Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
hDKY4f6gEA.exe

Overview

General Information

Sample name:hDKY4f6gEA.exe
renamed because original name is a hash value
Original sample name:3e40d7f0c47407447c1fa9be4ec0f714.exe
Analysis ID:1523783
MD5:3e40d7f0c47407447c1fa9be4ec0f714
SHA1:f8633060aa590db85a70e9d1ae220b220ed03a98
SHA256:497ac5eb72b62c3db2d5383bc2823bf38596e00d877ec7e9d572a94830f07a0e
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Creates processes via WMI
Disable UAC(promptonsecuredesktop)
Disables UAC (registry)
Drops PE files to the user root directory
Drops PE files with benign system names
Drops executable to a common third party application directory
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • hDKY4f6gEA.exe (PID: 6936 cmdline: "C:\Users\user\Desktop\hDKY4f6gEA.exe" MD5: 3E40D7F0C47407447C1FA9BE4EC0F714)
  • dllhost.exe (PID: 7372 cmdline: "C:\Program Files (x86)\windowspowershell\dllhost.exe" MD5: 3E40D7F0C47407447C1FA9BE4EC0F714)
  • dllhost.exe (PID: 7412 cmdline: "C:\Program Files (x86)\windowspowershell\dllhost.exe" MD5: 3E40D7F0C47407447C1FA9BE4EC0F714)
  • IfYiMMRuvSUMKHkp.exe (PID: 7440 cmdline: "C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exe" MD5: 3E40D7F0C47407447C1FA9BE4EC0F714)
  • IfYiMMRuvSUMKHkp.exe (PID: 7476 cmdline: C:\Recovery\IfYiMMRuvSUMKHkp.exe MD5: 3E40D7F0C47407447C1FA9BE4EC0F714)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"3\":\"-\",\"x\":\"`\",\"B\":\".\",\"L\":\",\",\"6\":\"$\",\"n\":\"*\",\"9\":\"%\",\"M\":\"~\",\"o\":\"&\",\"I\":\";\",\"y\":\"^\",\"Z\":\"_\",\"g\":\")\",\"A\":\"#\",\"C\":\" \",\"X\":\"(\",\"i\":\"!\",\"H\":\"|\",\"0\":\"@\",\"m\":\"<\",\"J\":\">\"}", "PCRT": "{\"F\":\".\",\"J\":\"|\",\"o\":\"%\",\"C\":\"@\",\"1\":\"`\",\"U\":\"$\",\"l\":\"!\",\"3\":\"<\",\"a\":\"-\",\"V\":\",\",\"m\":\"~\",\"e\":\"*\",\"Y\":\"#\",\"S\":\">\",\"d\":\";\",\"0\":\")\",\"k\":\"^\",\"Q\":\" \",\"E\":\"(\",\"Z\":\"&\",\"W\":\"_\"}", "TAG": "", "MUTEX": "DCR_MUTEX-jEyOhPUj2jRHWsBrfp7T", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"savebrowsersdatatosinglefile": false, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%UsersFolder% - Fast"}, "AS": true, "ASO": false, "AD": false}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000015.00000002.1785792731.0000000002E81000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
    00000014.00000002.1780433125.0000000002BAF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
      00000000.00000002.1931637010.00000000032B1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        00000014.00000002.1780433125.0000000002B71000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          00000014.00000002.1780644862.0000000012B81000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            Click to see the 7 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Files With System Process Name In Unsuspected Locations
            Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\hDKY4f6gEA.exe, ProcessId: 6936, TargetFilename: C:\Program Files (x86)\windowspowershell\dllhost.exe
            Sigma detected: System File Execution Location Anomaly
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Program Files (x86)\windowspowershell\dllhost.exe", CommandLine: "C:\Program Files (x86)\windowspowershell\dllhost.exe", CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\WindowsPowerShell\dllhost.exe, NewProcessName: C:\Program Files (x86)\WindowsPowerShell\dllhost.exe, OriginalFileName: C:\Program Files (x86)\WindowsPowerShell\dllhost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: "C:\Program Files (x86)\windowspowershell\dllhost.exe", ProcessId: 7372, ProcessName: dllhost.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-02T02:37:30.216984+020020341941A Network Trojan was detected192.168.2.449741141.8.192.10380TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: hDKY4f6gEA.exeAvira: detected
            Antivirus detection for dropped file
            Source: C:\Program Files (x86)\Internet Explorer\RCXB6AF.tmpAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files\Windows Defender\RCXA207.tmpAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\ProgramData\Microsoft\MapData\RCXB47C.tmpAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files\Windows Multimedia Platform\RCXAA37.tmpAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Microsoft Office\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Java\jre-1.8\RCXA65D.tmpAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\ProgramData\Microsoft\MapData\SystemSettings.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files\Microsoft\OneDrive\RCXC626.tmpAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Microsoft Office\RCXB219.tmpAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Internet Explorer\services.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files\Uninstall Information\RCXB8D3.tmpAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\WindowsPowerShell\RCX9FD4.tmpAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files\Uninstall Information\wininit.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Found malware configuration
            Source: 00000014.00000002.1780644862.0000000012B81000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"SCRT": "{\"3\":\"-\",\"x\":\"`\",\"B\":\".\",\"L\":\",\",\"6\":\"$\",\"n\":\"*\",\"9\":\"%\",\"M\":\"~\",\"o\":\"&\",\"I\":\";\",\"y\":\"^\",\"Z\":\"_\",\"g\":\")\",\"A\":\"#\",\"C\":\" \",\"X\":\"(\",\"i\":\"!\",\"H\":\"|\",\"0\":\"@\",\"m\":\"<\",\"J\":\">\"}", "PCRT": "{\"F\":\".\",\"J\":\"|\",\"o\":\"%\",\"C\":\"@\",\"1\":\"`\",\"U\":\"$\",\"l\":\"!\",\"3\":\"<\",\"a\":\"-\",\"V\":\",\",\"m\":\"~\",\"e\":\"*\",\"Y\":\"#\",\"S\":\">\",\"d\":\";\",\"0\":\")\",\"k\":\"^\",\"Q\":\" \",\"E\":\"(\",\"Z\":\"&\",\"W\":\"_\"}", "TAG": "", "MUTEX": "DCR_MUTEX-jEyOhPUj2jRHWsBrfp7T", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"savebrowsersdatatosinglefile": false, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%UsersFolder% - Fast"}, "AS": true, "ASO": false, "AD": false}
            Multi AV Scanner detection for dropped file
            Source: C:\Program Files (x86)\Internet Explorer\services.exeReversingLabs: Detection: 84%
            Source: C:\Program Files (x86)\Internet Explorer\services.exeVirustotal: Detection: 67%Perma Link
            Source: C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exeReversingLabs: Detection: 84%
            Source: C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exeVirustotal: Detection: 67%Perma Link
            Source: C:\Program Files (x86)\Microsoft Office\RuntimeBroker.exeReversingLabs: Detection: 84%
            Source: C:\Program Files (x86)\Microsoft Office\RuntimeBroker.exeVirustotal: Detection: 67%Perma Link
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeReversingLabs: Detection: 84%
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeVirustotal: Detection: 67%Perma Link
            Source: C:\Program Files\Microsoft\OneDrive\IfYiMMRuvSUMKHkp.exeReversingLabs: Detection: 84%
            Source: C:\Program Files\Microsoft\OneDrive\IfYiMMRuvSUMKHkp.exeVirustotal: Detection: 67%Perma Link
            Source: C:\Program Files\Uninstall Information\wininit.exeReversingLabs: Detection: 84%
            Source: C:\Program Files\Uninstall Information\wininit.exeVirustotal: Detection: 67%Perma Link
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeReversingLabs: Detection: 84%
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeVirustotal: Detection: 67%Perma Link
            Source: C:\Program Files\Windows Multimedia Platform\IfYiMMRuvSUMKHkp.exeReversingLabs: Detection: 84%
            Source: C:\Program Files\Windows Multimedia Platform\IfYiMMRuvSUMKHkp.exeVirustotal: Detection: 67%Perma Link
            Source: C:\ProgramData\Microsoft\MapData\SystemSettings.exeReversingLabs: Detection: 84%
            Source: C:\ProgramData\Microsoft\MapData\SystemSettings.exeVirustotal: Detection: 67%Perma Link
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeReversingLabs: Detection: 84%
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeVirustotal: Detection: 67%Perma Link
            Multi AV Scanner detection for submitted file
            Source: hDKY4f6gEA.exeReversingLabs: Detection: 84%
            Source: hDKY4f6gEA.exeVirustotal: Detection: 67%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for dropped file
            Source: C:\Program Files (x86)\Internet Explorer\RCXB6AF.tmpJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeJoe Sandbox ML: detected
            Source: C:\Program Files\Windows Defender\RCXA207.tmpJoe Sandbox ML: detected
            Source: C:\ProgramData\Microsoft\MapData\RCXB47C.tmpJoe Sandbox ML: detected
            Source: C:\Program Files\Windows Multimedia Platform\RCXAA37.tmpJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Microsoft Office\RuntimeBroker.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Java\jre-1.8\RCXA65D.tmpJoe Sandbox ML: detected
            Source: C:\ProgramData\Microsoft\MapData\SystemSettings.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exeJoe Sandbox ML: detected
            Source: C:\Program Files\Microsoft\OneDrive\RCXC626.tmpJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Microsoft Office\RCXB219.tmpJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Internet Explorer\services.exeJoe Sandbox ML: detected
            Source: C:\Program Files\Uninstall Information\RCXB8D3.tmpJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\WindowsPowerShell\RCX9FD4.tmpJoe Sandbox ML: detected
            Source: C:\Program Files\Uninstall Information\wininit.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: hDKY4f6gEA.exeJoe Sandbox ML: detected
            Source: hDKY4f6gEA.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Windows Defender\047efad0ccc033Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Windows Multimedia Platform\IfYiMMRuvSUMKHkp.exeJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Windows Multimedia Platform\047efad0ccc033Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Uninstall Information\wininit.exeJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Uninstall Information\56085415360792Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Microsoft\OneDrive\IfYiMMRuvSUMKHkp.exeJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Microsoft\OneDrive\047efad0ccc033Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Windows Defender\RCXA207.tmpJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Windows Multimedia Platform\RCXAA37.tmpJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Uninstall Information\RCXB8D3.tmpJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Microsoft\OneDrive\RCXC626.tmpJump to behavior
            Source: hDKY4f6gEA.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile opened: C:\Users\user\AppDataJump to behavior

