f847c5e1ae6a15b0e0b25abbb7a4b34065fc16f3934
                                                              • Instruction ID: dd24860a36657b38af21697967747c2dcfb59c2d862cfd75b89cb64799b4fe31
                                                              • Opcode Fuzzy Hash: fecc8a11f3d281952cb09f847c5e1ae6a15b0e0b25abbb7a4b34065fc16f3934
                                                              • Instruction Fuzzy Hash: CEF09E32F083D44BC3260775E85069ABFF49F86104F0180BFE542C3291DA30591DC7E0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01404FC0 Relevance: .0, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 956c717ee76258161d52541ecfc9369f565318003ff5d5cfec23d04b85a3bb65
                                                              • Instruction ID: 14cb7900548ff3fb04f90166d214286e874d2054b2afe49c3448b72fe6c9a6ea
                                                              • Opcode Fuzzy Hash: 956c717ee76258161d52541ecfc9369f565318003ff5d5cfec23d04b85a3bb65
                                                              • Instruction Fuzzy Hash: ABF05E3A31411B8F8722F7B9F49066A329AEB841487419A65D648CF39EEF70DC0947D5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01404FB1 Relevance: .0, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0fa1a694925aad23e133168fe1fe85111096b5e48fdf988b7d242575affcb4d6
                                                              • Instruction ID: 9cee8a4b80ae3ceee5f3f18b8bbafef7223803b9dabd429ab3bc898ce6729445
                                                              • Opcode Fuzzy Hash: 0fa1a694925aad23e133168fe1fe85111096b5e48fdf988b7d242575affcb4d6
                                                              • Instruction Fuzzy Hash: D8F0F63A3140178FC322F7B8F49036A2296EB841087008A79C148CF39EEF30DC0947D5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0140A7E0 Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 015bccb018f823c87714bd753460694701959a2de407ff7950167464fb3231c5
                                                              • Instruction ID: cb9e6a28ba4e47245adb92e060f969ec728e966acdc80fbff1c1ab47a280eec1
                                                              • Opcode Fuzzy Hash: 015bccb018f823c87714bd753460694701959a2de407ff7950167464fb3231c5
                                                              • Instruction Fuzzy Hash: A1F024376046009BC713CA18D818FFBBBA0AF41601F5882BBD6468B2A2DB329645CBD1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01407643 Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ec173ed2e7418e978aa6e35c747e2898cbd8da53e3cc79adff27155b49c68e29
                                                              • Instruction ID: 6a5a368071cad62010416ef09483604798eedce227137d170df4bac8fd087fff
                                                              • Opcode Fuzzy Hash: ec173ed2e7418e978aa6e35c747e2898cbd8da53e3cc79adff27155b49c68e29
                                                              • Instruction Fuzzy Hash: D2F0276320D3801BD7120A6B9CC47567F7C5A422A2B0D44BBE989CB2E3C5359505C372
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0140A090 Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 238308c2f499b51f5b1c18487381632bb3a8a36e752805c25d0ca839a269f385
                                                              • Instruction ID: e80420d001eac40cacf2074ac90c17f968ce1de73e141bcd1f3c149ba5370e29
                                                              • Opcode Fuzzy Hash: 238308c2f499b51f5b1c18487381632bb3a8a36e752805c25d0ca839a269f385
                                                              • Instruction Fuzzy Hash: 62F0B4B691E3C58FC702DBB089526887F31EF17404B0B09DBD048DB293E5214E0C8752
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01405A79 Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5ef161755488eb486bc855f739023320105462d0a2e5609ba005d3d02bcf2ecb
                                                              • Instruction ID: 0d78ae3c3a02118dc60e974e74230793bf8fc40048ca29acafdb01583e1c9d17
                                                              • Opcode Fuzzy Hash: 5ef161755488eb486bc855f739023320105462d0a2e5609ba005d3d02bcf2ecb
                                                              • Instruction Fuzzy Hash: CDE0AB323153024FC301B7B5A4A81CD27A6ABA8018B418E3ED10CCB292DE20590D03B8
