Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cracksetup.exe

Overview

General Information

Sample Name:cracksetup.exe
Analysis ID:831649
MD5:73b4985055e9ef42df1d630218d484c0
SHA1:e444a3e9f2a2e86afed479d01ad217ecaf17c625
SHA256:5b68e9707ce610dc2f8684699473b677b7d9ee8893d8030716cc091fa8763b04
Tags:exe
Infos:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Detected Nanocore Rat
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Yara detected Nanocore RAT
Machine Learning detection for sample
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Installs a raw input device (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Detected TCP or UDP traffic on non-standard ports

Classification

Process Tree

  • System is w10x64
  • cracksetup.exe (PID: 4932 cmdline: C:\Users\user\Desktop\cracksetup.exe MD5: 73B4985055E9EF42DF1D630218D484C0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Nanocore RAT, NanoCoreNanocore is a Remote Access Tool used to steal credentials and to spy on cameras. It as been used for a while by numerous criminal actors as well as by nation state threat actors.
  • APT33
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "42451d41-ec48-48a6-ba1e-4e19ba53", "Group": "Default", "Domain1": "0.tcp.in.ngrok.io", "Domain2": "0.tcp.in.ngrok.io", "Port": 15120, "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2506, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
cracksetup.exeNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth (Nextron Systems)
  • 0x1018d:$x1: NanoCore.ClientPluginHost
  • 0x101ca:$x2: IClientNetworkHost
  • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
cracksetup.exeNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth (Nextron Systems)
  • 0xff05:$x1: NanoCore Client.exe
  • 0x1018d:$x2: NanoCore.ClientPluginHost
  • 0x117c6:$s1: PluginCommand
  • 0x117ba:$s2: FileCommand
  • 0x1266b:$s3: PipeExists
  • 0x18422:$s4: PipeCreated
  • 0x101b7:$s5: IClientLoggingHost
cracksetup.exeJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    cracksetup.exeMALWARE_Win_NanoCoreDetects NanoCoreditekSHen
    • 0xfef5:$x1: NanoCore Client
    • 0xff05:$x1: NanoCore Client
    • 0x1014d:$x2: NanoCore.ClientPlugin
    • 0x1018d:$x3: NanoCore.ClientPluginHost
    • 0x10142:$i1: IClientApp
    • 0x10163:$i2: IClientData
    • 0x1016f:$i3: IClientNetwork
    • 0x1017e:$i4: IClientAppHost
    • 0x101a7:$i5: IClientDataHost
    • 0x101b7:$i6: IClientLoggingHost
    • 0x101ca:$i7: IClientNetworkHost
    • 0x101dd:$i8: IClientUIHost
    • 0x101eb:$i9: IClientNameObjectCollection
    • 0x10207:$i10: IClientReadOnlyNameObjectCollection
    • 0xff54:$s1: ClientPlugin
    • 0x10156:$s1: ClientPlugin
    • 0x1064a:$s2: EndPoint
    • 0x10653:$s3: IPAddress
    • 0x1065d:$s4: IPEndPoint
    • 0x12093:$s6: get_ClientSettings
    • 0x12637:$s7: get_Connected
    cracksetup.exeNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0xfef5:$a: NanoCore
    • 0xff05:$a: NanoCore
    • 0x10139:$a: NanoCore
    • 0x1014d:$a: NanoCore
    • 0x1018d:$a: NanoCore
    • 0xff54:$b: ClientPlugin
    • 0x10156:$b: ClientPlugin
    • 0x10196:$b: ClientPlugin
    • 0x1007b:$c: ProjectData
    • 0x10a82:$d: DESCrypto
    • 0x1844e:$e: KeepAlive
    • 0x1643c:$g: LogClientMessage
    • 0x12637:$i: get_Connected
    • 0x10db8:$j: #=q
    • 0x10de8:$j: #=q
    • 0x10e04:$j: #=q
    • 0x10e34:$j: #=q
    • 0x10e50:$j: #=q
    • 0x10e6c:$j: #=q
    • 0x10e9c:$j: #=q
    • 0x10eb8:$j: #=q
    Click to see the 1 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth (Nextron Systems)
    • 0xff8d:$x1: NanoCore.ClientPluginHost
    • 0xffca:$x2: IClientNetworkHost
    • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0xfcf5:$a: NanoCore
      • 0xfd05:$a: NanoCore
      • 0xff39:$a: NanoCore
      • 0xff4d:$a: NanoCore
      • 0xff8d:$a: NanoCore
      • 0xfd54:$b: ClientPlugin
      • 0xff56:$b: ClientPlugin
      • 0xff96:$b: ClientPlugin
      • 0xfe7b:$c: ProjectData
      • 0x10882:$d: DESCrypto
      • 0x1824e:$e: KeepAlive
      • 0x1623c:$g: LogClientMessage
      • 0x12437:$i: get_Connected
      • 0x10bb8:$j: #=q
      • 0x10be8:$j: #=q
      • 0x10c04:$j: #=q
      • 0x10c34:$j: #=q
      • 0x10c50:$j: #=q
      • 0x10c6c:$j: #=q
      • 0x10c9c:$j: #=q
      • 0x10cb8:$j: #=q
      00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
      • 0xff8d:$a1: NanoCore.ClientPluginHost
      • 0xff4d:$a2: NanoCore.ClientPlugin
      • 0x11ea6:$b1: get_BuilderSettings
      • 0xfda9:$b2: ClientLoaderForm.resources
      • 0x115c6:$b3: PluginCommand
      • 0xff7e:$b4: IClientAppHost
      • 0x1a3fe:$b5: GetBlockHash
      • 0x124fe:$b6: AddHostEntry
      • 0x161f1:$b7: LogClientException
      • 0x1246b:$b8: PipeExists
      • 0xffb7:$b9: IClientLoggingHost
      00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        Click to see the 16 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.cracksetup.exe.4f80000.4.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth (Nextron Systems)
        • 0xe75:$x1: NanoCore.ClientPluginHost
        • 0xe8f:$x2: IClientNetworkHost
        0.2.cracksetup.exe.4f80000.4.raw.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth (Nextron Systems)
        • 0xe75:$x2: NanoCore.ClientPluginHost
        • 0x1261:$s3: PipeExists
        • 0x1136:$s4: PipeCreated
        • 0xeb0:$s5: IClientLoggingHost
        0.2.cracksetup.exe.4f80000.4.raw.unpackMALWARE_Win_NanoCoreDetects NanoCoreditekSHen
        • 0xe38:$x2: NanoCore.ClientPlugin
        • 0xe75:$x3: NanoCore.ClientPluginHost
        • 0xe5a:$i1: IClientApp
        • 0xe4e:$i2: IClientData
        • 0xe29:$i3: IClientNetwork
        • 0xec3:$i4: IClientAppHost
        • 0xe65:$i5: IClientDataHost
        • 0xeb0:$i6: IClientLoggingHost
        • 0xe8f:$i7: IClientNetworkHost
        • 0xea2:$i8: IClientUIHost
        • 0xed2:$i9: IClientNameObjectCollection
        • 0xef7:$i10: IClientReadOnlyNameObjectCollection
        • 0xe41:$s1: ClientPlugin
        • 0x177c:$s1: ClientPlugin
        • 0x1789:$s1: ClientPlugin
        • 0x11f9:$s6: get_ClientSettings
        • 0x1249:$s7: get_Connected
        0.2.cracksetup.exe.4f80000.4.raw.unpackWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
        • 0xe75:$a1: NanoCore.ClientPluginHost
        • 0xe38:$a2: NanoCore.ClientPlugin
        • 0x120c:$b1: get_BuilderSettings
        • 0xec3:$b4: IClientAppHost
        • 0x127d:$b6: AddHostEntry
        • 0x12ec:$b7: LogClientException
        • 0x1261:$b8: PipeExists
        • 0xeb0:$b9: IClientLoggingHost
        0.2.cracksetup.exe.3a3cc4c.1.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth (Nextron Systems)
        • 0xd9ad:$x1: NanoCore.ClientPluginHost
        • 0xd9da:$x2: IClientNetworkHost
        Click to see the 45 entries

        Sigma Signatures

        AV Detection

        barindex
        Sigma detected: NanoCore
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\cracksetup.exe, ProcessId: 4932, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        E-Banking Fraud

        barindex
        Sigma detected: NanoCore
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\cracksetup.exe, ProcessId: 4932, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Stealing of Sensitive Information

        barindex
        Sigma detected: NanoCore
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\cracksetup.exe, ProcessId: 4932, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Remote Access Functionality

        barindex
        Sigma detected: NanoCore
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\cracksetup.exe, ProcessId: 4932, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: cracksetup.exeReversingLabs: Detection: 94%
        Source: cracksetup.exeVirustotal: Detection: 82%Perma Link
        Antivirus / Scanner detection for submitted sample
        Source: cracksetup.exeAvira: detected
        Antivirus detection for URL or domain
        Source: 0.tcp.in.ngrok.ioAvira URL Cloud: Label: malware
        Yara detected Nanocore RAT
        Source: Yara matchFile source: cracksetup.exe, type: SAMPLE
        Source: Yara matchFile source: 0.2.cracksetup.exe.3a3cc4c.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.3a37e16.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.5340000.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.5340000.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.5344629.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.0.cracksetup.exe.410000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.3a3cc4c.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.3a41275.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: cracksetup.exe PID: 4932, type: MEMORYSTR
        Machine Learning detection for sample
        Source: cracksetup.exeJoe Sandbox ML: detected
        Source: 0.0.cracksetup.exe.410000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 0.2.cracksetup.exe.5340000.7.unpackAvira: Label: TR/NanoCore.fadte
        Source: 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "42451d41-ec48-48a6-ba1e-4e19ba53", "Group": "Default", "Domain1": "0.tcp.in.ngrok.io", "Domain2": "0.tcp.in.ngrok.io", "Port": 15120, "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2506, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
        Source: cracksetup.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: C:\Users\user\Desktop\cracksetup.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior

        Networking

        barindex
        C2 URLs / IPs found in malware configuration
        Source: Malware configuration extractorURLs: 0.tcp.in.ngrok.io
        Source: Joe Sandbox ViewIP Address: 3.6.30.85 3.6.30.85
        Source: Joe Sandbox ViewIP Address: 3.6.115.182 3.6.115.182
        Source: Joe Sandbox ViewIP Address: 3.6.122.107 3.6.122.107
        Source: global trafficTCP traffic: 192.168.2.3:49682 -> 3.6.98.232:15120
        Source: global trafficTCP traffic: 192.168.2.3:49685 -> 3.6.115.64:15120
        Source: global trafficTCP traffic: 192.168.2.3:49692 -> 3.6.115.182:15120
        Source: global trafficTCP traffic: 192.168.2.3:49698 -> 3.6.122.107:15120
        Source: global trafficTCP traffic: 192.168.2.3:49699 -> 3.6.30.85:15120
        Source: unknownDNS traffic detected: queries for: 0.tcp.in.ngrok.io
        Source: cracksetup.exe, 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: RegisterRawInputDevices

        E-Banking Fraud

        barindex
        Yara detected Nanocore RAT
        Source: Yara matchFile source: cracksetup.exe, type: SAMPLE
        Source: Yara matchFile source: 0.2.cracksetup.exe.3a3cc4c.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.3a37e16.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.5340000.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.5340000.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.5344629.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.0.cracksetup.exe.410000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.3a3cc4c.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.3a41275.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: cracksetup.exe PID: 4932, type: MEMORYSTR

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: cracksetup.exe, type: SAMPLEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
        Source: cracksetup.exe, type: SAMPLEMatched rule: Detects NanoCore Author: ditekSHen
        Source: cracksetup.exe, type: SAMPLEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: cracksetup.exe, type: SAMPLEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.cracksetup.exe.4f80000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
        Source: 0.2.cracksetup.exe.4f80000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.cracksetup.exe.4f80000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.cracksetup.exe.3a3cc4c.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
        Source: 0.2.cracksetup.exe.3a3cc4c.1.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.cracksetup.exe.3a3cc4c.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.cracksetup.exe.3a37e16.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
        Source: 0.2.cracksetup.exe.3a37e16.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.cracksetup.exe.3a37e16.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.cracksetup.exe.3a37e16.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.cracksetup.exe.5340000.7.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
        Source: 0.2.cracksetup.exe.5340000.7.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.cracksetup.exe.5340000.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.cracksetup.exe.5340000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
        Source: 0.2.cracksetup.exe.5340000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.cracksetup.exe.5340000.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.cracksetup.exe.5344629.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
        Source: 0.2.cracksetup.exe.5344629.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.cracksetup.exe.5344629.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.0.cracksetup.exe.410000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
        Source: 0.0.cracksetup.exe.410000.0.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.0.cracksetup.exe.410000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.0.cracksetup.exe.410000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.cracksetup.exe.3a3cc4c.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
        Source: 0.2.cracksetup.exe.3a3cc4c.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.cracksetup.exe.3a3cc4c.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.cracksetup.exe.3a41275.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
        Source: 0.2.cracksetup.exe.3a41275.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.cracksetup.exe.3a41275.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 0.2.cracksetup.exe.2a41790.0.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
        Source: 0.2.cracksetup.exe.2a41790.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.cracksetup.exe.2a41790.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
        Source: 00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
        Source: 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
        Source: 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 00000000.00000002.526914801.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
        Source: 00000000.00000002.526914801.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
        Source: 00000000.00000002.526914801.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: 00000000.00000002.524089452.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: Process Memory Space: cracksetup.exe PID: 4932, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
        Source: Process Memory Space: cracksetup.exe PID: 4932, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: cracksetup.exe PID: 4932, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
        Source: cracksetup.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: cracksetup.exe, type: SAMPLEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: cracksetup.exe, type: SAMPLEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: cracksetup.exe, type: SAMPLEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: cracksetup.exe, type: SAMPLEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: cracksetup.exe, type: SAMPLEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.cracksetup.exe.4f80000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.4f80000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.4f80000.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.cracksetup.exe.4f80000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.cracksetup.exe.3a3cc4c.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.3a3cc4c.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.3a3cc4c.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.cracksetup.exe.3a3cc4c.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.cracksetup.exe.3a37e16.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.3a37e16.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.3a37e16.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.cracksetup.exe.3a37e16.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.cracksetup.exe.3a37e16.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.cracksetup.exe.5340000.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.5340000.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.5340000.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.cracksetup.exe.5340000.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.cracksetup.exe.5340000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.5340000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.5340000.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.cracksetup.exe.5340000.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.cracksetup.exe.5344629.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.5344629.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.5344629.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.cracksetup.exe.5344629.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.0.cracksetup.exe.410000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.0.cracksetup.exe.410000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.0.cracksetup.exe.410000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.0.cracksetup.exe.410000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.0.cracksetup.exe.410000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.cracksetup.exe.3a3cc4c.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.3a3cc4c.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.3a3cc4c.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.cracksetup.exe.3a3cc4c.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.cracksetup.exe.3a41275.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.3a41275.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.3a41275.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.cracksetup.exe.3a41275.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 0.2.cracksetup.exe.2a41790.0.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.2a41790.0.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.cracksetup.exe.2a41790.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.cracksetup.exe.2a41790.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 00000000.00000002.526914801.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000000.00000002.526914801.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000000.00000002.526914801.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 00000000.00000002.526914801.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: 00000000.00000002.524089452.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: Process Memory Space: cracksetup.exe PID: 4932, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: Process Memory Space: cracksetup.exe PID: 4932, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: cracksetup.exe PID: 4932, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_026DAB780_2_026DAB78
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_026D2FA80_2_026D2FA8
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_026D23A00_2_026D23A0
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_026D90680_2_026D9068
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_026D84680_2_026D8468
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_026D38500_2_026D3850
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_026D306F0_2_026D306F
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_026D912F0_2_026D912F
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_026D99100_2_026D9910
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_04D22886 NtQuerySystemInformation,0_2_04D22886
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_04D2284B NtQuerySystemInformation,0_2_04D2284B
        Source: cracksetup.exe, 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs cracksetup.exe
        Source: cracksetup.exe, 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs cracksetup.exe
        Source: cracksetup.exe, 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs cracksetup.exe
        Source: cracksetup.exe, 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs cracksetup.exe
        Source: cracksetup.exe, 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs cracksetup.exe
        Source: cracksetup.exe, 00000000.00000002.527023363.00000000051F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs cracksetup.exe
        Source: cracksetup.exe, 00000000.00000002.526914801.0000000004F80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs cracksetup.exe
        Source: cracksetup.exe, 00000000.00000002.524089452.0000000002A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs cracksetup.exe
        Source: C:\Users\user\Desktop\cracksetup.exeSection loaded: sfc.dllJump to behavior
        Source: cracksetup.exeStatic PE information: Section: .rsrc ZLIB complexity 0.9979417067307692
        Source: cracksetup.exeReversingLabs: Detection: 94%
        Source: cracksetup.exeVirustotal: Detection: 82%
        Source: C:\Users\user\Desktop\cracksetup.exeFile read: C:\Users\user\Desktop\cracksetup.exeJump to behavior
        Source: cracksetup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\cracksetup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_04D22646 AdjustTokenPrivileges,0_2_04D22646
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_04D2260F AdjustTokenPrivileges,0_2_04D2260F
        Source: C:\Users\user\Desktop\cracksetup.exeFile created: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9AJump to behavior
        Source: classification engineClassification label: mal100.troj.evad.winEXE@1/1@22/6
        Source: 0.0.cracksetup.exe.410000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 0.0.cracksetup.exe.410000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: cracksetup.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: cracksetup.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: cracksetup.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
        Source: C:\Users\user\Desktop\cracksetup.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{42451d41-ec48-48a6-ba1e-4e19ba537374}
        Source: C:\Users\user\Desktop\cracksetup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
        Source: cracksetup.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: cracksetup.exe, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: cracksetup.exe, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 0.0.cracksetup.exe.410000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 0.0.cracksetup.exe.410000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 0.0.cracksetup.exe.410000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: C:\Users\user\Desktop\cracksetup.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: cracksetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

        Data Obfuscation

        barindex
        .NET source code contains potential unpacker
        Source: cracksetup.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: cracksetup.exe, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 0.0.cracksetup.exe.410000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 0.0.cracksetup.exe.410000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_00B39D2A push eax; retf 0_2_00B39D2D
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_00B39D2E pushad ; retf 0_2_00B39D31
        Source: cracksetup.exe, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: cracksetup.exe, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 0.0.cracksetup.exe.410000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 0.0.cracksetup.exe.410000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'

        Hooking and other Techniques for Hiding and Protection

        barindex
        Hides that the sample has been downloaded from the Internet (zone.identifier)
        Source: C:\Users\user\Desktop\cracksetup.exeFile opened: C:\Users\user\Desktop\cracksetup.exe:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exe TID: 2728Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\cracksetup.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeWindow / User API: foregroundWindowGot 1117Jump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_04D2112A GetSystemInfo,0_2_04D2112A
        Source: C:\Users\user\Desktop\cracksetup.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeMemory allocated: page read and write | page guardJump to behavior
        Source: cracksetup.exe, 00000000.00000002.524089452.0000000002C80000.00000004.00000800.00020000.00000000.sdmp, cracksetup.exe, 00000000.00000002.524089452.0000000002BDC000.00000004.00000800.00020000.00000000.sdmp, cracksetup.exe, 00000000.00000002.524089452.0000000002BE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
        Source: cracksetup.exe, 00000000.00000002.524089452.0000000002ABC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerp
        Source: cracksetup.exe, 00000000.00000002.524089452.0000000002C80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerX
        Source: C:\Users\user\Desktop\cracksetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_00B2AF9A GetUserNameW,0_2_00B2AF9A

        Stealing of Sensitive Information

        barindex
        Yara detected Nanocore RAT
        Source: Yara matchFile source: cracksetup.exe, type: SAMPLE
        Source: Yara matchFile source: 0.2.cracksetup.exe.3a3cc4c.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.3a37e16.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.5340000.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.5340000.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.5344629.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.0.cracksetup.exe.410000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.3a3cc4c.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.3a41275.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: cracksetup.exe PID: 4932, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Detected Nanocore Rat
        Source: cracksetup.exe, 00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: cracksetup.exe, 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: cracksetup.exe, 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: cracksetup.exe, 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: cracksetup.exe, 00000000.00000002.526914801.0000000004F80000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: cracksetup.exe, 00000000.00000002.526914801.0000000004F80000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: cracksetup.exe, 00000000.00000002.524089452.0000000002A31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: cracksetup.exe, 00000000.00000002.524089452.0000000002A31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: cracksetup.exeString found in binary or memory: NanoCore.ClientPluginHost
        Yara detected Nanocore RAT
        Source: Yara matchFile source: cracksetup.exe, type: SAMPLE
        Source: Yara matchFile source: 0.2.cracksetup.exe.3a3cc4c.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.3a37e16.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.5340000.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.5340000.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.5344629.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.0.cracksetup.exe.410000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.3a3cc4c.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.cracksetup.exe.3a41275.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: cracksetup.exe PID: 4932, type: MEMORYSTR
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_04D22256 bind,0_2_04D22256
        Source: C:\Users\user\Desktop\cracksetup.exeCode function: 0_2_04D22204 bind,0_2_04D22204

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsWindows Management Instrumentation1
        DLL Side-Loading        		1
        Access Token Manipulation        		1
        Masquerading        		11
        Input Capture        		2
        Process Discovery        		Remote Services11
        Input Capture        		Exfiltration Over Other Network Medium1
        Encrypted Channel        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        Process Injection        		1
        Disable or Modify Tools        		LSASS Memory21
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol11
        Archive Collected Data        		Exfiltration Over Bluetooth1
        Non-Standard Port        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)1
        DLL Side-Loading        		21
        Virtualization/Sandbox Evasion        		Security Account Manager1
        Application Window Discovery        		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
        Remote Access Software        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
        Access Token Manipulation        		NTDS1
        Account Discovery        		Distributed Component Object ModelInput CaptureScheduled Transfer1
        Non-Application Layer Protocol        		SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
        Process Injection        		LSA Secrets1
        System Owner/User Discovery        		SSHKeyloggingData Transfer Size Limits11
        Application Layer Protocol        		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.common1
        Deobfuscate/Decode Files or Information        		Cached Domain Credentials3
        System Information Discovery        		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup Items1
        Hidden Files and Directories        		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
        Obfuscated Files or Information        		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)12
        Software Packing        		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
        Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
        DLL Side-Loading        		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        cracksetup.exe95%ReversingLabsByteCode-MSIL.Backdoor.NanoCore
        cracksetup.exe83%VirustotalBrowse
        cracksetup.exe100%AviraTR/Dropper.MSIL.Gen7
        cracksetup.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        0.0.cracksetup.exe.410000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        0.2.cracksetup.exe.5340000.7.unpack100%AviraTR/NanoCore.fadteDownload File

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        0.tcp.in.ngrok.io100%Avira URL Cloudmalware

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        0.tcp.in.ngrok.io
        		3.6.98.232
        		truetrue
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          0.tcp.in.ngrok.iotrue
          • Avira URL Cloud: malware
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          3.6.30.85
          		unknownUnited States
          		16509AMAZON-02USfalse
          3.6.115.182
          		unknownUnited States
          		16509AMAZON-02USfalse
          3.6.122.107
          		unknownUnited States
          		16509AMAZON-02USfalse
          3.6.115.64
          		unknownUnited States
          		16509AMAZON-02USfalse
          3.6.98.232
          		0.tcp.in.ngrok.ioUnited States
          		16509AMAZON-02UStrue

          Private

          IP
          192.168.2.1

          General Information

          Joe Sandbox Version:37.0.0 Beryl
          Analysis ID:831649
          Start date and time:2023-03-21 17:36:58 +01:00
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 7m 34s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Number of analysed new started processes analysed:11
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample file name:cracksetup.exe
          Detection:MAL
          Classification:mal100.troj.evad.winEXE@1/1@22/6
          EGA Information:
          • Successful, ratio: 100%
          HDC Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 222
          • Number of non-executed functions: 3
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
          • Excluded domains from analysis (whitelisted): fs.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
          • Report size getting too big, too many NtDeviceIoControlFile calls found.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.

          Simulations

          Behavior and APIs

          TimeTypeDescription
          17:37:56API Interceptor936x Sleep call for process: cracksetup.exe modified

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          3.6.30.85LocalStaFvjUblU.exeGet hashmaliciousnjRatBrowse
            ehqsU9jDFb.exeGet hashmaliciousnjRatBrowse
              EADSXus8Cw.exeGet hashmaliciousnjRatBrowse
                KPiASQ9E43.exeGet hashmaliciousNjratBrowse
                  DDD24717592B5B34947AF56B9F84CD2CE01B0B2EFB62D.exeGet hashmaliciousnjRatBrowse
                    cvh2bWXOjP.exeGet hashmaliciousRedLineBrowse
                      3.6.115.182RN2vknsx6G.exeGet hashmaliciousRedLineBrowse
                      • 0.tcp.in.ngrok.io:17440/
                      3.6.122.107RN2vknsx6G.exeGet hashmaliciousRedLineBrowse
                      • 0.tcp.in.ngrok.io:17440/

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      0.tcp.in.ngrok.ioLocalStaFvjUblU.exeGet hashmaliciousnjRatBrowse
                      • 3.6.122.107
                      558EofiXYO.exeGet hashmaliciousnjRatBrowse
                      • 3.6.115.64
                      JsYdl3ZkOA.exeGet hashmaliciousnjRatBrowse
                      • 3.6.115.64
                      ehqsU9jDFb.exeGet hashmaliciousnjRatBrowse
                      • 3.6.115.182
                      EADSXus8Cw.exeGet hashmaliciousnjRatBrowse
                      • 3.6.30.85
                      KPiASQ9E43.exeGet hashmaliciousNjratBrowse
                      • 3.6.30.85
                      DDD24717592B5B34947AF56B9F84CD2CE01B0B2EFB62D.exeGet hashmaliciousnjRatBrowse
                      • 3.6.115.64
                      cvh2bWXOjP.exeGet hashmaliciousRedLineBrowse
                      • 3.6.30.85
                      RN2vknsx6G.exeGet hashmaliciousRedLineBrowse
                      • 3.6.115.182
                      8Sp3NTd4S3.exeGet hashmaliciousnjRatBrowse
                      • 3.6.122.107