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.4:49741 -> 141.8.192.103:80
            Source: hDKY4f6gEA.exe, 00000000.00000002.1931637010.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: hDKY4f6gEA.exe, 00000000.00000002.2004400234.000000001C7B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
            Source: hDKY4f6gEA.exe, 00000000.00000002.2004400234.000000001C7B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirm2
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Windows\Registration\CRMLog\IfYiMMRuvSUMKHkp.exeJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Windows\Registration\CRMLog\IfYiMMRuvSUMKHkp.exe\:Zone.Identifier:$DATAJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Windows\Registration\CRMLog\047efad0ccc033Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Windows\LiveKernelReports\System.exeJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Windows\LiveKernelReports\System.exe\:Zone.Identifier:$DATAJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Windows\LiveKernelReports\27d1bcfc3c54e0Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Windows\Registration\CRMLog\RCX9C96.tmpJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Windows\LiveKernelReports\RCXAD07.tmpJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeCode function: 0_2_00007FFD9B8B8BF20_2_00007FFD9B8B8BF2
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeCode function: 0_2_00007FFD9B8A34C50_2_00007FFD9B8A34C5
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeCode function: 17_2_00007FFD9B8834C517_2_00007FFD9B8834C5
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeCode function: 20_2_00007FFD9B8834C520_2_00007FFD9B8834C5
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeCode function: 21_2_00007FFD9B8B34C521_2_00007FFD9B8B34C5
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeCode function: 24_2_00007FFD9B8A34C524_2_00007FFD9B8A34C5
            Source: hDKY4f6gEA.exe, 00000000.00000002.1923149196.0000000003180000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDisableUAC.dclib4 vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.2001593529.000000001BC90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameFileSearcher.dclib4 vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.2003824745.000000001C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameczHEjglJqNje4j.exeD vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.2003824745.000000001C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.2001695665.000000001BCC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamePerformanceCounter.dclib4 vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.1931637010.00000000032B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.2001830299.000000001BCF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename( vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.2001620032.000000001BCA0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename( vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000000.1646003846.0000000000F92000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameczHEjglJqNje4j.exeD vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.1917323582.0000000003160000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameBuildInstallationTweaksPlugin.dll\ vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.1931637010.00000000039F5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.1931637010.00000000039F5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.1931637010.00000000039F5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename8Em.exeD vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.2004146373.000000001C6C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameczHEjglJqNje4j.exeD vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.1907175697.0000000003150000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename( vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.2003030686.000000001C310000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameUSBSpread.dll4 vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.2001662201.000000001BCB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMessageOnStart.dclib4 vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.2001735131.000000001BCD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename4 vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.2003068454.000000001C320000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameUserPingCounter.dclib4 vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.2002384341.000000001C160000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename05JTO83N2fiTkzY7mAmsYr6I.exeD vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.2002384341.000000001C160000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKpWuOxD.exeD vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.2002384341.000000001C160000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUzTvyhlVVu40TT576Y.exeD vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.2003217197.000000001C530000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename( vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.2001776395.000000001BCE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename4 vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exe, 00000000.00000002.1920485409.0000000003170000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCrashLogger.dclib4 vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exeBinary or memory string: OriginalFilenameczHEjglJqNje4j.exeD vs hDKY4f6gEA.exe
            Source: hDKY4f6gEA.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: hDKY4f6gEA.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: IfYiMMRuvSUMKHkp.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: smss.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: IfYiMMRuvSUMKHkp.exe0.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: IfYiMMRuvSUMKHkp.exe1.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: hDKY4f6gEA.exe, Ihuc0rACJiWN9h9ly0f.csCryptographic APIs: 'TransformBlock'
            Source: hDKY4f6gEA.exe, Ihuc0rACJiWN9h9ly0f.csCryptographic APIs: 'TransformFinalBlock'
            Source: hDKY4f6gEA.exe, HJAsWTEQN9udHE418u8.csCryptographic APIs: 'CreateDecryptor'
            Source: hDKY4f6gEA.exe, HJAsWTEQN9udHE418u8.csCryptographic APIs: 'CreateDecryptor'
            Source: classification engineClassification label: mal100.troj.evad.winEXE@26/84@0/0
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files (x86)\windowspowershell\dllhost.exeJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\Public\Videos\IfYiMMRuvSUMKHkp.exeJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeMutant created: NULL
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeMutant created: \Sessions\1\BaseNamedObjects\Local\93ec258400f012aeafba1dd2a819020626051bef
            Source: hDKY4f6gEA.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: hDKY4f6gEA.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: hDKY4f6gEA.exeReversingLabs: Detection: 84%
            Source: hDKY4f6gEA.exeVirustotal: Detection: 67%
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile read: C:\Users\user\Desktop\hDKY4f6gEA.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\hDKY4f6gEA.exe "C:\Users\user\Desktop\hDKY4f6gEA.exe"
            Source: unknownProcess created: C:\Program Files (x86)\WindowsPowerShell\dllhost.exe "C:\Program Files (x86)\windowspowershell\dllhost.exe"
            Source: unknownProcess created: C:\Program Files (x86)\WindowsPowerShell\dllhost.exe "C:\Program Files (x86)\windowspowershell\dllhost.exe"
            Source: unknownProcess created: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exe "C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exe"
            Source: unknownProcess created: C:\Recovery\IfYiMMRuvSUMKHkp.exe C:\Recovery\IfYiMMRuvSUMKHkp.exe
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: twext.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: cscui.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: policymanager.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: msvcp110_win.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: workfoldersshell.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: ntshrui.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: cscapi.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: twinapi.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: wtsapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: starttiledata.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: usermgrcli.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: usermgrproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: acppage.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: msi.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: aepic.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeSection loaded: version.dllJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Windows Defender\047efad0ccc033Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Windows Multimedia Platform\IfYiMMRuvSUMKHkp.exeJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Windows Multimedia Platform\047efad0ccc033Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Uninstall Information\wininit.exeJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Uninstall Information\56085415360792Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Microsoft\OneDrive\IfYiMMRuvSUMKHkp.exeJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Microsoft\OneDrive\047efad0ccc033Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Windows Defender\RCXA207.tmpJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Windows Multimedia Platform\RCXAA37.tmpJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Uninstall Information\RCXB8D3.tmpJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDirectory created: C:\Program Files\Microsoft\OneDrive\RCXC626.tmpJump to behavior
            Source: hDKY4f6gEA.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: hDKY4f6gEA.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: hDKY4f6gEA.exeStatic file information: File size 1501696 > 1048576
            Source: hDKY4f6gEA.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x16b000
            Source: hDKY4f6gEA.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: hDKY4f6gEA.exe, HJAsWTEQN9udHE418u8.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            .NET source code contains potential unpacker
            Source: hDKY4f6gEA.exe, HakdnASGIETu6IvB7aa.cs.Net Code: x6uscy7Z82 System.AppDomain.Load(byte[])
            Source: hDKY4f6gEA.exe, HakdnASGIETu6IvB7aa.cs.Net Code: x6uscy7Z82 System.Reflection.Assembly.Load(byte[])
            Source: hDKY4f6gEA.exe, HakdnASGIETu6IvB7aa.cs.Net Code: x6uscy7Z82
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeCode function: 0_2_00007FFD9B8C3361 push ds; retf 0_2_00007FFD9B8C3362
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeCode function: 0_2_00007FFD9B8C1FD3 push ds; retf 0_2_00007FFD9B8C1FD4
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeCode function: 0_2_00007FFD9B8C331A push ds; retf 0_2_00007FFD9B8C331B
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeCode function: 0_2_00007FFD9B8C2706 push ds; retf 0_2_00007FFD9B8C2707
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeCode function: 0_2_00007FFD9B8C3753 push ds; retf 0_2_00007FFD9B8C3754
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeCode function: 0_2_00007FFD9B8C96D7 push ds; retf 0_2_00007FFD9B8C96D8
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeCode function: 0_2_00007FFD9B8BAE5A push ds; retf 0_2_00007FFD9B8BAE5B
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeCode function: 0_2_00007FFD9B8BD9A1 push ds; retf 0_2_00007FFD9B8BD9A2
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeCode function: 0_2_00007FFD9B8C80F3 push ebx; ret 0_2_00007FFD9B8C816A
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeCode function: 0_2_00007FFD9B8BF111 push ds; retf 0_2_00007FFD9B8BF112
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeCode function: 0_2_00007FFD9B8BED1F push ds; retf 0_2_00007FFD9B8BED20
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeCode function: 0_2_00007FFD9B8BECD8 push ds; retf 0_2_00007FFD9B8BECD9
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeCode function: 0_2_00007FFD9B8BE0C6 push ds; retf 0_2_00007FFD9B8BE0C7
            Source: hDKY4f6gEA.exeStatic PE information: section name: .text entropy: 7.231943205872588
            Source: IfYiMMRuvSUMKHkp.exe.0.drStatic PE information: section name: .text entropy: 7.231943205872588
            Source: smss.exe.0.drStatic PE information: section name: .text entropy: 7.231943205872588
            Source: IfYiMMRuvSUMKHkp.exe0.0.drStatic PE information: section name: .text entropy: 7.231943205872588
            Source: IfYiMMRuvSUMKHkp.exe1.0.drStatic PE information: section name: .text entropy: 7.231943205872588
            Source: hDKY4f6gEA.exe, Nthi6vEaHQBi9jIOyl.csHigh entropy of concatenated method names: 'oFOXh9g2W', 'KrcQGTYlnKHOS2WtnY', 'kB3XwMLZoSKpwaCug8', 'MWIr2syujjed9BM27x', 'YkeggTKCmj3sOnje5M', 'EhuT9ETWgDWhmtFRq5', 'HAp0CR3xj', 'XZJscanKB', 'TZOfDF38m', 'H4T5kbsxf'
            Source: hDKY4f6gEA.exe, tOjDPaFn3IyDfA3bmv5.csHigh entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'NugfJObnS48yhgYFif4', 'FuAiR3bL4S4eqWLQdA6', 'd1bDDubygd5nxcaJhrp', 'el2neObYnMasEqvfTji', 'T2TpJrbKL40dABVPNpZ', 'g1ku0xbTyigLPPh5rRw'
            Source: hDKY4f6gEA.exe, DR8bYKSSTifcdajFkSk.csHigh entropy of concatenated method names: 'HEU0KeABk6', 'cJj0WXV1ip', 'whu0NlZwUh', 'BWq08qtjZt', 'vEp0Y6NtSa', 'TVb06fyAmc', 'GZDTIBowHggP2QIRuXv', 'RotJdaoJ4hwLHGkuWxM', 'Hsdu0EoeZ0uTU7b7vgw', 'RwGDkBo8liquBV4lmXq'