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01406790 Relevance: .0, Instructions: 30COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4919cf8876a21464fc0669d78fa482f5b5568f02aef59e3db78e286a433a3231
                                                              • Instruction ID: 87c12d1b809d608219c3063719135c779bf8ab42c699fec8973ca8672cdf9f59
                                                              • Opcode Fuzzy Hash: 4919cf8876a21464fc0669d78fa482f5b5568f02aef59e3db78e286a433a3231
                                                              • Instruction Fuzzy Hash: A7F054B1505F414F8335EF6A9444056FBF6AED6660306CB5EC0AACF6E1D73055088B91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0140A808 Relevance: .0, Instructions: 29COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 356082c431587d8c55477ce3b87c5a5e184f1214d7a09f3b2b7777f137b217bd
                                                              • Instruction ID: 20e7cc1319378a59993c0a2205ed7b2ea3a8e09dd9d7b85682d3ae46b64eeea7
                                                              • Opcode Fuzzy Hash: 356082c431587d8c55477ce3b87c5a5e184f1214d7a09f3b2b7777f137b217bd
                                                              • Instruction Fuzzy Hash: 4DE065373002048BC721965AD454DABB7A9AFD4650765413BD60B8B370DF319D42C691
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014076A9 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 328d609801d2a36fded56aee364b502cb5aae91438e7c862ab7d5878d67850bf
                                                              • Instruction ID: fcd42f532a22c2bf19b3dfd86f9265ec77f38f076b6accf9cd6d9d6b481c2c1e
                                                              • Opcode Fuzzy Hash: 328d609801d2a36fded56aee364b502cb5aae91438e7c862ab7d5878d67850bf
                                                              • Instruction Fuzzy Hash: 7AE01AB6E142199F4B40EFACB84A2EE77F1EF48254B11846AC54AE7B04E6315A148BD2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01404F5E Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 87a7575332d2adb6a542ffc6bbbb30a8c2ce0246828b4621359ab8bfd570da04
                                                              • Instruction ID: 66ae0bb3bcf7f2c82e305259cbe02f1248bad95e826da73b416456e4ebc88fac
                                                              • Opcode Fuzzy Hash: 87a7575332d2adb6a542ffc6bbbb30a8c2ce0246828b4621359ab8bfd570da04
                                                              • Instruction Fuzzy Hash: AEF0923460D3C14FD7034BB468782563FB6AB47104B1A91DBD884CB3EBE9398C19C362
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01404AA8 Relevance: .0, Instructions: 27COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d66356f4e76bb79361bfc976f8a2663df0ff1ce8ff85b24d77b50bc74c0e4810
                                                              • Instruction ID: 8c923b7e5abe6caf65b4c90f669fbc6c0e331d902ce6febf227dc71b1c50cea7
                                                              • Opcode Fuzzy Hash: d66356f4e76bb79361bfc976f8a2663df0ff1ce8ff85b24d77b50bc74c0e4810
                                                              • Instruction Fuzzy Hash: 78F0F030A0418B9FCB01EBB8D48499DBFB1EF46208B4086ECC0059F2A3DA302A05CB92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01400B3C Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3e7d62f576382b64d69c2628d11abb2498cccfcc11930d1c13f3120acc4937b6
                                                              • Instruction ID: 3522f032306e71ccc7064181fd6cc2ec30f4380154a206ed5b96bdabfe9abfab
                                                              • Opcode Fuzzy Hash: 3e7d62f576382b64d69c2628d11abb2498cccfcc11930d1c13f3120acc4937b6
                                                              • Instruction Fuzzy Hash: DEF0AF70901609DFDB15DFD5E559BEEBFB1AB48349F201429E405772A4DB780A44CF50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01404AB8 Relevance: .0, Instructions: 25COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4a856fdf903469b3f49ab89533694fe6bc09bceaadf209200946df8ea776617d
                                                              • Instruction ID: bceff116b9b5ac7743679695e3530e6b3b97cea4e3e2a3f649c9357f76dc1356