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      AMAZON-02UShttps://www.youtube.com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=http://wkog.33.bykaratas.com/google.android.apps.youtube.music/6k3oxulr%20#tj_base64_encode%20aHR0cDovLzYzd3p3b3l0Lm9zd2FsYWIuY29tLw==?em=wranga.mujadidi@akima.com%22Get hashmaliciousHTMLPhisherBrowse
                      • 52.217.201.248
                      https://www.youtube.com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=http://sh1z.07.bykaratas.com/google.android.apps.youtube.music/shh0okss%20#tj_base64_encode%20aHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL2FwcGZvcmVzdF91Zi9mMTY3OTMxMjkxMDAxOXg2MjY5MTMxOTcxODkwODMxMDAvY29sZS5odG1s?em=william.thompson@searchflow.co.uk%22Get hashmaliciousHTMLPhisherBrowse
                      • 54.231.161.96
                      LafameBeta.exeGet hashmaliciousAsyncRATBrowse
                      • 35.158.159.254
                      http://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=http://Bctransit.roombank.co.uk/hh/ZXJpbm5fcGlua2VydG9uQGJjdHJhbnNpdC5jb20=Get hashmaliciousUnknownBrowse
                      • 143.204.14.163
                      https://indd.adobe.com/view/b112fbcd-3aa0-4340-b1c0-e84011a1279dGet hashmaliciousUnknownBrowse
                      • 15.236.125.10
                      https://www.youtube.com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=http://sh1z.07.bykaratas.com/google.android.apps.youtube.music/shh0okss%20#tj_base64_encode%20aHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL2FwcGZvcmVzdF91Zi9mMTY3OTMxMjkxMDAxOXg2MjY5MTMxOTcxODkwODMxMDAvY29sZS5odG1s?em=william.thompson@searchflow.co.uk%22Get hashmaliciousHTMLPhisherBrowse
                      • 52.216.143.102
                      uytL8oFqlY.exeGet hashmaliciousnjRatBrowse
                      • 18.157.68.73
                      Remittance-RNP583879248D11.htmGet hashmaliciousHTMLPhisherBrowse
                      • 143.204.9.105
                      https://www.dropbox.com/scl/fi/zgxrmru60zos3etufrskl/You-have-received-some-incoming-secured-fax-document.paper?dl=0&rlkey=uu1hj409ra040c285wwt7q192Get hashmaliciousHTMLPhisherBrowse
                      • 13.226.175.110
                      http://api.sparknotifications.walmart.com/api/track?action=click&campaign=bsjy1uwl6v9y9x1&message_id=BQ6NGO3PoZ-1660831276514&trackingid=BvI-3ijv7u&redirect=http%3A%2F%2Fr20.rs6.net%2Ftn.jsp%3Ff%3D001yw75-8PL9PCxwLkHJHsEH-K3_vFMpbt8rMdYPJ-r9QXSmlpZwD4gxnlhqhBQVNwAr_HPycxe4ABcAamuEGUBiK1PYeOd9UiFa082JgOppj2YnSXR5hvTlZe97C_cNMLrYOym8YxW795MYYKna0iCY2JSgjqyZ2F6LJOcUr6d7p5vHvqcrS1-CQ%3D%3D%26c%3DWi33jSTBmkMQvmPIC79zM5b_3EZY7vRB0vy4WQ8qGrGMqj8A14rXyw%3D%3D%26ch%3Dq4keNzSNwsE06bFCUtCTI8l2-6pboMiSlY1MF3GQZDHa1IhLtBLD0g%3D%3D%26_365%2FanVucnVoQGdyZWVuZG90Y29ycC5jb20=Get hashmaliciousUnknownBrowse
                      • 13.226.150.67
                      252_FLUXO20PROJETADO375.759608.88082.lNk.lnkGet hashmaliciousUnknownBrowse
                      • 13.226.175.101
                      https://www.youtube.com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=https%3A%2F%2Fbomberosbarcelonaquindio.org%2Fnew%2Fauth%2F/knlnkd%2F%2F%2F%2Fandreas.kurz@xfab.com%3Fid%3Dcom.google.android.apps.youtube.musicGet hashmaliciousHTMLPhisherBrowse
                      • 52.217.121.24
                      http://krk5gski4z6409359363eb3.opticair.ruGet hashmaliciousUnknownBrowse
                      • 65.9.95.46
                      http://judymalone.trx.co.id/anVkeW1hbG9uZUBnb3YubmwuY2E=Get hashmaliciousUnknownBrowse
                      • 65.9.95.46
                      https://x8ioeg.canksru.ruGet hashmaliciousUnknownBrowse
                      • 65.9.95.66
                      http://business.poste.it/business/registrazione-self/index.html#!/sicurezza/XMvOlAly7EKySIF_LaJ4Qgk8ZdjicBpj-LxwwobRMal0BZtM5DaybBfyexBQ12SVSrPn50VKgumtoUhKhpniSVMHmGG_1C09oEuCnRQK549IwbWj1DqD_KsUA89EIs_uj5gCIbX9vb6Xq--oA-n3UfG61kCmgU-lPcwckSPqT1UGet hashmaliciousUnknownBrowse
                      • 13.32.121.104
                      contrato_firmado_3202023.HTMLGet hashmaliciousHTMLPhisherBrowse
                      • 52.216.230.133
                      https://www.walteraulac.chGet hashmaliciousUnknownBrowse
                      • 52.222.236.122
                      https://xn--h1adbc.xn--p1acf/fdhgk/yakeemail/mailtech/yankeemail/?email=info@lpo.dkGet hashmaliciousUnknownBrowse
                      • 54.77.53.223
                      http://app.adjust.com/izw3imq?redirect=https%3A%2F%2Flangitteknologiutama.com%2F%2F%2Fssl%2Fhttpgl%2F%2F3fjrpu%2F%2F%2Fcaa@lpo.dkGet hashmaliciousHTMLPhisherBrowse
                      • 52.216.219.200
                      AMAZON-02UShttps://www.youtube.com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=http://wkog.33.bykaratas.com/google.android.apps.youtube.music/6k3oxulr%20#tj_base64_encode%20aHR0cDovLzYzd3p3b3l0Lm9zd2FsYWIuY29tLw==?em=wranga.mujadidi@akima.com%22Get hashmaliciousHTMLPhisherBrowse
                      • 52.217.201.248
                      https://www.youtube.com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=http://sh1z.07.bykaratas.com/google.android.apps.youtube.music/shh0okss%20#tj_base64_encode%20aHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL2FwcGZvcmVzdF91Zi9mMTY3OTMxMjkxMDAxOXg2MjY5MTMxOTcxODkwODMxMDAvY29sZS5odG1s?em=william.thompson@searchflow.co.uk%22Get hashmaliciousHTMLPhisherBrowse
                      • 54.231.161.96
                      LafameBeta.exeGet hashmaliciousAsyncRATBrowse
                      • 35.158.159.254
                      http://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=http://Bctransit.roombank.co.uk/hh/ZXJpbm5fcGlua2VydG9uQGJjdHJhbnNpdC5jb20=Get hashmaliciousUnknownBrowse
                      • 143.204.14.163
                      https://indd.adobe.com/view/b112fbcd-3aa0-4340-b1c0-e84011a1279dGet hashmaliciousUnknownBrowse
                      • 15.236.125.10
                      https://www.youtube.com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=http://sh1z.07.bykaratas.com/google.android.apps.youtube.music/shh0okss%20#tj_base64_encode%20aHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL2FwcGZvcmVzdF91Zi9mMTY3OTMxMjkxMDAxOXg2MjY5MTMxOTcxODkwODMxMDAvY29sZS5odG1s?em=william.thompson@searchflow.co.uk%22Get hashmaliciousHTMLPhisherBrowse
                      • 52.216.143.102
                      uytL8oFqlY.exeGet hashmaliciousnjRatBrowse
                      • 18.157.68.73
                      Remittance-RNP583879248D11.htmGet hashmaliciousHTMLPhisherBrowse
                      • 143.204.9.105
                      https://www.dropbox.com/scl/fi/zgxrmru60zos3etufrskl/You-have-received-some-incoming-secured-fax-document.paper?dl=0&rlkey=uu1hj409ra040c285wwt7q192Get hashmaliciousHTMLPhisherBrowse
                      • 13.226.175.110
                      http://api.sparknotifications.walmart.com/api/track?action=click&campaign=bsjy1uwl6v9y9x1&message_id=BQ6NGO3PoZ-1660831276514&trackingid=BvI-3ijv7u&redirect=http%3A%2F%2Fr20.rs6.net%2Ftn.jsp%3Ff%3D001yw75-8PL9PCxwLkHJHsEH-K3_vFMpbt8rMdYPJ-r9QXSmlpZwD4gxnlhqhBQVNwAr_HPycxe4ABcAamuEGUBiK1PYeOd9UiFa082JgOppj2YnSXR5hvTlZe97C_cNMLrYOym8YxW795MYYKna0iCY2JSgjqyZ2F6LJOcUr6d7p5vHvqcrS1-CQ%3D%3D%26c%3DWi33jSTBmkMQvmPIC79zM5b_3EZY7vRB0vy4WQ8qGrGMqj8A14rXyw%3D%3D%26ch%3Dq4keNzSNwsE06bFCUtCTI8l2-6pboMiSlY1MF3GQZDHa1IhLtBLD0g%3D%3D%26_365%2FanVucnVoQGdyZWVuZG90Y29ycC5jb20=Get hashmaliciousUnknownBrowse
                      • 13.226.150.67
                      252_FLUXO20PROJETADO375.759608.88082.lNk.lnkGet hashmaliciousUnknownBrowse
                      • 13.226.175.101
                      https://www.youtube.com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=https%3A%2F%2Fbomberosbarcelonaquindio.org%2Fnew%2Fauth%2F/knlnkd%2F%2F%2F%2Fandreas.kurz@xfab.com%3Fid%3Dcom.google.android.apps.youtube.musicGet hashmaliciousHTMLPhisherBrowse
                      • 52.217.121.24
                      http://krk5gski4z6409359363eb3.opticair.ruGet hashmaliciousUnknownBrowse
                      • 65.9.95.46
                      http://judymalone.trx.co.id/anVkeW1hbG9uZUBnb3YubmwuY2E=Get hashmaliciousUnknownBrowse
                      • 65.9.95.46
                      https://x8ioeg.canksru.ruGet hashmaliciousUnknownBrowse
                      • 65.9.95.66
                      http://business.poste.it/business/registrazione-self/index.html#!/sicurezza/XMvOlAly7EKySIF_LaJ4Qgk8ZdjicBpj-LxwwobRMal0BZtM5DaybBfyexBQ12SVSrPn50VKgumtoUhKhpniSVMHmGG_1C09oEuCnRQK549IwbWj1DqD_KsUA89EIs_uj5gCIbX9vb6Xq--oA-n3UfG61kCmgU-lPcwckSPqT1UGet hashmaliciousUnknownBrowse
                      • 13.32.121.104
                      contrato_firmado_3202023.HTMLGet hashmaliciousHTMLPhisherBrowse
                      • 52.216.230.133
                      https://www.walteraulac.chGet hashmaliciousUnknownBrowse
                      • 52.222.236.122
                      https://xn--h1adbc.xn--p1acf/fdhgk/yakeemail/mailtech/yankeemail/?email=info@lpo.dkGet hashmaliciousUnknownBrowse
                      • 54.77.53.223
                      http://app.adjust.com/izw3imq?redirect=https%3A%2F%2Flangitteknologiutama.com%2F%2F%2Fssl%2Fhttpgl%2F%2F3fjrpu%2F%2F%2Fcaa@lpo.dkGet hashmaliciousHTMLPhisherBrowse
                      • 52.216.219.200

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

                      Download File
                      Process:C:\Users\user\Desktop\cracksetup.exe
                      File Type:ISO-8859 text, with no line terminators
                      Category:dropped
                      Size (bytes):8
                      Entropy (8bit):3.0
                      Encrypted:false
                      SSDEEP:3:nnt:t
                      MD5:8E076125E2A60D9722928F1BCA926E4D
                      SHA1:569116A424A4B19F7CDC2E240F79063F259731B8
                      SHA-256:3591800860E8FD017170A76AB6C68D59B700614680B7F2C90A470C299190DE07
                      SHA-512:3F3832E240C240D05E22917B5103BB5FDFCBDE57964C68FF019DDAA7D4F9B084A730F91068969E9174BBC3D95BA301D503CDFA681618FB2C19F5BACAA1A2D486
                      Malicious:true
                      Reputation:low
                      Preview:....m*.H

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Entropy (8bit):7.328535203771818
                      TrID:
                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      • Win32 Executable (generic) a (10002005/4) 49.78%
                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                      • Generic Win/DOS Executable (2004/3) 0.01%
                      • DOS Executable Generic (2002/1) 0.01%
                      File name:cracksetup.exe
                      File size:184320
                      MD5:73b4985055e9ef42df1d630218d484c0
                      SHA1:e444a3e9f2a2e86afed479d01ad217ecaf17c625
                      SHA256:5b68e9707ce610dc2f8684699473b677b7d9ee8893d8030716cc091fa8763b04
                      SHA512:31fc0ab3a53b46f7c12472afe643726bd52f1dcd7b03328ad03f80245ac2ae3e3d1ca968b85ef6ca4ab36a01c1145420bef59b989549870ff70b98997c1e13cf
                      SSDEEP:3072:MzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HILUgSHQkID1wP1e/0:MLV6Bta6dtJmakIM5PwjS17
                      TLSH:A704AE1637B84A2FE2DE85B9612202538379C2E3A8C3F3EE28D465B75F567E506071D3
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.T................................. ........@.. .......................@.............................................

                      File Icon

                      Icon Hash:00828e8e8686b000

                      Static PE Info

                      General

                      Entrypoint:0x41e792
                      Entrypoint Section:.text
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      DLL Characteristics:
                      Time Stamp:0x54E927A1 [Sun Feb 22 00:49:37 2015 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                      Entrypoint Preview

                      Instruction
                      jmp dword ptr [00402000h]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x1e7380x57.text
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x220000x10364.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x200000xc.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x20000x1c7980x1c800False0.5945038377192983data6.598031678173162IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .reloc0x200000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                      .rsrc0x220000x103640x10400False0.9979417067307692data7.99668047237072IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountry
                      RT_RCDATA0x220a00x102b0data
                      RT_GROUP_ICON0x323500x14data

                      Imports

                      DLLImport
                      mscoree.dll_CorExeMain

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Mar 21, 2023 17:37:57.130564928 CET4968215120192.168.2.33.6.98.232
                      Mar 21, 2023 17:37:57.263431072 CET15120496823.6.98.232192.168.2.3
                      Mar 21, 2023 17:37:57.772082090 CET4968215120192.168.2.33.6.98.232
                      Mar 21, 2023 17:37:57.905539036 CET15120496823.6.98.232192.168.2.3
                      Mar 21, 2023 17:37:58.412617922 CET4968215120192.168.2.33.6.98.232
                      Mar 21, 2023 17:37:58.545427084 CET15120496823.6.98.232192.168.2.3
                      Mar 21, 2023 17:38:02.774919987 CET4968515120192.168.2.33.6.115.64
                      Mar 21, 2023 17:38:02.906903028 CET15120496853.6.115.64192.168.2.3
                      Mar 21, 2023 17:38:03.413115978 CET4968515120192.168.2.33.6.115.64
                      Mar 21, 2023 17:38:03.545247078 CET15120496853.6.115.64192.168.2.3
                      Mar 21, 2023 17:38:04.053791046 CET4968515120192.168.2.33.6.115.64
                      Mar 21, 2023 17:38:04.186054945 CET15120496853.6.115.64192.168.2.3
                      Mar 21, 2023 17:38:08.290951014 CET4968615120192.168.2.33.6.98.232
                      Mar 21, 2023 17:38:08.422142029 CET15120496863.6.98.232192.168.2.3
                      Mar 21, 2023 17:38:08.929102898 CET4968615120192.168.2.33.6.98.232
                      Mar 21, 2023 17:38:09.060313940 CET15120496863.6.98.232192.168.2.3
                      Mar 21, 2023 17:38:09.569786072 CET4968615120192.168.2.33.6.98.232
                      Mar 21, 2023 17:38:09.701107979 CET15120496863.6.98.232192.168.2.3
                      Mar 21, 2023 17:38:13.828548908 CET4968715120192.168.2.33.6.115.64
                      Mar 21, 2023 17:38:13.959774971 CET15120496873.6.115.64192.168.2.3
                      Mar 21, 2023 17:38:14.570239067 CET4968715120192.168.2.33.6.115.64
                      Mar 21, 2023 17:38:14.702830076 CET15120496873.6.115.64192.168.2.3
                      Mar 21, 2023 17:38:15.382766008 CET4968715120192.168.2.33.6.115.64
                      Mar 21, 2023 17:38:15.517862082 CET15120496873.6.115.64192.168.2.3
                      Mar 21, 2023 17:38:19.696990013 CET4968815120192.168.2.33.6.98.232
                      Mar 21, 2023 17:38:19.828418970 CET15120496883.6.98.232192.168.2.3
                      Mar 21, 2023 17:38:20.336263895 CET4968815120192.168.2.33.6.98.232
                      Mar 21, 2023 17:38:20.467771053 CET15120496883.6.98.232192.168.2.3
                      Mar 21, 2023 17:38:20.976980925 CET4968815120192.168.2.33.6.98.232
                      Mar 21, 2023 17:38:21.108477116 CET15120496883.6.98.232192.168.2.3
                      Mar 21, 2023 17:38:25.187026024 CET4968915120192.168.2.33.6.98.232
                      Mar 21, 2023 17:38:25.319856882 CET15120496893.6.98.232192.168.2.3
                      Mar 21, 2023 17:38:25.821547985 CET4968915120192.168.2.33.6.98.232
                      Mar 21, 2023 17:38:25.953460932 CET15120496893.6.98.232192.168.2.3
                      Mar 21, 2023 17:38:26.461848021 CET4968915120192.168.2.33.6.98.232
                      Mar 21, 2023 17:38:26.593842983 CET15120496893.6.98.232192.168.2.3
                      Mar 21, 2023 17:38:30.722373009 CET4969015120192.168.2.33.6.115.64
                      Mar 21, 2023 17:38:30.855494022 CET15120496903.6.115.64192.168.2.3
                      Mar 21, 2023 17:38:31.368457079 CET4969015120192.168.2.33.6.115.64
                      Mar 21, 2023 17:38:31.501750946 CET15120496903.6.115.64192.168.2.3
                      Mar 21, 2023 17:38:32.024935007 CET4969015120192.168.2.33.6.115.64
                      Mar 21, 2023 17:38:32.158122063 CET15120496903.6.115.64192.168.2.3
                      Mar 21, 2023 17:38:36.295027971 CET4969115120192.168.2.33.6.98.232
                      Mar 21, 2023 17:38:36.427206039 CET15120496913.6.98.232192.168.2.3
                      Mar 21, 2023 17:38:36.931396008 CET4969115120192.168.2.33.6.98.232
                      Mar 21, 2023 17:38:37.063658953 CET15120496913.6.98.232192.168.2.3
                      Mar 21, 2023 17:38:37.572134018 CET4969115120192.168.2.33.6.98.232
                      Mar 21, 2023 17:38:37.704741955 CET15120496913.6.98.232192.168.2.3
                      Mar 21, 2023 17:38:41.821125031 CET4969215120192.168.2.33.6.115.182
                      Mar 21, 2023 17:38:41.953310013 CET15120496923.6.115.182192.168.2.3
                      Mar 21, 2023 17:38:42.463080883 CET4969215120192.168.2.33.6.115.182
                      Mar 21, 2023 17:38:42.595254898 CET15120496923.6.115.182192.168.2.3
                      Mar 21, 2023 17:38:43.103765011 CET4969215120192.168.2.33.6.115.182
                      Mar 21, 2023 17:38:43.235907078 CET15120496923.6.115.182192.168.2.3
                      Mar 21, 2023 17:38:47.622585058 CET4969315120192.168.2.33.6.98.232
                      Mar 21, 2023 17:38:47.753864050 CET15120496933.6.98.232192.168.2.3
                      Mar 21, 2023 17:38:48.260473967 CET4969315120192.168.2.33.6.98.232
                      Mar 21, 2023 17:38:48.391892910 CET15120496933.6.98.232192.168.2.3
                      Mar 21, 2023 17:38:48.901150942 CET4969315120192.168.2.33.6.98.232
                      Mar 21, 2023 17:38:49.032183886 CET15120496933.6.98.232192.168.2.3
                      Mar 21, 2023 17:38:53.476250887 CET4969415120192.168.2.33.6.115.182
                      Mar 21, 2023 17:38:53.607184887 CET15120496943.6.115.182192.168.2.3
                      Mar 21, 2023 17:38:54.151607037 CET4969415120192.168.2.33.6.115.182
                      Mar 21, 2023 17:38:54.282444000 CET15120496943.6.115.182192.168.2.3
                      Mar 21, 2023 17:38:54.792782068 CET4969415120192.168.2.33.6.115.182
                      Mar 21, 2023 17:38:54.923630953 CET15120496943.6.115.182192.168.2.3
                      Mar 21, 2023 17:38:59.589881897 CET4969515120192.168.2.33.6.98.232
                      Mar 21, 2023 17:38:59.722863913 CET15120496953.6.98.232192.168.2.3
                      Mar 21, 2023 17:39:00.230571985 CET4969515120192.168.2.33.6.98.232
                      Mar 21, 2023 17:39:00.363692045 CET15120496953.6.98.232192.168.2.3
                      Mar 21, 2023 17:39:00.870872974 CET4969515120192.168.2.33.6.98.232
                      Mar 21, 2023 17:39:01.003838062 CET15120496953.6.98.232192.168.2.3
                      Mar 21, 2023 17:39:05.060645103 CET4969615120192.168.2.33.6.98.232
                      Mar 21, 2023 17:39:05.194669008 CET15120496963.6.98.232192.168.2.3
                      Mar 21, 2023 17:39:05.699440956 CET4969615120192.168.2.33.6.98.232
                      Mar 21, 2023 17:39:05.832786083 CET15120496963.6.98.232192.168.2.3
                      Mar 21, 2023 17:39:06.340218067 CET4969615120192.168.2.33.6.98.232
                      Mar 21, 2023 17:39:06.473731041 CET15120496963.6.98.232192.168.2.3
                      Mar 21, 2023 17:39:11.970458984 CET4969715120192.168.2.33.6.115.64
                      Mar 21, 2023 17:39:12.102380991 CET15120496973.6.115.64192.168.2.3
                      Mar 21, 2023 17:39:12.778171062 CET4969715120192.168.2.33.6.115.64
                      Mar 21, 2023 17:39:12.910336971 CET15120496973.6.115.64192.168.2.3
                      Mar 21, 2023 17:39:13.481267929 CET4969715120192.168.2.33.6.115.64
                      Mar 21, 2023 17:39:13.613265991 CET15120496973.6.115.64192.168.2.3
                      Mar 21, 2023 17:39:17.666757107 CET4969815120192.168.2.33.6.122.107
                      Mar 21, 2023 17:39:17.799248934 CET15120496983.6.122.107192.168.2.3
                      Mar 21, 2023 17:39:18.309791088 CET4969815120192.168.2.33.6.122.107
                      Mar 21, 2023 17:39:18.442284107 CET15120496983.6.122.107192.168.2.3
                      Mar 21, 2023 17:39:18.950510979 CET4969815120192.168.2.33.6.122.107
                      Mar 21, 2023 17:39:19.083167076 CET15120496983.6.122.107192.168.2.3
                      Mar 21, 2023 17:39:23.258011103 CET4969915120192.168.2.33.6.30.85
                      Mar 21, 2023 17:39:23.390485048 CET15120496993.6.30.85192.168.2.3
                      Mar 21, 2023 17:39:23.904156923 CET4969915120192.168.2.33.6.30.85
                      Mar 21, 2023 17:39:24.036883116 CET15120496993.6.30.85192.168.2.3
                      Mar 21, 2023 17:39:24.544675112 CET4969915120192.168.2.33.6.30.85
                      Mar 21, 2023 17:39:24.676893950 CET15120496993.6.30.85192.168.2.3
                      Mar 21, 2023 17:39:28.730568886 CET4970015120192.168.2.33.6.115.64
                      Mar 21, 2023 17:39:28.864036083 CET15120497003.6.115.64192.168.2.3
                      Mar 21, 2023 17:39:29.373246908 CET4970015120192.168.2.33.6.115.64
                      Mar 21, 2023 17:39:29.507913113 CET15120497003.6.115.64192.168.2.3
                      Mar 21, 2023 17:39:30.014036894 CET4970015120192.168.2.33.6.115.64
                      Mar 21, 2023 17:39:30.147717953 CET15120497003.6.115.64192.168.2.3
                      Mar 21, 2023 17:39:34.767389059 CET4970115120192.168.2.33.6.122.107
                      Mar 21, 2023 17:39:34.899409056 CET15120497013.6.122.107192.168.2.3
                      Mar 21, 2023 17:39:35.404953957 CET4970115120192.168.2.33.6.122.107
                      Mar 21, 2023 17:39:35.536885023 CET15120497013.6.122.107192.168.2.3
                      Mar 21, 2023 17:39:36.045593023 CET4970115120192.168.2.33.6.122.107
                      Mar 21, 2023 17:39:36.177479982 CET15120497013.6.122.107192.168.2.3
                      Mar 21, 2023 17:39:40.429328918 CET4970215120192.168.2.33.6.30.85
                      Mar 21, 2023 17:39:40.562577963 CET15120497023.6.30.85192.168.2.3
                      Mar 21, 2023 17:39:41.077270985 CET4970215120192.168.2.33.6.30.85
                      Mar 21, 2023 17:39:41.210453033 CET15120497023.6.30.85192.168.2.3
                      Mar 21, 2023 17:39:41.717956066 CET4970215120192.168.2.33.6.30.85
                      Mar 21, 2023 17:39:41.851295948 CET15120497023.6.30.85192.168.2.3
                      Mar 21, 2023 17:39:45.993733883 CET4970315120192.168.2.33.6.115.64
                      Mar 21, 2023 17:39:46.126923084 CET15120497033.6.115.64192.168.2.3
                      Mar 21, 2023 17:39:46.640512943 CET4970315120192.168.2.33.6.115.64
                      Mar 21, 2023 17:39:46.773977995 CET15120497033.6.115.64192.168.2.3
                      Mar 21, 2023 17:39:47.281033039 CET4970315120192.168.2.33.6.115.64
                      Mar 21, 2023 17:39:47.418216944 CET15120497033.6.115.64192.168.2.3
                      Mar 21, 2023 17:39:51.601780891 CET4970415120192.168.2.33.6.122.107
                      Mar 21, 2023 17:39:51.733058929 CET15120497043.6.122.107192.168.2.3
                      Mar 21, 2023 17:39:52.234411955 CET4970415120192.168.2.33.6.122.107
                      Mar 21, 2023 17:39:52.365588903 CET15120497043.6.122.107192.168.2.3
                      Mar 21, 2023 17:39:52.875147104 CET4970415120192.168.2.33.6.122.107
                      Mar 21, 2023 17:39:53.006973028 CET15120497043.6.122.107192.168.2.3
                      Mar 21, 2023 17:39:57.386153936 CET4970515120192.168.2.33.6.122.107
                      Mar 21, 2023 17:39:57.518517017 CET15120497053.6.122.107192.168.2.3
                      Mar 21, 2023 17:39:58.031915903 CET4970515120192.168.2.33.6.122.107
                      Mar 21, 2023 17:39:58.164211035 CET15120497053.6.122.107192.168.2.3
                      Mar 21, 2023 17:39:58.672561884 CET4970515120192.168.2.33.6.122.107
                      Mar 21, 2023 17:39:58.806147099 CET15120497053.6.122.107192.168.2.3

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Mar 21, 2023 17:37:57.094510078 CET5426453192.168.2.38.8.8.8
                      Mar 21, 2023 17:37:57.115390062 CET53542648.8.8.8192.168.2.3
                      Mar 21, 2023 17:38:02.743908882 CET6372253192.168.2.38.8.8.8
                      Mar 21, 2023 17:38:02.773493052 CET53637228.8.8.8192.168.2.3
                      Mar 21, 2023 17:38:08.272087097 CET6552253192.168.2.38.8.8.8
                      Mar 21, 2023 17:38:08.289701939 CET53655228.8.8.8192.168.2.3
                      Mar 21, 2023 17:38:13.807687998 CET5986953192.168.2.38.8.8.8
                      Mar 21, 2023 17:38:13.827455044 CET53598698.8.8.8192.168.2.3
                      Mar 21, 2023 17:38:19.674448013 CET5439753192.168.2.38.8.8.8
                      Mar 21, 2023 17:38:19.694962025 CET53543978.8.8.8192.168.2.3
                      Mar 21, 2023 17:38:25.167553902 CET5932453192.168.2.38.8.8.8
                      Mar 21, 2023 17:38:25.185555935 CET53593248.8.8.8192.168.2.3
                      Mar 21, 2023 17:38:30.701257944 CET5901453192.168.2.38.8.8.8
                      Mar 21, 2023 17:38:30.721257925 CET53590148.8.8.8192.168.2.3
                      Mar 21, 2023 17:38:36.254368067 CET6162653192.168.2.38.8.8.8
                      Mar 21, 2023 17:38:36.274329901 CET53616268.8.8.8192.168.2.3
                      Mar 21, 2023 17:38:41.794886112 CET6178753192.168.2.38.8.8.8
                      Mar 21, 2023 17:38:41.820096016 CET53617878.8.8.8192.168.2.3
                      Mar 21, 2023 17:38:47.602082014 CET5892153192.168.2.38.8.8.8
                      Mar 21, 2023 17:38:47.619800091 CET53589218.8.8.8192.168.2.3
                      Mar 21, 2023 17:38:53.454499006 CET6270453192.168.2.38.8.8.8
                      Mar 21, 2023 17:38:53.474462032 CET53627048.8.8.8192.168.2.3
                      Mar 21, 2023 17:38:59.569854975 CET4997753192.168.2.38.8.8.8
                      Mar 21, 2023 17:38:59.587647915 CET53499778.8.8.8192.168.2.3
                      Mar 21, 2023 17:39:05.039097071 CET5784053192.168.2.38.8.8.8
                      Mar 21, 2023 17:39:05.059118986 CET53578408.8.8.8192.168.2.3
                      Mar 21, 2023 17:39:11.829005957 CET5799053192.168.2.38.8.8.8
                      Mar 21, 2023 17:39:11.849242926 CET53579908.8.8.8192.168.2.3
                      Mar 21, 2023 17:39:17.647454023 CET5238753192.168.2.38.8.8.8
                      Mar 21, 2023 17:39:17.665123940 CET53523878.8.8.8192.168.2.3
                      Mar 21, 2023 17:39:23.234345913 CET5692453192.168.2.38.8.8.8
                      Mar 21, 2023 17:39:23.256875992 CET53569248.8.8.8192.168.2.3
                      Mar 21, 2023 17:39:28.708853960 CET6062553192.168.2.38.8.8.8
                      Mar 21, 2023 17:39:28.728776932 CET53606258.8.8.8192.168.2.3
                      Mar 21, 2023 17:39:34.745934010 CET4930253192.168.2.38.8.8.8
                      Mar 21, 2023 17:39:34.765602112 CET53493028.8.8.8192.168.2.3
                      Mar 21, 2023 17:39:40.408159971 CET5397553192.168.2.38.8.8.8
                      Mar 21, 2023 17:39:40.428169012 CET53539758.8.8.8192.168.2.3
                      Mar 21, 2023 17:39:45.962234974 CET5113953192.168.2.38.8.8.8
                      Mar 21, 2023 17:39:45.992628098 CET53511398.8.8.8192.168.2.3
                      Mar 21, 2023 17:39:51.575274944 CET5295553192.168.2.38.8.8.8
                      Mar 21, 2023 17:39:51.594803095 CET53529558.8.8.8192.168.2.3
                      Mar 21, 2023 17:39:57.366436958 CET6058253192.168.2.38.8.8.8
                      Mar 21, 2023 17:39:57.385201931 CET53605828.8.8.8192.168.2.3