            Source: hDKY4f6gEA.exe, GRuWBZAY37APXsTQXlT.csHigh entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
            Source: hDKY4f6gEA.exe, N98h1C8gV3yfCFjnmbb.csHigh entropy of concatenated method names: 'VPEQuNoURd', 'M9DQCuPJkJwATlN9JcQ', 'lQTlmFP4sv6gvfoxiCq', 'IL3bHJP8u4CV2g1g6JR', 'dxgCPhPw64nKQdHeO4H', 'G9CPkswdkl', 'a23PFC6fQX', 'jehPyP1VlE', 'hJAPMW0wPD', 'NiqPwR1YTk'
            Source: hDKY4f6gEA.exe, CG5mpbgKduPryAPQqp7.csHigh entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'B03jttaGiN', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
            Source: hDKY4f6gEA.exe, u7WmFH86HmtKYe8liWH.csHigh entropy of concatenated method names: 'onQDfiXT0d', 'QY3D5MoAZ3', 'hhgDHUkoD4', 'vFw2HLX8kH8S61Fmw26', 'wAnSdkXwUGMvxyUxnuO', 'BJN02bXFAyS5me4x6vt', 'Efn7n6XedS6Ubtg8VUS', 'hmUPxqXJMnJRJhSwi5s', 'jLqVYjX4jKNZBObwQg7', 'oYpitlXNbI4Cw2DcyDy'
            Source: hDKY4f6gEA.exe, EMbOvT83n2RLffdvCrh.csHigh entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
            Source: hDKY4f6gEA.exe, w4b9NYgcxnwKsdmdhsT.csHigh entropy of concatenated method names: 'lPiZYdQIHR', 'uDaZ63tLJ5', 'JJ9Z1ylU7h', 'uSoZqXMBLt', 'tebZ2mU683', 'KmNZeeCRcn', 'WDembkUkEgAhaqOsYnJ', 'rfCUkNUZOJU0DxH02uY', 'RfwcDwUAdp3NUXmnBvF', 'm1O3ptUW150OXx96PsH'
            Source: hDKY4f6gEA.exe, YcBwlDFbSpZXhVOLl9B.csHigh entropy of concatenated method names: 'd9v0Uv0nVV', 'Pv60tOJOKG', 'iGP0ZxkLCI', 'CmYqbSx5OxP9KHf5Lyc', 'FQcyCyxuBWEww1dGyQl', 'hvyvLJx6lvqYJThfPME', 'RUnjhExx0vIP3UyUjT1', 'Dy6gK7xoxaTNRZbJ7Id', 'zlUZ40xBoMjL4k48tgw', 'mx9UcdxHkNDcEkgv0mq'
            Source: hDKY4f6gEA.exe, erFdQGZD4TsRW9gFFa.csHigh entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'yMbxOJLx5', 'Wh9DvRO4P73XJi2xVSL', 'iJqNr2ONOVKMxYPhfYk', 'sYqNjmOIJ516ZwxvuKL', 'pCum7YOG384BcavO4H0', 'mU6qXEOmUfrXrYwpeur'
            Source: hDKY4f6gEA.exe, QwqQDnAV15R35WSInl5.csHigh entropy of concatenated method names: 'IGD', 'CV5', 'zPgAZTH1qd', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
            Source: hDKY4f6gEA.exe, ttsbb7gqltSbVV5YgNr.csHigh entropy of concatenated method names: 'slrjJf44Ek', 'kZclcWUdokQmqGKSG0u', 'FpPDnrUhFUfup7atkcy', 'gihxVKURnvYBKNqKtii', 'MGPshsUadcBG1vOYaEH', 'MCqZYaU2yt4qlTVx85Q', 'NVSfEgUzS0qkieqZeKe'
            Source: hDKY4f6gEA.exe, Fbwxg58vGLxBWGid20q.csHigh entropy of concatenated method names: 'gPDpj4oxA2', 'G9UpVQ3RgZ', 'aoppXe7wNj', 'LxspcYsBqo', 'eqbppA8bRG', 'DYVp9vl6y0', 'SPapuwWMI6', 'lWQpaUhCr5', 'nt5p71SpWq', 'pYJpi66FA6'
            Source: hDKY4f6gEA.exe, nu962anJoQHbLOfQD2a.csHigh entropy of concatenated method names: 'dSmmMYdXxU', 'Jptmwo4Rvo', 'lXOmSOJiyD', 'OPeLncIHqEQhl6GAPQJ', 'K9LA0DIoeutNnt9B7V0', 'BmGE0GIBrVjq71boW2u', 'tDX9qNIFuHAJhYpCZ6t', 'Ga3mpG8nhY', 'Rc2m9E5bDY', 'gIamuruO9O'
            Source: hDKY4f6gEA.exe, DNl5hhWvwtXMeFMccZ.csHigh entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'PEgGa0pFYdabmyBATW0', 'CXpQvvpeefyKLgtpZG5', 'mOYnJ5p8Xn1XJjteWOS', 'TOhVocpwDalpyoncaiI', 'Pdr8FNpJS8JjKLy1VFp', 'DrT3mVp4nDlt4SQcxsQ'
            Source: hDKY4f6gEA.exe, eNdffZSqrZ1vPP6DE14.csHigh entropy of concatenated method names: 'dA05GtDeYX', 'ruER9h8ac7WFVDUc0hQ', 've6npI82leBFgyIgioi', 'IVB5aX8RjShcgIW4l72', 'WXRCxL8dyk7uy7ZV45u', 'LCG1VQ8zv8qYwcE1EPX', 'Dsgsi4w1WirJdlT9OOn', 'vrGZZNw0VcZ1NjrH0HK', 'c41hgJwOlsAyRB6RsG4', 'jOT2BZwi6Ho8s8Cckx7'
            Source: hDKY4f6gEA.exe, sXEZHYF5a7FMqPJNSRh.csHigh entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'v3fWr75IRybGfpa5Yok', 'tvLHRU5GsOPY8GFKqQ6', 'PnKlOR5mfKXCu9JQ6wH', 'mYEEG15jGQFuVI1a4ct', 'HS66fT5CGMPVjqJME9L', 'qaegXV5PMy8Z6jXIsh0'
            Source: hDKY4f6gEA.exe, Q0hh4UgoC8JiA9ZTIx0.csHigh entropy of concatenated method names: 'jPajfHHb7J', 'IaHj5fXoOK', 'XmKjH6otDm', 'jJvjI5Dhc0', 'kAgjmNRyMq', 'mGOjnSOUiI', 'BgfjPoM6Ye', 'rc3jrAcupw', 'xEUjQZETdA', 'v8ljDdD2ll'
            Source: hDKY4f6gEA.exe, IAl9pFA0uL6JFCY0tNQ.csHigh entropy of concatenated method names: 'N7hAEWN6gH', 'vohA4Jfcqv', 'a3LAdYqkKx', 'OBwAUYy4H0', 'OxUAtUxISj', 'gRp7N8rdI2epy4HWHF5', 'a2pNgdrarc1SVcAogQH', 'rGqww6r2Y4cmSHAa5qH', 'OKkCSxrzMnbeaU4V3Vg', 'I1U8fID1h3bhQu5FfyR'
            Source: hDKY4f6gEA.exe, DYW6Y27IdxkU2ocPLu.csHigh entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'llWArvpMrHd24fXyXFm', 'Al7kl9p9Sq4NbYWFTGd', 'j56HFrpnTl59ZCZY3C3', 'BkwS63pLrUED9gvuW5P', 'klfkBRpyweMcYN943B6', 'fCCeYopYYrZdUjk6BR3'
            Source: hDKY4f6gEA.exe, ATPg1tFffqP74chlQGZ.csHigh entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'DMm1jZfAg3FuGL1PvRE', 'nK7yTofkDv7PSM0XXFe', 'x4KkkyfW2NYvleKQoZJ', 'ehcYb8flv1LLd12MNDQ', 'beLFtffsTN0LFndJn0Z', 'Gik42rf7gFnSyChPbCS'
            Source: hDKY4f6gEA.exe, D0IokQF2aboLXjqjt3T.csHigh entropy of concatenated method names: 'GrkOeuAqKW', 'RyywCQ6Ux48BE9Uo36J', 'WCuvPJ6qikCoAwCgCmx', 'FQphJE6ToJS8nEqQDcQ', 'cE8F7e6vjaQlnPtGYxI', 'm7NLrc6cLv24MRpNTE5', '_3Xh', 'YZ8', '_123', 'G9C'
            Source: hDKY4f6gEA.exe, ev7mNBFLeCtSaeCVbqX.csHigh entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'E3r1NIuv0YhT4o05gPZ', 'xJawPEuUHJ5kgWRaXhW', 'RGwBWXuqNuWnDvexgM2', 'M0Y1O5uc1A16sFhxMEW', 'GRaejouroNVnUxCYRLk', 'kX3CXXuDkJTcshQ1dkG'
            Source: hDKY4f6gEA.exe, CuvuK1nWjUJ0rL6S97k.csHigh entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'rBCPrHE0RU', 'XR0pCCoafL', 'nmQPQ1ptl6', 'YaFp1yMGc0', 'pXI8ikjqoygHAr7IV3K', 'BLcaatjcO4IKy5727j1', 'aX6Dv7jv9t8GKtEY1El'
            Source: hDKY4f6gEA.exe, B0CmovnvIB8GemAurYP.csHigh entropy of concatenated method names: 'G1Bnp9CUnauflNyyHiS', 'AXH6sFCqBvrSXOFwm7N', 'bDvsJpCTLe4V45IApkm', 'Kup8dXCvn7BSj7DuvIP', 'IWF', 'j72', 'YU3PurPqHs', 'wZUPa04qXw', 'j4z', 'xYSP7IdW4d'
            Source: hDKY4f6gEA.exe, rEKSLS8erJaOsroDZsf.csHigh entropy of concatenated method names: 'Y35DMWftne', 'q3MDwE2DCL', 'IP5DSN4VhQ', 'Gb5Dh5OngP', 'dv0DvxJ07r', 'uvRt2tXTYuBuXIZXOW1', 'V99g1QXvOCS21eu5p7E', 'dv6Vf8XYSiQ6sOBRCGD', 'CKKOJsXKWVZZ9OoRJDV', 'uj6AekXUgur5Un31uqf'
            Source: hDKY4f6gEA.exe, yR892onzBPSjlEcoBIL.csHigh entropy of concatenated method names: 'DMxPbSYakG', 'TnBPC8BvVs', 'j21PGdl2iQ', 'B19qKKCDYgb12q1bCk1', 'M62ePrCVBCC0iDjH0ED', 'C4KJPPCcfTl26ikXyqt', 'yGTapUCrKILtAusgQip', 'sZswTiCgeXl180vYbr4', 'Tdifb2CS6uQ0L5x6bYT', 'xL0oyRCZoch7jrqLWS6'
            Source: hDKY4f6gEA.exe, T8icfaSIEdEoTDEhM6F.csHigh entropy of concatenated method names: 'Nybf4m1j40', 'GJRfd2jZZ7', 'dm2fULmJW1', 'qskftPRwHV', 'PVCfZepJ2D', 'BT5U0xe119rjZSutdpu', 'djnPk9e04oLGLy3kAb0', 'nc5KKbF2OpgoJ8QBAel', 'XhSnXXFzbRmPLYBNQFE', 'nnODsQeOHkYW1JSNkkS'
            Source: hDKY4f6gEA.exe, uaNIfegkcJ5SRHShL9Z.csHigh entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
            Source: hDKY4f6gEA.exe, fmq2SIgYcbRYoslFQbI.csHigh entropy of concatenated method names: 'Nk0ZlW668g', 'wKGZxXaDSN', 'COmZ3ELBsX', 'zoWZTJnw8R', 'mmoZLYk2Na', 'nW5IkEUMwq3sW7dAak8', 'hrNHiGUXAB5ZwvrmPsw', 'lnbwTrUQZE8kw9d0mNP', 'eNYJUnU9NLs2CEIaMtM', 'q1Cu1xUnItDNG2AHvgK'
            Source: hDKY4f6gEA.exe, rQ5A7X5o8PPfDVwQMV.csHigh entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'gQZmn4pbrWkkqoNlG6D', 'OG9PTTp3dN4BIH34AHD', 's7qFFmpfj3PcZfb8n7D', 'XONhYypuTO9J922i98P', 'eNmld1p6ZUB4hA1S4ZK', 'v2AlFVp580fhjWay5yb'
            Source: hDKY4f6gEA.exe, Mc19jqShnKExfjDOVQp.csHigh entropy of concatenated method names: 'Khcsz607tt', 'XGdfJ4asqx', 'VIKfOLffJp', 'G84f0REBXm', 'ANXfsxjjBq', 'FihffSUB8q', 'BWtf5ebbLO', 'r3sfHGHxY1', 'n2QfI4mUHG', 'pBnfmwFRKl'
            Source: hDKY4f6gEA.exe, i70r0dSLQjY9j1LIR5k.csHigh entropy of concatenated method names: 'bB9feou2SU', 'khSfBD9Hin', 'bGmfzk8LUu', 'NxC5JfdRi8', 'wDX5O61Ru0', 'tKI50T7qbT', 'HWx5sHQ9Ys', 'GVk5fr4ljJ', 'dnt55gVaCQ', 'vvrydEehyniMdDlAkdO'
            Source: hDKY4f6gEA.exe, TSOWd7FE82ULVFCU5iP.csHigh entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'HxqFA1bhbLW3FPM4eKB', 'eaxnX3bRbxn5kIsT2O6', 'udiZoCbd15fZkFhYmkI', 'DeIQn6baal0gp2bRMCb', 'HYtRdVb251Cx91Ioyyw', 'Ix6S4CbzpTnDlMGAUHu'
            Source: hDKY4f6gEA.exe, eMKrfZF7GgyuipBVQth.csHigh entropy of concatenated method names: '_589', 'YZ8', '_491', 'G9C', 'EmPPYK5W3CtaW4ZlnC0', 'FyVF3y5lACi9Wt1Jp5F', 'rcMSjA5sxEbEwegZnQ1', 'W0VOfq57QmO5cFMjWXW', 'Rdyh3X5tHpM4MjOl291', 'KOqL9F5hR4PlrUo6ppa'
            Source: hDKY4f6gEA.exe, Ragd76UlguC5AMsRjF.csHigh entropy of concatenated method names: 'i93wauGIX', 'NEtSg4ErH', 'f5RhQ61AN', 'CPt5ty0qy8ZXmGMLWSI', 'HDFvcj0vaGFjutA37fu', 'pkuhx20UFVQIFDdtQHK', 'j45Q800cGISL9c5towH', 'mQi9QH0reKt3NP6NqXK', 'CBNdyU0DJM1v3VyLLus', 'la7NBa0VngVyRUZIHGK'
            Source: hDKY4f6gEA.exe, cnPmGGFqXsdIn95LGrg.csHigh entropy of concatenated method names: 'by0O60LPsL', 'BnARO26C5oqfdLkYQ9Q', 'DvcoT46PabgJx4stJL1', 'sw8ER56mwYY5iwD0NFf', 'FYNBeB6jemIiBLl7XSa', 'oHkQuf6XPHQUbWgRhL7', 'QLw', 'YZ8', 'cC5', 'G9C'
            Source: hDKY4f6gEA.exe, I6EHLPgGiUTVdQMF3UM.csHigh entropy of concatenated method names: 'KpMZEj047V', 'L4BZ40UgyG', 'NlaD6evtGqTMBBtDOI8', 'L3lcTgvh4pJ3A3OPGOu', 'RN2bpbvRvoLHXKFNtvd', 'o4KeHtvdvVIRC6ENBVa', 'O8xmWRvaEYXAoax7Q4V', 'tJNoVsv2orYN2qGwroC', 'GZVkhXvztqQAVTDdyen', 'RrZkcDU19HPIolhRSut'
            Source: hDKY4f6gEA.exe, vCEmreS2EKtEKD22mUZ.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'Exq5wNPutn', 'qoQ5S9MLo8', 'vTX5hXiEc2', 'khs5vCuqSe', 'pAT5lt5w6P', 'yvVAQcwuuIu0aTAV8q7', 'cBWYNQw6YKn3qiWtPBx', 'Ajavlgw33oUAluBfuRP'
            Source: hDKY4f6gEA.exe, HakdnASGIETu6IvB7aa.csHigh entropy of concatenated method names: 'bv5sylpYmY', 'ofhsMqTIcB', 'cFosw7IXGI', 'xDysS6PL45', 'uxmshUUUVG', 'Kv8svLZcal', 'TWOslDNjWI', 'uyVgxLBCQGnI9Yu1SWN', 'YSqvZWBmeDDJkRTIWIL', 'GaNv9uBjUOA52b3VrFA'
            Source: hDKY4f6gEA.exe, kJEYge8hhIMJEhcWlSE.csHigh entropy of concatenated method names: '_7zt', 'tHwDireaei', 'nTfDEwWyp1', 'jKlD4O3qBD', 'CA1DdxXClT', 'ie7DUHSTVC', 'tSYDt9vf1i', 'arM1A9XmyWcgQy06UkC', 'Ck5VISXjhSotbik8vq1', 'C0eAsKXILM7wPYo7bgX'
            Source: hDKY4f6gEA.exe, UDb6b8gb9aCIVEERGxg.csHigh entropy of concatenated method names: 'xyTjbGU4xD', 'RdnjCSmSmx', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'mSfjGMxMtS', '_5f9', 'A6Y'
            Source: hDKY4f6gEA.exe, LNm3lu8dYfNwWbACMXh.csHigh entropy of concatenated method names: 'jbsQSBLSLP', 'AoiQhdxkPm', 'L2LQv0irwC', 'EsaQljXQau', 'SZuQxxVYqp', 'UNy71uP2O10SWNbphPE', 'faTgV7PzE6If33fUZj0', 'FDuJnDPdvWWYdZSOlJZ', 'cjhWyFPaSCrx72OuPWB', 'qbrOfqX1jZu78CI9RJA'
            Source: hDKY4f6gEA.exe, SCFlrnALR3Njj0HNX2W.csHigh entropy of concatenated method names: 'cBkVnJ1npe', 'qSSVPOUVXG', 'NPgVr1yGmo', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'eUTVQJIjrY'
            Source: hDKY4f6gEA.exe, OhecA6SlOq8S4g2dunG.csHigh entropy of concatenated method names: 'jSJsqM50QS', 'yVP6KyHi3XufSt7Einv', 'HOZdQEHE7PqQLKIkMVT', 'OtNGxPH0tTj64CvJGGb', 'GDTHNPHOkPXZJuvy5ZQ', 'rlg2x4HpG0HsDaKVtkm', 'NgPCWkHbxjHvVM0F2V2', 'LXVFSiH3GUTKxr69E7H', 'zfv4jnHfJgxuXB3g1Bc', 'Ot0aJ8Hunoh6LktukIT'
            Source: hDKY4f6gEA.exe, sqPIwa8G0g4FnymHgdM.csHigh entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
            Source: hDKY4f6gEA.exe, wglXeXFd55BPMR425Ej.csHigh entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'kC6qD53Q8MHwSNIp71h', 'D2S9jU3MniVsqEglND4', 'z7jaIw396faSYAjCwhX', 'IWyVOE3n3iabShkQtmb', 'iiovRm3LDufRoqqoNKA', 'iADvN33yj4gcuceDM0X'
            Source: hDKY4f6gEA.exe, tpHMHsFFu0KV8SrDdUp.csHigh entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'hx35dVb44qt04fyC6o7', 'AfoXI5bNYtHfZlgKq5m', 'Q1DAqPbI6ma2UNBb9gp', 'vh3lxDbG3NV6GmkyfTk', 'l3DgKebmlROcTitvtSN', 'MrwAslbj41dGMFsRZjP'
            Source: hDKY4f6gEA.exe, rHu4YqAZew0m2QELYHi.csHigh entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'hyTVjSejob', 'EJuVATnLaQ', 'UwRVVwtd8O', 'EwZVbXxNEn', 'UUZVC6LKAn', 'xnGVG3ZudM', 'reSIBWVUfplQRIaQu01'
            Source: hDKY4f6gEA.exe, vxPmHPABc3iibRpcpol.csHigh entropy of concatenated method names: 'PJ1', 'jo3', 'sSeGn0WYX0', 'RL6GPDNZQ4', 'd1aGrB7JYS', 'EC9', '_74a', '_8pl', '_27D', '_524'
            Source: hDKY4f6gEA.exe, mDfsmMi88VBKbbQkia.csHigh entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'dECaHpiRJSZ8Gko8tyA', 'krOwiAidSPUhfMyctqx', 'mD0R0viadixFx3T8j3Z', 'HiY930i2tu2iwWsa5Vk', 'hbRYAHizsfUZRnVdtT5', 'jLQ2yTE18hXxXMWs53l'
            Source: hDKY4f6gEA.exe, b0yBDWIk3ZrJ3ocCB1.csHigh entropy of concatenated method names: 'XJaZQtfDp', 'VYFjjTvu9', 'yNQAxu0J0', 'iPmVl6kdx', 'hZgbt2vow', 'ClmC2Lgfk', 'M39GaxdiM', 'wIlNvt0f0v2JTSymJl7', 'CQpFOX0uG1tu9G3lcnT', 'SKlDZq06jt8ThShxlEj'
            Source: hDKY4f6gEA.exe, TBC6H0FyEjdvlrl2Z0n.csHigh entropy of concatenated method names: 'dVR0OunxyK', 'pTh00L5uDY', 'fCH0s80pjF', 'PCo7Vk6ste4lEpAd0tl', 'U7vQsy67mI0Jw3abJRR', 'YBuyXD6WeLEoo09HK85', 'RMoJb76lWoaQPGM7EhJ', 'On4CDX6tyXMY9Mq9vxv', 'Eo7cfu6hQqHRpTVouLu', 'cs4Oe16R4KOKdhTMVb2'
            Source: hDKY4f6gEA.exe, g0t9gA8wcfolpMOIoT8.csHigh entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
            Source: hDKY4f6gEA.exe, GGbsptEf9UgBTIY9LDp.csHigh entropy of concatenated method names: 'bqfFZOM8dD', 'sNlFjVhPFf', 'c44FA95bUT', 'GdLFVoqlh8', 'je7FbiWXZw', 'IhuFCbvRKI', 'UtFFGyC59K', 'gvhFkNanS2', 'GOPFFtEKZB', 'ltjFyhSRXR'
            Source: hDKY4f6gEA.exe, kN6NgxAReN3VCJDQMJZ.csHigh entropy of concatenated method names: 'KZiI6NgE2BXN5vg8Ni6', 'CWiy0Lgp6Wv5GFA0OhN', 'PGWsg0gOmcYlfsm0kSS', 'BcTlANgiOC3Jxv6CMQd', 'o5AVwlAJkK', 'WM4', '_499', 'bDFVSsUNeU', 'dTfVhGdRTN', 'KvOVvbfGl1'
            Source: hDKY4f6gEA.exe, xiLlIn8Y8g7y1psXLIC.csHigh entropy of concatenated method names: 'LadXMMFTbu', 'nS5XwPI2eC', 'S8hXSYAAVw', 'cgRXhoAfer', 'h2lXvZgUkC', 'vZHnV8Q4MmZhywkpFXS', 'DoVdIVQwusB5ClA8O4h', 'pXShtcQJWJKXI8OyUSt', 'B5NmGfQNbl3lBrG1O7P', 'myvEIrQIWGhPoUx9aYg'
            Source: hDKY4f6gEA.exe, oCYLRKAa0o6XJ1EELhI.csHigh entropy of concatenated method names: 'OqCGUgF4GT', '_1kO', '_9v4', '_294', 'ppOGtrPffR', 'euj', 'aHnGZqrGxG', 'TGmGjlXEX7', 'o87', 'kG9GAVOS7Q'