                                                              • Opcode Fuzzy Hash: 4a856fdf903469b3f49ab89533694fe6bc09bceaadf209200946df8ea776617d
                                                              • Instruction Fuzzy Hash: FAF01230A1110EEFCB40FFA8D59159CBBF5EB44208F5085ADC509DB365EB306E198B95
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01400710 Relevance: .0, Instructions: 24COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9bb73979d85b6a875603c3485a17f2d8a4060dec2c0c2603c7aefa728b332d3d
                                                              • Instruction ID: 139c1169a6e2509e750152d3c47a8e978160f8d9b91f728f4a45249a078283ee
                                                              • Opcode Fuzzy Hash: 9bb73979d85b6a875603c3485a17f2d8a4060dec2c0c2603c7aefa728b332d3d
                                                              • Instruction Fuzzy Hash: 73E0C235FB11245B8B0AEB30942017E32CADBD151EB80903CD803CB2C0DF2A4E8343D1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01400BE9 Relevance: .0, Instructions: 24COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9ec90335bdc3c5297e288455f85b137b9b38973fa68a6f2c244d04c46cc628d5
                                                              • Instruction ID: 0848af1df331e69ee9ddf445dafa858afb16df36f603528dd875f89707946b2c
                                                              • Opcode Fuzzy Hash: 9ec90335bdc3c5297e288455f85b137b9b38973fa68a6f2c244d04c46cc628d5
                                                              • Instruction Fuzzy Hash: A1E04F71906348EFD712DBB4D9016AABBBCDB46219B1005FADD0DC7260FE329D14C791
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014067A0 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e3219db74f203846dc988378ae0a92a3db32b8ee756efe63f0c69cec5a6776f1
                                                              • Instruction ID: 3f6178a32695af911da962ff3f0cd7682a72d36a9617ac4fc7199a83edf62fa4
                                                              • Opcode Fuzzy Hash: e3219db74f203846dc988378ae0a92a3db32b8ee756efe63f0c69cec5a6776f1
                                                              • Instruction Fuzzy Hash: 74E0C071501F119F8338DF5AA404456FBEAAEC5620315CB6DD0AA8BAA1D770A5098BD1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01400C29 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a030242ce1a06e028da6f403a03b9dc354466af81e7ab33865e91d476369753d
                                                              • Instruction ID: d281dddb3c06fb325c8ebfdfc5d955d8d17f673f65fe0df88cdd097b90db5c94
                                                              • Opcode Fuzzy Hash: a030242ce1a06e028da6f403a03b9dc354466af81e7ab33865e91d476369753d
                                                              • Instruction Fuzzy Hash: 4FE09270995309EFCBA1DFB4E5544ADBBF1EF8521470145EEC809E7216E6342E118F51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 066629C0 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9f37e14db66dfc339a4f43c8c17627ea34a31e1fe6b6e3f62ee7c0b684a3f5e3
                                                              • Instruction ID: 3aa78c951c998670c19b770df7a0c66cc1eb774585f0b1e1f5ca77ab1cec2dc8
                                                              • Opcode Fuzzy Hash: 9f37e14db66dfc339a4f43c8c17627ea34a31e1fe6b6e3f62ee7c0b684a3f5e3
                                                              • Instruction Fuzzy Hash: C8E0BF349193D18FCB975B53E4251513FA4BF8355830A42D2F051CB161D6248956CB75
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0140820B Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a4fb128b0445e780cd088d82760c1c1cf60b7512fc27cd0873474f0cc54a7906
                                                              • Instruction ID: 1d17e2f5d99fd29fd1cbaa2883d5c05542015ee9e81cc3f75fe550911084f0de
                                                              • Opcode Fuzzy Hash: a4fb128b0445e780cd088d82760c1c1cf60b7512fc27cd0873474f0cc54a7906
                                                              • Instruction Fuzzy Hash: 57D02E3074030A078F20AABE980448373C98B84118300883AB50CD7700EE30EC0047E0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014084A9 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ab8c19cc35c832ff1cd87dc5089a7aa2546ab4b492ea0eeecaf03b514164c92b