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Mar 21, 2023 17:37:57.094510078 CET192.168.2.38.8.8.80xeb38Standard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:02.743908882 CET192.168.2.38.8.8.80x7566Standard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:08.272087097 CET192.168.2.38.8.8.80x888dStandard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:13.807687998 CET192.168.2.38.8.8.80x71cbStandard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:19.674448013 CET192.168.2.38.8.8.80x413cStandard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:25.167553902 CET192.168.2.38.8.8.80xa334Standard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:30.701257944 CET192.168.2.38.8.8.80x4ee1Standard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:36.254368067 CET192.168.2.38.8.8.80x67a6Standard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:41.794886112 CET192.168.2.38.8.8.80xed53Standard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:47.602082014 CET192.168.2.38.8.8.80xc4ddStandard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:53.454499006 CET192.168.2.38.8.8.80x575aStandard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:59.569854975 CET192.168.2.38.8.8.80x4bb8Standard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:05.039097071 CET192.168.2.38.8.8.80xd09fStandard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:11.829005957 CET192.168.2.38.8.8.80x63beStandard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:17.647454023 CET192.168.2.38.8.8.80x2935Standard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:23.234345913 CET192.168.2.38.8.8.80xda9Standard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:28.708853960 CET192.168.2.38.8.8.80x28cdStandard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:34.745934010 CET192.168.2.38.8.8.80x3983Standard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:40.408159971 CET192.168.2.38.8.8.80xa249Standard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:45.962234974 CET192.168.2.38.8.8.80x4d4cStandard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:51.575274944 CET192.168.2.38.8.8.80x3445Standard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:57.366436958 CET192.168.2.38.8.8.80x73b9Standard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Mar 21, 2023 17:37:57.115390062 CET8.8.8.8192.168.2.30xeb38No error (0)0.tcp.in.ngrok.io3.6.98.232A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:02.773493052 CET8.8.8.8192.168.2.30x7566No error (0)0.tcp.in.ngrok.io3.6.115.64A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:08.289701939 CET8.8.8.8192.168.2.30x888dNo error (0)0.tcp.in.ngrok.io3.6.98.232A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:13.827455044 CET8.8.8.8192.168.2.30x71cbNo error (0)0.tcp.in.ngrok.io3.6.115.64A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:19.694962025 CET8.8.8.8192.168.2.30x413cNo error (0)0.tcp.in.ngrok.io3.6.98.232A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:25.185555935 CET8.8.8.8192.168.2.30xa334No error (0)0.tcp.in.ngrok.io3.6.98.232A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:30.721257925 CET8.8.8.8192.168.2.30x4ee1No error (0)0.tcp.in.ngrok.io3.6.115.64A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:36.274329901 CET8.8.8.8192.168.2.30x67a6No error (0)0.tcp.in.ngrok.io3.6.98.232A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:41.820096016 CET8.8.8.8192.168.2.30xed53No error (0)0.tcp.in.ngrok.io3.6.115.182A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:47.619800091 CET8.8.8.8192.168.2.30xc4ddNo error (0)0.tcp.in.ngrok.io3.6.98.232A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:53.474462032 CET8.8.8.8192.168.2.30x575aNo error (0)0.tcp.in.ngrok.io3.6.115.182A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:38:59.587647915 CET8.8.8.8192.168.2.30x4bb8No error (0)0.tcp.in.ngrok.io3.6.98.232A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:05.059118986 CET8.8.8.8192.168.2.30xd09fNo error (0)0.tcp.in.ngrok.io3.6.98.232A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:11.849242926 CET8.8.8.8192.168.2.30x63beNo error (0)0.tcp.in.ngrok.io3.6.115.64A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:17.665123940 CET8.8.8.8192.168.2.30x2935No error (0)0.tcp.in.ngrok.io3.6.122.107A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:23.256875992 CET8.8.8.8192.168.2.30xda9No error (0)0.tcp.in.ngrok.io3.6.30.85A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:28.728776932 CET8.8.8.8192.168.2.30x28cdNo error (0)0.tcp.in.ngrok.io3.6.115.64A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:34.765602112 CET8.8.8.8192.168.2.30x3983No error (0)0.tcp.in.ngrok.io3.6.122.107A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:40.428169012 CET8.8.8.8192.168.2.30xa249No error (0)0.tcp.in.ngrok.io3.6.30.85A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:45.992628098 CET8.8.8.8192.168.2.30x4d4cNo error (0)0.tcp.in.ngrok.io3.6.115.64A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:51.594803095 CET8.8.8.8192.168.2.30x3445No error (0)0.tcp.in.ngrok.io3.6.122.107A (IP address)IN (0x0001)false
                      Mar 21, 2023 17:39:57.385201931 CET8.8.8.8192.168.2.30x73b9No error (0)0.tcp.in.ngrok.io3.6.122.107A (IP address)IN (0x0001)false

                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      System Behavior

                      General

                      Target ID:0
                      Start time:17:37:55
                      Start date:21/03/2023
                      Path:C:\Users\user\Desktop\cracksetup.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Users\user\Desktop\cracksetup.exe
                      Imagebase:0x410000
                      File size:184320 bytes
                      MD5 hash:73B4985055E9EF42DF1D630218D484C0
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:.Net C# or VB.NET
                      Yara matches:
                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmp, Author: Florian Roth (Nextron Systems)
                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                      • Rule: NanoCore, Description: unknown, Source: 00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                      • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000000.253379004.0000000000412000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                      • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.526423092.0000000003A31000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                      • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                      • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.527084399.0000000005340000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.526914801.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.526914801.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                      • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.526914801.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                      • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.526914801.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                      • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.524089452.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                      Reputation:low

                      Disassembly

                      Reset < >

                        Execution Graph

                        Execution Coverage:22.1%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:7%
                        Total number of Nodes:187
                        Total number of Limit Nodes:14
                        execution_graph 13107 4d212d2 13109 4d2130a WSASocketW 13107->13109 13110 4d21346 13109->13110 13111 b2aa32 13114 b2aa6a RegOpenKeyExW 13111->13114 13113 b2aac0 13114->13113 13115 4d22256 13116 4d2228b bind 13115->13116 13118 4d222bf 13116->13118 13303 4d22716 13304 4d22742 FindCloseChangeNotification 13303->13304 13305 4d22783 13303->13305 13306 4d22750 13304->13306 13305->13304 13307 4d22b16 13308 4d22b66 FormatMessageW 13307->13308 13309 4d22b6e 13308->13309 13119 26dd6e8 13120 26dd6f1 13119->13120 13124 26dd729 13120->13124 13128 26dd738 13120->13128 13121 26dd722 13125 26dd738 13124->13125 13132 26dd769 13125->13132 13126 26dd759 13126->13121 13129 26dd740 13128->13129 13131 26dd769 2 API calls 13129->13131 13130 26dd759 13130->13121 13131->13130 13133 26dd79b 13132->13133 13134 26dd7c3 13133->13134 13137 26dd890 13133->13137 13142 26dd881 13133->13142 13134->13126 13138 26dd8b9 13137->13138 13147 4d21236 13138->13147 13150 4d211c5 13138->13150 13139 26dd8f4 13139->13133 13143 26dd890 13142->13143 13145 4d21236 DnsQuery_A 13143->13145 13146 4d211c5 DnsQuery_A 13143->13146 13144 26dd8f4 13144->13133 13145->13144 13146->13144 13148 4d21286 DnsQuery_A 13147->13148 13149 4d21294 13148->13149 13149->13139 13151 4d211e1 DnsQuery_A 13150->13151 13153 4d21294 13151->13153 13153->13139 13154 b2ab3a 13155 b2ab6f RegQueryValueExW 13154->13155 13157 b2abc3 13155->13157 13158 4d21a5e 13159 4d21a96 MapViewOfFile 13158->13159 13161 4d21ae5 13159->13161 13162 b2be3e 13163 b2be93 13162->13163 13164 b2be6a DispatchMessageW 13162->13164 13163->13164 13165 b2be7f 13164->13165 13310 b2bb7e 13311 b2bbb3 PostMessageW 13310->13311 13312 b2bbe7 13310->13312 13313 b2bbc8 13311->13313 13312->13311 13166 26d0660 13167 26d0665 13166->13167 13170 26d0682 13167->13170 13168 26d0674 13171 26d069f 13170->13171 13178 26d43c0 13171->13178 13183 26d43d0 13171->13183 13172 26d07e2 13186 26d5700 13172->13186 13190 26d5710 13172->13190 13173 26d0806 13173->13168 13179 26d43cf 13178->13179 13180 26d4382 13178->13180 13194 26d4510 13179->13194 13180->13172 13181 26d43ed 13181->13172 13184 26d43ed 13183->13184 13185 26d4510 5 API calls 13183->13185 13184->13172 13185->13184 13187 26d5719 13186->13187 13188 26d571d 13187->13188 13240 26d5788 13187->13240 13188->13173 13191 26d5719 13190->13191 13192 26d571d 13191->13192 13193 26d5788 2 API calls 13191->13193 13192->13173 13193->13192 13195 26d4544 13194->13195 13199 26d45c8 13195->13199 13209 26d45b8 13195->13209 13196 26d4560 13196->13181 13220 4d202ab 13199->13220 13224 4d202de 13199->13224 13200 26d45f9 13200->13196 13201 26d45f5 13201->13200 13228 4d203ca 13201->13228 13232 4d20390 13201->13232 13203 26d4620 13236 b2a372 13203->13236 13210 26d45c8 13209->13210 13218 4d202ab RegOpenKeyExA 13210->13218 13219 4d202de RegOpenKeyExA 13210->13219 13211 26d45f9 13211->13196 13212 26d45f5 13212->13211 13215 4d20390 RegQueryValueExA 13212->13215 13216 4d203ca RegQueryValueExA 13212->13216 13213 26d4685 13213->13196 13214 26d4620 13217 b2a372 SetErrorMode 13214->13217 13215->13214 13216->13214 13217->13213 13218->13212 13219->13212 13221 4d202de RegOpenKeyExA 13220->13221 13223 4d20362 13221->13223 13223->13201 13226 4d20319 RegOpenKeyExA 13224->13226 13227 4d20362 13226->13227 13227->13201 13229 4d20405 RegQueryValueExA 13228->13229 13231 4d2046d 13229->13231 13231->13203 13233 4d203ca RegQueryValueExA 13232->13233 13235 4d2046d 13233->13235 13235->13203 13237 b2a39e SetErrorMode 13236->13237 13239 b2a3c7 13236->13239 13238 b2a3b3 13237->13238 13238->13196 13239->13237 13241 26d57a0 13240->13241 13245 4d2104a 13241->13245 13249 4d2100f 13241->13249 13242 26d57ba 13242->13188 13248 4d21085 DeleteFileA 13245->13248 13247 4d210c2 13247->13242 13248->13247 13250 4d2104a DeleteFileA 13249->13250 13252 4d210c2 13250->13252 13252->13242 13253 4d227c2 13254 4d227ee K32EnumProcesses 13253->13254 13256 4d2280a 13254->13256 13257 4d224c6 13259 4d224ef LookupPrivilegeValueW 13257->13259 13260 4d22516 13259->13260 13261 4d22646 13262 4d22675 AdjustTokenPrivileges 13261->13262 13264 4d22697 13262->13264 13314 4d22886 13315 4d228e6 13314->13315 13316 4d228bb NtQuerySystemInformation 13314->13316 13315->13316 13317 4d228d0 13316->13317 13265 4d21fca 13267 4d21fff GetProcessTimes 13265->13267 13268 4d22031 13267->13268 13269 4d20cce 13271 4d20cf4 CreateDirectoryW 13269->13271 13272 4d20d1b 13271->13272 13318 b2a8ee 13319 b2a920 SetWindowLongW 13318->13319 13320 b2a94b 13318->13320 13321 b2a935 13319->13321 13320->13319 13322 4d20d8e 13325 4d20dc6 CreateFileW 13322->13325 13324 4d20e15 13325->13324 13273 4d20776 13276 4d207ab GetTokenInformation 13273->13276 13275 4d207e8 13276->13275 13277 4d201f4 13278 4d2018a CreateMutexW 13277->13278 13281 4d20200 FindCloseChangeNotification 13277->13281 13282 4d201a5 13278->13282 13283 4d2026c 13281->13283 13284 b2af9a 13285 b2afea GetUserNameW 13284->13285 13286 b2aff8 13285->13286 13287 b2b806 13288 b2b866 13287->13288 13289 b2b83b SendMessageW 13287->13289 13288->13289 13290 b2b850 13289->13290 13291 4d20f66 13294 4d20f9b ReadFile 13291->13294 13293 4d20fcd 13294->13293 13326 4d20ea6 13329 4d20edb GetFileType 13326->13329 13328 4d20f08 13329->13328 13330 b2a546 13331 b2a584 DuplicateHandle 13330->13331 13332 b2a5bc 13330->13332 13333 b2a592 13331->13333 13332->13331 13334 b2b746 13335 b2b784 CreateIconFromResourceEx 13334->13335 13336 b2b7bc 13334->13336 13337 b2b792 13335->13337 13336->13335 13299 b2a78a 13300 b2a7b6 OleInitialize 13299->13300 13301 b2a7ec 13299->13301 13302 b2a7c4 13300->13302 13301->13300 13338 4d2112a 13339 4d21156 GetSystemInfo 13338->13339 13340 4d2118c 13338->13340 13341 4d21164 13339->13341 13340->13339 13342 4d218ae 13344 4d218e6 ConvertStringSecurityDescriptorToSecurityDescriptorW 13342->13344 13345 4d21927 13344->13345