            Source: hDKY4f6gEA.exe, fC6BAlnlcFbau6cip0g.csHigh entropy of concatenated method names: 'OQ1mLRtQ9D', 'WIAmgIq0sB', 'xeYmoS4Xjj', 'F1MmR8vRlE', 'FZf56nIKqZGQNyvDYsG', 'gbF50uIT3GsFtMHLvFI', 'ktuNR5IvCfTeZMGQypb', 'k46adEIy9T59s1UCCIF', 'EE7aWSIYHXsWMdSJtZM', 'wmMcdFIUMW6x71S8vls'
            Source: hDKY4f6gEA.exe, beRyTunj4cwffHtrJtd.csHigh entropy of concatenated method names: 'oYo', '_1Z5', 'Kdsp8guUm1', 'RZQPfNRRdg', 'I0UpoWqPbG', 'D9DU1QjB0QqAUKWQbWF', 'Tw1aJUjH9R1MLErxlqw', 'SDg7dVjFbaXBbPc6vNm', 'LqYOS0jea5Ke1HZMwU0', 'qLK5Hwj8XKbPvT0qqZ4'
            Source: hDKY4f6gEA.exe, mTBeMHn864Gin8dmZGF.csHigh entropy of concatenated method names: 'lE5IT3Cyop', 'WbfILl9FQX', 'wiqIgHHjqt', 'yf5Io48aFK', 'BkVIRKsEDx', 'MPOIKtAKV0', 'Qp6Za149wmWnpojd8a1', 'JcIFHu4QA8xyRKtrKyB', 'GfWPic4MYM5KBy2lHSB', 'FTP4kv4n4r8Nsccf7ux'
            Source: hDKY4f6gEA.exe, oGdIsGnFZtRJqdtx8Db.csHigh entropy of concatenated method names: 'rJ7IG4JJQb', 'VTRIkpfOvl', 'sY7IFHbqgN', 'cRYIybg4v8', 'LtIJJEJzg5PbUFMIrNl', 'B2DsSIJat5W2LmAxjD7', 'QBHfxuJ2qtrZGZbJB8k', 'FmFMgt417d2hlt6aUTc', 'F4jJ7740CUguu4mIUQP', 'KW2HCJ4OMHTiFkwY1QS'
            Source: hDKY4f6gEA.exe, nDTYuJASVRf9XPt5nL2.csHigh entropy of concatenated method names: 'OG5AmLmMgw', 'grmAna2U1Z', '_8r1', 'zp3APkODYs', 'X3rArq1h9o', 'B5KAQtVVDT', 'cfTADjFo7P', 'FHBZDArey3ChrBK6JZR', 'TP9tVlr8SEOZYUSQBwZ', 'pQyN1Qrw94gpWObF2YO'
            Source: hDKY4f6gEA.exe, uyg0ywn0BNccbPVGT5Q.csHigh entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'uNEy2ImBJ8SXWIqACMJ', 'xVJe4YmHwyyhmRFVrfA', 'pyIOKmmF8RrRbSdiZIE', 'vGObTame2yG7tOD0EUd'
            Source: hDKY4f6gEA.exe, xLi9evSbNUxZDoftkPL.csHigh entropy of concatenated method names: 'tjuIj4CV8S', 'qNc3YOJlJBsOadGCDbY', 'JaVgLpJk9EfwG5gUFfc', 'ec8vs2JWQhRFrt4lsEv', 'Q8Vy1EJsltTbp5BeZBc', 'SXC06VJ7ENQHo1dISRh', 'A9kI7oxJn1', 'CbgIiTvFWH', 'b63IErsDXX', 'vKcI4MnePI'
            Source: hDKY4f6gEA.exe, kuiFfhxPF6DMyW8G0s.csHigh entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'b3M1cPO5SraAffJ1o6n', 'sJHUuoOxjog2maq96kI', 'jJ1LV1Oos6Eb1R1GSST', 'J8beNiOBZTlBQl3Yngw', 'DdGoifOHTnjdyQ6RtGe', 'E5gnGaOFmifQaHh4cjr'
            Source: hDKY4f6gEA.exe, Xo6f8XFWFvNo9mZ4Gsd.csHigh entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'XxysLl5ysC6KQ0XboWT', 'Cm1RHk5YF6Tu0o4dPBm', 'VmasSO5KPE175d640Qy', 'Xi6iOY5TMNtUbvhw6aW', 'TQnVOa5vbKTj7meDDwX', 'jniBP75UhqlwJL89Wjd'
            Source: hDKY4f6gEA.exe, OWy0ukgnnx5ElSyrkqQ.csHigh entropy of concatenated method names: 'eRRBk3YmafyXXdBfByD', 'JstJe4YjVj7yJADnw5g', 'lcb4meYINWaMLopnqbX', 'r1uY0uYG5lgeHSHvyWI', 'U7MEZGOPoB', 'XR0cTRYXu3vNuyWCGtZ', 'xWmmiUYQSLkpO3hSw4w', 'H7fW49YCQJYGuU6iswg', 'KO2eAyYPnUMmemY6G08', 'nc6QVSYMW0lMttNy2Tc'
            Source: hDKY4f6gEA.exe, y2bOlDzcWKvVSEd4yg.csHigh entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'BfQhI9birURdRRFP6Zp', 'otWBqcbELCpIJHhTPhw', 'S29niKbp2TDIxXVLJ0t', 'OUfFrQbbZSHDgelafBx', 'vmDo3Jb3mARld6D8JbX', 'hwXINubfoLtPnbmL2Mp'
            Source: hDKY4f6gEA.exe, yk94HsFjn7oD3UuddoB.csHigh entropy of concatenated method names: 'hr20rEioYF', 'Ukh0QJIus0', 'qFcnbY5xZPI6xYqEoQc', 'mlIaOF56tfD7fCg9C3W', 'vLxaIv55k9ERHmVn7am', 'LAFW2G5oOv6OQvBIAAA', 'ppyZRB5BE6J6Qwb6qDn', 'r6ITOT5HrdnaE5e1B69', 'w26JAf5FkH8xDdKruOt', 'tCwEK65e5D2KmSWd7Nr'
            Source: hDKY4f6gEA.exe, vLPCp8FsqxfdVtaqvWQ.csHigh entropy of concatenated method names: 'xKKOGMCUf4', 't3fdFSfw9m98v5L4Ko4', 'haqGhKfJXG0wD5cpsCu', 'KCTLnFfeaSaClGHXOar', 'Mvuc79f8YnknYknfwdF', 'B8GN1hf4vl9S0Um9T42', 'u7M2qcfNsNIWgPmQ8qy', 'JPGR4NfI9KEqwIxMWPO', 'cjmXpPfGWsDsBwE58IR', 'f28'
            Source: hDKY4f6gEA.exe, oEijRgnNJ8I328eiFn8.csHigh entropy of concatenated method names: 'sg9', 'xu7p6r3NaQ', 'tQ7ne5uGc1', 'YfXpq3QNVo', 'ag8crnmktfR5eBLCycm', 'DGOHTgmWBjo5RGuW1po', 'fUN3skmlg6nYsZ6rjAd', 'ntvGxXmZYPixXg4hMGl', 'PrjDnqmAACFXDMDEqY7', 'xjs9ZLmsOLkdArZ0NhY'
            Source: hDKY4f6gEA.exe, ny0V8WndY62uGXdLJd8.csHigh entropy of concatenated method names: '_223', 'KbLBs8IwsDPXYdYcKiM', 'SQaT7hIJIVEXJRN2TTO', 'Gu1xdfI4USa1byD2SM7', 'XMG2UBIN1WoN6b3N1g1', 'wTDjSvIIf53gc9OOjLN', 's2EpoxIGTcknOZYe77Z', 'fRNpH7ImPXGnJlfYlpC', 'KaTkjDIjfIMsw1wSxOo', 'CgvReSICA88NeFsjZHu'
            Source: hDKY4f6gEA.exe, qUFuRoS6ZphXNT76nH7.csHigh entropy of concatenated method names: 'cI8sed1k9O', 'urasBF04Xu', 'WsGt04H4pCMLeWkaNAM', 'U1oiNeHNNBlG5PF9iK5', 'JkB3bLHIoeL8or5uECB', 'sbVBKwHGJ7AcpthVMF1', 'zWsluiHmrRYiJlyrm3C', 'yssJbWHj6iCLEB5451u', 'yyq5r7HCBqyXHYmldkV', 'GRP9Y1HPAigMciJS4SW'
            Source: hDKY4f6gEA.exe, lFTRWrFYXTZqGIBMgHP.csHigh entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'fcZK5Bf2mUOf2pE4MIa', 'UX43nOfzQeSDmDL4dAY', 'rWB8Jbu188sMtK1dB8P', 'lZVrucu0HICIHDaRuo7', 'cVseFYuO53LrWUueghk', 'nXm9ecui29ZAiGPqLrq'
            Source: hDKY4f6gEA.exe, uiQHoJn5cXsIRWsgMhU.csHigh entropy of concatenated method names: '_9YY', '_57I', 'w51', 'wChpTgV82q', '_168', 'nhqyOwjPURZGPMoKfFd', 'IGQqbkjXDtClC7mVL8W', 'kO7nUVjQQUa7KkHNF3h', 'w5HCuSjMJ0a4qRyiDST', 'PYRAhoj9YgRTQk1ncZR'
            Source: hDKY4f6gEA.exe, v4NSX0AfACZuEs7VGXV.csHigh entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
            Source: hDKY4f6gEA.exe, YLEvZqAAnGTF4b3RHaX.csHigh entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
            Source: hDKY4f6gEA.exe, gpkp2I875EmNB8mQvn4.csHigh entropy of concatenated method names: 'zTJceQDEU6', 'Rc6cwv4K6k', 'piEcSb6vGW', 'LeZchWbi4j', 'RmlcvPH3bK', 'MFHclc3sg6', 'xGpcxYmWDI', 'OUWc34XVQT', 'HGncTOVGm3', 'Th4cLP6J0Y'
            Source: hDKY4f6gEA.exe, WKTaZr8akaNQyJBD23H.csHigh entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'hZlcpJCTGC', 'Gljc9i6OmE', 'r8j', 'LS1', '_55S'
            Source: hDKY4f6gEA.exe, X6JP05FlsTJdMf87xQY.csHigh entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'XS65Wu3cpmONu7b7WGu', 'Y0kcbJ3rxvjKDWyZ9bn', 'ivZUkh3DhAh5hZiCf0Q', 'Im8I2x3V5ESlV9XiroS', 'sgpKU93gx4GFclUhwbq', 'XIkZHU3SJHgdjUTJDUm'
            Source: hDKY4f6gEA.exe, Ihuc0rACJiWN9h9ly0f.csHigh entropy of concatenated method names: 'iSgjodAy4Q', 'IfXjRFWZsG', 'sYNjKeEmZi', 'DcgjW8QLBl', 'IHmjN1PaUa', 'Oxmj884Fst', '_838', 'vVb', 'g24', '_9oL'
            Source: hDKY4f6gEA.exe, RccVDpFgLviW6x2ZaB5.csHigh entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'QV9uClbZXMcVj7WARdO', 'lkGDJ1bAFxIyrrW0v97', 'vJtuX2bkH3b6aBbRFNQ', 'ipvAXIbWLdjfGLkPnUA', 'bMdgs8blF8BKDo1WuEr', 'dJ0uh9bsW9a0OoBdkrj'
            Source: hDKY4f6gEA.exe, fb3aZTFvSooVNlnPuRo.csHigh entropy of concatenated method names: 'L4G0iioWEC', 'XUuRuwxbMj7sxDr1qMK', 'pbvUCrx3RZjvlF41Hig', 'LWiybFxEDMFZMPDPiCB', 'SkXk1FxpSNf3lqLDBy9', 'ARemFnxfBvWtGpH83jm', '_5q7', 'YZ8', '_6kf', 'G9C'
            Source: hDKY4f6gEA.exe, mLGeEEFDT2FlQjU2ODP.csHigh entropy of concatenated method names: 'kw8OoVM0tX', 'QSL9RA6O03MZDijAqYi', 'DxJXN46iytXCyAi8Bpb', 'rZSgeS611da519GOEkV', 'G72B8W60kwCrBAq8oRS', 'Iw1TYY6EQNgTe7bOUIW', 'NHFoYq6p2WOC9ETZQpn', 'wESVME6boRJdPLcqkp4', 'lDQOK5dOLx', 'D6piPK6uJsAXSLINPNB'
            Source: hDKY4f6gEA.exe, P3AIUSF0X3xNRHEvrfM.csHigh entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'o3xWwVfCG3bFJMCTYvh', 'ijLAWrfPEAQ559OoAkF', 'ASvDYrfX4uoXlvFyMJK', 'rfd9m4fQ1PhMARWbc7d', 'QK0vWTfMkamC7Y30oAS', 'dJsESbf9mDV6SX58871'
            Source: hDKY4f6gEA.exe, TYjAI8FVKgHMlhLl42I.csHigh entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'VytXXlfTbuuJF5CesXY', 'UxJYprfvmkPWfEbcGmO', 'wKkaAsfUhm6d0lC1A69', 'Ei0j6Kfqj7PY2dCJeSR', 'lVKn2tfcyBqGT1ExYVL', 'ugN4jJfr4FLX2SQE8Bd'
            Source: hDKY4f6gEA.exe, LYKA6dFwNkcLrOEiWgZ.csHigh entropy of concatenated method names: '_6U6', 'YZ8', '_694', 'G9C', 'U8cZ5q34jCaImICNHIF', 'NlOFEC3NdwxRwJeMgGk', 'wUfLJI3InkBH2HrwrZA', 'f2ptPm3GrTWBihnp9gU', 'QoLR0v3ma6EsFSBZihv', 'EHjFUs3j1uvQSgftMdp'
            Source: hDKY4f6gEA.exe, qAaqwNRo9Zc2SGirWL.csHigh entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'LuHLlaMuo', 'y6i7T0OTLu3fKyfDs45', 'Vmd1IAOvCepQAhxKoOE', 'DAkekeOUGXEOhW2DoJM', 'rFjyuGOqISeuudQhNsy', 'LJXSX2OcURHYWuu6SuY'
            Source: hDKY4f6gEA.exe, XjRdR7EwX63xfY2FE5g.csHigh entropy of concatenated method names: 'CDUUG9yycAD98', 'CrD0cBZF1gOV7OGofVW', 'cKuVORZesXmKR8vaqSV', 'FVC4pwZ8CtfUiwN414l', 'KeC2EnZwa1Gv3ftjCys', 'Kjmp8tZJrlW23VlTSMm', 'oC3NGfZBdDhk0U3kd0U', 'siei2bZHtD0JCxZ29MN', 'emK5X8Z4hKcXBSW1ItA', 'TcDjyGZNaRGdHpehVJJ'
            Source: hDKY4f6gEA.exe, n4evDjnXIvDTLQVR278.csHigh entropy of concatenated method names: 'VJimWhKnA3', 'zggmN0r12f', 'zN0m8BhyZl', 'dRd4UaIZL9iwK9B3FSV', 'uyitZBIAswDSL6UOf3H', 'qvWnGdIkJ0mCYZaRsTP', 'PlT5YoIWeWXN3fdeur5', 'WcT457IlXZTYLaaZ8LU', 'AYYoF6IsAFhmlONpJYx', 'EuQGvyI7uNG46GYiky9'
            Source: hDKY4f6gEA.exe, QEwntWnspV1iyjDPTky.csHigh entropy of concatenated method names: 'nRpnpm26Sj', 'UIIn9GxmeX', 'nQ7nui9DLt', 'i0BS1oGg29bYYHNe7xE', 'lYD4wYGDZSVnWIHFWSM', 'WfKHH5GVrXoK6nMZuE8', 'ztWx1aGSsKwV7mR6rSX', 'gCvnHSrHjC', 'fKdnIpKumF', 'BgunmcXQmQ'
            Source: hDKY4f6gEA.exe, HJAsWTEQN9udHE418u8.csHigh entropy of concatenated method names: 'Y19C5cZXugE65f4uSJJ', 'SwYqDxZQ9imy110a2rh', 'OH98xUZCHCwsUg4SAxs', 'YOhcqcZPrU7bu3OvuSg', 'mejFcDieal', 'AYDPV8ZnEHJr5nnO1S5', 'xbu97CZLeRAcBTJM27g', 'YJHdRFZyGLxVvwgbILo', 'KHxh0BZY8huGXu7kVLj', 'QHYGAJZKI0dca7xwRDO'
            Source: hDKY4f6gEA.exe, UQVkEe8HsS1hk1tYtGi.csHigh entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'zcFXJatrCr', '_3il', 'HqZXOYprev', 'f7dX0oaQ9J', '_78N', 'z3K'
            Source: hDKY4f6gEA.exe, txaN6lnijfX2LRsbVms.csHigh entropy of concatenated method names: 'ggNxsP9eHl', 'WxfxzeQTZ6', 'WxLK0tmgAMdkUBXfALd', 'Y2yuahmSGxvENlTS1TT', 'o87IeqmDKQP0CNJorAt', 'BRsY7EmVFIM9gaRwK6S'
            Source: hDKY4f6gEA.exe, JmPfhWn7IBYjP3DInlt.csHigh entropy of concatenated method names: '_269', '_5E7', 'JXFpROsv6v', 'Mz8', 'QompkYboY7', 'YTNpoljsuWKNtEiB8Tr', 'iuYg0Vj7MkDXnti5ORK', 'OCnsnsjtWK9saHadV12', 'IdRvn8jheoQyQ0Sh0wY', 'CdnEWgjRBumvl2qbZNU'
            Source: hDKY4f6gEA.exe, z6Bjdu234rTCg6SYml.csHigh entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'dPa0KHiv8QO5VqDVgc9', 'H74UECiUXIYmZJUU38m', 'OB2Kmhiq7P5TU6a7jA3', 'MQwGb7ickxAKGRHhS22', 'jT0lKairpTe2bxtbbdf', 'P45FRdiDbyYd8REovU6'
            Source: hDKY4f6gEA.exe, afpkSqrnuQRVEvZTpH.csHigh entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'v5oB5cOaN7F0gCq9VL9', 'vKYZgyO2PFXdQ94suX8', 'FlMPcyOzs19o3Arj622', 'UsU3mKi1Q0FVrbVmOMI', 'n67LOQi0eaq5dcDLLhr', 'jsAUSNiOCuJaHX25r9A'
            Source: hDKY4f6gEA.exe, BFLC8ynBqVvKeC1HJAR.csHigh entropy of concatenated method names: '_5u9', 'McCplhLhxE', 'AWLPJI6ytD', 'VU9pLlT7Ow', 'eOTGnCmd91ojxV4vUvL', 'OYYkJ4maPlOZ7Ekv0oT', 'dW7fLcm2qJ75TCsRW2s', 'kEJ1vmmhaoZ1MvmRCIF', 'ibWRJumRQDkfu3ZPuiV', 'cWmlqtmz3DkkKbk0lCN'
            Source: hDKY4f6gEA.exe, g7JpoNjBEwlUXWf0JN.csHigh entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'vrN1euEgEBplr2s0QGo', 'zaSUORESJUiMM97Vap0', 'QnVFNiEZBhte4OxIQg4', 'WGMlicEAibHE0ZMp936', 'Ci11aYEkBXEQu8LVuxr', 'i0bZtYEWVS6etiUvI8q'
            Source: hDKY4f6gEA.exe, mnI83WAtWpIEIjpZhQ0.csHigh entropy of concatenated method names: 'bfXCvp3RR1', 'a3U2sfgnQhruAf7Y7Fm', 'xEvJtwgLhsIv4xryKh8', 'mnVRTFgM3GiTmHDFYqI', 'yBEVt5g9GytTfVlOe1l', '_1fi', 'Tq9b8VBXQ2', '_676', 'IG9', 'mdP'
            Source: hDKY4f6gEA.exe, x4hZvwnOFZCr1KuNCs1.csHigh entropy of concatenated method names: 'AFemYUDZeJ', 'zEim6GbGIZ', 'o6vm1S939u', 'rEomq11A4w', 'YpXm2o4jmT', 'rcF1vuGbwR0DywU3MqH', 'p6yNTXG3rOmEpX0SHUV', 'u5pYl1GEod6lWamDI2K', 'oNcb55GpVyAvfLHBlnd', 'hVckbaGfNhhHSx6BNj6'
            Source: hDKY4f6gEA.exe, DcdcmOSiwoHUfxA8Xuk.csHigh entropy of concatenated method names: 'atPHm2NnL9', 'GK5HnyeH8P', 'Ly9hCdwh5CCD71Y10ig', 'Gc9bR1wROgS4YFRgD2Q', 'l3JF56w7nj4rVatIIT4', 'zwWYDWwtLJkwex15AZA', 'LsiHu7QmoW', 'JrfIClJ1xyKrQdllSKN', 'AT28gyJ03gqFtDhU2Tp', 'IeD0M4w2FFaFFDqge98'
            Source: hDKY4f6gEA.exe, fg0sShgDOIVnNVDfTZg.csHigh entropy of concatenated method names: 'Fd6ZKLTa0E', 'TFLZWIhRfK', 'ulsZNCg65h', 'PWhq99UrhI9oBvkUrSB', 'a7umOLUq5kZnjMeAbjp', 'pcFTyUUcuQjytl13C02', 'exn5C4UD0agwHqT3dTP', 'GF9KmbUVv4pgoSOE4Rc', 'J5CWTDUgHFiPaYNHgBe', 'LM6rjWUStVbdj1OPLef'
            Source: hDKY4f6gEA.exe, Osay5ASmQXsSW6hx9Sm.csHigh entropy of concatenated method names: 'jwYfXGx0IO', 'nVlfcBI8iR', 'ysDuqmFCu5yVBR38mwi', 'w3QG45FPrQF4bMdY1yp', 'mreB2tFmL6L6HQtxC9s', 'VYu11BFjqwtqCkr9cJq', 'Lc8J5HFXifcKcnZGLbj', 'FFKtS2FQOXANeEwGw5l', 'Iq24N8FMByofkyN5EfH', 'Dr46Z4F9llA7ne98MtV'
            Source: hDKY4f6gEA.exe, L5l1hm3WPGDnVtsXap.csHigh entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'LAgHxFptjsiYlGNJoEp', 'RJogNyphRMGHeRCkJZR', 'e7JpbRpR1LWv3dYsliR', 'eoy7ZqpdK39YVWeSNO6', 'ILWD6vpaRPiafckynaL', 'e4xLiDp2lJq432b8jdT'
            Source: hDKY4f6gEA.exe, lAw3EwFG4fxnIQdsVRS.csHigh entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'USIDmt33YbAbcdtbern', 'xXxRYF3fbTEnqkNTEp2', 'cdrt2r3u5mgR9B08Pa7', 'mKhya636YcKET8AAdVw', 'FlAjbR35Y6Gsm9Xy9rG', 'OOi6uh3xr9G6tCMoFRd'
            Source: hDKY4f6gEA.exe, SdVTqPFOVEcn2ndX7yV.csHigh entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'dsXA0jf1S0dB8fZt7J5', 'gKepJLf0Re3nXXGF1NC', 'k3Zgl7fOiacSTIlZmKB', 'BLlEyLfidjlyRkcmQmA', 'FLEVNFfEd0Zml6vZHt0', 'ymFnUnfpTKUsnrgc32D'
            Source: hDKY4f6gEA.exe, jbg15QSCOPjxdJbHAE7.csHigh entropy of concatenated method names: 'BQv0jYMXFN', 'RtW0A2C2LO', 'xZf0Vk1FJH', 'wqcdLcxYbDTyhPF2Yfj', 'GjQ9YtxKHYJ4D3oFi8k', 'jQlmgrxTPEtiZ9Cg8vD', 'grYSDAxvJtaB3Zf5CBY', 'B2funaxUASkmcaPqT0i', 'yn8qG2xqgcTv07NMdRj', 'aaK1UdxLK3bhIPJNItG'
            Source: hDKY4f6gEA.exe, qnvVcxB3Tt9cckw3iE.csHigh entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'xSYitfEwWUusBrYXfJ0', 'VwiAAPEJ2rNm3ArHcu6', 'OxZWjWE404DEcSMtKp5', 'e7P1wPENKKbod3yNFg3', 'q8lIh7EIHNKt742HaI3', 'VsntMMEGKERGVZX7jRv'