                                                              • Instruction ID: 74e4b4794167a85a136ef2241d7d046133744aa10425a307a244aae2f08504ed
                                                              • Opcode Fuzzy Hash: ab8c19cc35c832ff1cd87dc5089a7aa2546ab4b492ea0eeecaf03b514164c92b
                                                              • Instruction Fuzzy Hash: CFE04875A1110DEFCB00EFA4DA4155D77F9EB55208F0141A9D408E7611DB316E048BA6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01406758 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3c5599ef11e4bfabc26d8f5fae4f8501474dd862d0208c5ec901e4654f40d4e3
                                                              • Instruction ID: 65a49ac85c5571a6c9965bd60d3f424b47abae05c120a2d9a0468ebd5da0c1c6
                                                              • Opcode Fuzzy Hash: 3c5599ef11e4bfabc26d8f5fae4f8501474dd862d0208c5ec901e4654f40d4e3
                                                              • Instruction Fuzzy Hash: 33E0C23B109396AFC3022B30B869049BF7EEB0A140309848BE480DF327CA1019188BA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01400718 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 37ba889224d4f207d11bdf4c9738effd2671c07225df73cbb19201e75ffadbaa
                                                              • Instruction ID: 99349847aa8fcbbaec4be4c872e7cc9321559322c5ee6f5d06ee9c1af7e0f6ee
                                                              • Opcode Fuzzy Hash: 37ba889224d4f207d11bdf4c9738effd2671c07225df73cbb19201e75ffadbaa
                                                              • Instruction Fuzzy Hash: 92D05228BA0128538A09E775602023F618B9BC0858B80A029D907CB3C4CE2A8E8203D6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01408210 Relevance: .0, Instructions: 18COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 454a84c0fb4a023d486e826756cf26d2571b21025a99a0d290d6ce1dad8e6356
                                                              • Instruction ID: d965e22896443c7a7cfbcb7e18d1f7f772324a5f722ddbcaea6c8e2b1cacedb1
                                                              • Opcode Fuzzy Hash: 454a84c0fb4a023d486e826756cf26d2571b21025a99a0d290d6ce1dad8e6356
                                                              • Instruction Fuzzy Hash: 8BD05E3074460A474B20AABD990449773C99B841583018835A50DD7711EE70EC0447E5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014084B8 Relevance: .0, Instructions: 17COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9d9f815e07b29c3f381ba0598fa3e8c519a97f9d95236cec9faf79c4926cec54
                                                              • Instruction ID: dccbe187e83a5cd0378031ee10b773f12aa421b706398cd58604e2f6140e0963
                                                              • Opcode Fuzzy Hash: 9d9f815e07b29c3f381ba0598fa3e8c519a97f9d95236cec9faf79c4926cec54
                                                              • Instruction Fuzzy Hash: 7DD01270A1110EEFCB40FFA8E94149D7BF9EB45208B1045A9D409D7751EB316F049BB6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 06664870 Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6fed5b3892d47b796a5ccf34e305f97a0c02c5c55d471ebe75532e18ac324bfd
                                                              • Instruction ID: 6a92935c4d517fab6503f4f1f2aeae9dd12992ab1c30eeb6fe60889a16f27ce7
                                                              • Opcode Fuzzy Hash: 6fed5b3892d47b796a5ccf34e305f97a0c02c5c55d471ebe75532e18ac324bfd
                                                              • Instruction Fuzzy Hash: BDE0C231E082448FCB41CFB0DE165AC3FB0AF0621072006EAA406C72E0EA310E10C740
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0140A0C0 Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d0769179109acd6516264737a0a56b1dea48d96b1fd176b33c36cf7838b4504e
                                                              • Instruction ID: 948ca193c2bd2a73cf36ea7dbc0790b1cfb774040c7f59f6209533b65bb9ee4b
                                                              • Opcode Fuzzy Hash: d0769179109acd6516264737a0a56b1dea48d96b1fd176b33c36cf7838b4504e
                                                              • Instruction Fuzzy Hash: 1FD05E74A1120EEF8B40EFA8E942A9DBBBDFB44204B1149A8E408D3311EA312F049B84