                        Executed Functions

                        Function 026DAB78 Relevance: 2.2, Strings: 1, Instructions: 902COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID: r
                        • API String ID: 0-1812594589
                        • Opcode ID: e34dc648fe8f64332948e64c061ebe72b561dda345573e7a72923b98536b38f2
                        • Instruction ID: 55aec18c2ba9c516639bbe6eeec455809ff8a4c1637a440c231943eb0fb670e3
                        • Opcode Fuzzy Hash: e34dc648fe8f64332948e64c061ebe72b561dda345573e7a72923b98536b38f2
                        • Instruction Fuzzy Hash: 04823670A00609CFCB14CF69C980AAEBBF2FF88314F158569D45AAB759D734E981CF94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D3850 Relevance: 2.0, Strings: 1, Instructions: 737COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 261 26d3850-26d3860 262 26d38cd-26d3955 call 26d2c58 261->262 263 26d3862-26d3879 261->263 286 26d3959-26d397f 262->286 287 26d3917-26d3957 262->287 270 26d387b-26d3895 263->270 279 26d389f-26d38a2 270->279 280 26d3893-26d389d 270->280 284 26d38a4-26d38bf 279->284 285 26d38c2-26d38cc 279->285 280->270 280->279 284->285 293 26d3a4a-26d3a96 286->293 294 26d3985-26d39de 286->294 287->286 295 26d3926-26d3936 287->295 313 26d3a98-26d3a9b 293->313 294->293 309 26d39ac-26d39b4 294->309 295->286 297 26d3938-26d3945 295->297 297->286 298 26d3947-26d3952 297->298 309->293 312 26d39ba-26d39d2 309->312 314 26d3a3c-26d3a3e 312->314 315 26d3a9d-26d3ab1 313->315 316 26d3af9-26d3b2f 313->316 317 26d39e0-26d39e6 314->317 318 26d3a40-26d3a49 314->318 321 26d3ab7-26d3ac5 315->321 322 26d3ab3-26d3ab5 315->322 329 26d3b36-26d3b3a 316->329 330 26d3b31 316->330 319 26d39e8-26d39fc 317->319 320 26d3a02-26d3a14 317->320 319->320 320->293 323 26d3a16-26d3a2f 320->323 334 26d3ae5-26d3aec 321->334 335 26d3ac7-26d3ada 321->335 322->321 324 26d3aef-26d3af3 322->324 323->293 326 26d3a31-26d3a3b 323->326 324->313 328 26d3af5-26d3af7 324->328 326->314 328->313 332 26d3d2a-26d3d30 329->332 333 26d3b40-26d3b49 329->333 331 26d3d22-26d3d29 330->331 342 26d3d84-26d3d8f 332->342 343 26d3d32-26d3d51 332->343 336 26d3b4b-26d3b4d 333->336 337 26d3b57-26d3bc5 333->337 335->334 338 26d3adc 335->338 336->337 337->332 344 26d3b6f-26d3bd2 337->344 338->334 347 26d3f6d-26d3fb9 342->347 348 26d3d95-26d3d9e 342->348 345 26d3d5d-26d3d83 343->345 346 26d3d53-26d3d55 343->346 386 26d3b97-26d3bdf 344->386 345->342 346->345 382 26d3fcf-26d3ff0 347->382 383 26d3fbb 347->383 349 26d3da4-26d3dad 348->349 350 26d3e71-26d3e75 348->350 349->347 351 26d3db3-26d3dbc 349->351 352 26d3e9b-26d3ea4 350->352 353 26d3e77-26d3e83 350->353 357 26d3e4d-26d3e56 351->357 358 26d3dc2-26d3dce 351->358 360 26d3ebc-26d3ec2 352->360 361 26d3ea6-26d3eb9 352->361 353->347 359 26d3e89-26d3e99 353->359 357->347 363 26d3e5c-26d3e6b 357->363 358->347 364 26d3dd4-26d3dff 358->364 365 26d3ec5-26d3ece 359->365 360->365 361->360 363->349 363->350 364->357 374 26d3e01-26d3e08 364->374 365->347 369 26d3ed4-26d3ee6 365->369 369->347 372 26d3eec-26d3efc 369->372 372->347 375 26d3efe-26d3f0e 372->375 377 26d3e0a 374->377 378 26d3e14-26d3e1d 374->378 375->347 380 26d3f10-26d3f2a 375->380 377->378 378->347 384 26d3e23-26d3e48 378->384 380->347 381 26d3f2c-26d3f57 380->381 381->347 403 26d3f59-26d3f60 381->403 385 26d3fbe-26d3fc0 383->385 402 26d3f63-26d3f6a 384->402 388 26d3ff1-26d402c 385->388 389 26d3fc2-26d3fcd 385->389 408 26d3d16-26d3d1c 386->408 405 26d402e 388->405 406 26d4033-26d403a 388->406 389->382 389->385 403->402 407 26d40c1-26d40c8 405->407 411 26d403c 406->411 412 26d4043-26d408f call 26d23a0 406->412 408->331 410 26d3be1-26d3bf1 408->410 410->332 413 26d3bf7-26d3c01 410->413 411->412 412->407 414 26d3c0f-26d3c20 413->414 415 26d3c03-26d3c05 413->415 414->332 417 26d3c26-26d3c30 414->417 415->414 419 26d3c3e-26d3c4e 417->419 420 26d3c32-26d3c34 417->420 419->332 421 26d3c54-26d3c5a 419->421 420->419 423 26d3c5c-26d3c62 421->423 424 26d3c74-26d3c80 421->424 425 26d3c64 423->425 426 26d3c66-26d3c72 423->426 424->332 427 26d3c86-26d3d12 424->427 425->424 426->424 427->408
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID: >_jk
                        • API String ID: 0-320996094
                        • Opcode ID: 6cc00b599193c221e0d0ada12b66cc1d2f64b8b607f1f2e60d1d48319ab40405
                        • Instruction ID: 035293f0c279ea9b977be969d6b4df6ff71fd4033d8ee0149303ba32bde6e71c
                        • Opcode Fuzzy Hash: 6cc00b599193c221e0d0ada12b66cc1d2f64b8b607f1f2e60d1d48319ab40405
                        • Instruction Fuzzy Hash: F242A371E001198FCB14CF68C8849AABBF2FF85304B1985AAD8199F356D771EC56CF92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D22204 Relevance: 1.6, APIs: 1, Instructions: 94networkCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 449 4d22204-4d22293 454 4d22295 449->454 455 4d22298-4d222af 449->455 454->455 457 4d222f3-4d222f8 455->457 458 4d222b1-4d222d1 bind 455->458 457->458 461 4d222d3-4d222f0 458->461 462 4d222fa-4d222ff 458->462 462->461
                        APIs
                        • bind.WS2_32(?,00000EA8,3A361B3F,00000000,00000000,00000000,00000000), ref: 04D222B7
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: bind
                        • String ID:
                        • API String ID: 1187836755-0
                        • Opcode ID: e34cdb3212802259cbbd6ebdf816cb5b66fac396c10c59bf7668b53e23c00202
                        • Instruction ID: fafc76044a1af60aa9c8ec0ad25f40a6680e664c8330c7e83349b32f9a2980d8
                        • Opcode Fuzzy Hash: e34cdb3212802259cbbd6ebdf816cb5b66fac396c10c59bf7668b53e23c00202
                        • Instruction Fuzzy Hash: E3317C7150E3C06FD7138B219D54B92BFB8EF07214F0988DBE985CF1A3D229A809C762
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D2260F Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                        Download Yara Rule
                        APIs
                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 04D2268F
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: AdjustPrivilegesToken
                        • String ID:
                        • API String ID: 2874748243-0
                        • Opcode ID: 1baba83adbce4a86e0fdfdf83b59159d3f6f779eec790aec1ed80387f7b48d3a
                        • Instruction ID: a525cbe19ade8b11344d050f2279aafd79636caa91c5a857148211edc9922af5
                        • Opcode Fuzzy Hash: 1baba83adbce4a86e0fdfdf83b59159d3f6f779eec790aec1ed80387f7b48d3a
                        • Instruction Fuzzy Hash: 5521E076509384AFEB238F24DC44B52BFB4EF16314F0884DAE9848F163D375A908DB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D2284B Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 04D228C1
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: InformationQuerySystem
                        • String ID:
                        • API String ID: 3562636166-0
                        • Opcode ID: b2b3874ad4e9821162cd8459cf12f1a1e13c435118aa38c0f54bd843e9bfc714
                        • Instruction ID: 06cef6e066b780e70509d9f5488fa823c57777f8fbfed59224346b058f70a3a8
                        • Opcode Fuzzy Hash: b2b3874ad4e9821162cd8459cf12f1a1e13c435118aa38c0f54bd843e9bfc714
                        • Instruction Fuzzy Hash: 0B21AE714097C0AFDB238F20DC45A52FFB0EF17324F0984DBE9844B1A3D265A509DB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D22256 Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
                        Download Yara Rule
                        APIs
                        • bind.WS2_32(?,00000EA8,3A361B3F,00000000,00000000,00000000,00000000), ref: 04D222B7
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: bind
                        • String ID:
                        • API String ID: 1187836755-0
                        • Opcode ID: 3a7e679c3e788b19bd5863f2cdd8ccb1aba55e36ef804aac14dc7c5ea865ab88
                        • Instruction ID: 444f0e0a03e3ab5bfe2fd35eab7116c817e863539fb4d8780838018c860d1a43
                        • Opcode Fuzzy Hash: 3a7e679c3e788b19bd5863f2cdd8ccb1aba55e36ef804aac14dc7c5ea865ab88
                        • Instruction Fuzzy Hash: 8011E272500244AFE720CF14CD84FA6F7A8EF04324F0488AAED498B641D775E408CA72
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D22646 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                        Download Yara Rule
                        APIs
                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 04D2268F
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: AdjustPrivilegesToken
                        • String ID:
                        • API String ID: 2874748243-0
                        • Opcode ID: 1c2181431c14c0c58f15565ee87af355e9085264d0cf408777dd03c2386f6b45
                        • Instruction ID: 91555b6bbc59734dd4a6c0054592defb93f4dfa62d3feac4c26bdafeff8b1d47
                        • Opcode Fuzzy Hash: 1c2181431c14c0c58f15565ee87af355e9085264d0cf408777dd03c2386f6b45
                        • Instruction Fuzzy Hash: 6111A0726002409FDB20CF55D984B62FBE4EF18325F0888AAED858B621D775E518DF62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2AF9A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                        Download Yara Rule
                        APIs
                        • GetUserNameW.ADVAPI32(?,00000EA8,?,?), ref: 00B2AFEA
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: NameUser
                        • String ID:
                        • API String ID: 2645101109-0
                        • Opcode ID: c165146965cebae3c2c8efb24fcd7cf436b44296fe90c4bff3db47988a14ef76
                        • Instruction ID: e62ed5565605605f46ed51ab0a7b826db4c0e8fd15ed826c210076188ef6ffb4
                        • Opcode Fuzzy Hash: c165146965cebae3c2c8efb24fcd7cf436b44296fe90c4bff3db47988a14ef76
                        • Instruction Fuzzy Hash: D001A272600200ABD310DF16DC82B32FBE8FB88A20F148159ED484BB41E371F515CAE6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D2112A Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                        Download Yara Rule
                        APIs
                        • GetSystemInfo.KERNEL32(?,3A361B3F,00000000,?,?,?,?,?,?,?,?,6C1F3C38), ref: 04D2115C
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: InfoSystem
                        • String ID:
                        • API String ID: 31276548-0
                        • Opcode ID: ed84a03bcd37b8632cb1bcd59259218e3ef3471fece5a01e533b86b3f4497498
                        • Instruction ID: 581c4597de8238e2beeedcead1918ea1a58e25851bfbf46be2307e52c836c3bb
                        • Opcode Fuzzy Hash: ed84a03bcd37b8632cb1bcd59259218e3ef3471fece5a01e533b86b3f4497498
                        • Instruction Fuzzy Hash: 6101D1719042409FDB11CF15D9847A6FBE0EF14224F08C4AADD889F306D378E408CAA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D22886 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 04D228C1
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: InformationQuerySystem
                        • String ID:
                        • API String ID: 3562636166-0
                        • Opcode ID: d92fdcc180996b9b679e5bd866da0e7a0d8f24a8200441e882cbe9b01a563075
                        • Instruction ID: 572d4c5c8f6a11561b62ac5d281440237ef3bc5cfcfe264169294654c2021b80
                        • Opcode Fuzzy Hash: d92fdcc180996b9b679e5bd866da0e7a0d8f24a8200441e882cbe9b01a563075
                        • Instruction Fuzzy Hash: F9018B325002509FDB208F15D984B61FBA0FF18324F08849AEE894B716E375E458DBA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D23A0 Relevance: .5, Instructions: 505COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ba1df462fb002dfa98382e2c127aa7a6c19698edb0804e85d6f618e398b8c51a
                        • Instruction ID: 959b63693cfbaded62d941f2406a51aceab76665d8db512922f0303ff670f503
                        • Opcode Fuzzy Hash: ba1df462fb002dfa98382e2c127aa7a6c19698edb0804e85d6f618e398b8c51a
                        • Instruction Fuzzy Hash: 1C129C30E04219CFD728DF25C9A46AEB7F2FB88305F24816AD816DB356DB789946CB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D8468 Relevance: .5, Instructions: 505COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ee20add3e4a28f7e318a28f4989ddffda4ecc4e6f2ec081e15f440398496a2a0
                        • Instruction ID: 2b06429da1475719bca0f581232290fc6e9bf0e98fd3e8b5b5111953b9d275ec
                        • Opcode Fuzzy Hash: ee20add3e4a28f7e318a28f4989ddffda4ecc4e6f2ec081e15f440398496a2a0
                        • Instruction Fuzzy Hash: 7A128A70E00219DFCB28DF66C88866EB7F2FF89305F5485A9E4569B354DB789C46CB80
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D2FA8 Relevance: .2, Instructions: 239COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7e7d3beffdae5123c9c6335acc13b297bae9a6e46d832a7991b24c917dfc9f11
                        • Instruction ID: ca3df71dda1a5e39428fd58d838c62e00633b14c7c8b482b47dcc1817ed87053
                        • Opcode Fuzzy Hash: 7e7d3beffdae5123c9c6335acc13b297bae9a6e46d832a7991b24c917dfc9f11
                        • Instruction Fuzzy Hash: 9D819936F011599BD714DB69C880BAEB7E3AFC8314B2A84A4E405EB365DF359C02CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D9068 Relevance: .2, Instructions: 239COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 54a33ce5d94f8896e01b7381faf8143fc6c8c315c09598b25ea706f2ea33384c
                        • Instruction ID: 5ac66e6db0532e67eab941ed31ffa4e881bc80ab89ef414a18c01a020bc37e8a
                        • Opcode Fuzzy Hash: 54a33ce5d94f8896e01b7381faf8143fc6c8c315c09598b25ea706f2ea33384c
                        • Instruction Fuzzy Hash: 3481AF35F061199BD704DB69D885AAEB7F3AFC8314F2A8468E405EB365DF359C02CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D201F4 Relevance: 3.1, APIs: 2, Instructions: 102synchronizationCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • CreateMutexW.KERNEL32(?,?), ref: 04D2019D
                        • FindCloseChangeNotification.KERNEL32(?,3A361B3F,00000000,?,?,?,?,?,?,?,?,6C1F3C38), ref: 04D20264
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: ChangeCloseCreateFindMutexNotification
                        • String ID:
                        • API String ID: 2967213129-0
                        • Opcode ID: ce350bb00efc2838d8c79fc6292c58ccd522f29dfb864e4d6b3dade7a88eb2c7
                        • Instruction ID: 7c01796b132baadbcd0d1bd0c9b687f27c664712c37cb7f857728a109e08d608
                        • Opcode Fuzzy Hash: ce350bb00efc2838d8c79fc6292c58ccd522f29dfb864e4d6b3dade7a88eb2c7
                        • Instruction Fuzzy Hash: FB31E6715053809FE712CF24E985796BFA4EF52324F0884EADD848F253D375A949CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D8E18 Relevance: 2.6, Strings: 2, Instructions: 132COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 19 26d8e18-26d8e4a 24 26d8e4c 19->24 25 26d8e51 19->25 26 26d8f5d-26d8f64 24->26 58 26d8e51 call 26d8e18 25->58 59 26d8e51 call 26d8e07 25->59 60 26d8e51 call 26d8f80 25->60 27 26d8e57-26d8e59 28 26d8e5b 27->28 29 26d8e60-26d8ed3 27->29 28->26 33 26d8e7f-26d8e89 29->33 34 26d8f67-26d8f81 29->34 33->34 35 26d8e8f-26d8e99 33->35 40 26d8f89-26d8f8b 34->40 35->34 36 26d8e9f-26d8ea9 35->36 36->34 38 26d8eaf-26d8ee2 36->38 50 26d8f36-26d8f3a 38->50 42 26d8f8d-26d8f90 40->42 43 26d8f91-26d8f97 40->43 51 26d8f3c 50->51 52 26d8ee4-26d8ef9 50->52 53 26d8f3e-26d8f40 51->53 52->34 54 26d8efb-26d8f27 52->54 53->34 55 26d8f42-26d8f4c 53->55 54->34 56 26d8f29-26d8f33 54->56 55->53 57 26d8f4e-26d8f5a 55->57 56->50 57->26 58->27 59->27 60->27
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID: $>_jk
                        • API String ID: 0-2957635763
                        • Opcode ID: e2b51b4591fa310febb138aacd28f83d1e436197f13f4a2e6a1dfd4b6f581134
                        • Instruction ID: abf29691f7a13fdc9e375ce17a294845d13b737f52850130f3856fc83c298f75
                        • Opcode Fuzzy Hash: e2b51b4591fa310febb138aacd28f83d1e436197f13f4a2e6a1dfd4b6f581134
                        • Instruction Fuzzy Hash: 7641ACB0E042098FCB14DF65C8896AEB7A2EBC4358F28CA66D519DB705D735E803CBD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D211C5 Relevance: 1.6, APIs: 1, Instructions: 98networkCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 440 4d211c5-4d211df 441 4d21201-4d2128e DnsQuery_A 440->441 442 4d211e1-4d21200 440->442 448 4d21294-4d212aa 441->448 442->441
                        APIs
                        • DnsQuery_A.DNSAPI(?,00000EA8,?,?), ref: 04D21286
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: Query_
                        • String ID:
                        • API String ID: 428220571-0
                        • Opcode ID: 7608a8bf39f4fa7d651283239845613a0fbe87dbd495d2eb0597f43fd937aea6
                        • Instruction ID: b8a65b1192df1b94b71e3a86d4173a6b4a0f6ae70c29e4aed18de9e8aeb77c72
                        • Opcode Fuzzy Hash: 7608a8bf39f4fa7d651283239845613a0fbe87dbd495d2eb0597f43fd937aea6
                        • Instruction Fuzzy Hash: 91318F6510E3C06FD3138B318C61A61BFB4EF47614F0E85CBE8C49B6A3D219A919C7B2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D20390 Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 465 4d20390-4d20456 470 4d2049b-4d204a0 465->470 471 4d20458-4d2046b RegQueryValueExA 465->471 470->471 472 4d204a2-4d204a7 471->472 473 4d2046d-4d20498 471->473 472->473
                        APIs
                        • RegQueryValueExA.KERNEL32(?,00000EA8), ref: 04D2045E
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: QueryValue
                        • String ID:
                        • API String ID: 3660427363-0
                        • Opcode ID: 93822e51e2561b299f028b5515fc1b1c6cfc2331e57bc630360732b1d35c8b88
                        • Instruction ID: 19b0e956eeddba2ae145473d062f52b3e1afb2f4c9cc337d6194c52d17895425
                        • Opcode Fuzzy Hash: 93822e51e2561b299f028b5515fc1b1c6cfc2331e57bc630360732b1d35c8b88
                        • Instruction Fuzzy Hash: 9C31B7710047446FE7228F10CC45FA6FBB8EF06714F04899EE9858B592D3A5A949CB71
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D20D68 Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 507 4d20d68-4d20de6 511 4d20deb-4d20df7 507->511 512 4d20de8 507->512 513 4d20df9 511->513 514 4d20dfc-4d20e05 511->514 512->511 513->514 515 4d20e56-4d20e5b 514->515 516 4d20e07-4d20e2b CreateFileW 514->516 515->516 519 4d20e5d-4d20e62 516->519 520 4d20e2d-4d20e53 516->520 519->520
                        APIs
                        • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 04D20E0D
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: CreateFile
                        • String ID:
                        • API String ID: 823142352-0
                        • Opcode ID: 0e64f4905e6f51f4810a44a187ebd27f4c762072a9bfda9692df4a157f86782e
                        • Instruction ID: 56504ec9865945cd0ad0651fe5e135d777df3511525808e27d4e7a622a46894c
                        • Opcode Fuzzy Hash: 0e64f4905e6f51f4810a44a187ebd27f4c762072a9bfda9692df4a157f86782e
                        • Instruction Fuzzy Hash: C6319071505340AFE722CF25CD44F66BFE8EF09224F0888AEE9858B652D365F419CB71
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D20736 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 493 4d20736-4d207d8 499 4d20825-4d2082a 493->499 500 4d207da-4d207e2 GetTokenInformation 493->500 499->500 501 4d207e8-4d207fa 500->501 503 4d2082c-4d20831 501->503 504 4d207fc-4d20822 501->504 503->504
                        APIs
                        • GetTokenInformation.KERNELBASE(?,00000EA8,3A361B3F,00000000,00000000,00000000,00000000), ref: 04D207E0
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: InformationToken
                        • String ID:
                        • API String ID: 4114910276-0
                        • Opcode ID: 8cd2ce16b2f7858ea2a316f58e1439f0a772a7dfdb8e9105fa649322d757b99b
                        • Instruction ID: 7ba7ae2bef845841859c452f8e7e1931a0b97e4f5b9eb99ebfaa2b74db46eb75
                        • Opcode Fuzzy Hash: 8cd2ce16b2f7858ea2a316f58e1439f0a772a7dfdb8e9105fa649322d757b99b
                        • Instruction Fuzzy Hash: FB31C471509784AFEB228F20DC45FA7BFB8EF06314F08449AE985DB152D624A549CBA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2AA02 Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 478 b2aa02-b2aa8d 482 b2aa92-b2aaa9 478->482 483 b2aa8f 478->483 485 b2aaeb-b2aaf0 482->485 486 b2aaab-b2aabe RegOpenKeyExW 482->486 483->482 485->486 487 b2aaf2-b2aaf7 486->487 488 b2aac0-b2aae8 486->488 487->488
                        APIs
                        • RegOpenKeyExW.KERNEL32(?,00000EA8), ref: 00B2AAB1
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: Open
                        • String ID:
                        • API String ID: 71445658-0
                        • Opcode ID: adea655ce9c9623189e137ba8b1d4e74ed4d8eefe755d1b6689e73efbbb7f8fb
                        • Instruction ID: 2d5d3fd6c4576b397fb134170f56c4b249d6c0f5ff784eb218d1e9513808f025
                        • Opcode Fuzzy Hash: adea655ce9c9623189e137ba8b1d4e74ed4d8eefe755d1b6689e73efbbb7f8fb
                        • Instruction Fuzzy Hash: 8531B8725043846FE7128F21DC45FA7BFECEF06310F04849AED858B652D264E849CB72
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D21F8C Relevance: 1.6, APIs: 1, Instructions: 90timeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 523 4d21f8c-4d22021 528 4d22023-4d2202b GetProcessTimes 523->528 529 4d2206e-4d22073 523->529 531 4d22031-4d22043 528->531 529->528 532 4d22075-4d2207a 531->532 533 4d22045-4d2206b 531->533 532->533
                        APIs
                        • GetProcessTimes.KERNEL32(?,00000EA8,3A361B3F,00000000,00000000,00000000,00000000), ref: 04D22029
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: ProcessTimes
                        • String ID:
                        • API String ID: 1995159646-0
                        • Opcode ID: 1d78724547533d9bc81b8f8721d67b4aff05bb87a6b530a781699434e782c516
                        • Instruction ID: d6b19ab2d4800f4582e42dd70946c1c33ceceb09d7a32929ba1cb8dd27e789a5
                        • Opcode Fuzzy Hash: 1d78724547533d9bc81b8f8721d67b4aff05bb87a6b530a781699434e782c516
                        • Instruction Fuzzy Hash: 0831F5725097806FEB128F20DD45FA6BFB8EF46314F0884EAE985CB153D324A509CB72
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D22AAB Relevance: 1.6, APIs: 1, Instructions: 90windowCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 536 4d22aab-4d22b13 538 4d22b16-4d22b68 FormatMessageW 536->538 540 4d22b6e-4d22b97 538->540
                        APIs
                        • FormatMessageW.KERNEL32(?,00000EA8,?,?), ref: 04D22B66
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: FormatMessage
                        • String ID:
                        • API String ID: 1306739567-0
                        • Opcode ID: a63a6ca7fb40f63e2f0ec20185c4bcea2be2165dd4b08f60826b8906249e0f2d
                        • Instruction ID: aea5b0079a5f6be1a11ca601d42b8ca369b86f87c6c4775e11b9de8c6248931c
                        • Opcode Fuzzy Hash: a63a6ca7fb40f63e2f0ec20185c4bcea2be2165dd4b08f60826b8906249e0f2d
                        • Instruction Fuzzy Hash: F1316D7650D3C06FD7038B258C65A62BFB4EF47614F0A80CBD9848F6A3E6256919C7A2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D200F6 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 559 4d200f6-4d20179 563 4d2017b 559->563 564 4d2017e-4d20187 559->564 563->564 565 4d20189 564->565 566 4d2018c-4d20195 564->566 565->566 567 4d201e6-4d201eb 566->567 568 4d20197-4d201bb CreateMutexW 566->568 567->568 571 4d201ed-4d201f2 568->571 572 4d201bd-4d201e3 568->572 571->572
                        APIs
                        • CreateMutexW.KERNEL32(?,?), ref: 04D2019D
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: CreateMutex
                        • String ID:
                        • API String ID: 1964310414-0
                        • Opcode ID: 0304de28accccffc3bfd4e02461ec42786612d0c077ec0264c1a65566a9596de
                        • Instruction ID: c7e1baca64a5b69ad61689b3819b6b08e08935b682e73571d2bdd85b7a1f6278
                        • Opcode Fuzzy Hash: 0304de28accccffc3bfd4e02461ec42786612d0c077ec0264c1a65566a9596de
                        • Instruction Fuzzy Hash: F731A2715097806FE712CF25DD84B56FFF8EF06314F08849AE984DB292D365E909CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2AAF9 Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 542 b2aaf9-b2ab77 545 b2ab79 542->545 546 b2ab7c-b2ab85 542->546 545->546 547 b2ab87 546->547 548 b2ab8a-b2ab90 546->548 547->548 549 b2ab92 548->549 550 b2ab95-b2abac 548->550 549->550 552 b2abe3-b2abe8 550->552 553 b2abae-b2abc1 RegQueryValueExW 550->553 552->553 554 b2abc3-b2abe0 553->554 555 b2abea-b2abef 553->555 555->554
                        APIs
                        • RegQueryValueExW.KERNEL32(?,00000EA8,3A361B3F,00000000,00000000,00000000,00000000), ref: 00B2ABB4
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: QueryValue
                        • String ID:
                        • API String ID: 3660427363-0
                        • Opcode ID: 43be87332b1aece906210075da00f5f83aa9fe5e0f2fa563d4fb9bf8aa342f7f
                        • Instruction ID: 1856eed211c61679d081122366b32a624e88c91a25069f54e46de34919fdbf46
                        • Opcode Fuzzy Hash: 43be87332b1aece906210075da00f5f83aa9fe5e0f2fa563d4fb9bf8aa342f7f
                        • Instruction Fuzzy Hash: 893195711093846FD722CF21DC84F92BFE8EF06314F0884DAE989CB152D364E949CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D21882 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 575 4d21882-4d21909 580 4d2190b 575->580 581 4d2190e-4d21917 575->581 580->581 582 4d21919-4d21921 ConvertStringSecurityDescriptorToSecurityDescriptorW 581->582 583 4d2196f-4d21974 581->583 584 4d21927-4d21939 582->584 583->582 586 4d21976-4d2197b 584->586 587 4d2193b-4d2196c 584->587 586->587
                        APIs
                        • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000EA8), ref: 04D2191F
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: DescriptorSecurity$ConvertString
                        • String ID:
                        • API String ID: 3907675253-0
                        • Opcode ID: b46ab228e4dabf342c054521af239c1de64bc35371c6040613e01c2a86d4d23e
                        • Instruction ID: c85a1ccc24d75adfaf69fa81e3f4858fa1fe763bb103faf2669d4f878f94aa52
                        • Opcode Fuzzy Hash: b46ab228e4dabf342c054521af239c1de64bc35371c6040613e01c2a86d4d23e
                        • Instruction Fuzzy Hash: DB21A572504344AFE721CF24DC45F6BBBACEF45324F0884AAE985DB252D764E808CB61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D204AB Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 591 4d204ab-4d2052d 594 4d20532-4d20538 591->594 595 4d2052f 591->595 596 4d2053a 594->596 597 4d2053d-4d20554 594->597 595->594 596->597 599 4d20556-4d20569 RegQueryValueExW 597->599 600 4d2058b-4d20590 597->600 601 4d20592-4d20597 599->601 602 4d2056b-4d20588 599->602 600->599 601->602
                        APIs
                        • RegQueryValueExW.KERNEL32(?,00000EA8,3A361B3F,00000000,00000000,00000000,00000000), ref: 04D2055C
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: QueryValue
                        • String ID:
                        • API String ID: 3660427363-0
                        • Opcode ID: 1567acc472b960343cde3b9406a4c213e91f25a219e9461115afa10d1a7d9a75
                        • Instruction ID: 4ce8fda690321784d1d4a561b8a57fe82a624016e02ea48de681c86f2bbb7673
                        • Opcode Fuzzy Hash: 1567acc472b960343cde3b9406a4c213e91f25a219e9461115afa10d1a7d9a75
                        • Instruction Fuzzy Hash: 423180711097846FD722CB25DD84B92BFB8EF07214F0885DAE9858B6A2D364E809CB71
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D202AB Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON
                        Download Yara Rule
                        APIs
                        • RegOpenKeyExA.KERNEL32(?,00000EA8), ref: 04D20353
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: Open
                        • String ID:
                        • API String ID: 71445658-0
                        • Opcode ID: 997725b353a26d8cbcb93172d4aa8656ecd9c519854b6f1d140545756e34fcbb
                        • Instruction ID: 49f6e0adab17be3ddf55e7b6c3b7ac6c5fcad19c8ebeb2740910e65d4e4caf1f
                        • Opcode Fuzzy Hash: 997725b353a26d8cbcb93172d4aa8656ecd9c519854b6f1d140545756e34fcbb
                        • Instruction Fuzzy Hash: 4821BB750097846FEB228F10DC45FA6FFB4EF06314F0884DAE9858B193D365A959C772
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D2100F Relevance: 1.6, APIs: 1, Instructions: 78fileCOMMON
                        Download Yara Rule
                        APIs
                        • DeleteFileA.KERNEL32(?,00000EA8), ref: 04D210B3
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: DeleteFile
                        • String ID:
                        • API String ID: 4033686569-0
                        • Opcode ID: 64cacbc18b07654cc555af9efa808a7cd9e431a9301baf4f63be61491bb5c445
                        • Instruction ID: 046fb845c3a6e350884e8f5c78413c9358863afc5d5668576d6f0b864ca01baa
                        • Opcode Fuzzy Hash: 64cacbc18b07654cc555af9efa808a7cd9e431a9301baf4f63be61491bb5c445
                        • Instruction Fuzzy Hash: D92128715083C46FE722CB24DC55FA6BFA8EF06324F08C0DAED858B193D764A949C762
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D212B2 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                        Download Yara Rule
                        APIs
                        • WSASocketW.WS2_32(?,?,?,?,?), ref: 04D2133E
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: Socket
                        • String ID:
                        • API String ID: 38366605-0
                        • Opcode ID: e694977158bd445eb4f3bc6516781f0d5b470e75eb6292f9cf82c62e654be50c
                        • Instruction ID: 6998b7d6ac02bf2a496cc84d5a485c6011de047c875c3513a52d22bb3149e370
                        • Opcode Fuzzy Hash: e694977158bd445eb4f3bc6516781f0d5b470e75eb6292f9cf82c62e654be50c
                        • Instruction Fuzzy Hash: 2221D371508380AFE722CF60DC44F96FFF8EF05214F08849EE9858B652D375A418CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D20E64 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                        Download Yara Rule
                        APIs
                        • GetFileType.KERNEL32(?,00000EA8,3A361B3F,00000000,00000000,00000000,00000000), ref: 04D20EF9
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: FileType
                        • String ID:
                        • API String ID: 3081899298-0
                        • Opcode ID: 0a9799ac6f20fec4b43bcfa919f09666962bb9630a41fefa719e650929e5eb60
                        • Instruction ID: 8650950a2a185f99ee8fbedab8d159c2afed7d8686a34bb42cf60842099b0196
                        • Opcode Fuzzy Hash: 0a9799ac6f20fec4b43bcfa919f09666962bb9630a41fefa719e650929e5eb60
                        • Instruction Fuzzy Hash: 0721D6B64087846FE7128B259C44BA2BFA8EF46724F0884DAED858B253D224A909C771
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D21A3E Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: FileView
                        • String ID:
                        • API String ID: 3314676101-0
                        • Opcode ID: 60c33bba265842985bad2044a1e944e4e4dedba1603252a4b487da1110315c75
                        • Instruction ID: 9ab706c45e9c17f8c399b98e81f4c983c03e99d41dbf381e718653b3a90fd0e4
                        • Opcode Fuzzy Hash: 60c33bba265842985bad2044a1e944e4e4dedba1603252a4b487da1110315c75
                        • Instruction Fuzzy Hash: 0921A371104384AFE722CF15CC44F96FFF8EF06214F08849EE9858B652D365A548CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2AF50 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                        Download Yara Rule
                        APIs
                        • GetUserNameW.ADVAPI32(?,00000EA8,?,?), ref: 00B2AFEA
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: NameUser
                        • String ID:
                        • API String ID: 2645101109-0
                        • Opcode ID: 9d3aacce64c5dbd27ec758f4fe41cdf9edf1e9929a183b17665c266665235a52
                        • Instruction ID: 9c575a08cdc33f4c2c96d757eb257dc3bc8d5e5d51661721648757609e699d2f
                        • Opcode Fuzzy Hash: 9d3aacce64c5dbd27ec758f4fe41cdf9edf1e9929a183b17665c266665235a52
                        • Instruction Fuzzy Hash: 97210A7150D3C06FC3138B219C41B62BFB4EF47614F0941DBE884CB653D225A919C7B2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D20D8E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                        Download Yara Rule
                        APIs
                        • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 04D20E0D
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: CreateFile
                        • String ID:
                        • API String ID: 823142352-0
                        • Opcode ID: 76c784a728543cfc27b35d1d159bf215d0145c771131d6b822387a5018fa8885
                        • Instruction ID: 6377da3d87edb20f1cd28188cda192dc2ae347057082483d586aabd15442d964
                        • Opcode Fuzzy Hash: 76c784a728543cfc27b35d1d159bf215d0145c771131d6b822387a5018fa8885
                        • Instruction Fuzzy Hash: 88218171604300AFE721CF65CD45B66FBE8EF08624F048869EA858B751E775F448CB61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D218AE Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                        Download Yara Rule
                        APIs
                        • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000EA8), ref: 04D2191F
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: DescriptorSecurity$ConvertString
                        • String ID:
                        • API String ID: 3907675253-0
                        • Opcode ID: cd20965957d3b963001a2d4649902021556c1fba5a1dc64e1765ccbcb0f07cd1
                        • Instruction ID: 546e09d2f150704e67138b2d6e854daa083d81626087bb0d58046c1525a8a451
                        • Opcode Fuzzy Hash: cd20965957d3b963001a2d4649902021556c1fba5a1dc64e1765ccbcb0f07cd1
                        • Instruction Fuzzy Hash: 9721D472600204AFEB20DF24DD45BAAFBACEF05324F04846AED85CB645E774E4088A72
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D203CA Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                        Download Yara Rule
                        APIs
                        • RegQueryValueExA.KERNEL32(?,00000EA8), ref: 04D2045E
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: QueryValue
                        • String ID:
                        • API String ID: 3660427363-0
                        • Opcode ID: fc4937f0bcd08ce5ff37d25af539cdebc9558b70006e396ad66f599a68ce6b6d
                        • Instruction ID: cc54e40e9430abd3336cd68ce413ae55d86577869468f983ea36f005e5f96405
                        • Opcode Fuzzy Hash: fc4937f0bcd08ce5ff37d25af539cdebc9558b70006e396ad66f599a68ce6b6d
                        • Instruction Fuzzy Hash: 5921F572100604AFEB31CF11CD40FA6F7ACEF04714F04885AEE868A681D7B5E449CBB1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D20F34 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                        Download Yara Rule
                        APIs
                        • ReadFile.KERNEL32(?,00000EA8,3A361B3F,00000000,00000000,00000000,00000000), ref: 04D20FC5
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: FileRead
                        • String ID:
                        • API String ID: 2738559852-0
                        • Opcode ID: 412d9fe44ca914f45dc2a68ca549cdf66e6476eace7866993288cecf47d701c2
                        • Instruction ID: 17cf6b22596b5645210e543fe11fb4fb79dbcdbee5f745cf0d2db024f2528763
                        • Opcode Fuzzy Hash: 412d9fe44ca914f45dc2a68ca549cdf66e6476eace7866993288cecf47d701c2
                        • Instruction Fuzzy Hash: EC21A172509384AFDB228F21DD44F96BFB8EF46314F0884EBE9858B153C265A449CB72
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2AA32 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                        Download Yara Rule
                        APIs
                        • RegOpenKeyExW.KERNEL32(?,00000EA8), ref: 00B2AAB1
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: Open
                        • String ID:
                        • API String ID: 71445658-0
                        • Opcode ID: 2e631e9a25a8b249a0393d5daa9adc296c7cefb5712d111d97123a7b2c510a1c
                        • Instruction ID: 6d7902bb32cd61bf7ff4679495fd98817b1b86bd213b22c0b835101fbc684713
                        • Opcode Fuzzy Hash: 2e631e9a25a8b249a0393d5daa9adc296c7cefb5712d111d97123a7b2c510a1c