            Persistence and Installation Behavior

            barindex
            Creates processes via WMI
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Drops PE files with benign system names
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files\Uninstall Information\wininit.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Recovery\smss.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files (x86)\Internet Explorer\services.exeJump to dropped file
            Drops executable to a common third party application directory
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile written: C:\Program Files (x86)\Internet Explorer\services.exeJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files\Windows Defender\RCXA207.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Windows\LiveKernelReports\System.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\ProgramData\Microsoft\MapData\SystemSettings.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files (x86)\microsoft office\RuntimeBroker.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files (x86)\Java\jre-1.8\RCXA65D.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\Public\Desktop\IfYiMMRuvSUMKHkp.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files\Uninstall Information\RCXB8D3.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files\Uninstall Information\wininit.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Windows\Registration\CRMLog\IfYiMMRuvSUMKHkp.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\Public\Videos\RCXBB84.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files (x86)\internet explorer\services.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files (x86)\Microsoft Office\RuntimeBroker.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files\Microsoft\OneDrive\IfYiMMRuvSUMKHkp.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\Default\AppData\Roaming\Microsoft\IfYiMMRuvSUMKHkp.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files\Windows Multimedia Platform\IfYiMMRuvSUMKHkp.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\Public\Videos\RCX99B7.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\All Users\Microsoft\MapData\SystemSettings.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Windows\LiveKernelReports\RCXAD07.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\user\Desktop\hDKY4f6gEA.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\Public\Videos\IfYiMMRuvSUMKHkp.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\ProgramData\Microsoft\MapData\RCXB47C.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\Default\AppData\Roaming\Microsoft\RCXBE25.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Recovery\RCX9764.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\All Users\Desktop\IfYiMMRuvSUMKHkp.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files (x86)\windowspowershell\dllhost.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files (x86)\Microsoft Office\RCXB219.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Recovery\RCXC0C5.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\Public\Desktop\RCXC366.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\user\IfYiMMRuvSUMKHkp.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files (x86)\java\jre-1.8\IfYiMMRuvSUMKHkp.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files\Microsoft\OneDrive\RCXC626.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files (x86)\WindowsPowerShell\RCX9FD4.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Recovery\IfYiMMRuvSUMKHkp.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Recovery\smss.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files (x86)\Internet Explorer\services.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Windows\Registration\CRMLog\RCX9C96.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\user\Desktop\RCX9531.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files\Windows Multimedia Platform\RCXAA37.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\Public\Videos\dasHost.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\user\RCXAF2A.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files (x86)\Internet Explorer\RCXB6AF.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\Default\Application Data\Microsoft\IfYiMMRuvSUMKHkp.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\ProgramData\Microsoft\MapData\RCXB47C.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\ProgramData\Microsoft\MapData\SystemSettings.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\user\IfYiMMRuvSUMKHkp.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\user\RCXAF2A.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Windows\LiveKernelReports\System.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Windows\Registration\CRMLog\IfYiMMRuvSUMKHkp.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Windows\Registration\CRMLog\RCX9C96.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Windows\LiveKernelReports\RCXAD07.tmpJump to dropped file

            Boot Survival

            barindex
            Drops PE files to the user root directory
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\user\IfYiMMRuvSUMKHkp.exeJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile created: C:\Users\user\RCXAF2A.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeMemory allocated: 17C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeMemory allocated: 1B2B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeMemory allocated: B60000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeMemory allocated: 1A7F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeMemory allocated: FC0000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeMemory allocated: 1AB70000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeMemory allocated: 12C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeMemory allocated: 1AE80000 memory reserve | memory write watchJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeMemory allocated: 8B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeMemory allocated: 1A360000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWindow / User API: threadDelayed 1192Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeWindow / User API: threadDelayed 766Jump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeWindow / User API: threadDelayed 366Jump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeWindow / User API: threadDelayed 366Jump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeWindow / User API: threadDelayed 369Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Program Files\Windows Defender\RCXA207.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Program Files (x86)\microsoft office\RuntimeBroker.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\RCXA65D.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Program Files\Uninstall Information\RCXB8D3.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Users\Public\Videos\RCXBB84.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Program Files (x86)\internet explorer\services.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Users\Public\Videos\RCX99B7.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Users\All Users\Microsoft\MapData\SystemSettings.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Windows\LiveKernelReports\RCXAD07.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Users\user\Desktop\hDKY4f6gEA.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\ProgramData\Microsoft\MapData\RCXB47C.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Users\Default\AppData\Roaming\Microsoft\RCXBE25.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Recovery\RCX9764.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Users\All Users\Desktop\IfYiMMRuvSUMKHkp.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Program Files (x86)\windowspowershell\dllhost.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\RCXB219.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Recovery\RCXC0C5.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Users\Public\Desktop\RCXC366.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Program Files (x86)\java\jre-1.8\IfYiMMRuvSUMKHkp.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Program Files\Microsoft\OneDrive\RCXC626.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsPowerShell\RCX9FD4.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Windows\Registration\CRMLog\RCX9C96.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Users\user\Desktop\RCX9531.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Program Files\Windows Multimedia Platform\RCXAA37.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Users\user\RCXAF2A.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Program Files (x86)\Internet Explorer\RCXB6AF.tmpJump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeDropped PE file which has not been started: C:\Users\Default\Application Data\Microsoft\IfYiMMRuvSUMKHkp.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exe TID: 7076Thread sleep count: 1192 > 30Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exe TID: 7076Thread sleep count: 766 > 30Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exe TID: 7008Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exe TID: 7616Thread sleep count: 366 > 30Jump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exe TID: 7520Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exe TID: 7760Thread sleep count: 366 > 30Jump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exe TID: 7508Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exe TID: 7720Thread sleep count: 314 > 30Jump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exe TID: 7720Thread sleep count: 132 > 30Jump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exe TID: 7544Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exe TID: 7812Thread sleep count: 369 > 30Jump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exe TID: 7608Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: hDKY4f6gEA.exe, 00000000.00000002.2004192625.000000001C6F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeQueries volume information: C:\Users\user\Desktop\hDKY4f6gEA.exe VolumeInformationJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeQueries volume information: C:\Program Files (x86)\WindowsPowerShell\dllhost.exe VolumeInformationJump to behavior
            Source: C:\Program Files (x86)\WindowsPowerShell\dllhost.exeQueries volume information: C:\Program Files (x86)\WindowsPowerShell\dllhost.exe VolumeInformationJump to behavior
            Source: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exeQueries volume information: C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exe VolumeInformationJump to behavior
            Source: C:\Recovery\IfYiMMRuvSUMKHkp.exeQueries volume information: C:\Recovery\IfYiMMRuvSUMKHkp.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Disable UAC(promptonsecuredesktop)
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeRegistry value created: PromptOnSecureDesktop 0Jump to behavior
            Disables UAC (registry)
            Source: C:\Users\user\Desktop\hDKY4f6gEA.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUAJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected DCRat
            Source: Yara matchFile source: 00000015.00000002.1785792731.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.1780433125.0000000002BAF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1931637010.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.1780433125.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.1780644862.0000000012B81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000011.00000002.1780556568.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000018.00000002.1785959753.0000000002361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: hDKY4f6gEA.exe PID: 6936, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: dllhost.exe PID: 7372, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: dllhost.exe PID: 7412, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: IfYiMMRuvSUMKHkp.exe PID: 7440, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: IfYiMMRuvSUMKHkp.exe PID: 7476, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected DCRat
            Source: Yara matchFile source: 00000015.00000002.1785792731.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.1780433125.0000000002BAF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1931637010.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.1780433125.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.1780644862.0000000012B81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000011.00000002.1780556568.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000018.00000002.1785959753.0000000002361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: hDKY4f6gEA.exe PID: 6936, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: dllhost.exe PID: 7372, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: dllhost.exe PID: 7412, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: IfYiMMRuvSUMKHkp.exe PID: 7440, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: IfYiMMRuvSUMKHkp.exe PID: 7476, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
            Windows Management Instrumentation            		1
            DLL Side-Loading            		11
            Process Injection            		333
            Masquerading            		OS Credential Dumping11
            Security Software Discovery            		Remote Services11
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		11
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Bypass User Account Control            		31
            Virtualization/Sandbox Evasion            		Security Account Manager31
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
            Obfuscated Files or Information            		Cached Domain Credentials14
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Bypass User Account Control            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            hDKY4f6gEA.exe84%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            hDKY4f6gEA.exe68%VirustotalBrowse
            hDKY4f6gEA.exe100%AviraHEUR/AGEN.1323984
            hDKY4f6gEA.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Program Files (x86)\Internet Explorer\RCXB6AF.tmp100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\WindowsPowerShell\dllhost.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files\Windows Defender\RCXA207.tmp100%AviraHEUR/AGEN.1323984
            C:\ProgramData\Microsoft\MapData\RCXB47C.tmp100%AviraHEUR/AGEN.1323984
            C:\Program Files\Windows Multimedia Platform\RCXAA37.tmp100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Microsoft Office\RuntimeBroker.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Java\jre-1.8\RCXA65D.tmp100%AviraHEUR/AGEN.1323984
            C:\ProgramData\Microsoft\MapData\SystemSettings.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files\Microsoft\OneDrive\RCXC626.tmp100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Microsoft Office\RCXB219.tmp100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Internet Explorer\services.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files\Uninstall Information\RCXB8D3.tmp100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\WindowsPowerShell\RCX9FD4.tmp100%AviraHEUR/AGEN.1323984
            C:\Program Files\Uninstall Information\wininit.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Internet Explorer\RCXB6AF.tmp100%Joe Sandbox ML
            C:\Program Files (x86)\WindowsPowerShell\dllhost.exe100%Joe Sandbox ML
            C:\Program Files\Windows Defender\RCXA207.tmp100%Joe Sandbox ML
            C:\ProgramData\Microsoft\MapData\RCXB47C.tmp100%Joe Sandbox ML
            C:\Program Files\Windows Multimedia Platform\RCXAA37.tmp100%Joe Sandbox ML
            C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Microsoft Office\RuntimeBroker.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Java\jre-1.8\RCXA65D.tmp100%Joe Sandbox ML
            C:\ProgramData\Microsoft\MapData\SystemSettings.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exe100%Joe Sandbox ML
            C:\Program Files\Microsoft\OneDrive\RCXC626.tmp100%Joe Sandbox ML
            C:\Program Files (x86)\Microsoft Office\RCXB219.tmp100%Joe Sandbox ML
            C:\Program Files (x86)\Internet Explorer\services.exe100%Joe Sandbox ML
            C:\Program Files\Uninstall Information\RCXB8D3.tmp100%Joe Sandbox ML
            C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exe100%Joe Sandbox ML
            C:\Program Files (x86)\WindowsPowerShell\RCX9FD4.tmp100%Joe Sandbox ML
            C:\Program Files\Uninstall Information\wininit.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Internet Explorer\services.exe84%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files (x86)\Internet Explorer\services.exe68%VirustotalBrowse
            C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exe84%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exe68%VirustotalBrowse
            C:\Program Files (x86)\Microsoft Office\RuntimeBroker.exe84%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files (x86)\Microsoft Office\RuntimeBroker.exe68%VirustotalBrowse
            C:\Program Files (x86)\WindowsPowerShell\dllhost.exe84%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files (x86)\WindowsPowerShell\dllhost.exe68%VirustotalBrowse
            C:\Program Files\Microsoft\OneDrive\IfYiMMRuvSUMKHkp.exe84%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files\Microsoft\OneDrive\IfYiMMRuvSUMKHkp.exe68%VirustotalBrowse
            C:\Program Files\Uninstall Information\wininit.exe84%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files\Uninstall Information\wininit.exe68%VirustotalBrowse
            C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exe84%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exe68%VirustotalBrowse
            C:\Program Files\Windows Multimedia Platform\IfYiMMRuvSUMKHkp.exe84%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files\Windows Multimedia Platform\IfYiMMRuvSUMKHkp.exe68%VirustotalBrowse
            C:\ProgramData\Microsoft\MapData\SystemSettings.exe84%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\ProgramData\Microsoft\MapData\SystemSettings.exe68%VirustotalBrowse
            C:\Recovery\IfYiMMRuvSUMKHkp.exe84%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Recovery\IfYiMMRuvSUMKHkp.exe68%VirustotalBrowse