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01408BB0 Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 41e7ed5077153cdf3fad3b09fffa65ff9b21569fb84561198441dd6081d308f5
                                                              • Instruction ID: 187acbd75d24fcf3162c126bfe47ab0e4384d6104f5f5c7c9e76fe58a455196c
                                                              • Opcode Fuzzy Hash: 41e7ed5077153cdf3fad3b09fffa65ff9b21569fb84561198441dd6081d308f5
                                                              • Instruction Fuzzy Hash: D8D05E3A2590109F8701BB2CF0C08D633AAE3843047268416E405C738CDB349C4246D4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01400C38 Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aec9a5a14725cf46f9b2247313ebc34c3abe45d29ca5ec877d776d0868bd064a
                                                              • Instruction ID: 09d626b90396639ba34dbf6af257e7468ce42eee43c1b79dab592863d455061d
                                                              • Opcode Fuzzy Hash: aec9a5a14725cf46f9b2247313ebc34c3abe45d29ca5ec877d776d0868bd064a
                                                              • Instruction Fuzzy Hash: 97D05E74A5110DFF8B40EFB8E9414ADB7F9FB84204B1085A9D808E3319EA313F149B80
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01404920 Relevance: .0, Instructions: 14COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 251d2acabcd703a7c430214be49613bb9491027fdc15f67024cc85c38425ab1f
                                                              • Instruction ID: 3a434b1202c1a0a4a58b372d691fc68d3ac607072e7a629071c8cd4b8af61106
                                                              • Opcode Fuzzy Hash: 251d2acabcd703a7c430214be49613bb9491027fdc15f67024cc85c38425ab1f
                                                              • Instruction Fuzzy Hash: B1D0127705DB414EC7165FA0A9920D03B71694100D3476893D148CA766D611568C861D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01400CA1 Relevance: .0, Instructions: 14COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 884157824241dae04af3cb11bf12e95c0bd6b3ba13cecb714b417b16bc0ddd9b
                                                              • Instruction ID: 72a294a36ce14bb2c8cf22d834c6d9f148f4134b6a200df952b35378b503434d
                                                              • Opcode Fuzzy Hash: 884157824241dae04af3cb11bf12e95c0bd6b3ba13cecb714b417b16bc0ddd9b
                                                              • Instruction Fuzzy Hash: EDE017750493828FC317DB30D4944517B32EF9220932248AAC0418F26ADB355819CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 06665339 Relevance: .0, Instructions: 13COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b3bf4578956518d28ecfdc5cb40306c5520fb162f20ad5364c46a75d8f05b524
                                                              • Instruction ID: 02f1348d7a51984f390d55502052079a2417d0a6a3a8292ad3a4e34f93c55255
                                                              • Opcode Fuzzy Hash: b3bf4578956518d28ecfdc5cb40306c5520fb162f20ad5364c46a75d8f05b524
                                                              • Instruction Fuzzy Hash: 81D0A93A4482990FCB039E60A0C12C03F61AC4212030204AACC088F233C6390169CAE5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 066629D0 Relevance: .0, Instructions: 13COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3df3aed8e5f1338fb1ed0dab99484db441fff4a9e8641ea22224b424a054e45d
                                                              • Instruction ID: 4d5561480f1c503e23c731c9b08e581dea8fdb8a0573abc8369dc1ea4895ad92
                                                              • Opcode Fuzzy Hash: 3df3aed8e5f1338fb1ed0dab99484db441fff4a9e8641ea22224b424a054e45d
                                                              • Instruction Fuzzy Hash: E7C01270B042814F97D807D7F42472625E97BC6A84B909269B14AC739CDE3189C1CA71
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 066615D8 Relevance: .0, Instructions: 13COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0b959c75c0e489aab03c786399a9f038dde5095fac4be49cd5faeef656385213
                                                              • Instruction ID: e1844ee794ab248e8dd5e6210771c24e0c518c6b615992d81bd23cadd3bcf46a