                        • Instruction Fuzzy Hash: CC21CF72500204AFE720CF20DD84FAAF7ECEF09320F14845AED458B641D764E808CAB2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D2012A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                        Download Yara Rule
                        APIs
                        • CreateMutexW.KERNEL32(?,?), ref: 04D2019D
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: CreateMutex
                        • String ID:
                        • API String ID: 1964310414-0
                        • Opcode ID: ba2a8367e216715cc868342de337cab2c362491e23c43cff1e1879cda50d1bd2
                        • Instruction ID: 73fe711e56a4a6945041e09ca625c064e7fa26748700d88151ffd6119d977a57
                        • Opcode Fuzzy Hash: ba2a8367e216715cc868342de337cab2c362491e23c43cff1e1879cda50d1bd2
                        • Instruction Fuzzy Hash: 4A21C571604240AFE721CF25CD44B66FBE8EF04214F04846AEE85DB741E775F504CA61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D20C97 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                        Download Yara Rule
                        APIs
                        • CreateDirectoryW.KERNEL32(?,?,3A361B3F,00000000,?,?,?,?,?,?,?,?,6C1F3C38), ref: 04D20D13
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: CreateDirectory
                        • String ID:
                        • API String ID: 4241100979-0
                        • Opcode ID: 9904133b4a331bcc0f500b02cedf04a7cc99ee2e3e3f1cd2c6912d607c47822c
                        • Instruction ID: 85852ebdfe7fc96e8c58e5a468d58c8fd414f96c53dd64e367de0c2f140e34d6
                        • Opcode Fuzzy Hash: 9904133b4a331bcc0f500b02cedf04a7cc99ee2e3e3f1cd2c6912d607c47822c
                        • Instruction Fuzzy Hash: 4A2183B15093809FD712CF25DD85B52BFB8EF16214F0984EAE988CF163D664E509CB61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D20776 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                        Download Yara Rule
                        APIs
                        • GetTokenInformation.KERNELBASE(?,00000EA8,3A361B3F,00000000,00000000,00000000,00000000), ref: 04D207E0
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: InformationToken
                        • String ID:
                        • API String ID: 4114910276-0
                        • Opcode ID: c34238ea2825a726459231ab696ce2ae9745e865031d6758f7d55606d809f92f
                        • Instruction ID: 357cd1708c1b68ce9569cc3f498876384dbb2a6698b80e9ceeae5a8042636c2c
                        • Opcode Fuzzy Hash: c34238ea2825a726459231ab696ce2ae9745e865031d6758f7d55606d809f92f
                        • Instruction Fuzzy Hash: 33119072500244AFEB21CF65DD84FA6F7A8EF04224F04846AEE45DB651D774E4488BB1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2AB3A Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                        Download Yara Rule
                        APIs
                        • RegQueryValueExW.KERNEL32(?,00000EA8,3A361B3F,00000000,00000000,00000000,00000000), ref: 00B2ABB4
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: QueryValue
                        • String ID:
                        • API String ID: 3660427363-0
                        • Opcode ID: 3b3154e8f880ff08303e9141a2520b5ac61e31e083620491831012eee385b897
                        • Instruction ID: 86b90513c9646487814e0e8941bd5773a18302b2e6901bb5d434a1d811afc328
                        • Opcode Fuzzy Hash: 3b3154e8f880ff08303e9141a2520b5ac61e31e083620491831012eee385b897
                        • Instruction Fuzzy Hash: 5F215176600604AFE720CE15DC84FA6F7ECEF05710F1485AAED498B651D764E848CA72
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D226DC Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                        Download Yara Rule
                        APIs
                        • FindCloseChangeNotification.KERNEL32(?,3A361B3F,00000000,?,?,?,?,?,?,?,?,6C1F3C38), ref: 04D22748
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: ChangeCloseFindNotification
                        • String ID:
                        • API String ID: 2591292051-0
                        • Opcode ID: 67f4d2ebe79ebda3978b5533e2a90627c76fe67b6af9b0089dca7dc857f0abe2
                        • Instruction ID: 999b7be78be1cf26729dc6debeed97827344f04444500955a608b8c55de8591c
                        • Opcode Fuzzy Hash: 67f4d2ebe79ebda3978b5533e2a90627c76fe67b6af9b0089dca7dc857f0abe2
                        • Instruction Fuzzy Hash: 6E21C07250D3C05FDB028F25DC94B92BFB4AF17324F0D84DAE8858F663D264A908CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D212D2 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                        Download Yara Rule
                        APIs
                        • WSASocketW.WS2_32(?,?,?,?,?), ref: 04D2133E
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: Socket
                        • String ID:
                        • API String ID: 38366605-0
                        • Opcode ID: 909ebcebfa3a1fbd17940972d38faa1c46dc464b6c253ad9532186bfe2df4599
                        • Instruction ID: 8568a82c6179e01cda3c042c896c757465d054f8f4f5856fe72154bc8306d5d3
                        • Opcode Fuzzy Hash: 909ebcebfa3a1fbd17940972d38faa1c46dc464b6c253ad9532186bfe2df4599
                        • Instruction Fuzzy Hash: A8219F72604240AFEB21CF64DD44BAAFBE5EF08224F14846AE9C58BA51D375B408CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D22791 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                        Download Yara Rule
                        APIs
                        • K32EnumProcesses.KERNEL32(?,?,?,3A361B3F,00000000,?,?,?,?,?,?,?,?,6C1F3C38), ref: 04D22802
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: EnumProcesses
                        • String ID:
                        • API String ID: 84517404-0
                        • Opcode ID: 04f11de78ff972cdc6c3f587d0f1624a8e3be1d998bf3c6d3b3d18813d32bf31
                        • Instruction ID: a087aed508f85eb858e8b63bbf5900ed84c486db1cf8202c36709fb3a6621d19
                        • Opcode Fuzzy Hash: 04f11de78ff972cdc6c3f587d0f1624a8e3be1d998bf3c6d3b3d18813d32bf31
                        • Instruction Fuzzy Hash: AB2181715093809FD712CF65DC84B92BFF4EF16324F0984EAE985CF263D264A909CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D21A5E Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: FileView
                        • String ID:
                        • API String ID: 3314676101-0
                        • Opcode ID: f0614d40c273ea81caea471cdc66070a9073819f444d7a32c9b2f3af2b2e4ce8
                        • Instruction ID: 12753f5c4b92ce6e3e60e6c81caabcf257b6b92bc422b946de45f6bfaa40ba09
                        • Opcode Fuzzy Hash: f0614d40c273ea81caea471cdc66070a9073819f444d7a32c9b2f3af2b2e4ce8
                        • Instruction Fuzzy Hash: D621CF72200204AFE721CF15CD44FAAFBE8EF08228F04845DE9858B651E375F408CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D204EA Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                        Download Yara Rule
                        APIs
                        • RegQueryValueExW.KERNEL32(?,00000EA8,3A361B3F,00000000,00000000,00000000,00000000), ref: 04D2055C
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: QueryValue
                        • String ID:
                        • API String ID: 3660427363-0
                        • Opcode ID: 89486274502a6039f388eeff0a0124d25bcc0e9801fbec82781d125a54ec79bc
                        • Instruction ID: 68a3430608b395d428af4f3051038ca9c1c532b6655659dce0bdc5a55fcf1084
                        • Opcode Fuzzy Hash: 89486274502a6039f388eeff0a0124d25bcc0e9801fbec82781d125a54ec79bc
                        • Instruction Fuzzy Hash: E411DF72200604AFEB21CF15DD84FA2F7E8EF09324F04846AEE468B651D764F448CA72
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D21FCA Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                        Download Yara Rule
                        APIs
                        • GetProcessTimes.KERNEL32(?,00000EA8,3A361B3F,00000000,00000000,00000000,00000000), ref: 04D22029
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: ProcessTimes
                        • String ID:
                        • API String ID: 1995159646-0
                        • Opcode ID: a34c98e9bbc756a886aa761a8a035fc66a40509e184546ceee0f2c248a8c99ac
                        • Instruction ID: ce1b1773e6943c7f35741a6e8060dff9a2453b65b2dd5160ab7bb50e6df85e6c
                        • Opcode Fuzzy Hash: a34c98e9bbc756a886aa761a8a035fc66a40509e184546ceee0f2c248a8c99ac
                        • Instruction Fuzzy Hash: 3D11B672600204AFEB21CF65DD45FAAFBA8EF14724F0484AAED458B651D774E448CB72
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D224A4 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                        Download Yara Rule
                        APIs
                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 04D2250E
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: LookupPrivilegeValue
                        • String ID:
                        • API String ID: 3899507212-0
                        • Opcode ID: 0e3de68fc228cb34eb268a6289f0bad8d647c2442fb97fcb616b64ccea38f911
                        • Instruction ID: 82f075495e47960297b1a2ce5e078ecd6e0d99ca2a860d5d214f08f51c5609b7
                        • Opcode Fuzzy Hash: 0e3de68fc228cb34eb268a6289f0bad8d647c2442fb97fcb616b64ccea38f911
                        • Instruction Fuzzy Hash: C2117F715053809FD721CF25DD89B62BFE8EF56324F0884EAE989CB652D264E809CB61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2B7CA Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,?,?,?), ref: 00B2B841
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID:
                        • API String ID: 3850602802-0
                        • Opcode ID: b3cf2665938b333b9edc0ff617f33e5c3bdf612e1c9b8c8d3c2f6c7a33f89d25
                        • Instruction ID: 8c6f90e101bf198343c1eb30a8e9476d23570bc1938597dcfc88eda537d35407
                        • Opcode Fuzzy Hash: b3cf2665938b333b9edc0ff617f33e5c3bdf612e1c9b8c8d3c2f6c7a33f89d25
                        • Instruction Fuzzy Hash: DB21AF724097C09FDB128B21DC54AA2BFB4EF1B324F0D84DAEDC44F163D265A958DB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2A51F Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                        Download Yara Rule
                        APIs
                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B2A58A
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: DuplicateHandle
                        • String ID:
                        • API String ID: 3793708945-0
                        • Opcode ID: f738465e93de5b9d92f64d418911c0dc87608885b1cbe995efcb6b5b369cadfa
                        • Instruction ID: ac47541d85226d5b023f6311cbe533b35c79cbc089e768b78d654543b4e6d56d
                        • Opcode Fuzzy Hash: f738465e93de5b9d92f64d418911c0dc87608885b1cbe995efcb6b5b369cadfa
                        • Instruction Fuzzy Hash: 55118771409380AFDB228F54DC44A62FFF4EF5A310F0884DEED858B552D375A519DB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D202DE Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                        Download Yara Rule
                        APIs
                        • RegOpenKeyExA.KERNEL32(?,00000EA8), ref: 04D20353
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: Open
                        • String ID:
                        • API String ID: 71445658-0
                        • Opcode ID: e56fb878deba045b789cc958676f94af303a2b923cf986458abdb69612a6b4e7
                        • Instruction ID: 3f059727e12fa5902f0d51478ce2b3a9ced8a800adf10bb09fb2746f844761a2
                        • Opcode Fuzzy Hash: e56fb878deba045b789cc958676f94af303a2b923cf986458abdb69612a6b4e7
                        • Instruction Fuzzy Hash: 64110472100304AFEB318F10CD45FA6FBA4EF04724F14849AEE854A651D375B448CBB2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D2104A Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                        Download Yara Rule
                        APIs
                        • DeleteFileA.KERNEL32(?,00000EA8), ref: 04D210B3
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: DeleteFile
                        • String ID:
                        • API String ID: 4033686569-0
                        • Opcode ID: b91bd18659665383988ac4626c9d37ab9a6f302120238d4ad90e7e549ffd79e4
                        • Instruction ID: 4493d7e5aa8b08091e5c9af0e6a2420f3dcb60d59710ee327b6497bd1dc2d41b
                        • Opcode Fuzzy Hash: b91bd18659665383988ac4626c9d37ab9a6f302120238d4ad90e7e549ffd79e4
                        • Instruction Fuzzy Hash: 7F11C671600244AFE7208F15DE86BBAF798DF04724F14C0AAED458B781DBA5F548CA62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D20F66 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                        Download Yara Rule
                        APIs
                        • ReadFile.KERNEL32(?,00000EA8,3A361B3F,00000000,00000000,00000000,00000000), ref: 04D20FC5
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: FileRead
                        • String ID:
                        • API String ID: 2738559852-0
                        • Opcode ID: 5fb34957acf740ff694cab75d2685f3c44048dde2bbb456be9452a70c88cca82
                        • Instruction ID: c26935efbb04c0ddcab5ec84027ea0ee0faaa7ceac291520ff5630bbae4506f5
                        • Opcode Fuzzy Hash: 5fb34957acf740ff694cab75d2685f3c44048dde2bbb456be9452a70c88cca82
                        • Instruction Fuzzy Hash: 7E11C472500244AFEB21CF55DD44FAAFBA8EF04324F14846AEE498B651D775F448CB72
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2BB4F Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,?,?,?), ref: 00B2BBB9
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: 645e60bb70538c5ad1899a753c64b03fa010ca235baa9ccde1c55711744a33ce
                        • Instruction ID: f7fc86ce0f98c68d7e588722869957fd87fee498211cd65d6dcf52983746f991
                        • Opcode Fuzzy Hash: 645e60bb70538c5ad1899a753c64b03fa010ca235baa9ccde1c55711744a33ce
                        • Instruction Fuzzy Hash: 5711D0355093C0AFDB228F25DC45A52FFB4EF16320F0884EEED858B563D365A858CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2BE05 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                        Download Yara Rule
                        APIs
                        • DispatchMessageW.USER32(?), ref: 00B2BE70
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: DispatchMessage
                        • String ID:
                        • API String ID: 2061451462-0
                        • Opcode ID: bfddf08fbadd6ef81ce1b3c6feee39c32446fef494ef313f073fb32f28e4e6a5
                        • Instruction ID: b8aa091a2b156f8f173290fcad715460a1cf0c3f7750e6e667b3dea918fca5d9
                        • Opcode Fuzzy Hash: bfddf08fbadd6ef81ce1b3c6feee39c32446fef494ef313f073fb32f28e4e6a5
                        • Instruction Fuzzy Hash: E3118E754093C0AFDB128B259C44B61BFB4DF47624F0984DEED848F263D2656808CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2B71E Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                        Download Yara Rule
                        APIs
                        • CreateIconFromResourceEx.USER32 ref: 00B2B78A
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: CreateFromIconResource
                        • String ID:
                        • API String ID: 3668623891-0
                        • Opcode ID: 1934eb3b1382a167a26a5485c160ef055386b3e4b9ffc5a56b47e66e8c907985
                        • Instruction ID: 46c2be311d0ff03dc6da304e18092b6414ffbcf19d1ffba2fb3f3cbc4bbef328
                        • Opcode Fuzzy Hash: 1934eb3b1382a167a26a5485c160ef055386b3e4b9ffc5a56b47e66e8c907985
                        • Instruction Fuzzy Hash: CD117231408380AFDB218F54DC44E52FFF4EF4A320F08899EE9898B562D375A459CB61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D210F7 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                        Download Yara Rule
                        APIs
                        • GetSystemInfo.KERNEL32(?,3A361B3F,00000000,?,?,?,?,?,?,?,?,6C1F3C38), ref: 04D2115C
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: InfoSystem
                        • String ID:
                        • API String ID: 31276548-0
                        • Opcode ID: f47db97bfbe47b9e19db423df9bee691ea65a9d44b1a7582132b2fa61917c96a
                        • Instruction ID: 829879d21d36b413b71de3fbbdac315c7d00d4d821b5826cf68799f25ac96038
                        • Opcode Fuzzy Hash: f47db97bfbe47b9e19db423df9bee691ea65a9d44b1a7582132b2fa61917c96a
                        • Instruction Fuzzy Hash: 1F1160714093C0AFD7128F64DC44B52BFB4EF46224F0984EBED848F163D279A949CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2A75B Relevance: 1.6, APIs: 1, Instructions: 54comCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: Initialize
                        • String ID:
                        • API String ID: 2538663250-0
                        • Opcode ID: 231b320153f11a5f18f06c20d14f2c5601881a9adb1c998692c6f707113693a9
                        • Instruction ID: 8528c4f5b4c210742d3f27052eca4f92a53440d1b5e8a17c201573fb49b7f850
                        • Opcode Fuzzy Hash: 231b320153f11a5f18f06c20d14f2c5601881a9adb1c998692c6f707113693a9
                        • Instruction Fuzzy Hash: F5118F71449384AFDB128F14DC84B52BFB4EF46224F0884DBED898F253D279A949CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D224C6 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                        Download Yara Rule
                        APIs
                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 04D2250E
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: LookupPrivilegeValue
                        • String ID:
                        • API String ID: 3899507212-0
                        • Opcode ID: 532be6ecc8aa747c1e8c46b4bf714a46f1df043388cb43a91c8ce8ed4edd8ddd
                        • Instruction ID: 0590d0d3db74090e4bd30553a92f394411ba55422e480e88e0776d8ed3b70c7b
                        • Opcode Fuzzy Hash: 532be6ecc8aa747c1e8c46b4bf714a46f1df043388cb43a91c8ce8ed4edd8ddd
                        • Instruction Fuzzy Hash: DE1165726002419FDB50CF29D989B66FBE8EF64324F08C4AAED49CB755E774E404CA61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D20CCE Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                        Download Yara Rule
                        APIs
                        • CreateDirectoryW.KERNEL32(?,?,3A361B3F,00000000,?,?,?,?,?,?,?,?,6C1F3C38), ref: 04D20D13
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: CreateDirectory
                        • String ID:
                        • API String ID: 4241100979-0
                        • Opcode ID: 27b63f07e232849cde838795deabc44751e4c8fbf78e35069b802ff67fb7bc5d
                        • Instruction ID: a0bf3f6a50d49d543eaaf9256781dc910d04cf59360205abd5952c666128e313
                        • Opcode Fuzzy Hash: 27b63f07e232849cde838795deabc44751e4c8fbf78e35069b802ff67fb7bc5d
                        • Instruction Fuzzy Hash: 1F116D726012409FDB51CF29D985B66FBE8EF14224F08C4AADE49CB756E774F408CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D20EA6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                        Download Yara Rule
                        APIs
                        • GetFileType.KERNEL32(?,00000EA8,3A361B3F,00000000,00000000,00000000,00000000), ref: 04D20EF9
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: FileType
                        • String ID:
                        • API String ID: 3081899298-0
                        • Opcode ID: b81f75ed25b20a9f347c3d1aea70c3a44f5b8b3f4235070a33894cc40093c9ef
                        • Instruction ID: 4774dfe0f6847054c75ee0442416ddb4b974541289845dbcb4d984c4add18f9d
                        • Opcode Fuzzy Hash: b81f75ed25b20a9f347c3d1aea70c3a44f5b8b3f4235070a33894cc40093c9ef
                        • Instruction Fuzzy Hash: C901D272500244AFE721CF15DD85FA6F798EF08728F14C0AAEE499B741D768F4488A72
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D227C2 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                        Download Yara Rule
                        APIs
                        • K32EnumProcesses.KERNEL32(?,?,?,3A361B3F,00000000,?,?,?,?,?,?,?,?,6C1F3C38), ref: 04D22802
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: EnumProcesses
                        • String ID:
                        • API String ID: 84517404-0
                        • Opcode ID: 1659520af969fe9e113ec8585f9f209f691369e06301c008ef59d6f6d440f0b6
                        • Instruction ID: dea9df91ec1d623b8193a5cb7ca91a912d9802d62720de9243eb0647ccef7f87
                        • Opcode Fuzzy Hash: 1659520af969fe9e113ec8585f9f209f691369e06301c008ef59d6f6d440f0b6
                        • Instruction Fuzzy Hash: BD1180726042409FDB10CF65D984BA6FBE4EF14324F08C4AAED89CB755E774E448CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2A8CC Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                        Download Yara Rule
                        APIs
                        • SetWindowLongW.USER32(?,?,?), ref: 00B2A926
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: LongWindow
                        • String ID:
                        • API String ID: 1378638983-0
                        • Opcode ID: 56b4e3a11724f17c8982d59fedcab4445ca150828848f5c7e4ae5de5ff381908
                        • Instruction ID: 89bb652d1e3a123043f60ce926ab4d848bd49be531573c6813ecb5c8a937a004
                        • Opcode Fuzzy Hash: 56b4e3a11724f17c8982d59fedcab4445ca150828848f5c7e4ae5de5ff381908
                        • Instruction Fuzzy Hash: 9511A135409784AFC7218F15DC89A52FFF4EF16320F09C4DAEE894B262D375A859CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D22B16 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                        Download Yara Rule
                        APIs
                        • FormatMessageW.KERNEL32(?,00000EA8,?,?), ref: 04D22B66
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: FormatMessage
                        • String ID:
                        • API String ID: 1306739567-0
                        • Opcode ID: d0c35ca42e9d7a14e0e21b0c387c43c5126b2c216559cc9a9112e759693922dd
                        • Instruction ID: b43d1400a2522edf38a3aa577c486a02be60faf797d4920172a86adb78115c65
                        • Opcode Fuzzy Hash: d0c35ca42e9d7a14e0e21b0c387c43c5126b2c216559cc9a9112e759693922dd
                        • Instruction Fuzzy Hash: 2B01B172600200ABD310DF16DC81B76FBA8FB88A20F14856AED488B741E331B515CBE6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2A546 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                        Download Yara Rule
                        APIs
                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B2A58A
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: DuplicateHandle
                        • String ID:
                        • API String ID: 3793708945-0
                        • Opcode ID: 060fa7eed9670d1b58bd1ce5f10b97703aa1a3ca0bf06bb347e5ff8459eca629
                        • Instruction ID: bb0dd0551e7bf24bfb8639b40d76ff2c0621fe24a5888d1f768c14c5b9a3b188
                        • Opcode Fuzzy Hash: 060fa7eed9670d1b58bd1ce5f10b97703aa1a3ca0bf06bb347e5ff8459eca629
                        • Instruction Fuzzy Hash: A1016D725006409FDB218F55E884B56FBE1EF18320F0889AADE894B616D375E418DF62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2B746 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                        Download Yara Rule
                        APIs
                        • CreateIconFromResourceEx.USER32 ref: 00B2B78A
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: CreateFromIconResource
                        • String ID:
                        • API String ID: 3668623891-0
                        • Opcode ID: 0b85828a993998779aaccb2a795f4b40b8e30ae39ecb014f7f36779f241a4274
                        • Instruction ID: 5c952a93ac756eaf630000cb3f15bb89b85cd1d4b85580eb488647e7ff8f59c0
                        • Opcode Fuzzy Hash: 0b85828a993998779aaccb2a795f4b40b8e30ae39ecb014f7f36779f241a4274
                        • Instruction Fuzzy Hash: 7B016D724006409FDB218F55E884F66FBE0EF48320F0889AEDE894B626D775E418DF62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D22716 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                        Download Yara Rule
                        APIs
                        • FindCloseChangeNotification.KERNEL32(?,3A361B3F,00000000,?,?,?,?,?,?,?,?,6C1F3C38), ref: 04D22748
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: ChangeCloseFindNotification
                        • String ID:
                        • API String ID: 2591292051-0
                        • Opcode ID: a5ccbe4a57a3d5d74a018a4afba4bb4d90a6dd7fda10d53ca4d8ac65d31be95d
                        • Instruction ID: 2f2c75c923c2d25623f53f21861e027eddf64f80b8df047ac1a637fbc3870182
                        • Opcode Fuzzy Hash: a5ccbe4a57a3d5d74a018a4afba4bb4d90a6dd7fda10d53ca4d8ac65d31be95d
                        • Instruction Fuzzy Hash: 3201D4716042408FDB10CF29D984752FBA4EF14324F08C0EAED898F715D774E448CA62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D20232 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                        Download Yara Rule
                        APIs
                        • FindCloseChangeNotification.KERNEL32(?,3A361B3F,00000000,?,?,?,?,?,?,?,?,6C1F3C38), ref: 04D20264
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: ChangeCloseFindNotification
                        • String ID:
                        • API String ID: 2591292051-0
                        • Opcode ID: 17c24b9047fea4ad477e4ffb9132269f2b6c9295ea0f3e2fff84f966a0082002
                        • Instruction ID: 92b1a6e11f280e5e367260f5c653c8eff4b79eb15e243901f0eccfbfcd3ac666
                        • Opcode Fuzzy Hash: 17c24b9047fea4ad477e4ffb9132269f2b6c9295ea0f3e2fff84f966a0082002
                        • Instruction Fuzzy Hash: C101F272A042409FDB51CF25D9847A6FBA4EF44224F08C4ABDE898F706D774E448CA62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D21236 Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
                        Download Yara Rule
                        APIs
                        • DnsQuery_A.DNSAPI(?,00000EA8,?,?), ref: 04D21286
                        Memory Dump Source
                        • Source File: 00000000.00000002.526722357.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_4d20000_cracksetup.jbxd
                        Similarity
                        • API ID: Query_
                        • String ID:
                        • API String ID: 428220571-0
                        • Opcode ID: cef7a8d44734efdea1ccdd94652cad5e57b666e59037700a549a751a13faf019
                        • Instruction ID: fc5a281882c021db8b81beece243f6e201afb2498d470c65677ecdcecc0b14a6
                        • Opcode Fuzzy Hash: cef7a8d44734efdea1ccdd94652cad5e57b666e59037700a549a751a13faf019
                        • Instruction Fuzzy Hash: F601A272600200ABD310DF16DC82B32FBE8FB88B20F14815AED484BB41E371F525CAE6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2BB7E Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,?,?,?), ref: 00B2BBB9
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: e195809ced44591a6b4f42895ecc22b1bebed642b4c608ab4877b9f64b969c63
                        • Instruction ID: 9a16ac3f3e2c0fed6338fb4b3c877998be084e1e92c8ec08d8a6a749bef3b373
                        • Opcode Fuzzy Hash: e195809ced44591a6b4f42895ecc22b1bebed642b4c608ab4877b9f64b969c63
                        • Instruction Fuzzy Hash: D201B1365002409FDB208F15D888B65FBE0EF14320F08C0AEDD494B725D771E458DB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2A78A Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: Initialize
                        • String ID:
                        • API String ID: 2538663250-0
                        • Opcode ID: 48cf21765d036df17a31d19d02f684a09d1c85ba4abbdeee3ed10ae182aee3dd
                        • Instruction ID: 36a6ac9c114430f4bc2e89e4ecd39c7b6dbdee3d808bebc62b72f9e0fda5f846
                        • Opcode Fuzzy Hash: 48cf21765d036df17a31d19d02f684a09d1c85ba4abbdeee3ed10ae182aee3dd
                        • Instruction Fuzzy Hash: F901DC759042409FDB10CF15E8887A2FBE4EF04320F18C4EADD488F726D378A848CAA7
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2B806 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,?,?,?), ref: 00B2B841
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID:
                        • API String ID: 3850602802-0
                        • Opcode ID: 4c56cec2027ede1d79ce12f2938c04240f07b8aedf86d6ba07641a27e78a1f34
                        • Instruction ID: 30db364c731bde85637ee4352638f6b71550d2e7542494ddcf1d05125b7cd156
                        • Opcode Fuzzy Hash: 4c56cec2027ede1d79ce12f2938c04240f07b8aedf86d6ba07641a27e78a1f34
                        • Instruction Fuzzy Hash: 45018B72900240DFDB208F16E884B61FBE4EF18320F08849EDE8D0B726D775A458DBA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2A8EE Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                        Download Yara Rule
                        APIs
                        • SetWindowLongW.USER32(?,?,?), ref: 00B2A926
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: LongWindow
                        • String ID:
                        • API String ID: 1378638983-0
                        • Opcode ID: 0748e5fe1ed78fa2b11abd8f7b4e63e6dee6de2fea42dbe72155ef3328afdb33
                        • Instruction ID: 5d01e13c9b2a6331afcc73c6df0074bf3467fddf1d8b523405f6026e89162ca3
                        • Opcode Fuzzy Hash: 0748e5fe1ed78fa2b11abd8f7b4e63e6dee6de2fea42dbe72155ef3328afdb33
                        • Instruction Fuzzy Hash: F101AD365006409FDB208F06E885B61FBE0EF09320F08C4AADE8A0B716C375A858DA63
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2BE3E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                        Download Yara Rule
                        APIs
                        • DispatchMessageW.USER32(?), ref: 00B2BE70
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: DispatchMessage
                        • String ID:
                        • API String ID: 2061451462-0
                        • Opcode ID: 9f77bbb4c69ca59a0ff249d3ef8dd2e89ce261da5efc62372080949de0f32394
                        • Instruction ID: 08eb7c09d8f57fd1b21e9e357ee5d7dcf98148aca9ed8156b99f8c8ba2a4b891
                        • Opcode Fuzzy Hash: 9f77bbb4c69ca59a0ff249d3ef8dd2e89ce261da5efc62372080949de0f32394
                        • Instruction Fuzzy Hash: B3F0A475904640DFDB10DF05E884BA1FBE0DF04324F18C4EADE494B716D775A448CAA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B2A372 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                        Download Yara Rule
                        APIs
                        • SetErrorMode.KERNEL32(?,3A361B3F,00000000,?,?,?,?,?,?,?,?,6C1F3C38), ref: 00B2A3A4
                        Memory Dump Source
                        • Source File: 00000000.00000002.523200399.0000000000B2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2A000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b2a000_cracksetup.jbxd
                        Similarity
                        • API ID: ErrorMode
                        • String ID:
                        • API String ID: 2340568224-0
                        • Opcode ID: 9f77bbb4c69ca59a0ff249d3ef8dd2e89ce261da5efc62372080949de0f32394
                        • Instruction ID: eabbcc9daa3ca4b1ddefd5402ba7685aed56d7b385f885b87d5e19b7b6892667
                        • Opcode Fuzzy Hash: 9f77bbb4c69ca59a0ff249d3ef8dd2e89ce261da5efc62372080949de0f32394
                        • Instruction Fuzzy Hash: 36F08C75500240DFDB20CF15E984765FBE0EF04324F18C4EADD494B756D779A448CE62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D20D0 Relevance: 1.4, Strings: 1, Instructions: 197COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID: r*+
                        • API String ID: 0-3221063712
                        • Opcode ID: d1ff5dface82f8acd84ab8206c9fe8c1cdc168474fafdeeb9b0b15de3a995fc7
                        • Instruction ID: 42c7d0564fe4b72483723b94821f5bfcba19d94ce2ee6e3b0c1a222829fccf4d
                        • Opcode Fuzzy Hash: d1ff5dface82f8acd84ab8206c9fe8c1cdc168474fafdeeb9b0b15de3a995fc7
                        • Instruction Fuzzy Hash: 46714130E0820DDFCB48DFA4C8A16BEBBF1FB44304F50846AD9169B256DB349946CB52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D02E8 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID: :@ek
                        • API String ID: 0-211971371
                        • Opcode ID: ea0311e13d24d314c33e44529a15dee6b9231c56ac6859cb2a8eb0ccd7ebfda9
                        • Instruction ID: 1199cbf73721cb9a1bfd0e6e0d05df3086fa0dedc5dc2404ccd7cbc9d9ab71f0
                        • Opcode Fuzzy Hash: ea0311e13d24d314c33e44529a15dee6b9231c56ac6859cb2a8eb0ccd7ebfda9
                        • Instruction Fuzzy Hash: 09518034E04209DFDB18DF64D460BAE7BF2EF89304F2584A9D506AB751DB35AC06CB52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D0BC0 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID: hXk
                        • API String ID: 0-2517838072
                        • Opcode ID: 8f95a07feae788a167804186498090141c1f6c2d283d42e8907fe70d7f6fc9ce
                        • Instruction ID: cedfadadb89d3f8e3acd1e80719666b801245810c7418be26bb9875c7f7a9682
                        • Opcode Fuzzy Hash: 8f95a07feae788a167804186498090141c1f6c2d283d42e8907fe70d7f6fc9ce
                        • Instruction Fuzzy Hash: 2A410731B04118DFC7199B28C414AAE77E7AF86310F15846AE906DF7A1CF769C0AC792
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D0682 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID: Zkk^
                        • API String ID: 0-1573066351
                        • Opcode ID: b2977e69c1a12aa19807e12ed5856acbb115c01f9ea9348a2cb0b0a17568178c
                        • Instruction ID: 2d0e458e0fcbd530999c72005d6a604207615f5d7713a84471be714eb0d7ad04
                        • Opcode Fuzzy Hash: b2977e69c1a12aa19807e12ed5856acbb115c01f9ea9348a2cb0b0a17568178c
                        • Instruction Fuzzy Hash: 98419F757882048BD7287B34EC1D66E3BA2EF81349B2449B9F402CB2B1DF744C06DB96
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D82C0 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID: r*+
                        • API String ID: 0-3221063712
                        • Opcode ID: fc2f3eab1a5353234795c8c1be4aec57f1550dff4fa81eed02f0ac02767b9533
                        • Instruction ID: 0da989afc9eefe998df80f7d399107810cb258d799cd2608a6d2d0e0d043c277
                        • Opcode Fuzzy Hash: fc2f3eab1a5353234795c8c1be4aec57f1550dff4fa81eed02f0ac02767b9533
                        • Instruction Fuzzy Hash: AD411530E04209DFDB58DFA5C4896AEBBF1EF45304F1181AAD50AA7264D7349A46CF92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D50E0 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID: d@k
                        • API String ID: 0-2973840576
                        • Opcode ID: 291f0a23bcf05f703fb9848f78f9948f1d1c304fb9d36772f5fb83b39bad4652
                        • Instruction ID: ec92921b5430e5c29c889c2eb59d9a8c9d353f1b496e0ddfd632025d9e0f3005
                        • Opcode Fuzzy Hash: 291f0a23bcf05f703fb9848f78f9948f1d1c304fb9d36772f5fb83b39bad4652
                        • Instruction Fuzzy Hash: 30219E71E0030C9FDF04EFA5C8146AEFBF6AF89300F504529D40AAB755DB74A946CB81
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D8100 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID: ]Dkk^
                        • API String ID: 0-3575052552
                        • Opcode ID: 2224e0143d94b5cfcaa3610f7c25a3d14b7173247abae8d29cd71ba3e43754d8
                        • Instruction ID: ac59c1314f4b50818fda8496fe1bb2990224c3b2cf53d0766b02b2f288537c59
                        • Opcode Fuzzy Hash: 2224e0143d94b5cfcaa3610f7c25a3d14b7173247abae8d29cd71ba3e43754d8
                        • Instruction Fuzzy Hash: 9C317C30B00205DFC708AB39E89966E37E2EF8531671489B8E016DB399DF399C07CB81
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D50D0 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID: d@k
                        • API String ID: 0-2973840576
                        • Opcode ID: fdadc94c3d3913c63b9367bb857e353dba4fb376472b7e8088f900ef8b689058
                        • Instruction ID: 7a76f16ec4c30d96576e8f597012745386fd06ac5db290dd160045f26432989c
                        • Opcode Fuzzy Hash: fdadc94c3d3913c63b9367bb857e353dba4fb376472b7e8088f900ef8b689058
                        • Instruction Fuzzy Hash: 9F116671D0434D9FEF04CFA4C8146EEBFB2AF89300F504929D50AAB661EB70694ACB81