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://aka.ms/odirm21%VirustotalBrowse
            https://aka.ms/Vh5j3k0%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            No contacted domains info

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://aka.ms/odirm2hDKY4f6gEA.exe, 00000000.00000002.2004400234.000000001C7B3000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namehDKY4f6gEA.exe, 00000000.00000002.1931637010.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://aka.ms/Vh5j3khDKY4f6gEA.exe, 00000000.00000002.2004400234.000000001C7B3000.00000004.00000020.00020000.00000000.sdmpfalseunknown

            World Map of Contacted IPs

            No contacted IP infos

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1523783
            Start date and time:2024-10-02 02:36:07 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 6m 14s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:40
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:hDKY4f6gEA.exe
            renamed because original name is a hash value
            Original Sample Name:3e40d7f0c47407447c1fa9be4ec0f714.exe
            Detection:MAL
            Classification:mal100.troj.evad.winEXE@26/84@0/0
            EGA Information:Failed
            HCA Information:Failed
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): RuntimeBroker.exe, ShellExperienceHost.exe, schtasks.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): a1016854.xsph.ru, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Execution Graph export aborted for target IfYiMMRuvSUMKHkp.exe, PID 7440 because it is empty
            • Execution Graph export aborted for target IfYiMMRuvSUMKHkp.exe, PID 7476 because it is empty
            • Execution Graph export aborted for target dllhost.exe, PID 7372 because it is empty
            • Execution Graph export aborted for target dllhost.exe, PID 7412 because it is empty
            • Execution Graph export aborted for target hDKY4f6gEA.exe, PID 6936 because it is empty
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
            • Report size getting too big, too many NtOpenKey calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            01:36:58Task SchedulerRun new task: dllhost path: "C:\Program Files (x86)\windowspowershell\dllhost.exe"
            01:36:58Task SchedulerRun new task: dllhostd path: "C:\Program Files (x86)\windowspowershell\dllhost.exe"
            01:36:58Task SchedulerRun new task: IfYiMMRuvSUMKHkp path: "C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exe"
            01:36:58Task SchedulerRun new task: IfYiMMRuvSUMKHkpI path: "C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exe"
            01:37:00Task SchedulerRun new task: dasHost path: "C:\Users\Public\Videos\dasHost.exe"
            01:37:00Task SchedulerRun new task: dasHostd path: "C:\Users\Public\Videos\dasHost.exe"
            01:37:00Task SchedulerRun new task: RuntimeBroker path: "C:\Program Files (x86)\microsoft office\RuntimeBroker.exe"
            01:37:00Task SchedulerRun new task: RuntimeBrokerR path: "C:\Program Files (x86)\microsoft office\RuntimeBroker.exe"
            01:37:00Task SchedulerRun new task: services path: "C:\Program Files (x86)\internet explorer\services.exe"
            01:37:00Task SchedulerRun new task: servicess path: "C:\Program Files (x86)\internet explorer\services.exe"
            01:37:00Task SchedulerRun new task: System path: "C:\Windows\LiveKernelReports\System.exe"
            01:37:00Task SchedulerRun new task: SystemS path: "C:\Windows\LiveKernelReports\System.exe"
            01:37:00Task SchedulerRun new task: SystemSettings path: "C:\Users\All Users\Microsoft\MapData\SystemSettings.exe"
            01:37:00Task SchedulerRun new task: SystemSettingsS path: "C:\Users\All Users\Microsoft\MapData\SystemSettings.exe"
            01:37:00Task SchedulerRun new task: wininit path: "C:\Program Files\Uninstall Information\wininit.exe"
            01:37:01Task SchedulerRun new task: wininitw path: "C:\Program Files\Uninstall Information\wininit.exe"
            01:37:03Task SchedulerRun new task: smss path: "C:\Recovery\smss.exe"
            01:37:03Task SchedulerRun new task: smsss path: "C:\Recovery\smss.exe"

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Program Files (x86)\Internet Explorer\RCXB6AF.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204735192965171
            Encrypted:false
            SSDEEP:24576:KIpz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:KQzulw0bg/qAymlV
            MD5:BF0EC67E04C3B0FC5906471028817F55
            SHA1:B2C978D618067186660DD3DA8B6F234FDF0F909D
            SHA-256:548F147B7A2F5D711CEF02D66C69F26859F963120B67C7C9869F191C2192A05E
            SHA-512:CDA4509A1038006E583138312B28B84D872B9E70573F414C224BF8FFFA4494938752C336BC567CA6FE646B86ACAB75C44709BE2B067711540E9A14B554E6B18D
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..<....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...<.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\Internet Explorer\c5b4cb5e9653cc

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with very long lines (495), with no line terminators
            Category:dropped
            Size (bytes):495
            Entropy (8bit):5.87030413631614
            Encrypted:false
            SSDEEP:12:EVXyIHrlcidwdEfDjGH1uwmuUIPOp3e2pZISQc:EkMrlcoRLKVu5ujPOp3eaIST
            MD5:B9208FB0F5745DEF83FD2597D072A5C6
            SHA1:12C5326F5466867F0D2EDF7ADE67D0117E9BADEC
            SHA-256:D089171F75B6CB0094B9EB2F142B2B857A32806A27088F95A4EEFE9536ED2002
            SHA-512:896975A8BBEB5C4945CEF7548BAFF31BB33CF17D698342285DB6AB2DB6DDA8E3B68B3735EDBF4A16066184DA5EDE62A4D01FF48CA39DCC1889654886A3C9B407
            Malicious:false
            Reputation:low
            Preview:QEemQgApsLDPAkivZ32pNQXYQHdfrR3mRUvRU7ofmT2Jzs7CGOKdHfQ9qGVICe7aSb7qzQbcOXD4XNiiKbYcHZewDvkOmfcIWb1YuRNzxsOucWlchx8lFeT26LmDpMzt54h6WJx2OipZKuUrJIqyg0C2I8cjpJKl2fyhypGY9FXgz3rM044hfBME2pxXrNNFYDhp5w3dBSyadfCORPsuOmF1TupI2trw2SIvWCREBbgNMvkWmiGbfc0w7qVKHulSkCiLXR1O8otxG2oiKTgTnPQZbVyqrG7QzOnJMY8Vq1d1tDpFBxAxORoVwJtBdLh1rd72OfVvUKnvwZqYpsp3GJCijSXDo72fTlKQFx0fcPdDo3iWcVVufovhaZS6IRGXSHcKPaS11Jb0p94qtAkTlH9pzmzqf3XKIGvgaXHCCd3WM42bemNHqxwKHwVnkmW7wRsjOXPV3hQHOnd4uYL2qPdVTkYoCecaG5j5MSNHX1OIgo6

            C:\Program Files (x86)\Internet Explorer\services.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 84%
            • Antivirus: Virustotal, Detection: 68%, Browse
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\Internet Explorer\services.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Reputation:high, very likely benign file
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Program Files (x86)\Java\jre-1.8\047efad0ccc033

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with very long lines (568), with no line terminators
            Category:dropped
            Size (bytes):568
            Entropy (8bit):5.906835266723591
            Encrypted:false
            SSDEEP:12:oAeRgVVHCtELRx1EUxSx/GYJSQDGKwTMV5LHjPwXmipBZyw:PeRg3HHRxy/usYK6s5/w2mOw
            MD5:4F7BBF5A570E152513C05035CA9E8399
            SHA1:D49B121ED6CB9E7852FA659EB810B1D2EA58EEC5
            SHA-256:B4D9BA7BE7841398759773AB5F3E2F0803E9D3CAAC6E5180612288A394983B8B
            SHA-512:3B637C4CCEC63406588EBAF1BC8BB0F057351410C847BC0DF30AEB3AE010945C4776C60325A167B5D34C945697AB43B87D38F447657F4DF9C5DB174F5D301647
            Malicious:false
            Reputation:low
            Preview:g1aDQzGTZtsq1WHp4P38Nl1c5flG6E1MXHjCRobS404M3HkmIzTFVPV597HvN9XU2gStxEXPxkDXqpiy498Gvv0IwoCUhqE4cjUXy0zDbDSuL7OUZS1OBRjGpK7IBDsHgJ4GVL9DJ4osdF6zZs5Ozz3LANrn3qCYULNCCI8NTxEHm1mkNHtTIeSrPsFHeWJd2QXS24wQtr5BuvjJlHav6sPz2gwTC1t6nlOWdUrTVcjbjQ7eJ6gW5XgJAiZVIcO178XJhMpQZHaeJyQmiSJFVWBQEFW54VK2Ordl3y67QP7y7C9MSxx0SIgl7HEb0uWD6hQbVotuVMzGZMSBFKnHiUjFL1ovtfGf332Zwi0nECeGTaMuyCWqHOel7KQdA7B0FTMfT3PhT9Cgzdwup37qIaYoYQbmRXnHBoA9Nqb5xzXHL8veXfxGAUrp4iGCbmP5W5fLcwh9cB3TDQcaf7OvjgGq7VFpjYeKjbuQckBk8yo8bXloFqhdYeW0yzNGr1ZDgsumgM745nwv1IOkubj30BwEE4bnW53HYkbtm9H2snhurk8qknWQRgNf

            C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 84%
            • Antivirus: Virustotal, Detection: 68%, Browse
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\Java\jre-1.8\IfYiMMRuvSUMKHkp.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Reputation:high, very likely benign file
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Program Files (x86)\Java\jre-1.8\RCXA65D.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204605652676782
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:FEF4E38BCE0C0606E3183F023882CAC1
            SHA1:480CFDB85EF10A45C896592FE25B6FC1B7417E6E
            SHA-256:E3876BA86BD792549F78C60E8D27F3DAA2FFACA065CBE92D0F8112503EEC3C9D
            SHA-512:A962999104BB2850DF784C544D910966DC09BED249C0BFCD04A140706C4CC71271429106A288B9349BAD9B080B20089A8008D13C898C6094C777E6BD9846C72C
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..x....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...x.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\Microsoft Office\9e8d7a4ca61bd9

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with very long lines (588), with no line terminators
            Category:dropped
            Size (bytes):588
            Entropy (8bit):5.879066743979203
            Encrypted:false
            SSDEEP:12:5quTekxNmKuK8kpXvdk4Yem9DMyCNdZ1Py8pOkQUOvh7c33:IuN7mKuK8G/xTmFCd7svg3
            MD5:EFEE338FA8A4E5F555CD758961766B67
            SHA1:AFEC7D6E392210F805247EF3DE5222A9CD214AC7
            SHA-256:7B83D5767E94715756B330B3FFB0D244678A8C3B9BB926F43767FE7D611E6B07
            SHA-512:E7E154602CECB1B8ED665FE29750918A7124E29A8CD35FD883276423FE61E00C1C53FEB0E665D97D4EE09CFB658FDA19AC9E229B4D9954DBD1606A26B0DB54CB
            Malicious:false
            Preview:1YWvaDzDu5OCBldXjTAArzOmyy7WmSvl1RywxMPMBQsvdA17buk7NV2CKt6lGdbbKnKuwqkWEx9aGcJx7942rxYfYwlDPnGhzRl0zHLuJO3aWc6skIoGijuWPpVAFhGaqblz0S80xKsd48J6z3dG9A8PgPlKvLpmHct40H1SKxSY1QcQfZKLD9bqcVSkqyFmeFWbOOFsBL6LrkYQxUoVAdiHBCcfyQlVsq3v4ABRUcJ2DP926BxVKtlAhOaMwj3ujkcBqnWwSXBiUpEvCjixdPL9E2NpkzeuiYTcw8MTpBDwsDq1JoKNAGRUYd6xaqMd2QA5Wm8EWPHbMZQBMVg5pRtbG9DTBZ29zj4cDufhqF0v80H9N5kEKQykgizWipD7WImmey7bz9Pja8dQ1EGFyyyjvU5e5I8AC3Y0OefY7JOKAOJhEifej7IiTC1K2dfrAOghknBWirHpkoigKYZWnebEuzgLnVgenhKvrl6bgI510d7peV9eDJDgxbxuG0tNLmBDdwyib8zfijOQ20qSVBbeeo8QyMUqYsqNc4MsgaDFTh8ONg2QJb1JKhjzxitPnJGz2Ay7o8v4