                                                              • Opcode Fuzzy Hash: 0b959c75c0e489aab03c786399a9f038dde5095fac4be49cd5faeef656385213
                                                              • Instruction Fuzzy Hash: 47C08C3A0401CA2FC74026B0FCC7B803BD9EB8051AF4A8D10B28CCB626EA21644F19C8
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01404F28 Relevance: .0, Instructions: 13COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bb2aa0b1d73ce6527f07af4e937b723771f7cb5d4d3893632d6741126cd2aef1
                                                              • Instruction ID: 61bf39942b0ec8af34e5f8f5ef97a56113f63a1864dc3097a03028963780a44f
                                                              • Opcode Fuzzy Hash: bb2aa0b1d73ce6527f07af4e937b723771f7cb5d4d3893632d6741126cd2aef1
                                                              • Instruction Fuzzy Hash: 82D0C932510108CBC6057BB9B96E0387F6CEB88205B40445CE64A96358DF35543C8A6A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 066615B0 Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 431c532d45c55f23735d89f5836d91da29301aa39045a87d80d47c2cd1d6b472
                                                              • Instruction ID: 678f41618a9098f13e788b6b793b1c779cc6cce501c49f12038651826269fb2b
                                                              • Opcode Fuzzy Hash: 431c532d45c55f23735d89f5836d91da29301aa39045a87d80d47c2cd1d6b472
                                                              • Instruction Fuzzy Hash: BEC09B7A9010401BDF405130F4D775217F3C7D620DF46C414918D8FB49D52ACC0B56D1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014062FF Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0661a401376cbacec5a95088de65218f918d96ed24294fbd4de7a0e99c5bb316
                                                              • Instruction ID: 0bd0bec4077985985861f51ffade211eb40d1dc7a9dd5c818b5585e8b36f4df9
                                                              • Opcode Fuzzy Hash: 0661a401376cbacec5a95088de65218f918d96ed24294fbd4de7a0e99c5bb316
                                                              • Instruction Fuzzy Hash: 7AD0122B04C7440DC752EB64BD528963B386E42215F8A8AAAE04886637D365919D861E
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 066614F0 Relevance: .0, Instructions: 10COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8b25d5b1570b69fb5496db97b53ea66cda840e9b6f4a1104e76a4a93fd5c63c0
                                                              • Instruction ID: 995760bf6e1e8fb25ae85848ac79b8b22bc0ed809176eb4d8a88ccf623d8ff6f
                                                              • Opcode Fuzzy Hash: 8b25d5b1570b69fb5496db97b53ea66cda840e9b6f4a1104e76a4a93fd5c63c0
                                                              • Instruction Fuzzy Hash: 42B092B964120122FE456130CA8FF926A128780B00F59CC11B08289584CC2480439800
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 06661980 Relevance: .0, Instructions: 10COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bf6bcc8edc2b3e52a9cf1b8532a8bdca303b888bae3dc28ad9811cd57d64cc1d
                                                              • Instruction ID: ad83d3ed4d5f22b13e0debc8c1d91fabf0b556bfcc39d5e4a8cd796e1d27a475
                                                              • Opcode Fuzzy Hash: bf6bcc8edc2b3e52a9cf1b8532a8bdca303b888bae3dc28ad9811cd57d64cc1d
                                                              • Instruction Fuzzy Hash: A5C09BB749414167FE114990C907FC5B6119754700F558412F18594545D5758092DAD6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 014062E7 Relevance: .0, Instructions: 8COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e3b8a7ac12a2a03ee2547921ee5c99c58475d6e4200be009d82b7f15749f3050
                                                              • Instruction ID: 557af499be323c3aa2e153db15113fa1067c198acf736d9922619c7bf9ccc1b9
                                                              • Opcode Fuzzy Hash: e3b8a7ac12a2a03ee2547921ee5c99c58475d6e4200be009d82b7f15749f3050
                                                              • Instruction Fuzzy Hash: D8B012A38214014BCF04C120D8CA2483B62D32A304F440C30D300C2741E750D44B8E01