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D5AA0 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID: -Skk^
                        • API String ID: 0-3775559393
                        • Opcode ID: 59efb1cdf632ae6b7da92aa5545af9492d397da0b2caa1bcdee583b649a103eb
                        • Instruction ID: bc91bb1e36b3fe03b842ac8564997a168cfaecad45c890228110f76b46d42b19
                        • Opcode Fuzzy Hash: 59efb1cdf632ae6b7da92aa5545af9492d397da0b2caa1bcdee583b649a103eb
                        • Instruction Fuzzy Hash: C8E026297493581FC7022B795C6112E3B995E8364938948EAE445DF393DE048C0883DB
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D5B40 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID: =Rkk^
                        • API String ID: 0-961971718
                        • Opcode ID: 0cd4599b332fded1b978de9cb1f972af9f87fa69aaf53cd56ef49c89282ee7c2
                        • Instruction ID: 1671cc47cca07860bacd315b2e7e338f1af1ec50bbb6a26d0610f240c591682f
                        • Opcode Fuzzy Hash: 0cd4599b332fded1b978de9cb1f972af9f87fa69aaf53cd56ef49c89282ee7c2
                        • Instruction Fuzzy Hash: A6E026263851542BE704D7B898219BA779A9FC0349F1544EEE80ADB382CAA38C068380
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D5AB0 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID: -Skk^
                        • API String ID: 0-3775559393
                        • Opcode ID: 147b080bf2a958fef4ee67f557ae0958acc86d666ef9e2172f9beed4e3e57195
                        • Instruction ID: dc7b5951f4342ebb26cb129dc2ac5e393350a81440414f2d9ea92aaf22fe62d2
                        • Opcode Fuzzy Hash: 147b080bf2a958fef4ee67f557ae0958acc86d666ef9e2172f9beed4e3e57195
                        • Instruction Fuzzy Hash: B7D0A719740228170A147A7A6C4253F37CE5EC1A9A3844C78F40ADB340DF189C0943DA
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D5B50 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID: =Rkk^
                        • API String ID: 0-961971718
                        • Opcode ID: 9a038f3b9b79d8d8f0537f9c2b61d962529bd2c29e56be7ab2fe00fea7141f88
                        • Instruction ID: 1ad979fdc4352d33914044dd07caa458fe395cd3b79aafd3e11b133fca0b97cb
                        • Opcode Fuzzy Hash: 9a038f3b9b79d8d8f0537f9c2b61d962529bd2c29e56be7ab2fe00fea7141f88
                        • Instruction Fuzzy Hash: 35D0A726340128276604E6BDDC1283AB3CECBC575571484AEE80EDB341DD73DC0683D0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D12A0 Relevance: .5, Instructions: 460COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 14d6f2fd4e855a295cb11b3e0a80082fe89dedeee1bb6239d694bb6925c4e80f
                        • Instruction ID: a39a646aa246ad76a3be93b3a9b87f0945f3064122461dec982d472d155ac181
                        • Opcode Fuzzy Hash: 14d6f2fd4e855a295cb11b3e0a80082fe89dedeee1bb6239d694bb6925c4e80f
                        • Instruction Fuzzy Hash: A922F734A00609CFCB24EF24D490A6AB7F2FF89344F10899AE85A9B755DB35ED46CF41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D7DB0 Relevance: .3, Instructions: 252COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c3c5db98352765cb0d5494796df3cd38dd47de6ba02a563e52e2998a2bd524e6
                        • Instruction ID: 607be0a83814949d24a5fa94cfcf7b44819e441dc5944adcb0bb4645690e29bf
                        • Opcode Fuzzy Hash: c3c5db98352765cb0d5494796df3cd38dd47de6ba02a563e52e2998a2bd524e6
                        • Instruction Fuzzy Hash: C6A14875E00209CFCB15DFA8C984AADFBF1FF48314F24866AD456A7394D731A846CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D5B98 Relevance: .2, Instructions: 241COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c861d3f9aad0b1f53070255fa86e8cb4ec3197d207d94ec8e70cacea7d160d29
                        • Instruction ID: 4fffc4441b51925124aeac042abfa4a0f82c4899070d1f4e233977966802c9a0
                        • Opcode Fuzzy Hash: c861d3f9aad0b1f53070255fa86e8cb4ec3197d207d94ec8e70cacea7d160d29
                        • Instruction Fuzzy Hash: C9815131A0051DCFDF15DF24C890ADEB7B2EF45304F5585A9D80AAF612DB71AA8ACF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DA5CF Relevance: .2, Instructions: 226COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fc4f8897ec236b8802993433930b315034397f7740d5fd0472462fb7ac2a6bfd
                        • Instruction ID: 6a402bdd90bc47bac140ebb4794b425acf8be660c8d429eeee39ac6f9ea132b3
                        • Opcode Fuzzy Hash: fc4f8897ec236b8802993433930b315034397f7740d5fd0472462fb7ac2a6bfd
                        • Instruction Fuzzy Hash: 5881BC306005259BE708EBB4C496BAE77F2EFC4308F5085ACE1199B794DF34AD1A87C2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DE1B8 Relevance: .2, Instructions: 184COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 377b60dcb6dc75fd8be6cccdd492526ca1abf17ed3602908e8d1fcf5ccd065ee
                        • Instruction ID: c649a6c5ffa7e1add789252b8ac490dd99bf8cb1beccfdd5e71020cb1534eb0c
                        • Opcode Fuzzy Hash: 377b60dcb6dc75fd8be6cccdd492526ca1abf17ed3602908e8d1fcf5ccd065ee
                        • Instruction Fuzzy Hash: 37711934A04608CFDB19CF65C484BAEBBF1BF4C314F198469D456AB761CB76E882CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D09A3 Relevance: .2, Instructions: 173COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 658bbbda422f6090333797017862dd184323c6c45ef39a4ecc0331aa200a1ab0
                        • Instruction ID: 7e33c89b9e8904c3e6a9bd6b540b77932dee56464345fead916497ebfc6f671f
                        • Opcode Fuzzy Hash: 658bbbda422f6090333797017862dd184323c6c45ef39a4ecc0331aa200a1ab0
                        • Instruction Fuzzy Hash: 2A51C235F08119DFCB189BA4D854BAEB7E2EF85308F6084A9E506DB360DB319C16CB81
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DD890 Relevance: .2, Instructions: 164COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 854eef900822091ca3fabb00724464fcdf8492410be24994c4eaf5a12d07add9
                        • Instruction ID: 9fbc632dec493e3b044ca9de60003f8bd9d6402b340147978edecc20015b3069
                        • Opcode Fuzzy Hash: 854eef900822091ca3fabb00724464fcdf8492410be24994c4eaf5a12d07add9
                        • Instruction Fuzzy Hash: D0516C32E04518DBCB09EFA4D8518AEB7B7FF88304B058465E50AAF355DB31AD46CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D7160 Relevance: .2, Instructions: 161COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1ba00e1a6912dea56912fca47080fe0bfca2d0afcdbe698351ce24ac7da79e8a
                        • Instruction ID: f0cc8460def28e5d8b9394a698e4dd763a98767e7254e3ce6ebe7ec045f0a951
                        • Opcode Fuzzy Hash: 1ba00e1a6912dea56912fca47080fe0bfca2d0afcdbe698351ce24ac7da79e8a
                        • Instruction Fuzzy Hash: 56311631D1065ECBDF16CF64C894BDAF7B2AF89304F118494E909BB205DB706A8ACF91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D6CC8 Relevance: .2, Instructions: 159COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 11cd9994e2392dbf2fb932a1fd5113e50b499e613280a79cb972b34fc55943b4
                        • Instruction ID: 1d94c322186c1d6c4fef85e5b930fb2495c9a5a91b5dc863e591e6ab98633920
                        • Opcode Fuzzy Hash: 11cd9994e2392dbf2fb932a1fd5113e50b499e613280a79cb972b34fc55943b4
                        • Instruction Fuzzy Hash: 9A515F31F002188BCB18EBB9D4506AEB3F7AF84304B154569D40AAB785DF34EC46CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D76F1 Relevance: .1, Instructions: 140COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 40c6f2e5604d0b71e7388aa9c190c86ae0d58cbd2486091b1f8839cacbbab1f9
                        • Instruction ID: 12f8d34bcb570c82689b138ccd5d198a87a36714fe5cf18ce0bba427972ac20c
                        • Opcode Fuzzy Hash: 40c6f2e5604d0b71e7388aa9c190c86ae0d58cbd2486091b1f8839cacbbab1f9
                        • Instruction Fuzzy Hash: CF515A34A04218CFDB15EB74C594AADB7F2FF84208F2486A9D4099B755DB30EC46CF62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D1458 Relevance: .1, Instructions: 128COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 35722eb215c4a6ae882d8de4a2eaf8524ff27a2e36b163e83a40c3308ac24fdd
                        • Instruction ID: 724d26ccd7aa7ee50cd61b31935c330331e0fda6b8678f1c2fa8f138915b1d53
                        • Opcode Fuzzy Hash: 35722eb215c4a6ae882d8de4a2eaf8524ff27a2e36b163e83a40c3308ac24fdd
                        • Instruction Fuzzy Hash: 1951F374E00218CFDB14EB64D894B9DB7B2BF49344F5040EAE40AAB366CB749D8ACF51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D6848 Relevance: .1, Instructions: 118COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0a853e5ba0445a380e9ce89364d1f0197e255c3adf7b859be92b829323efb41a
                        • Instruction ID: b9d18e4866bd58111a4412adf9b3b72e4dbc6e655180422e3715e3aaf542f434
                        • Opcode Fuzzy Hash: 0a853e5ba0445a380e9ce89364d1f0197e255c3adf7b859be92b829323efb41a
                        • Instruction Fuzzy Hash: E741B234A01610CFCB05BB79A96456E77F2FB8D342355007DE80A9B787DB369C06CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D6858 Relevance: .1, Instructions: 115COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f8d1e706c1a385e690a7818edaa5430ba534761f5b54b8944cfe46b73a799c13
                        • Instruction ID: 1dd3eba5c7a1e9fb08d940e867eb71f1a33e2bc16660eeabf33bd4ead1240c10
                        • Opcode Fuzzy Hash: f8d1e706c1a385e690a7818edaa5430ba534761f5b54b8944cfe46b73a799c13
                        • Instruction Fuzzy Hash: CD41A134B01210CF8B05BB65A56456E77E3FB8D752355007DE80A9B78BDB359C06CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DA970 Relevance: .1, Instructions: 113COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 19c7972a5db4947d88119a04cabf4905831cc9e5f49668c9073bbd0eaf00e6fc
                        • Instruction ID: 9636ae1bed6756aee94ca04ffcc4e8810fa18765f706f265e7d7460efe43d1ec
                        • Opcode Fuzzy Hash: 19c7972a5db4947d88119a04cabf4905831cc9e5f49668c9073bbd0eaf00e6fc
                        • Instruction Fuzzy Hash: 1231F071E046298BCB18DBA9C9806AEB7F2FB88314B248539E44AD7740D735EC41CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D43C0 Relevance: .1, Instructions: 112COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d97f96b18c0b5785cb97669829d18d8df55d1030e2e0b643c56e6f67ea99569f
                        • Instruction ID: 9de1d90ec010b70515b807d0c10cd7da8eb43a8ac2eb2cb010e98c3775d554b7
                        • Opcode Fuzzy Hash: d97f96b18c0b5785cb97669829d18d8df55d1030e2e0b643c56e6f67ea99569f
                        • Instruction Fuzzy Hash: 63419D35A00114CFCB14EF68EC489AE7BF2FF8830471484AAE4069B26ADF31A917DB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D8CB8 Relevance: .1, Instructions: 109COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e8fb588d07453469ac8f293a9a7e41ecb6161292098f267db7765e7c046eb3bf
                        • Instruction ID: d00f4b47b7b92ddeac2ac56707e29540031b0a732f0edeb2037de20e207fd9fe
                        • Opcode Fuzzy Hash: e8fb588d07453469ac8f293a9a7e41ecb6161292098f267db7765e7c046eb3bf
                        • Instruction Fuzzy Hash: CC314270E0E29CDFC3198728C49CA75BBA6EF92204F0844ABD4468F6E2C7659C03C392
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D02DA Relevance: .1, Instructions: 104COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 53ddf7e16ce1944206e3b3c6caf466b0f06ea7ccb61e8462c46372964a326935
                        • Instruction ID: 136d8bd2b5d53e73f575eb3cce7ef9a09614ca1d24f2bc218764bcc64a1e1a30
                        • Opcode Fuzzy Hash: 53ddf7e16ce1944206e3b3c6caf466b0f06ea7ccb61e8462c46372964a326935
                        • Instruction Fuzzy Hash: 07318930E05609DFDB08CF64C094BBEB7F2AF88314F258069D502AB791DB31AC46CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DD769 Relevance: .1, Instructions: 102COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 54a24b5827afaaed2a0cf3f64442cb004d3a8b86e2010d4552ea1958ab604265
                        • Instruction ID: d6dcddc9861a0dabbfa0d48d73f680fa2f532d0ba18f58cc0fe2eb1b2001894c
                        • Opcode Fuzzy Hash: 54a24b5827afaaed2a0cf3f64442cb004d3a8b86e2010d4552ea1958ab604265
                        • Instruction Fuzzy Hash: D5314E72E00208DFC754EFA9C484AAEBBF1FB88214F548169D409A7745D731EC42CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DD881 Relevance: .1, Instructions: 100COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a50056583b0c51889aad4d002a144c94bd98a531b7aba15710a0c64a650559e0
                        • Instruction ID: b827194babe555c81cceba1b5ea409e680d6d22064b8b97a480e4965d238233e
                        • Opcode Fuzzy Hash: a50056583b0c51889aad4d002a144c94bd98a531b7aba15710a0c64a650559e0
                        • Instruction Fuzzy Hash: D4317232E0420CEFCB19EFA4D8419AEB7B7FF84304F054469E506AB255DB31AD06CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D1292 Relevance: .1, Instructions: 99COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6f3ac9ef2ffeb23f72903aabb3cb6de92f375ab8d0fd43ccaf6349c52378daf4
                        • Instruction ID: 633b9942bda4d11a95da20a4e5c46252d10d0bc773e62fa7b5368998fce6fcba
                        • Opcode Fuzzy Hash: 6f3ac9ef2ffeb23f72903aabb3cb6de92f375ab8d0fd43ccaf6349c52378daf4
                        • Instruction Fuzzy Hash: 66413574E04219DFCB24EB64D884B9DBBB2AB4A344F0044EAE40EAB755DB709D86CF51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D45C8 Relevance: .1, Instructions: 95COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8a7b839cb878852a6a7d976efdf5e8f07225ce7ab06a8317fbdf0569cc07760b
                        • Instruction ID: 7d2f2632081d6d8d62b9f578b94a4d7ca0613d3653ec3cf0bddc50d8cfbddf93
                        • Opcode Fuzzy Hash: 8a7b839cb878852a6a7d976efdf5e8f07225ce7ab06a8317fbdf0569cc07760b
                        • Instruction Fuzzy Hash: 5B218139F0015D9BDB14EAA5D881AFFB7F9EB88304F204525E61AD3244EB705D06C7A1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DE4A8 Relevance: .1, Instructions: 94COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e95fb955a51bc5d551074b899b2f0012dde0a4e9ead60424366372096efb549e
                        • Instruction ID: 89a9f81d6815381e02f580641981e6761c1750fba5ad449626584232330d9020
                        • Opcode Fuzzy Hash: e95fb955a51bc5d551074b899b2f0012dde0a4e9ead60424366372096efb549e
                        • Instruction Fuzzy Hash: 3941E730904B54CBD339CF2AC555766BBE2BF85209F54886EC19B8AAA0DB77E442DB40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DA5E1 Relevance: .1, Instructions: 94COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b168e24cac17e667bf363bfb956a66767de8b5ed62e516e32308d252377eb64a
                        • Instruction ID: ecaf67f609d1009007e4560d155211c349ec15246ff8c99adec359fe636994ae
                        • Opcode Fuzzy Hash: b168e24cac17e667bf363bfb956a66767de8b5ed62e516e32308d252377eb64a
                        • Instruction Fuzzy Hash: 1B313A31B001159BDB089BB9C859B7EBBF6AF89305F214079E10AEB3A0DF754C058B91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DDCD8 Relevance: .1, Instructions: 92COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5aad439893e644a8442a03457f67bda278eaf04716b21d7cbdbc5aecc1ef1046
                        • Instruction ID: d7e2a7558613abc051302a09c6c06de0f4c5fdd307d905183693a109c7c6afb6
                        • Opcode Fuzzy Hash: 5aad439893e644a8442a03457f67bda278eaf04716b21d7cbdbc5aecc1ef1046
                        • Instruction Fuzzy Hash: 5C314731B00208CFCB18EF79C480AAEBBF2AB89204B50447DD5069B794DB76AC42CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D6CBA Relevance: .1, Instructions: 91COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7f92af2dab3b749f10e76c936744779e83bef79b91e442a40de7cd05a872fe9f
                        • Instruction ID: 5fe6ffc8d656b6c1377bdc0b9befdce711397508d5fbbb74d6ca775452e98c6a
                        • Opcode Fuzzy Hash: 7f92af2dab3b749f10e76c936744779e83bef79b91e442a40de7cd05a872fe9f
                        • Instruction Fuzzy Hash: E8314175E0420D8FCB08DBB9D85499EB7F3AF88304B14856DD806AB395DB31AD46CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D0007 Relevance: .1, Instructions: 90COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: eff0c9eba643dd0031515b30df5e290ea99d3a2b49b582ee184f713a1d3f2a8c
                        • Instruction ID: f0fc755d09e32ac22a8025c2fa2101106dba8bad9854e5ae9f8ce6b8cada50a8
                        • Opcode Fuzzy Hash: eff0c9eba643dd0031515b30df5e290ea99d3a2b49b582ee184f713a1d3f2a8c
                        • Instruction Fuzzy Hash: CE31817050E3C5AFC706AB74D8255A93FF1AF42304F1988DED085CB667DA35880AD752
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D43D0 Relevance: .1, Instructions: 87COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1d65e1903e9c4914c9516053045c259ac0c922109ce9fcdb1f774e3112c14d94
                        • Instruction ID: 0c42005cd4ca08a02d504569d1663f3be87025ac5b0d877992708c5618e8fa79
                        • Opcode Fuzzy Hash: 1d65e1903e9c4914c9516053045c259ac0c922109ce9fcdb1f774e3112c14d94
                        • Instruction Fuzzy Hash: EE316B35500109DFCB14FF68EC4889E7BF2FF8830872484AAE4069B26ADF31A957DB51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DD581 Relevance: .1, Instructions: 87COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a6d0bf0a8adaad31ff79307fee8d4b8117ada6e3af167824179f79526c1068c1
                        • Instruction ID: d05171ef5dee0c873626214c7fe7dd22aff2bc78284119dfe8a8187311a4785f
                        • Opcode Fuzzy Hash: a6d0bf0a8adaad31ff79307fee8d4b8117ada6e3af167824179f79526c1068c1
                        • Instruction Fuzzy Hash: FC3152312006108FC765AB34C461A6E73E3AFC52087A4896CD14A9FB94DF7AEC07DB86
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DCA40 Relevance: .1, Instructions: 84COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 48b78a720d5f5408a28434714a2dcb20e7beda46bce9eef20ff4dd88e0c9bf41
                        • Instruction ID: 44e9d5ac23277f1ef439f933924a15fc76334b4f27a34a028e6f4269ee567b92
                        • Opcode Fuzzy Hash: 48b78a720d5f5408a28434714a2dcb20e7beda46bce9eef20ff4dd88e0c9bf41
                        • Instruction Fuzzy Hash: CD21A031B043089BC714EB75E81926F7BE2FF84645B14856AE807C3354EF34E902CB86
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D8290 Relevance: .1, Instructions: 83COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d101117a572e3392979cd7ec86e9a780865c7009d1f4f2bb38ba5a438d7a2044
                        • Instruction ID: 037978068a6f6c8648377960dbbaeb16e83803377fe9bafbcc4c17d52017531b
                        • Opcode Fuzzy Hash: d101117a572e3392979cd7ec86e9a780865c7009d1f4f2bb38ba5a438d7a2044
                        • Instruction Fuzzy Hash: 88314070D09249DFDB09CBB5C4987AEBBB1AF46304F1640DAC4469B291D6354D47CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D667C Relevance: .1, Instructions: 81COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cf4f0a2da11fa4f650cb72f44ed4b4dfb102e5d62b28b0a9d42976369e3ba78c
                        • Instruction ID: 10b621f3be1d0417e3a4960750f99daa055c4815097b7ef0df27fa92807fd466
                        • Opcode Fuzzy Hash: cf4f0a2da11fa4f650cb72f44ed4b4dfb102e5d62b28b0a9d42976369e3ba78c
                        • Instruction Fuzzy Hash: B9317E306002418BC714BB75D46559EB7E2EB8139936485ADE01ADB359DF76DC0BCBC1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DE090 Relevance: .1, Instructions: 81COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8138d98c2dabdf63ede6e12d56ad9db1142b05c00a6b2e5233403f4d48ee3b16
                        • Instruction ID: 044c5910f676e4d319c00fd99b14edfcf5a7acf180dff43fccc28e1d7d71a29d
                        • Opcode Fuzzy Hash: 8138d98c2dabdf63ede6e12d56ad9db1142b05c00a6b2e5233403f4d48ee3b16
                        • Instruction Fuzzy Hash: 71217430F002589BCB28EB74D891A9EB7F2EB88704F504979E402AF345DB32A906C7D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DD417 Relevance: .1, Instructions: 79COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a7068e4f60d9d59c4343a9f112946b29f5f83f5db5bc724e9c408e4038bed551
                        • Instruction ID: 8732d1fd5d20aec0daa370d3e9d272dd21fbd31f591dcda53ec376b252922047
                        • Opcode Fuzzy Hash: a7068e4f60d9d59c4343a9f112946b29f5f83f5db5bc724e9c408e4038bed551
                        • Instruction Fuzzy Hash: 5F21BD76E04218DBCB1CAA64D8047BEB7E6AB88319F14447AE446E7344DB35BC4ACB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DDE30 Relevance: .1, Instructions: 77COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 29d38f1b14d894fc699691208ad6c5eb5b344cfc7cabb9fb1d8a6c5de8e9a44c
                        • Instruction ID: c64c83c665397ba1b7b309a10d9e9ebbcacbc9a0811a106a27491099ebee8e0c
                        • Opcode Fuzzy Hash: 29d38f1b14d894fc699691208ad6c5eb5b344cfc7cabb9fb1d8a6c5de8e9a44c
                        • Instruction Fuzzy Hash: 8A213DB3D0811C9BC72C7775A49457AFB919B51208F54C9EBD01E8EA01D726C487C7D2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D86A6 Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 230f2fa813243dbb5b499e5c0ce35b74683dc325f961b88b85ac9c0860382114
                        • Instruction ID: 2ae3dc7c2eaec2924837135ee9f31b3f437606a82c880e2a928a13876972de0a
                        • Opcode Fuzzy Hash: 230f2fa813243dbb5b499e5c0ce35b74683dc325f961b88b85ac9c0860382114
                        • Instruction Fuzzy Hash: F4313A70D00209CFDB20DF66D44875EBBE2FF85309F1485A9C015AB258DB78988ACF81
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D25DE Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 95f22ba3d8821781298d5500246ffacb788fa28869de5996933bf05d3946f96b
                        • Instruction ID: 1e1cd986effc04cdc44c3c6554c3a3af5419fc0c0c0ef6fc59a57bd4dc99909f
                        • Opcode Fuzzy Hash: 95f22ba3d8821781298d5500246ffacb788fa28869de5996933bf05d3946f96b
                        • Instruction Fuzzy Hash: 39317A70E04249CBDB20DF65D86475EBBE2FF84308F24C169C814AB266DF78998ACF41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D6F08 Relevance: .1, Instructions: 74COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0938c5763e65ec413a130dfb88653e53bd70b37122774b277ab9f84ce9fc1c60
                        • Instruction ID: 5da9c1f66767b68c140679d2fb2a7475b3ece5c7870b46adec7e06a385080ad6
                        • Opcode Fuzzy Hash: 0938c5763e65ec413a130dfb88653e53bd70b37122774b277ab9f84ce9fc1c60
                        • Instruction Fuzzy Hash: E321C235B041185BCB08B7BAE860A6F77E79FC5304B50057ED407DB652DA758C068751
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D21E8 Relevance: .1, Instructions: 73COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 04af5a41727ec333e1adca8b3728ac1cbf5843810852a3c114365983f1e88e9e
                        • Instruction ID: 60fcfa8ee56ec2d171718e50bce399006e1464db384594c599d6272e4cf1edd9
                        • Opcode Fuzzy Hash: 04af5a41727ec333e1adca8b3728ac1cbf5843810852a3c114365983f1e88e9e
                        • Instruction Fuzzy Hash: A2310C70D0820DDFCB48DBA4C4A57BEBBB1FB45304F10416AE802977A2DB359A46CB52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D48B8 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 89378457071a09497cdd06f69c0edba6fd885c8db81c16fbeedb7ce8536e6ae1
                        • Instruction ID: 0743a9f015708b4640c6764c650cf2f647b1b8a07d8f8f48476b5571fd316da1
                        • Opcode Fuzzy Hash: 89378457071a09497cdd06f69c0edba6fd885c8db81c16fbeedb7ce8536e6ae1
                        • Instruction Fuzzy Hash: F7112632F0815D9B8B08DB79C8514EE77BAAFC5228B044439E506BB282DE341E07C3A1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DA960 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c90560201becb85ff6eebeb2c7722cf983cbdc013404ec44e9e3005b9a2b195e
                        • Instruction ID: f92f312dd56c24ba04c5e6a43a02994ae089701af63d93a39bf1883254563c1d
                        • Opcode Fuzzy Hash: c90560201becb85ff6eebeb2c7722cf983cbdc013404ec44e9e3005b9a2b195e
                        • Instruction Fuzzy Hash: 9F2193B2E046699BCB04DFA9D8944AEFBF2FB8D314B144529E499E3350D3349D01CBD4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D4F10 Relevance: .1, Instructions: 71COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 99e8b4f44af7403112fb693d710b96e4f3492fb188270116db7779b65b8051a9
                        • Instruction ID: debfd7c4f7860607ef59328fbe231b61c24dc98b31c4c60bf3b788b8dc029704
                        • Opcode Fuzzy Hash: 99e8b4f44af7403112fb693d710b96e4f3492fb188270116db7779b65b8051a9
                        • Instruction Fuzzy Hash: 2221A235A1924D8BC318F775E895AB93392EBC4345710892AE0064B66EDF34AC07C792
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D6F18 Relevance: .1, Instructions: 70COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a1ed9a9cf2b77a7e6d7434787ab5d1b5fe81d21f3256c28cce99424c535bf028
                        • Instruction ID: f997d57387745da76e1f37a39e8c85e81be6cbd689dda2eeb34bbf8e212704b9
                        • Opcode Fuzzy Hash: a1ed9a9cf2b77a7e6d7434787ab5d1b5fe81d21f3256c28cce99424c535bf028
                        • Instruction Fuzzy Hash: E711B131B000185BCB08BBBAE860A6FB6EB9FC9304B50453ED407DB751DD758C0687A1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DE080 Relevance: .1, Instructions: 70COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b5624a0f53cb4111a14154fe8dfc88f832fef068cbbf987418edf49b56f48074
                        • Instruction ID: b914c5a0f4ecfa85dc86dafb9b457fd8f0bb0fbb1d113b6ac99c3fdf4f410c15
                        • Opcode Fuzzy Hash: b5624a0f53cb4111a14154fe8dfc88f832fef068cbbf987418edf49b56f48074
                        • Instruction Fuzzy Hash: 3311B730F042589BCB28AA74DC42AAF76F1EB88704F504479E802DF381DB729912C7D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DDB80 Relevance: .1, Instructions: 68COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 992ddb56e90e29944051b5858f8f21342549273852c6d0ffee06cd9e3ee7a6ee
                        • Instruction ID: af29278d5e83415aa316d787d72efff2d69b714a0aebf69c104d42c3cfb9be0a
                        • Opcode Fuzzy Hash: 992ddb56e90e29944051b5858f8f21342549273852c6d0ffee06cd9e3ee7a6ee
                        • Instruction Fuzzy Hash: 5B214F76E0411CDF8B58EF68C551ABEB7F5EB48218B1184AAD406D7740D731AD02CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D5000 Relevance: .1, Instructions: 67COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b9e207af52ade36ac1a360f95be18a1fef4908a14dd5ab4eba74bce6cbe6b421
                        • Instruction ID: cfd0329fa137277795eeffeaa81205a10c0f396b48c8f5320a89d23e09564f38
                        • Opcode Fuzzy Hash: b9e207af52ade36ac1a360f95be18a1fef4908a14dd5ab4eba74bce6cbe6b421
                        • Instruction Fuzzy Hash: 7B117F35E002588F8B48FBB898507AE77E1EB84754BD58579C806D7746EF309903CBE6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D4510 Relevance: .1, Instructions: 66COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9e49857988a70325a4e1a6f09f5d1397517c53119e22c954a720df088942c9db
                        • Instruction ID: 89265dbdb4f69da38fa505f92d93ac749db3b4bcde360ea820e6ab54a1ed0fd3
                        • Opcode Fuzzy Hash: 9e49857988a70325a4e1a6f09f5d1397517c53119e22c954a720df088942c9db
                        • Instruction Fuzzy Hash: 2C11A076E085188BCF08DA68A4102FFB7A79FC6311F05417EAD06A7391DEB19C06CBD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D6571 Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f7aa3dec8ffd51a156eacaf4dc0ba1380a9af1efcae975d56d20ee30834ce9a9
                        • Instruction ID: 49c605fac0d4606955530eba00710a486a298bd8ac2fa69af78d4939189c4dd8
                        • Opcode Fuzzy Hash: f7aa3dec8ffd51a156eacaf4dc0ba1380a9af1efcae975d56d20ee30834ce9a9
                        • Instruction Fuzzy Hash: F0110D75E001088FCF00EF79E8507AEBBA1EB84658F20016AC61597282EB314946CBD2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DDB71 Relevance: .1, Instructions: 61COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 17241b373fe13b887bb0fd0cf29032c00d1e097aa62ef1717e699f50b6e1255f
                        • Instruction ID: a148c5f0c4f27e44df2cc1adbb4004ae445263717ea3b24a237c30b2f2d4a6be
                        • Opcode Fuzzy Hash: 17241b373fe13b887bb0fd0cf29032c00d1e097aa62ef1717e699f50b6e1255f
                        • Instruction Fuzzy Hash: 25112176D0410DDFCB58EF58C981ABAB7F9EB48314F1184AAD405E3241D331AD46CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DBEC0 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7ca4adeb1cfdc7498ed2ca9272aa7a0ce9ea9ae584490a071b4338da59e3b50c
                        • Instruction ID: 6678d9ed859ec20e19bc512d4f38c1fb332257fda597eb64835a44ebd4d5e010
                        • Opcode Fuzzy Hash: 7ca4adeb1cfdc7498ed2ca9272aa7a0ce9ea9ae584490a071b4338da59e3b50c
                        • Instruction Fuzzy Hash: 1D110A35710220AFD305A734D84572E37A7EBC5306F0544A4F446D7398CF349C02CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DD288 Relevance: .1, Instructions: 55COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 59ce57d85a76755be57667652ebed60bf1105c685616d606dfd61646620b988c
                        • Instruction ID: 5fde6af6bf1836c469598f0ea031098b9d7fa10a8bf9ba0d650a5af7f8e64c6c
                        • Opcode Fuzzy Hash: 59ce57d85a76755be57667652ebed60bf1105c685616d606dfd61646620b988c
                        • Instruction Fuzzy Hash: 5601F572B002245BCB143BB9981862F7ADAEB89625B64087DE40AD7741DD358C02C3A2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D7EC0 Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4945f35fef16e6defb6a105f5090bcb7b09b2dde8e90eb28aa6e5350e56051b2
                        • Instruction ID: 2cac0b3c90e53bc5c38b430696637d643e783e9414c53ba267b6248d8b2e0130
                        • Opcode Fuzzy Hash: 4945f35fef16e6defb6a105f5090bcb7b09b2dde8e90eb28aa6e5350e56051b2
                        • Instruction Fuzzy Hash: BA11C236D08148DFDB26DB68D804AEEFBF1EF48300F5445AAD502A72A1D7715D4ACBA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B3A70C Relevance: .1, Instructions: 52COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523226213.0000000000B32000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B32000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b32000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9bca59e9d8a3e25c4027625b38fed206025efabb794e5dd73ccd3c2b1da03d23
                        • Instruction ID: 37fc466ca913d9076431a58fda42727f0b829fe500f64b6c6b790e5f356db4cc
                        • Opcode Fuzzy Hash: 9bca59e9d8a3e25c4027625b38fed206025efabb794e5dd73ccd3c2b1da03d23
                        • Instruction Fuzzy Hash: BB11FAB5508305AFD350CF09DC80E57FBE8EB88660F14886EF99897311D371E9188FA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D4FF0 Relevance: .1, Instructions: 52COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: deef745fafbbfbd23556fa40126b3cd2ebb69f18789de4b4604a1bcb8c34e69e
                        • Instruction ID: 5c02d3e61e7529d0bb4f4c5c23eeb3620b1887590c310f450a6cb134eac6dd7c
                        • Opcode Fuzzy Hash: deef745fafbbfbd23556fa40126b3cd2ebb69f18789de4b4604a1bcb8c34e69e
                        • Instruction Fuzzy Hash: D201D635E102488BCB44EAB8A8507FE77E1EB84740BC4456AD406D3742EB304903CBD2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D2390 Relevance: .1, Instructions: 51COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 018c6c6ff0131534665cf75252b00ad095f81931e6397574f419c56657fff6ed
                        • Instruction ID: 72e41fe095a573049785830c4eaa132ef9cbf7884def9659c7f7d0994a37d1e7
                        • Opcode Fuzzy Hash: 018c6c6ff0131534665cf75252b00ad095f81931e6397574f419c56657fff6ed
                        • Instruction Fuzzy Hash: 92115A70D0829DCFDB289F65D960AAEBBB1EB88304F10406ED906E7382DB701847CF51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D11DF Relevance: .1, Instructions: 51COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2056897780a7f6a58165950621c913b83e7089645dc4793b84b3440035b3b0c7
                        • Instruction ID: 95f5fdeb3184c4e794abe8f5048a08deafab6ff0cf0577c73d5d5a78bd218b43
                        • Opcode Fuzzy Hash: 2056897780a7f6a58165950621c913b83e7089645dc4793b84b3440035b3b0c7
                        • Instruction Fuzzy Hash: 61116530B09194CFC7099728D4A8A697FF5AF8720471540EBE046CB6B7CBA65C4ACB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DD298 Relevance: .0, Instructions: 50COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7103d4cc99abd6b6605e64647890ca1fbaa887cc4bc007dc09ecfa64d3afdeff
                        • Instruction ID: cba08372e6c61e3e22c3afac0979c1c09a040ebadcc6aa280333138445e81d29
                        • Opcode Fuzzy Hash: 7103d4cc99abd6b6605e64647890ca1fbaa887cc4bc007dc09ecfa64d3afdeff
                        • Instruction Fuzzy Hash: 3301A272B002289FCB183BB9A81466F76DBEBC9665750483EE40AD7745DE358C0287A2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DDFF8 Relevance: .0, Instructions: 50COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 41d88a626eb3ebe50b0eb72a267963b8f59a44949850498832de1e12c5b3bf22
                        • Instruction ID: 04cc1ebe5d754c984e56a7acbdc3d9e763b10684c267142116ea60e1605ab41f
                        • Opcode Fuzzy Hash: 41d88a626eb3ebe50b0eb72a267963b8f59a44949850498832de1e12c5b3bf22
                        • Instruction Fuzzy Hash: C701DE31E0818C8BDB189A54C940BBEBBF69B88214F94406EC816AF340CB776D26CBD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D7D18 Relevance: .0, Instructions: 50COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4159253b47906fe2f3e5ce1ee82feff20524d473abe220e7a9dd05ed03dc23a8
                        • Instruction ID: b7b08d8f20364e2154e2bfbdf84dac8bd36f67ba47be11848c4ec18e69d4a884
                        • Opcode Fuzzy Hash: 4159253b47906fe2f3e5ce1ee82feff20524d473abe220e7a9dd05ed03dc23a8
                        • Instruction Fuzzy Hash: A6015231E0410C9BDB1A9B54D4557BEFBB2DB85218F14446EC416A77C0CB716D06CBD2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D4788 Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5ceb281fc1c2ed3c0a4f16b93b8550e3e46918d826f6eef052bfffed79723c8f
                        • Instruction ID: f43f76c17d4b12c896058a31898e223f6a1545507b62a7fc9148bc1b9dba9896
                        • Opcode Fuzzy Hash: 5ceb281fc1c2ed3c0a4f16b93b8550e3e46918d826f6eef052bfffed79723c8f
                        • Instruction Fuzzy Hash: 88018075F051188FCB54EB7C94556EE7BE29B99244F204839D00AE7281EB384902C791
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D7D08 Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0dd4ef4d3902ca240cdf66719af0e1685c5d73d22a1735489edd4864fee4a7ed
                        • Instruction ID: 30dfb3f90da69d49889fbca173617e2c5c552b531c7c0353a1cbd3f150a3804d
                        • Opcode Fuzzy Hash: 0dd4ef4d3902ca240cdf66719af0e1685c5d73d22a1735489edd4864fee4a7ed
                        • Instruction Fuzzy Hash: AE019271E0954C8BD71EDB14C4947BEFBB29B85208F14446DC01AAB3D1DB619D03CBD2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D11FB Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 44ce1103874752fd694de19aca617bede02f06a3f7ef828c7a05cbb3ed83f1b4
                        • Instruction ID: 7a539142f5fa3bdf88a340b9900874bf5558a613d13d93a1d185674ac3623fc5
                        • Opcode Fuzzy Hash: 44ce1103874752fd694de19aca617bede02f06a3f7ef828c7a05cbb3ed83f1b4
                        • Instruction Fuzzy Hash: 021165307092948FC7099738D4A8A697FF5AF8720471540EBE046CF6B6CBA64C4ACB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D05BA Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 287d4bf6d046e5a04ea0a726725af580ad6daa2691a710fa915d2a4d80579048
                        • Instruction ID: 8c12455e4c5671a1b90bf2f8af47d810b526a8749aff94506f3e8186e3ad0264
                        • Opcode Fuzzy Hash: 287d4bf6d046e5a04ea0a726725af580ad6daa2691a710fa915d2a4d80579048
                        • Instruction Fuzzy Hash: 2AF0A4617441282BC608737D58152AF72CB8BC568CF65046EE10AEB3C6DE798C0343DA
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DDFE8 Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f8b1f7f1de54f2c4540650bfcd877f8589f7f9ca1e4748dff9457acf64a1a773
                        • Instruction ID: 8ce0aa1fc1c4e5914cacc0aa51eda82e3b028faaeb83d2115a91a9feb2b77233
                        • Opcode Fuzzy Hash: f8b1f7f1de54f2c4540650bfcd877f8589f7f9ca1e4748dff9457acf64a1a773
                        • Instruction Fuzzy Hash: E7017131E081898BDB19DA10C595BBE7BF29B48604F98445EC816AF341CF779D17CBD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DA380 Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 514ae997951585d2514ac3364a7e50d9cea29b3ccbca073f2dca7077aa423e73
                        • Instruction ID: 122451c83db3833ae50afd9aafb615adde1c3aad7fffdc4de475a4dfc61c6b9a
                        • Opcode Fuzzy Hash: 514ae997951585d2514ac3364a7e50d9cea29b3ccbca073f2dca7077aa423e73