            C:\Program Files (x86)\Microsoft Office\RCXB219.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204630540331046
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:5F1C75964C9E535288F1211470DFBB56
            SHA1:80FD16AC110D6BD5CBBF7934D7A5BDE6A1CC7970
            SHA-256:E60F80359CB3E9491C793289C7C9EF332B921053910952A16DB777A9277E57EE
            SHA-512:BC32A87EF6053CE2602B80DBF944F2CED1BCE2EA88F971D6C34F801D6D695FE3A13F9AA6A3695B8984CE4E680734666AD93C49EFA0F0EE499D5C2713C14D9008
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..x....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...x.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\Microsoft Office\RuntimeBroker.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 84%
            • Antivirus: Virustotal, Detection: 68%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\Microsoft Office\RuntimeBroker.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Program Files (x86)\WindowsPowerShell\5940a34987c991

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with very long lines (754), with no line terminators
            Category:dropped
            Size (bytes):754
            Entropy (8bit):5.8966751525140975
            Encrypted:false
            SSDEEP:12:uFuUeEbkkIB4OdQLaxJtB41CVhdjV9ZD8Zc9MorkuzM2kSZ6cnvwhvnTQfwLvcqU:u0UeMfQ4OdKGzDhd3ZD8+Mo4cnviLbLq
            MD5:B96707799FAD4F20CADE71FDAB29C181
            SHA1:0BACE50A8B369428AD02A223B1E8DF8CA3414FB4
            SHA-256:10CB3FDA6C1D11AC9D0541D2CA71D9707573B5A6B5250E39295C426556F83EDE
            SHA-512:88DA513B891CD44AC5730FC39733FA4E0DE039808CE9B0E8B44219CBFF8B4D2F61099AC2E832D0D1BC9056A65A353979FFAE2A56D3B0713053D6AE98ABC85CED
            Malicious:false
            Preview:Y3unD0wEKT14fZhBJX7jIVjTnwZjIxyg8lrfeLANCWKhM3HJoRC5HamDUb9QbN5WeU63sBg7WthvKBGuoQ51v2Zh9oLDLuwzayD26NamuEjX302SUOlLRElm4Y4Dzdwm7sUW8OxbzSGqTCoJv3s6IkhWNb7iTXwQS7aLfgUGbKV974S2uvS6vzdWL8IhQPIcgzXWmdnPilf8OiYSIFyhEzfddDAhXx0LB3cHh6QQHCYJTfHnjzYKbkXqU33idG2vvT6VFQvMzhZCbVK75X7hYpubgvxnDrxBKmY9jwhSEMV3KVP8t5nGIUXFjeyTdHIHuY1y7KYJzpdLT0QLgz4IEq3zPSaE7Nz6DNJwdaBigdQd1LwsOnxoNADDeCjouTLlzgHFresFxWlkaa8Dgs0TaLtDKGSa0XyNSpnUDqBu5r00ZdnEDgHBd1LowE5kLROahYSvwn90rGYsU2nrdNXUPwtad9h9uaiocaTBL1RZgRUXdcT4bOH733Kuo1RxFAFRhtP4jlgl67y8cV7BpnhgSkujPiWTkeUfLCztMZUzrgB6FLSS4QHcdi879qpBOMAbnTxZgNyQSrywiydDPEZUW1CnE2uguTkffjSvY2wqb1JvtMZLMlvKxqFvQJVodSg9GTQ8frpWRs2esQ31ciTIharyehfOhINJVJoa5ape6Y2FykC9QdL48Xbqmce7MazJfsJjmd6C2yMJhlA3ef8D7SL8r7xd5rRfjtkFbdXxhIBJKSJAbl

            C:\Program Files (x86)\WindowsPowerShell\RCX9FD4.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.2046119008282075
            Encrypted:false
            SSDEEP:24576:KIpz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:KQzulw0bg/qAymlV
            MD5:9E5DB22C322B8680A501949A4B42EBBC
            SHA1:753F2278E12880D2A79DC9EF5ADBAB176E918584
            SHA-256:15C66FCA47591AFBC5E70658FAE42DDEEB0D3F9D675E59769BA23F78EEA628ED
            SHA-512:4B6AAE5F9F1131D4BF0B4404CA93EC7283C578A2762AE5D32A107892AE9F958FEC6FB3C468D82BCAF332236565054B1838C70A4C3F65D61CE957233A769040FD
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..|....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...|.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\WindowsPowerShell\dllhost.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 84%
            • Antivirus: Virustotal, Detection: 68%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\WindowsPowerShell\dllhost.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Program Files (x86)\internet explorer\services.exe (copy)

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204735192965171
            Encrypted:false
            SSDEEP:24576:KIpz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:KQzulw0bg/qAymlV
            MD5:BF0EC67E04C3B0FC5906471028817F55
            SHA1:B2C978D618067186660DD3DA8B6F234FDF0F909D
            SHA-256:548F147B7A2F5D711CEF02D66C69F26859F963120B67C7C9869F191C2192A05E
            SHA-512:CDA4509A1038006E583138312B28B84D872B9E70573F414C224BF8FFFA4494938752C336BC567CA6FE646B86ACAB75C44709BE2B067711540E9A14B554E6B18D
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..<....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...<.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\java\jre-1.8\IfYiMMRuvSUMKHkp.exe (copy)

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204605652676782
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:FEF4E38BCE0C0606E3183F023882CAC1
            SHA1:480CFDB85EF10A45C896592FE25B6FC1B7417E6E
            SHA-256:E3876BA86BD792549F78C60E8D27F3DAA2FFACA065CBE92D0F8112503EEC3C9D
            SHA-512:A962999104BB2850DF784C544D910966DC09BED249C0BFCD04A140706C4CC71271429106A288B9349BAD9B080B20089A8008D13C898C6094C777E6BD9846C72C
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..x....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...x.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\microsoft office\RuntimeBroker.exe (copy)

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204630540331046
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:5F1C75964C9E535288F1211470DFBB56
            SHA1:80FD16AC110D6BD5CBBF7934D7A5BDE6A1CC7970
            SHA-256:E60F80359CB3E9491C793289C7C9EF332B921053910952A16DB777A9277E57EE
            SHA-512:BC32A87EF6053CE2602B80DBF944F2CED1BCE2EA88F971D6C34F801D6D695FE3A13F9AA6A3695B8984CE4E680734666AD93C49EFA0F0EE499D5C2713C14D9008
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..x....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...x.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\windowspowershell\dllhost.exe (copy)

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.2046119008282075
            Encrypted:false
            SSDEEP:24576:KIpz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:KQzulw0bg/qAymlV
            MD5:9E5DB22C322B8680A501949A4B42EBBC
            SHA1:753F2278E12880D2A79DC9EF5ADBAB176E918584
            SHA-256:15C66FCA47591AFBC5E70658FAE42DDEEB0D3F9D675E59769BA23F78EEA628ED
            SHA-512:4B6AAE5F9F1131D4BF0B4404CA93EC7283C578A2762AE5D32A107892AE9F958FEC6FB3C468D82BCAF332236565054B1838C70A4C3F65D61CE957233A769040FD
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..|....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...|.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\Microsoft\OneDrive\047efad0ccc033

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):45
            Entropy (8bit):4.7916358740113
            Encrypted:false
            SSDEEP:3:5n2iGJF/UJjFR:VfJRR
            MD5:6DEB5BE682CAEF4F44D6B1B24761A633
            SHA1:9191A6283D1033E0450ED388DBF31E0348EDC000
            SHA-256:E6214BFDD9683390EB710AEE3F9AE00A905AFECFE0ED18D800EC08C0EAA21EE1
            SHA-512:D86FA49EE715AADCCE6E87A0A2B8AE8593000F02923DD83FACBD6B2A8357FC30F45190666B17917892685711B4B3935FB7A66C9F9417CC080F20C20FF4C397C5
            Malicious:false
            Preview:R4FJeSrg65mYsryaYcDAtAIU1tJZClJA1IQpOJlplKkV4

            C:\Program Files\Microsoft\OneDrive\IfYiMMRuvSUMKHkp.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 84%
            • Antivirus: Virustotal, Detection: 68%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\Microsoft\OneDrive\IfYiMMRuvSUMKHkp.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:false
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Program Files\Microsoft\OneDrive\RCXC626.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.2046947918139805
            Encrypted:false
            SSDEEP:24576:qIpz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:qQzulw0bg/qAymlV
            MD5:6DEBE3D05D93F37061D3DAA0DBD12954
            SHA1:6CF2B8B32621AAD7687BBE327D720AB80F95EFFE
            SHA-256:1EC0FA8BE32E8DE24DC70ABAC82FA347B03A0DE292A0B879368EB5878C704910
            SHA-512:8554C884739B7F6B65D1360C299CA07FA93810EF692935229A6EB9161A768F59167F1C1F838E20134C1625C4AED7F48E56F88FE8754BDFDED9A9A54B059B8F32
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..L....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...L.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\Uninstall Information\56085415360792

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with very long lines (531), with no line terminators
            Category:dropped
            Size (bytes):531
            Entropy (8bit):5.847686683206485
            Encrypted:false
            SSDEEP:12:SuFWgqbcc0b0E5zRPb4yIcYVIejJOeLg+/71Bn:SuFWgqQFfbnhYbrLg+/71d
            MD5:0E1F45E7DB04D1D93958B47190ED9822
            SHA1:7A3A40807F9819CAD5B84E01AB0BF8B7DE8447AE
            SHA-256:73FCF0CEA3F6896C85628DA1AB4182F4D7E683D93D46E5995AF99C915DDFBFEE
            SHA-512:5F261B71DF01732CA24A7D058ECD3D0B7EA9AD906AB9D9A432F0986584EE7FF1476C09201149E3DF05832955EA8A7C7A71CA0F3FE4DE24FBD9C65893E71BC4D5
            Malicious:false
            Preview:xXPn8kTZF0ATDhsbLDeyBUzpo4UllQ9mnDIzCjIwizDpomavsbAX9dfchk9EQsxy1XpAZ2Yl5sPLRJABei2JQmnKhqRbkEg0BPxQ6ZW0CYbRNUKYj7krzoiPufdtl6B0LZJBWuEEMCH1KV6Nf32nezAXrhfb5nPFXlGxKJCz2ffxgqFZjQOrEXWWYwUyPnIixBdiPICV1Du8UN0AbG2pZhA9PtZYyNkOW69fMhJaN20BnXCK5TWIvdJQAeTftogndflXOVy46bbgq9W1rOdf1bd3wtesNnrjVNiHvo6jfbLTBnjBHbxfLBvBCske1FrSu1LdbPFDR3AZPK1JJclw0MYUbgFDDcsZu2iKbGk2VuNSBWw10bUYe5cic1B4KC9yKkpXlrrD2saF8GSFuNMmHU5zZ9rkFprTuYHaqYPJuRfveXkVi6K6zXrzp07m9G7MAHUj92ZV7D2zyJUCZVCJfudXrRvzbnJnTTuXCAWqhy9vf1Bgg4MnDyrPn72rGj3T3OffY6AY8Wlqvr1zQPT

            C:\Program Files\Uninstall Information\RCXB8D3.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.20470525223856
            Encrypted:false
            SSDEEP:24576:qIpz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:qQzulw0bg/qAymlV
            MD5:74AE7002A5029915478B0AB77A5B0B9D
            SHA1:BFCDFDD7C2307743AA1547B42C21140656B1AF4E
            SHA-256:532BF4C31D3100F8DD87D676A0D845C1CA3E8322B746CAE746426B492C35433A
            SHA-512:1A939F284698534A6AC60FE8BC4427C6F9A04C138E38D847EE338E338B2E26DF3D8D8D66F50987F45889DB03DD3B21233C8CB8BE75E43D2521D29E65229CBC43
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..L....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...L.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\Uninstall Information\wininit.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 84%
            • Antivirus: Virustotal, Detection: 68%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\Uninstall Information\wininit.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Program Files\Windows Defender\047efad0ccc033

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):182
            Entropy (8bit):5.666460218060515
            Encrypted:false
            SSDEEP:3:TV1pCUoTWa2soJOlXT0pu3wS/g0AduXokLwNRcifNSX2B1QSZwunRw9AckOEcM64:Z1sUi2jOZ0puYQvUNXfj1xwgaAfOEy12
            MD5:65C262B260B46BC82037D1E13C1381D2
            SHA1:40BD16040298F916F540BC7328193B96955064EE
            SHA-256:C0C325F45F0EA0CF5259C94AB302BC9FEDA0020379F750899F5EE85254947615
            SHA-512:D106BB701E82B5CDB2918CE1949030C543FEC223A38FBE2F5E2821FA78915862C4418412560B99D3769E5C0B5B300A138DEDCDBBBD01E9FABFE3E35B79D0A675
            Malicious:false
            Preview:1opcGLgqkxB4bBHKgyQBxZyxBUOkDxhXiRmsIEB0ndsV8gKckRPX6fXc01bw66nwQoWKZZCbwZYTqcyeKw9vhJaC3J2QnP4q05FUK9DLPykhHDvXC6lK72PGNUQPgvyhfsdvXeUKsyfti350XeOqnut8q8H0txoeADBZjA9imbbIWfiTYZ1CgH

            C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 84%
            • Antivirus: Virustotal, Detection: 68%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:false
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Program Files\Windows Defender\RCXA207.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.20464173826675
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:5DA1F454D9ECCBF21D8B4993FA14292D
            SHA1:DC3934F3CE8F28D4303576279E2451284684BBCE
            SHA-256:39D225ECF6333F261EB4B83C59E5C82C2C0B008FD3C311CE7AA32355BAE0B60C
            SHA-512:83E62E2B87914C30A4B911AADFAAC323707C5E9AA6AAF5220FB55A1E8B88CA92827754F0DD6F182A737181D9BD9AD45520966EB5C6407A85FFF176D0F2FAF520
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..h....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...h.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\Windows Multimedia Platform\047efad0ccc033

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):280
            Entropy (8bit):5.793691606125836
            Encrypted:false
            SSDEEP:6:aUIPMx7k+HPE0CzMba4AoGV+fWiSkuCqhRFLzK4fZHIolJ4QS0e/8F:Bcu72l4aNok+/SkuCqpKAo8qN/8F
            MD5:6BE2311ECE9DE7A0D7423DABE9478675
            SHA1:30D02B548DB5CB051F234B8886079BD810EC967D
            SHA-256:E0426E69A0BB241282C0C8658F77912A3617A129CA0F71B337B962716459E2F5
            SHA-512:E94EF48E19BD58203518D0A15B590BF29C33655AE82FF955549AC0B37A1B200BECCAB708DA815AC21E3EFE964D25F53EE837B6B24289001E6DDBD7B5AEC1EE13
            Malicious:false
            Preview:qf8uTrKNdCXe5uDtimz2X5x6cgHZFh9CNsAEol7kV9C3SDqAPxbH0e3usBSwjvH6CVQNu9E7pOhX33nZzGJRF1LtyPVnTKAj1G07xdQQsecm7f1yY37dmz0KJgYfnbneN7fwDqlV02jkZjwSYgOZMh7CPpxQEvmQ07Y99EvrRlntQQvkuFGGMNSqAdhX2VQFPStcKwSTvgIl4Nv94Nf9ogDnps9ghYz5Uhe8gTZ8wxVqFqvxridozRbtOGwcwwwWrMQWsxclyhM0KXh86My95KGC

            C:\Program Files\Windows Multimedia Platform\IfYiMMRuvSUMKHkp.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:modified
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 84%
            • Antivirus: Virustotal, Detection: 68%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\Windows Multimedia Platform\IfYiMMRuvSUMKHkp.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:false
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Program Files\Windows Multimedia Platform\RCXAA37.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204627175623906
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:2760881D22F66CF48227060AB5C21657
            SHA1:95973AE1DCF561FA10AD1E98C752793C459CEBD1
            SHA-256:FBF8B8DD3A9AA730B6ADFFD3D3045ABFB8887D8194E2FCFB36F63B00F4C0BBBB
            SHA-512:0B1EDDCC4B3348BBB98E2AF9D7E167B61563285137AC224C6BD6A74E63477B2B12D6778A0478BDA794F79C615A0EB1FFC500E62C6142465E09ABC884A6925DCC
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..t....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...t.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\ProgramData\Microsoft\MapData\9e60a5f7a3bd80