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 06665348 Relevance: .0, Instructions: 7COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d4c78df879e078a805dea77617a30f4f5a0fbb0abb326dba481f8a1280fb4bac
                                                              • Instruction ID: 2682cdafc41494e06b76b8f7d04872c191a9864189c6887353de6b345d4b3003
                                                              • Opcode Fuzzy Hash: d4c78df879e078a805dea77617a30f4f5a0fbb0abb326dba481f8a1280fb4bac
                                                              • Instruction Fuzzy Hash: A8B0123108420E098641B762B440454334D58900083824D21A10C06236AA707454449D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 066615E8 Relevance: .0, Instructions: 7COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.541733720.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6640000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d0c6e2876269514ff0c591cd9756cf4cc452e77060c9f04cb52a4a8d93bb9f24
                                                              • Instruction ID: 7539e8a62be6dc2a89ffadece97815b37856fa66346ac6b8f2560a1961be765a
                                                              • Opcode Fuzzy Hash: d0c6e2876269514ff0c591cd9756cf4cc452e77060c9f04cb52a4a8d93bb9f24
                                                              • Instruction Fuzzy Hash: 04B0123104428F4FCB407B90F846B4437DCF98050D3444A10E20CC7137AF6034454ACD
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01406310 Relevance: .0, Instructions: 7COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 37e5890b778ff76b7d0ce2c720c1b37195ae592e8539bca0c0474da5ba30c8fd
                                                              • Instruction ID: 47092a7ad50e2327390dc4f222815f21d9802ab525781bd5fbde748a0d27e2a4
                                                              • Opcode Fuzzy Hash: 37e5890b778ff76b7d0ce2c720c1b37195ae592e8539bca0c0474da5ba30c8fd
                                                              • Instruction Fuzzy Hash: 28B0123204460E4F8A40BB65F445C49371DBE4030D7808520F10D491369E60348C568C
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01404930 Relevance: .0, Instructions: 7COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d4ae6cec4c1844f060ec62f24bcee97ef84af15a232b3bba248054422575363a
                                                              • Instruction ID: d49b9a87f5b4119433be3b94d4d5c2fa575990057c95b045d7505a48108c45f5
                                                              • Opcode Fuzzy Hash: d4ae6cec4c1844f060ec62f24bcee97ef84af15a232b3bba248054422575363a
                                                              • Instruction Fuzzy Hash: D6B0123114420E4F8A907B60F455455775CA58460C7414510E60C4D2265E713545478C
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01400BA3 Relevance: .0, Instructions: 7COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fd3a8581bc56601a37c677d4e2d66503ab6e6316b0a90195106d04f30e3efeab
                                                              • Instruction ID: 68dd30edc35a12335de076cfdd0e42b4048ba6de26ba405b1200f7b8ebcf3a88
                                                              • Opcode Fuzzy Hash: fd3a8581bc56601a37c677d4e2d66503ab6e6316b0a90195106d04f30e3efeab
                                                              • Instruction Fuzzy Hash: 37B01237B0001C868B00D7C4F4014DCF730DBD4232F001037C304625104F30157AC674
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01400450 Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.520169416.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1400000_giLqLXLHs3.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6b307024b63da4be872e6afd92483ea1b80a080c865f1d5345150d8f3303427e
                                                              • Instruction ID: 7166c20dc20874dd41aa6b475fce957315ba3b8bd4bbc3d0e9c031d702fd22f8
                                                              • Opcode Fuzzy Hash: 6b307024b63da4be872e6afd92483ea1b80a080c865f1d5345150d8f3303427e
                                                              • Instruction Fuzzy Hash: 349002711446CCCF46607B95740D5557B9CA5546197840451A50D41505DF5564104695
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%