                        • Instruction Fuzzy Hash: 08017171E002099FCB50EBB9A8457AEBBF4EB44314F10417ADA14D3240EB3059458BE1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D05C8 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2e9cd3154016b1ba077695ff8c16d9d44999b7083f1f6089cec768ef8aeca407
                        • Instruction ID: c98b9816c3fe1077c3312730fe2f1cdc856c1d950b0826d50518eb987954f7b3
                        • Opcode Fuzzy Hash: 2e9cd3154016b1ba077695ff8c16d9d44999b7083f1f6089cec768ef8aeca407
                        • Instruction Fuzzy Hash: 08F0B421750028278608737D98156BF72CF8BC9ACCB65486EE10AEB386CF75CC0353D6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D6580 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 047b7c1b995a023beac24fd64629ef2faeab4ed3d36ed4f447de073504e9e047
                        • Instruction ID: 62aec022bd94aa4230a13439d0394de929c1410be4f893d39c93dfaf8a9997c1
                        • Opcode Fuzzy Hash: 047b7c1b995a023beac24fd64629ef2faeab4ed3d36ed4f447de073504e9e047
                        • Instruction Fuzzy Hash: 2D014F71E001089FDB50EB79E8417EEBBF4EB84364F10417AD508D7285EB315956CBD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DBEB1 Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b7e830908375f0f032edb796b9e633fc58ab29b1be3ea7382923b3c63c6764f3
                        • Instruction ID: 8bd150680739781deb17f49b4247c7b0b85d4041c3d6993e31f2030796048323
                        • Opcode Fuzzy Hash: b7e830908375f0f032edb796b9e633fc58ab29b1be3ea7382923b3c63c6764f3
                        • Instruction Fuzzy Hash: 2301F735700220AFC306AB38E88532D37A2FB8931AF0545E4F446C77E9CB348C42CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D4710 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4fc420300232126f8fad0c693e10d4d15dc43f39d70844bedb2c2eb25d7dee3e
                        • Instruction ID: ca9c714f00d92d20ee2d4f4114dc0eca99459f7f70015896c346dcdc44f9df5f
                        • Opcode Fuzzy Hash: 4fc420300232126f8fad0c693e10d4d15dc43f39d70844bedb2c2eb25d7dee3e
                        • Instruction Fuzzy Hash: 73F02B327002144BCB2822B5641477E32DB87C6794F84003EF509C7781DD35DC439361
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D9CEF Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fa8fa5caedd54a992beec89dfeb0853e96b22e418caba19d7b1b0c8ff583df04
                        • Instruction ID: e880105b50f4f5c5cc542ae8c07161830f67c37f2b1a77b07b76de407f0a9a7b
                        • Opcode Fuzzy Hash: fa8fa5caedd54a992beec89dfeb0853e96b22e418caba19d7b1b0c8ff583df04
                        • Instruction Fuzzy Hash: 30F04621B0E2544BC708537C98902BD77875BC22743A447AAA429CF3D9CE185C0B8363
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DA4F0 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 667e2346eefbe38cd7b6dbcfec99200c8bb62e751d5fc2087e42ba9f7bff4f62
                        • Instruction ID: 0f3dd09a388129a1d733da913d39b51e8d29034113e97752567022ba6923ce48
                        • Opcode Fuzzy Hash: 667e2346eefbe38cd7b6dbcfec99200c8bb62e751d5fc2087e42ba9f7bff4f62
                        • Instruction Fuzzy Hash: 9001A231604244DFC609AB74E81A55A77E6DB8931530844F9E00ACB769EF35DC0BC791
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D1218 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2116c5feb08804533b05f36d3f618c2fcb95a49f9052b481a4dedad60e0e5c27
                        • Instruction ID: 345957733dfb9d36a8b3a708f942ca49f02905cfe3817a741bee3d71705253a8
                        • Opcode Fuzzy Hash: 2116c5feb08804533b05f36d3f618c2fcb95a49f9052b481a4dedad60e0e5c27
                        • Instruction Fuzzy Hash: 58013630714014CBC708A728D498A6977EAEFC671471440EBE40ACB775CFB69C4ACB81
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DA373 Relevance: .0, Instructions: 41COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 265d9322628fb535deb61c645700a437baf01b96ac47715855ad2dd4d574fea6
                        • Instruction ID: 38c79f19d495bd78c5d5fbae1ddc945f7ca852be0fa903ce8dadd4da52a59cb4
                        • Opcode Fuzzy Hash: 265d9322628fb535deb61c645700a437baf01b96ac47715855ad2dd4d574fea6
                        • Instruction Fuzzy Hash: F9018F71E042099FDB50EFB8A849BAEBBF1EB84314F1085AAE544D7284EB345945CBD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D6FE8 Relevance: .0, Instructions: 40COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8db0b28f66eef3a827519a37a24ff86e92f7c2a7ab9fb96b950f2f2cfb140bdb
                        • Instruction ID: 6dae37094c7ba3f9367ef5f9b50b6a56fefe85ed68a7cbc847be352a43a6b2dc
                        • Opcode Fuzzy Hash: 8db0b28f66eef3a827519a37a24ff86e92f7c2a7ab9fb96b950f2f2cfb140bdb
                        • Instruction Fuzzy Hash: 45F0F6A170C19446CA08677C6C517BEBA875BC52A8FE40A6AA52ECF3C9CF194C0A8357
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D6FF8 Relevance: .0, Instructions: 40COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9b6df9342370df66016e99f9faaced60a61dd85f78f5a5ada1d5b8dca5274ae4
                        • Instruction ID: 5772cd0de005b196f49c0247a14e1bb82817ff9d60b714a9691a4492d3f99e6f
                        • Opcode Fuzzy Hash: 9b6df9342370df66016e99f9faaced60a61dd85f78f5a5ada1d5b8dca5274ae4
                        • Instruction Fuzzy Hash: 0CF0B4B1708154538508677D6C41A7FB68B5BC52B47E04669A52DCF3C8CE159C0A42A7
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DE121 Relevance: .0, Instructions: 40COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7f51e7b21312ced988bf7b0585bafee66e1dd6e3438278dcbc229946c57e1d57
                        • Instruction ID: c8b2cbf27f10eba635ad71c6d4c600cc779831dfd6bc338f96086d6fb2fd2e2d
                        • Opcode Fuzzy Hash: 7f51e7b21312ced988bf7b0585bafee66e1dd6e3438278dcbc229946c57e1d57
                        • Instruction Fuzzy Hash: 39F08134B002189BDB14FBB4EC92BDE73A1EB84708F208969E5059B289DB759D0687D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D9C81 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4b257da844c17a5d305322efacf37a3b5dbf06415ff359612ae2a859658671a9
                        • Instruction ID: 100e9cfc688f1138c246c42960990bda1faaff20234b9d2b41e8a82e735f4da1
                        • Opcode Fuzzy Hash: 4b257da844c17a5d305322efacf37a3b5dbf06415ff359612ae2a859658671a9
                        • Instruction Fuzzy Hash: 6EF0C232609280DFC3155768A4115EA3BF2EBC221931845EEE04ECB792DA669C0BC792
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D9D01 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ba916aab27f01e97423ae03ddecb53fd6d5a66d8af554c9300a9f3d8646905b3
                        • Instruction ID: fbc25b75fbf94c1b14fa379a72e586037e927671263cbd70905a922e88f05663
                        • Opcode Fuzzy Hash: ba916aab27f01e97423ae03ddecb53fd6d5a66d8af554c9300a9f3d8646905b3
                        • Instruction Fuzzy Hash: C8F0E97170911853C648677C98416BE718B9BC63B47E04779B52DCF3D8CE149C0A83A3
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DA500 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 52af0e1ab2002ca9a62ba8f9ce5b46f7b31f5fa19d48f3b6a004df81cf81864e
                        • Instruction ID: 55a607fba94af1deec2210d131850b4bba58af4a0d8fa6eff4b6a3e97ecb7387
                        • Opcode Fuzzy Hash: 52af0e1ab2002ca9a62ba8f9ce5b46f7b31f5fa19d48f3b6a004df81cf81864e
                        • Instruction Fuzzy Hash: 61F0AF31604205DBCA08FBB5E4495AA73E6EB8831530484B8E00ACB768EF359C078B91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D5FC0 Relevance: .0, Instructions: 38COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b2567ac2e26db3af70931c4f56a42249e7321ee4f3a9de0ee6b59239c888d00d
                        • Instruction ID: 6e67f4270fe71c366427cd5f8414f7e8e0a761bfc5768763304720e7e4328e24
                        • Opcode Fuzzy Hash: b2567ac2e26db3af70931c4f56a42249e7321ee4f3a9de0ee6b59239c888d00d
                        • Instruction Fuzzy Hash: FDF0B430F0815D974B18A239E8102BF73A99785658F800466C907D7242EF355903C6E2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D5FB0 Relevance: .0, Instructions: 38COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 694a7c4a459a74e107c3ccd8d37a714ad128c66de4716baadcd4b9006e596940
                        • Instruction ID: 5115564e671df8153bca55357544759318d5e92417155ac3d504320b124ce15d
                        • Opcode Fuzzy Hash: 694a7c4a459a74e107c3ccd8d37a714ad128c66de4716baadcd4b9006e596940
                        • Instruction Fuzzy Hash: 7EF02B31E081489BDB145639FC102AEB7A8D785254F40046BD906D3282EB245942C7D2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D5B88 Relevance: .0, Instructions: 38COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 074094acfa5c0acce68d4e9530ac213e4880b96c4eecdbb7d0fd1f3224d8c979
                        • Instruction ID: f2838ca8eed0be955e038b3a245cd8681e82e64453d02509e07f27b50fd5bc82
                        • Opcode Fuzzy Hash: 074094acfa5c0acce68d4e9530ac213e4880b96c4eecdbb7d0fd1f3224d8c979
                        • Instruction Fuzzy Hash: 0EF05975F0D10C5FEB1456784C316AEBBA5D7D5654F8400BBC907E7382EA205906C3C2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D9057 Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 33c269a82c5c8e48bb24a553b3e0d871cce276f0c87cd9503b3d811dbba1f41b
                        • Instruction ID: f1f63b64b498f28e14350990091224abd78a9fa118b8ec21c0624a1ec9059830
                        • Opcode Fuzzy Hash: 33c269a82c5c8e48bb24a553b3e0d871cce276f0c87cd9503b3d811dbba1f41b
                        • Instruction Fuzzy Hash: CEF0F630F00008A7DF009BB5E4486DFBBF5EF81348F508869D904D7215EB319817CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DDF87 Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2ed71754849e03aacc1cc13b4897871ea2aca85d7f3d5620702440b4c526a113
                        • Instruction ID: cda145d546894fe7b35ed4ab87290cd401b0afdffce3f28c9e29a770f6064e88
                        • Opcode Fuzzy Hash: 2ed71754849e03aacc1cc13b4897871ea2aca85d7f3d5620702440b4c526a113
                        • Instruction Fuzzy Hash: 07F0A723E0835C56EB39315D5C89BA7B9489B85315F09157AE88AD7382D6589841C2E2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D5F60 Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 39561cfc5463251e4cbcf4100c9ca8ccf217d115e46be7dd4c9d001dc7a102ce
                        • Instruction ID: 99da08d1faa55f1aa0e88099646141bf4956fcf38e2c209c42b086361b430be0
                        • Opcode Fuzzy Hash: 39561cfc5463251e4cbcf4100c9ca8ccf217d115e46be7dd4c9d001dc7a102ce
                        • Instruction Fuzzy Hash: A8F024B2E0D45C8FEB145AA4A8057ECBB60DB80211F90006BE6078F691CBA40841CFC3
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DBF7A Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2292a4e502ce5e109f5202853c577b5c4e29d9c6ea01790effe5e51ddbf9b26b
                        • Instruction ID: ecb255a46be8c9e8637919e1b5d8e722f2fd65f689ea3f5aec5b91a5d8991f74
                        • Opcode Fuzzy Hash: 2292a4e502ce5e109f5202853c577b5c4e29d9c6ea01790effe5e51ddbf9b26b
                        • Instruction Fuzzy Hash: 7FF059366002108BC320B37DB84A2667BDAEBCA255709046FF5AAC3713CD358C08CBA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D7DA1 Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 64f46382a6f6845ed7ebec4647428ad00e7c7402cc4868983a3c51e8a42fa862
                        • Instruction ID: 4136b0272ea17565c5468e255720844bdbd63b116a021f46562388235304cbe7
                        • Opcode Fuzzy Hash: 64f46382a6f6845ed7ebec4647428ad00e7c7402cc4868983a3c51e8a42fa862
                        • Instruction Fuzzy Hash: 2EF09A75E0820CCFC70ACAA598859BFFBB1EBE8210B24456AD112872D2D6209906CF96
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DD6D0 Relevance: .0, Instructions: 34COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 66b3ad695ef5e53a271962d64504358fab7bd1ef0c1abe5ed1ec0db40405e07e
                        • Instruction ID: 7eeea01540f2bac0251d76e4ccb8d47b08fa4e3ce0284e6093cfe28e0008aaff
                        • Opcode Fuzzy Hash: 66b3ad695ef5e53a271962d64504358fab7bd1ef0c1abe5ed1ec0db40405e07e
                        • Instruction Fuzzy Hash: 2AF0E9375005545BD314A728D8526AEB7E5CFC166075044AEE4DA9B740EB61ED0287D0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D0918 Relevance: .0, Instructions: 33COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f9d6eb0dfb84360539a3f9251afb3691d4a66416daae9404c5dd5fc8fe772823
                        • Instruction ID: efd2447db48c83d7fd371c7720423a4a8e26e8f93ebaa13cdcbe30a0a8f44234
                        • Opcode Fuzzy Hash: f9d6eb0dfb84360539a3f9251afb3691d4a66416daae9404c5dd5fc8fe772823
                        • Instruction Fuzzy Hash: 2AE02B32F1921CAB9B1456F49C051AFB7A9879A3A4F0048379D0BEB300DE744807C2D2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D45B8 Relevance: .0, Instructions: 33COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7f978a16e591819aef8923851e1a2fc765d190d0527bd0ed07dc91887c288520
                        • Instruction ID: 409a5a3071699ac211c8915d6c6fa11b0d200e4bc9a0ab868add0691157a32a9
                        • Opcode Fuzzy Hash: 7f978a16e591819aef8923851e1a2fc765d190d0527bd0ed07dc91887c288520
                        • Instruction Fuzzy Hash: 99F0EC71F4121D6FDB10D6E99C06BABFBFCEB85310F20003AE60CE3241E630590483A1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D46A7 Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b628e99774250d0415aca6c4fe564ca719398e0b70a1afd3b5ae52061548ddc5
                        • Instruction ID: 580bab8ddf0595fe89df5afb372b3d7330a0f6b38743cede15c8ad3678ea7eb7
                        • Opcode Fuzzy Hash: b628e99774250d0415aca6c4fe564ca719398e0b70a1afd3b5ae52061548ddc5
                        • Instruction Fuzzy Hash: 3CE02B357000545BCB1427F874247FE77D98F91218F20006AF40BC73A2DE198C034382
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D0908 Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b9cc68b61d8d05053b8fa04c8079d5f857a5f8804044faf3a09dd37ac5b6733c
                        • Instruction ID: f5d7bf56d233df8437db87bf80a82b44db3c439b633047a839db112628ba1953
                        • Opcode Fuzzy Hash: b9cc68b61d8d05053b8fa04c8079d5f857a5f8804044faf3a09dd37ac5b6733c
                        • Instruction Fuzzy Hash: 80F0EC30E1D25C5FD71856B04C1576F7BA94757340F45146B9D079F342DDA45807C392
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DDF09 Relevance: .0, Instructions: 30COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 860c99fbb2f912a38c43669d3188448c3fcce472910c9fd2731ed30c15fd7544
                        • Instruction ID: 41990402aa0212d1614d48a9cc9c766edd7fd8acd7f8285abb176dde9e70e1ac
                        • Opcode Fuzzy Hash: 860c99fbb2f912a38c43669d3188448c3fcce472910c9fd2731ed30c15fd7544
                        • Instruction Fuzzy Hash: 9AE022332102145BD214E268D41276E73C9CBC0624B50847EE45FCB300EF62DD0783D5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D9C98 Relevance: .0, Instructions: 30COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 61d99856a4481263e39106d289b3468606508aa90d1edf2ca88f792d778a3efa
                        • Instruction ID: c9aedb1f689f58ead883efec243b7c48cce531ce29e210ca176097289c58b4c4
                        • Opcode Fuzzy Hash: 61d99856a4481263e39106d289b3468606508aa90d1edf2ca88f792d778a3efa
                        • Instruction Fuzzy Hash: 79F0A031300104DB8348A769B0125AA77E6EBC532935485BDE10EDB381CF32EC07C782
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D6E9F Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a011d2db83d0a680810cbae257684cad2f0d66ca2d836aa9b9bf8fc54003df49
                        • Instruction ID: b8c23939ec41e08f853d5dd4d2ff8a975ee395d6df860e83f22ef15e9f26e55f
                        • Opcode Fuzzy Hash: a011d2db83d0a680810cbae257684cad2f0d66ca2d836aa9b9bf8fc54003df49
                        • Instruction Fuzzy Hash: EBF06535B450144BCF14F7B9A8343AD77929FC4A15F915038C916D7792DF608C058BD6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D4701 Relevance: .0, Instructions: 28COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2d9dedb91af3ce5f5728c6becb63496bb8e9f5164434e005fe7d70078bdf7507
                        • Instruction ID: 686549bc27bba9c58aa8fd3b6c1615bd9cbf748b91df1e3d696c5c32ada18f00
                        • Opcode Fuzzy Hash: 2d9dedb91af3ce5f5728c6becb63496bb8e9f5164434e005fe7d70078bdf7507
                        • Instruction Fuzzy Hash: 61E06F36B081884FC72A40A87824BBA33A287CB250F25003FE00ACB382DC204C038310
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D80A0 Relevance: .0, Instructions: 27COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a430c05fec78e012913faa52ace4150a2a4f5486b62e0b8fd66dc4ffe3ce0594
                        • Instruction ID: cb81996a7186d3f8fd80e4afe57f71b9915610859d1ad540a54b34afe5993c8a
                        • Opcode Fuzzy Hash: a430c05fec78e012913faa52ace4150a2a4f5486b62e0b8fd66dc4ffe3ce0594
                        • Instruction Fuzzy Hash: CDF012305182CEDBC704EB64E8C8ADA3B60FB54308B50C666B4158B61ED7B1690BCB82
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D75A0 Relevance: .0, Instructions: 27COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4852365ada9ac37d0084a7d1d8720dfce6099a2e7e76fa8ad320c139d361d54d
                        • Instruction ID: 8a3d049ccd85b120738c0e0fb3e7da92c10546da1ae2367b6a473b226019a016
                        • Opcode Fuzzy Hash: 4852365ada9ac37d0084a7d1d8720dfce6099a2e7e76fa8ad320c139d361d54d
                        • Instruction Fuzzy Hash: 06E02B106446A44BC72072FC242436E7AC70BCA580F8D04BFD0E6DBB83CD154C15839B
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B3A75B Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523226213.0000000000B32000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B32000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b32000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2d2fe3965b8900520a2533088225195b87daaa1351511b420c473c8c7d1f5022
                        • Instruction ID: c6a07f32c0ff69fa076288233bb89a7917c5abed4aed1bc505329ebd74b0269d
                        • Opcode Fuzzy Hash: 2d2fe3965b8900520a2533088225195b87daaa1351511b420c473c8c7d1f5022
                        • Instruction Fuzzy Hash: 09E020B25003046BD2508F069C81F63F798EB54A30F18C45BEE0C1B701E271B514CAF6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D8238 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e93638356b51658ceceb36b0b3ec06a4cdaa3cfe5ba0e8360115a45fdc39c881
                        • Instruction ID: 7532308c1829d4ad2fd18f03d8fd38eec0965f7e382d65b71a2a6d51e07e99a9
                        • Opcode Fuzzy Hash: e93638356b51658ceceb36b0b3ec06a4cdaa3cfe5ba0e8360115a45fdc39c881
                        • Instruction Fuzzy Hash: DAE09236F10128878B6537A8B82C75577E6E78E6A1314012AE906D3344CF318C438BD2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DD6E8 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5bb622c510ad49bccbf01109e9329d99cca49fe3f6fdb2bb01aade5624736bfc
                        • Instruction ID: 383339cba25f2bb0be9b81372642ed9b79221cb22ac2f9589c134b3d901ec57c
                        • Opcode Fuzzy Hash: 5bb622c510ad49bccbf01109e9329d99cca49fe3f6fdb2bb01aade5624736bfc
                        • Instruction Fuzzy Hash: C9E0DF3A2106145B4214E669E41186EB7EACBC16A436084AEE44FCB340EF62DC03C790
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DB718 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 80a03b41bd297a13732de4ee85c3db7d84f3a52535ebf1b3cd9145495db6636b
                        • Instruction ID: 01fa72a31a946a6b545e15ae3267ef5568e9f16a2acdf9ac85657a315a7af1cc
                        • Opcode Fuzzy Hash: 80a03b41bd297a13732de4ee85c3db7d84f3a52535ebf1b3cd9145495db6636b
                        • Instruction Fuzzy Hash: B9F01536600B049F8334CF5AD540C13F7FAEF896243118A6EE59A83A14C730F8048BA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DDF18 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 02e282a8e519b7cb88646d2f1d67038e36a0d216c1a4b88a8f930dd340fc2309
                        • Instruction ID: 4409ee8f342c19f4c4176f7f407c45dad863940f66e7f2dbf997d898a3d96699
                        • Opcode Fuzzy Hash: 02e282a8e519b7cb88646d2f1d67038e36a0d216c1a4b88a8f930dd340fc2309
                        • Instruction Fuzzy Hash: 19E026333106145B4314E6A8D41182AB7DACBC1624350847EE41FCB300EF62DC07C7D5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D822A Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 61079a4155f62fdb3467126d24e6e6653dd582cb874790cf760df407bd474f8c
                        • Instruction ID: c1b975505722211e60b0211aacf9124b3c3d36cdf2553d17dac06884174ba965
                        • Opcode Fuzzy Hash: 61079a4155f62fdb3467126d24e6e6653dd582cb874790cf760df407bd474f8c
                        • Instruction Fuzzy Hash: E6E0923AE055158BCB5627A4B86C3247BB1E78A792715016AE90283394DB318C03CBD2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DEA11 Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ec27ad5f2072e34c98ee63531d9aefa03dd7f581a0683279c386b72a82d5327d
                        • Instruction ID: b7918b0edc8c4ff2fc84cf5c2c7d1b77ef9f93fef272d5789135a872fe279727
                        • Opcode Fuzzy Hash: ec27ad5f2072e34c98ee63531d9aefa03dd7f581a0683279c386b72a82d5327d
                        • Instruction Fuzzy Hash: 70E08672B40E188FCA5037B8A85A35A738A9B85248BD8046AE0499F710EF39DC054B8B
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DAAB0 Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3b5d00232a5a3b38ca6ac0b8a793d841a89a07a5105ee96cda16f48aa4a697b7
                        • Instruction ID: 6511e543a3af6b6c6303e7005d255ef931e7346174b5032e865a600662738c25
                        • Opcode Fuzzy Hash: 3b5d00232a5a3b38ca6ac0b8a793d841a89a07a5105ee96cda16f48aa4a697b7
                        • Instruction Fuzzy Hash: 1BE0D873900B104BD3348F5AD802653F7EAFBC0715B0C8A3E9059C2704D7B0EA194691
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DE9C8 Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b7ecc48adb3038cdd3892267d7989caa038df652c8df2dab6641a1bc4517eb78
                        • Instruction ID: 497ba034bd9b0f1dba5c57fb82c7d2825e833ce02724a82fb089bb021387d895
                        • Opcode Fuzzy Hash: b7ecc48adb3038cdd3892267d7989caa038df652c8df2dab6641a1bc4517eb78
                        • Instruction Fuzzy Hash: FDE08C2234012427E604E26CDC62776738ACB8161AB2444ABE849DB381DD62DC0583D4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DD729 Relevance: .0, Instructions: 24COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 721f91d67d9ff76e00a01567cf8c70da5875ad2def7173b0a018fa844dc6011c
                        • Instruction ID: 25ce87d85470aae78d5a9bbfe6959c118eff295af041c380f6774e84c23c5b2c
                        • Opcode Fuzzy Hash: 721f91d67d9ff76e00a01567cf8c70da5875ad2def7173b0a018fa844dc6011c
                        • Instruction Fuzzy Hash: 53E0863380922CDBC7297A58C4407B7B3A8EB4D711F1044AAE4DB93100E625B902C7D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D80B0 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0e0801d7ae039cbf60f1e042ae0cebda74f9febf9bc239a7b3a591ea1468e06a
                        • Instruction ID: 82b45625bce2cfc4d407c9e7c586c601eaa8ae5f55a2956827c050c711077bc9
                        • Opcode Fuzzy Hash: 0e0801d7ae039cbf60f1e042ae0cebda74f9febf9bc239a7b3a591ea1468e06a
                        • Instruction Fuzzy Hash: E7E0ED715142CEDBC704EB64E8C89AA3BA5FB54308790C616B4118B62DE771690BCBD2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D5F70 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2efd92649cba017a841d94480badf1b110bab0a34b75028ee94c376fdff9d110
                        • Instruction ID: d1085460c78d97079735c5ab83497dee5622cdb6044fbecfc00801846e54e073
                        • Opcode Fuzzy Hash: 2efd92649cba017a841d94480badf1b110bab0a34b75028ee94c376fdff9d110
                        • Instruction Fuzzy Hash: 46D02B72A0C91D8BD70426E958016AD3A8DCB40151F940036F907CB780DFD94C408FD7
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DDF59 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 195d5ca7fdc0e84ca120557177eff875d581b08881158734103dc7191a967cd5
                        • Instruction ID: 8cab7a0aa590431b65876449614ece95e3a72de75c2b7aab46c71cf252bb0de0
                        • Opcode Fuzzy Hash: 195d5ca7fdc0e84ca120557177eff875d581b08881158734103dc7191a967cd5
                        • Instruction Fuzzy Hash: 73D05E73828208F7C3687A42D8466E37369EB01212B04056AE44B83710D661F803C7C6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DD738 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e110238ec9232aa47a655e31db1df4f933ecad53fe9a589a7a4814f93d966c2b
                        • Instruction ID: c739bdf595462baf18c2225e0237283e4401c4c6c2127d3207b095ed1b649a3c
                        • Opcode Fuzzy Hash: e110238ec9232aa47a655e31db1df4f933ecad53fe9a589a7a4814f93d966c2b
                        • Instruction Fuzzy Hash: A2D05E3390822CDBC66D769594009B3B3A8E78DA12B0044EAE44B82100E62AA803C3D2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D5788 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 11e58c8853425a891b07663f876fff6ee8098b6c9e85a5a7218d272e248d1747
                        • Instruction ID: a21b1e67fd666ad64a52d5e1e1a6e7100aa0910c71dd87632b95bc7d60c03eb8
                        • Opcode Fuzzy Hash: 11e58c8853425a891b07663f876fff6ee8098b6c9e85a5a7218d272e248d1747
                        • Instruction Fuzzy Hash: 61D05B15F1A5559BCF2962B814707BD3B8707C1616BD505BED00B4B7DADD554C0243C5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D7120 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8d0e85b7c0d4771ec60a72f8edc39b700880bcb8a153f51264adbc78f7124af1
                        • Instruction ID: a035311d93c812d2802616b62381ee652035f49cde857126679420322d6db5ef
                        • Opcode Fuzzy Hash: 8d0e85b7c0d4771ec60a72f8edc39b700880bcb8a153f51264adbc78f7124af1
                        • Instruction Fuzzy Hash: 38D0C2308083588BC33B4634DC047A2F6D96B0930CF0C075ED04205904C661A185E393
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DE9D8 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4023bf967a543efaac99097534a1cd6b001708285774c84ee3dfa10464808eea
                        • Instruction ID: 2d3aa9139bfb48ed9647930d8bfac8669f9307d3f33c38c203f5220f7197c2cf
                        • Opcode Fuzzy Hash: 4023bf967a543efaac99097534a1cd6b001708285774c84ee3dfa10464808eea
                        • Instruction Fuzzy Hash: 30D0A726340124276608E6BDDC5287A73CECBC575531484AFE80ADB381CDB2DC0683D0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D0650 Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 92de3acb808ecc0b42818359488e9ca5b8174b7e78ced804f787031d9ac5e1c9
                        • Instruction ID: 588ef66932be6de33382a2321c5ea85a2d509239d28bfd5d5a0a7f00da3155f8
                        • Opcode Fuzzy Hash: 92de3acb808ecc0b42818359488e9ca5b8174b7e78ced804f787031d9ac5e1c9
                        • Instruction Fuzzy Hash: 22D0A7764CE3D88FC31617701C194A97B759F93305B2444B7D44096463C9657447C763
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D016F Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dcc47623d524e69918889f8491bedd1cbf1883f4dd341280dadb9183e99fb4f7
                        • Instruction ID: 25aca44b431a2960219abc3e65b1f745b284243c19846c2172f12f844027dff1
                        • Opcode Fuzzy Hash: dcc47623d524e69918889f8491bedd1cbf1883f4dd341280dadb9183e99fb4f7
                        • Instruction Fuzzy Hash: CBD02B322413049FC7042774D81905C3360DB562253150979D422877D1EF36D441C540
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B223F4 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523187967.0000000000B22000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B22000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b22000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f14ea37534c397cb4529eb382e809731067b42759d8cf70d9e27b0d558c90ffd
                        • Instruction ID: 65e99d15f9fae8d8b5dfc795162989795a20d75302e5f9bff8bfedf9287dee0f
                        • Opcode Fuzzy Hash: f14ea37534c397cb4529eb382e809731067b42759d8cf70d9e27b0d558c90ffd
                        • Instruction Fuzzy Hash: 92D05E79204AE15FD3269B1CD1A5B9537D4AF51B04F4684FAAC40CBB63C768E981D610
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D6AE8 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                        • Instruction ID: e0bf0c1b8e2218153b589a09e462a8e12fc07fec6a59b7910ea238717c2f8e05
                        • Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                        • Instruction Fuzzy Hash: CDD0423AA000088FC704CB88E6859D9F7F1EB88325F28C1A6D915A7251C732ED56CA50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D02A1 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 52a40a9982854113f73106f285fa571a024aaa62a307828737305068c56ed4c3
                        • Instruction ID: 0d1d28741720fbf9da81302092ceadbdf703b99439e70d11431683b143da67cf
                        • Opcode Fuzzy Hash: 52a40a9982854113f73106f285fa571a024aaa62a307828737305068c56ed4c3
                        • Instruction Fuzzy Hash: 1BD0A7BAA0AA04DFC368CB10F4A07E577E1EB81304F11C85DD09707A94CF20AC06CB00
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DDF68 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a53049b80aff2ab66b169de3824c6671a974947359d1cd2a23666ec7065fbb75
                        • Instruction ID: adc2a4f7b45ed09cbf8605c57e8cbe4c4d272a0e2654dd84b424e4aa17ff3712
                        • Opcode Fuzzy Hash: a53049b80aff2ab66b169de3824c6671a974947359d1cd2a23666ec7065fbb75
                        • Instruction Fuzzy Hash: 47D0C972D19218FB822C6A56D4004A273AAEB45622300456AE00B477149B72BC42C7D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D8DE0 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5eb8f12edc73ffe01a286f2883e08ab68b92e98afe7c513399085e19e6330706
                        • Instruction ID: db5e253cc248864514d2fa647baaf3bc3aee4c5da42ea3c0fd5c6ad31bc3427d
                        • Opcode Fuzzy Hash: 5eb8f12edc73ffe01a286f2883e08ab68b92e98afe7c513399085e19e6330706
                        • Instruction Fuzzy Hash: 31D01264A4C58CD3E6191651285D7B9BF20DB20B0AF110447D54F2A0C7E9564513CAC9
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B223BC Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523187967.0000000000B22000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B22000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_b22000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 21df6300f31c72760ba40518371871ec98f5d427180b67f2d794cb8e3ad4a097
                        • Instruction ID: eac10d86f0b2186a4a9ba8c564160a8c4615bc6383ead6e1ce7deff86c2b7d4a
                        • Opcode Fuzzy Hash: 21df6300f31c72760ba40518371871ec98f5d427180b67f2d794cb8e3ad4a097
                        • Instruction Fuzzy Hash: F1D05E343401814FC719DB1CD194F5973D4EF81B04F1644E9AC00CB762C3B8EC81C604
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D5700 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 553d75f5d1ee3508e8475d2b88016f1e9289b3f4f59858c419aa3c7e59647cdd
                        • Instruction ID: 1fe0d2f0785c1bef3d36d2c8f954adde71d45558ece51998f396dd1132584fe1
                        • Opcode Fuzzy Hash: 553d75f5d1ee3508e8475d2b88016f1e9289b3f4f59858c419aa3c7e59647cdd
                        • Instruction Fuzzy Hash: 72C0C077A0C3888BC730023C7C707ADBFC84B71044F10005FD803C29B2DD810400C602
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D766E Relevance: .0, Instructions: 13COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dc57a2c00d1305b4f4f3b7763ea609a4a07c17fc9708057244ed9fd4af460cda
                        • Instruction ID: 7c0b6a85e4fd5e357e393814e03e62ca843d88661f7fbf8e49d2646b08737737
                        • Opcode Fuzzy Hash: dc57a2c00d1305b4f4f3b7763ea609a4a07c17fc9708057244ed9fd4af460cda
                        • Instruction Fuzzy Hash: 6FD05234E0020CCFCB26EF75E9100ADB7F0EB0A321320032AE8029B381EB300D02CB21
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D8DB0 Relevance: .0, Instructions: 13COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d0354d8e6bbd14c29a5a1594901dc66f2490dc81702b72711d997f03c7b85efe
                        • Instruction ID: 18b92a1ba488329588669d6713652aada2bc1894f7bf6304f3ade2d97ba2be92
                        • Opcode Fuzzy Hash: d0354d8e6bbd14c29a5a1594901dc66f2490dc81702b72711d997f03c7b85efe
                        • Instruction Fuzzy Hash: A2D0C9B0504254DBD648EB74A88A56977E1FF88305720085AE08AC76C9DB716C06D742
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D0180 Relevance: .0, Instructions: 12COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 78fd023287040a6959e1d833fdbc5a66634b7ff5045987b3ba4ef8f6913ffacf
                        • Instruction ID: 0bfc3ee62f027782142adc68bf1b94713e045bb58a00d7afb8ec1efa4ea4b3bf
                        • Opcode Fuzzy Hash: 78fd023287040a6959e1d833fdbc5a66634b7ff5045987b3ba4ef8f6913ffacf
                        • Instruction Fuzzy Hash: A1D01231241308DFCB083BB4E41D42C7365EB45205321487DD80687750DF37D851CA40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D5710 Relevance: .0, Instructions: 11COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 10498cc8dc61abcd0dece82909c7d56150017f2fb13161e8df3fc08bad53fa30
                        • Instruction ID: 02b9277cc34de5d8e7e1d46e41682d2cf982d1cd9740fe4e3334ef75729e062f
                        • Opcode Fuzzy Hash: 10498cc8dc61abcd0dece82909c7d56150017f2fb13161e8df3fc08bad53fa30
                        • Instruction Fuzzy Hash: 61C02B30A8430CCF4F3027F12C1C62E374C5F002843A00014F90BC7610EF248000C162
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DC902 Relevance: .0, Instructions: 11COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 87598c6f954348100b6054d894ec07eb112da9d2305482e7c3785a43c8e4575f
                        • Instruction ID: 5e238e7d7ed42b6664b1617df211218d54549d653a0ea35dc733c88137d70987
                        • Opcode Fuzzy Hash: 87598c6f954348100b6054d894ec07eb112da9d2305482e7c3785a43c8e4575f
                        • Instruction Fuzzy Hash: 53C08CF381C60C97C324B315EC477883B58E700340FA40026F00281289EF206A03C699
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D0660 Relevance: .0, Instructions: 10COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ea939c69cb422fc87d329cfdf19b855d7644b03a49f8fda31410f51caf43b66f
                        • Instruction ID: 322065bc21ed16633e808732c95c74699c91ae28f2a08df0da6c180b66fdecb6
                        • Opcode Fuzzy Hash: ea939c69cb422fc87d329cfdf19b855d7644b03a49f8fda31410f51caf43b66f
                        • Instruction Fuzzy Hash: CDC02B758C96ECCE821C17B01C088397308D7C1306B70C432D501100218E326453C891
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DEA20 Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 755036704a6db5ca720b0a2681c8751cf82c70b9ffc072134f34f34bc3f46d5a
                        • Instruction ID: cc5e2b1a624d14153b71af714358d1c4d38bed2197985ffbdc3a3053afcfa018
                        • Opcode Fuzzy Hash: 755036704a6db5ca720b0a2681c8751cf82c70b9ffc072134f34f34bc3f46d5a
                        • Instruction Fuzzy Hash: 26B0123198070C478E8033F0780951DB38D0A401057840015690D43700FE6DF8040C97
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D6B0C Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                        • Instruction ID: f2554d803877309dac18b97275320bfb22d3b5aa4130954d4dc3a868c9849702
                        • Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                        • Instruction Fuzzy Hash: 8EB092B7E04008C9DB00CA85F4423EDFB24E790326F104023C31052000C2320179C691
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D8F80 Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b96e8c7f3720f89f1ed63906af0ace1a02ef2d67c6376933b185cc8c3a2995fd
                        • Instruction ID: dd7c4ca463821af7cb95eedbacb2f52d75ef545966e4521b612a3016cc7c5a8b
                        • Opcode Fuzzy Hash: b96e8c7f3720f89f1ed63906af0ace1a02ef2d67c6376933b185cc8c3a2995fd
                        • Instruction Fuzzy Hash: B8B0123021420C0E17406AB32949B17738C87004453400030990CC1104F608E8401181
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026DC910 Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b19e56c512ccbacadf731b21dfa027878844692aab53843635b75e4fcc34bef1
                        • Instruction ID: b3eb7d3843f072e33e5ed8dc70ab24d35424dbe39d1229810b8828dc95f40288
                        • Opcode Fuzzy Hash: b19e56c512ccbacadf731b21dfa027878844692aab53843635b75e4fcc34bef1
                        • Instruction Fuzzy Hash: 9EB092B042C35CDBC268B726EC4A9997A6CFA01240390501BF5024619D9F602A07C7AA
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D5F41 Relevance: .0, Instructions: 5COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 99a3502f303937871beffb6440a4b2c48e76d2d35cfb540189c6dc7e58244410
                        • Instruction ID: cdf490e70e2e7453546474a9beb5bdd0496b81377db75ca8c707c8c94d41d057
                        • Opcode Fuzzy Hash: 99a3502f303937871beffb6440a4b2c48e76d2d35cfb540189c6dc7e58244410
                        • Instruction Fuzzy Hash: BFB012DA90FDC81BD711861408387287E615B62101FD800FD4041032C39C0C54017616
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Non-executed Functions

                        Function 026D9910 Relevance: .3, Instructions: 312COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 56d981982ea20331fde1b5c49ddc5176f1340aea41c3ab42ebecf945e6355a35
                        • Instruction ID: 3f7098de08e26354af7cd445584f0f4699d849e0fd55c765c5f60a7b4009ae15
                        • Opcode Fuzzy Hash: 56d981982ea20331fde1b5c49ddc5176f1340aea41c3ab42ebecf945e6355a35
                        • Instruction Fuzzy Hash: 0DB1F671E0621EDFCB18CB65C484ABEBBF1EF81304F19856AD41A9B741D7319906CBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D306F Relevance: .2, Instructions: 179COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fb1dc76afc991378d35699b72cfa8e4038ed212031fdbe602017f72939313d19
                        • Instruction ID: f1ca88e05745317e9da9b38f77f8601dcb438e2e1ac262e9a4f98c6717d68817
                        • Opcode Fuzzy Hash: fb1dc76afc991378d35699b72cfa8e4038ed212031fdbe602017f72939313d19
                        • Instruction Fuzzy Hash: 52516C76F015198BD714DB69C891B5EB7F3AFC8214F2A80B4E419EB365DF349D018B90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 026D912F Relevance: .2, Instructions: 179COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.523899249.00000000026D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_26d0000_cracksetup.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a820142dde26f2cc79709f5a3c78ab248aa9b2a5f1ac10e561d9cf4c2b8559b6
                        • Instruction ID: b7310c2f21aa5e91e5172b573d893abb2233b57beefbaf0cc6fb582210a3b63b
                        • Opcode Fuzzy Hash: a820142dde26f2cc79709f5a3c78ab248aa9b2a5f1ac10e561d9cf4c2b8559b6
                        • Instruction Fuzzy Hash: B1514C76F025198BD714DB69C891BAEB7E3AFC8314F2A8064D419EB369DF34DD018B90
                        Uniqueness

                        Uniqueness Score: -1.00%