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with very long lines (532), with no line terminators
            Category:dropped
            Size (bytes):532
            Entropy (8bit):5.866621580146994
            Encrypted:false
            SSDEEP:12:gkrNAvOquSm8/3s+aRnviO9Kdk01JMhIEghtehhQm3cDGH:gk+GVOsZRn6fdkgE7gOHfMDa
            MD5:77A35164E4B431FEE83FF323C197CF62
            SHA1:B89572D00165758819E7967FAB768403EC928E09
            SHA-256:290A7C0F5F1E190636E1B3557FE1602D4F71B25328FAC2BE04BA7992F4454FF7
            SHA-512:49CF70EEEC94A86EF6DB6BB45AF643BEC05AA5646D46AC3A036DA03133B929337B122F3A6371F8E96F8E42F9647185D375DA1504BF9AEECE40717BFDFAB58054
            Malicious:false
            Preview:70hC4VW48rybJbIVMr5lKp7LyWmJDfb5imI9V74lSExNJ4BehZ0kYdVS3VOisM1cQ23gSJ9OxTTG2tB3UHloo0hFR0F9tV2FNU7QBeMYZmxEJPZKUVNllMyZVxPcDAfbaO3ivu1z5NOCCc5Ba5pYIReAgh5NPuUZHVn5V1YjdXpX8vW22NBIUGTIu3BOzokL2z5ry9pihG4umGCuKCVBsMEACeLc0JtyxefIzpD3hclOLign0QDwTicqv5oUxMsXWF7Hk34f8cdPl0ye8hljG7fOBzW4BtFVuO1GkYD7Wiy1EME5HJVPkJQZktGvgAdPWIfX8s4jeoNiJoJzubx1X0uk7cf1SSaVEie6rr7YPwu66rQ5jQAFMm1gY4ZfMDQMO1ekKNHCeYmlFxoPMkRBRUIcr8hwSbMMfirFNquWI7ly9QbkQJTlvO53sC2MpVuCMaFgGjCgz52TtUcbg7gIIkaRnxWLxiqxNimjL4erHwv0VlKXkbpszl3l9y3SM1sROFFKs2QmdyBVzj5Bm8kV

            C:\ProgramData\Microsoft\MapData\RCXB47C.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204771629941512
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:1ADDFD472709AF063B3753DEB4BB2B9E
            SHA1:58FCEFA3DD84133DC57C0730E22A88A0B1E005A6
            SHA-256:480961A09FDC5EBAC93F5C02D2824888360349A8371C7A1B245A9941D42CEA31
            SHA-512:EC9EA74B9D14E31A14C425A470AB2373EE3C727DF783F5BF41C06679232C70BBC5F2A9EF36657D1DC96CF57D329AB092E3254EB5A8EF6F8525B7543B4880FC45
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..(....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...(.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\ProgramData\Microsoft\MapData\SystemSettings.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 84%
            • Antivirus: Virustotal, Detection: 68%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\ProgramData\Microsoft\MapData\SystemSettings.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Recovery\047efad0ccc033

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):170
            Entropy (8bit):5.687435022587197
            Encrypted:false
            SSDEEP:3:YjaJLK7/ZT0Xi0ViMASj8prWWxTFwLzxNJn4kHCzXjMqvFo7iqm+n:YjCchT0SWDnxfn4kH83vSGqm+
            MD5:1986EECF2F4BE42B98C5892809E969C6
            SHA1:DD4908A2C71A6AC985302DBB38E6D630E804DFE1
            SHA-256:333AD8FEEF174B4C41523E27F709F9239D128BF356479C93656A56755DF86C56
            SHA-512:D7BC7E44892495105BE32E82A0B41AFF788EA89C417E85799234E6DE08640627F9C6E1393A576741FB735132E7B9747B8D58AD92CB1DC972DFBA9B6DA0502D18
            Malicious:false
            Preview:Atf1gQXeqEMSklKaxbU6m72JRaE5kKIAg8VwCb2Jeh0DrcY348jCG8hC0VkFLc3f5MwmPXXWiKbFHzcyCLAmlF3haT6r0w7CnVHfpvnhkNd5hc5B3vDAbR3zSOL6bqfwNZbvr6JQicBXm7A8X4yFt7kVbSMakqG4srsHAJT6mx

            C:\Recovery\69ddcba757bf72

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):262
            Entropy (8bit):5.797732129816808
            Encrypted:false
            SSDEEP:6:8hl4G1vNbu1sXATJttj2Pk3cp2Xm9OBzBmsCipVWuk5mJq:sGoNK1NVjOku9UzBm9ipxkAJq
            MD5:D74B2D39A0DB15164C5031DDD2B2881D
            SHA1:C25215A304B3B41C1EA7A9974900071C26A4F6E5
            SHA-256:AA391B05B17AA785FAA4826D2F74FC9EA5501E518A0F63555027A2E997688F24
            SHA-512:68BCD755BA9D80C31A40A9A8091D688A00167B99A784C92883E559A30EBA135F93CA292A207563DBF62B5CBE1BD7955E431D742D3219F7B96AE978DF3C25779B
            Malicious:false
            Preview:0W4StzBlcziZzglLqW62bH54UWKLBvdMNtEWXAgRkE3KtY9DxDnG1iytb97WpzjrWVMFcOxp0oRXNuK6XGY8IWVo5U5YDJmueLyYL4liP7QMQafqzA9iblj9AiJHTZmqCh2B5wvcfzsKGIXezOiCKDS3myXnvdPzVjJtiduDPgDm2Y31KoSE1jg8O8ZHYHrBk2yg8n6VdfwnAqAO5gdGLK8vDLfjEnoIyBCAjW2gr6lWx27h8LM1ol0Z4CcxIWRz0oz8oA

            C:\Recovery\IfYiMMRuvSUMKHkp.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 84%
            • Antivirus: Virustotal, Detection: 68%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Recovery\IfYiMMRuvSUMKHkp.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:false
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Recovery\RCX9764.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.20456808285741
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:96EB00EE266AEE2F1592D4490C74ED72
            SHA1:36BFA46D49D45B79476825BA784EFF4DB0B717A6
            SHA-256:05A3FC47348D256956079312E832B6D236A5793743C33394F03638EDE6300052
            SHA-512:87FAE7B72B92B465F41F4FABBDE0AEB5B43937432C742FC50EFC333977D03CBB51023375DA69545B1BA734785A29ECD02CC086DDB0E1C045802667C5AF4EC5D7
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Recovery\RCXC0C5.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204570883071254
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3F7290082B4FFEC244FA533DD75E7EDE
            SHA1:0FBFF2FE49EC5772C9897B972EA2502E58159EE8
            SHA-256:B98FEAE4D0895D2B3DFD6D12B2EE11C843E8B8675C1E84D4DC64053B3CD404B5
            SHA-512:17EF0A12CA3328EFB85E3D4B6F5B46AAFA72E7DA77B5354FB422FFE0D83DA9C9EC44BC2E46ED40FEA1028E6E76203A1B993DF0EEFC2E166574BCA57EF0F33FE9
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Recovery\smss.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Recovery\smss.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:false
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Users\All Users\Desktop\IfYiMMRuvSUMKHkp.exe (copy)

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204631963126828
            Encrypted:false
            SSDEEP:24576:KIpz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:KQzulw0bg/qAymlV
            MD5:5AB9E4AAC2328E1DF3B14DED0E12739F
            SHA1:07FD4592C8808C409DCA5276A9ABE78DFAA52532
            SHA-256:1808DE9B22EC8676CB68D4702181B7D121CB691248E1C012852934376DB74462
            SHA-512:B57DD07D9FCD04D9C81C573A1C9C438F82D6A5E49785520E1960BF7A6E0D359EC10BBBDF39A4241860F9973F7A13E03DBDE7B62745E37B21C0E6EA2930188238
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..p....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...p.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\All Users\Microsoft\MapData\SystemSettings.exe (copy)

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204771629941512
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:1ADDFD472709AF063B3753DEB4BB2B9E
            SHA1:58FCEFA3DD84133DC57C0730E22A88A0B1E005A6
            SHA-256:480961A09FDC5EBAC93F5C02D2824888360349A8371C7A1B245A9941D42CEA31
            SHA-512:EC9EA74B9D14E31A14C425A470AB2373EE3C727DF783F5BF41C06679232C70BBC5F2A9EF36657D1DC96CF57D329AB092E3254EB5A8EF6F8525B7543B4880FC45
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..(....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...(.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\Default\AppData\Roaming\Microsoft\047efad0ccc033

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):15
            Entropy (8bit):3.6402239289418516
            Encrypted:false
            SSDEEP:3:HDW16Dcc:jWct
            MD5:48C19EC21D80BD710DC31A58CF8CBA9C
            SHA1:A74F8E9611EB3EC18C210253A4DE9A5898D49729
            SHA-256:BD0393DBB3ED39DA8928923A790D676981D51A901D920F127B72ACE81063D401
            SHA-512:C700EEC00818AD2366AD7C7FE54B708A2F6A1D109882A9E537474DFE990DD1B1F026AA1055B4241F8499614BD4BA7DB8AC002AE91402B81CAAFCF50B06DE15BA
            Malicious:false
            Preview:o95sSTPHmqWASyy

            C:\Users\Default\AppData\Roaming\Microsoft\IfYiMMRuvSUMKHkp.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\Default\AppData\Roaming\Microsoft\IfYiMMRuvSUMKHkp.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:false
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Users\Default\AppData\Roaming\Microsoft\RCXBE25.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204595851890258
            Encrypted:false
            SSDEEP:24576:qIpz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:qQzulw0bg/qAymlV
            MD5:C9B07D210CADD351E4C6EE0CCC741900
            SHA1:F057276047D16B74FAFD2E7B5A1146BB2B25EB22
            SHA-256:5AE7DFC5AEFF9B45EECD310EFC4DED70FD637255296BA1E745E42DAAA638495C
            SHA-512:71DBFBA25CF0F9155269DBE1D21B3E2DEFD10982B1C7F133D457EEA2BE7E2CB9A525E193C2AA7A9A01384351EFB48C6B327F043B7C5933F0FC75D5BDB568697A
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\Default\Application Data\Microsoft\IfYiMMRuvSUMKHkp.exe (copy)

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204595851890258
            Encrypted:false
            SSDEEP:24576:qIpz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:qQzulw0bg/qAymlV
            MD5:C9B07D210CADD351E4C6EE0CCC741900
            SHA1:F057276047D16B74FAFD2E7B5A1146BB2B25EB22
            SHA-256:5AE7DFC5AEFF9B45EECD310EFC4DED70FD637255296BA1E745E42DAAA638495C
            SHA-512:71DBFBA25CF0F9155269DBE1D21B3E2DEFD10982B1C7F133D457EEA2BE7E2CB9A525E193C2AA7A9A01384351EFB48C6B327F043B7C5933F0FC75D5BDB568697A
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\Public\Desktop\047efad0ccc033

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with very long lines (610), with no line terminators
            Category:dropped
            Size (bytes):610
            Entropy (8bit):5.8766376768664985
            Encrypted:false
            SSDEEP:12:SKvnKOF3/YMc6tEjK3+dcB4Mxi/krox/5ujYVaC2UDV2NCGVwLtirH+Vl:SKvnN3Z8dc+Mmx/5SYj2iV2N9quHm
            MD5:61FF6721CC8C348AB3D8EBF8545BB369
            SHA1:C6DFFCB2FCC52D3EA14A4A42C4F10AE5BF0AD8FD
            SHA-256:F3A5AC9137458E8932F3FBD9F460E5524A88E8960290BEDD53EBC39F5A7A0754
            SHA-512:A3386344DFD29F9377CCE1B6C299FA724C81E2CC6DB29FA64DAB31906F5A9B6D7FC1EE058964BEFF37B8A5A5201767B85A3E2573B1E7744D4507B89536AEC58C
            Malicious:false
            Preview:3bxdNLmGg4EYVpvfID837hoNsMl0RERkKvYYCKlxB4HnjhDjxG0IOEoWxjvBkvycneOjRWc8bL1CZAnKICDKOJVFGBldYkNQGoAETdSan1qDMl6x5l2irnOdIIdPv9j07l6v9j0otnhWcS3fFyhxrpicZh5LAConS0FkoKxWuOyEG2B0O7K7cwISCeVcnpnr83DlNS04AKCd1eVhfF6D2rLgrwhKzVtFlGGNyZn6GP6StpbiIy6hskyQrh4auqFoa62uXIsGcA6mu3wCV9BAZMWARzfQfMLaKS1wwqKAF0FsnMgyu1EvoEPOk1dimbkPygccBAQpyB4iGoXFTrgoHZvFDnM4NmXnPz3HtDwukZ7mJqH5eXP556HYuXYYxVbLnRTQuPWP4vDscI5XfQazXcrTseXWpY7P7v92X1LOB9AK3Z6lbB2g4myLj9iP2AkfxxurJDAoFLyXchaSiv4ofbUV6yTXS5WAZeWFpObXAOatxbtBjQrHF5AWcYvVunVKzy87KUmTThnQAlifFRxCOO5deAmQdFnX2Q39dv1PnXxiStW10PQczT6k2ecKrW0N3PYurjCTaiZ0bXLuovaNzLijTSG8TqhQgj

            C:\Users\Public\Desktop\IfYiMMRuvSUMKHkp.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\Public\Desktop\IfYiMMRuvSUMKHkp.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:false
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Users\Public\Desktop\RCXC366.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204631963126828
            Encrypted:false
            SSDEEP:24576:KIpz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:KQzulw0bg/qAymlV
            MD5:5AB9E4AAC2328E1DF3B14DED0E12739F
            SHA1:07FD4592C8808C409DCA5276A9ABE78DFAA52532
            SHA-256:1808DE9B22EC8676CB68D4702181B7D121CB691248E1C012852934376DB74462
            SHA-512:B57DD07D9FCD04D9C81C573A1C9C438F82D6A5E49785520E1960BF7A6E0D359EC10BBBDF39A4241860F9973F7A13E03DBDE7B62745E37B21C0E6EA2930188238
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..p....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...p.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\Public\Videos\047efad0ccc033

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with very long lines (914), with no line terminators
            Category:dropped
            Size (bytes):914
            Entropy (8bit):5.900057300822282
            Encrypted:false
            SSDEEP:12:T1Su3fYy8ln8M3xznHrSJWAx31D80dcZbPfqf65GeM4U6KZ8s3eQV3DAmXLTV:93f9yXh/XAPDc5GeQZJe6DAGLJ
            MD5:B968D706F4EC054316C9E5001ECB20D4
            SHA1:278F8445BA69AC91A43AC8D1C2ADC493AA03F298
            SHA-256:8350292FBE4E018575F116A4F9AEC7DB1B6F0F6DCAA9B17B3238CB98D2CE82CD
            SHA-512:852C05FC431A2FCF1E0F68E137200CFF6871F817E7A5B44F1B1BB8746CBA691DC9EFC25A3129547CAF58C4DC870F76CAA67223A5693AAD7C12BF88BAB6B71031
            Malicious:false
            Preview:aade2ONWp3TRs94RypS8ugWiVVMEXP2x8tJjoGzD26F7m6rB9Y1HreJ4D4IgCI9ZAgT90Unr0PGybZ5YoKF9YvGdjOgt7TAt7p7FnsLovJRbYVdn9u11D9BPazZly3thOW1vczv69aOOdoEOv2uNbJq7ospxSjz1auNCerLJ951mvwvvuL06JfFEp3HuK7nakWysaCuErlOfREL164DHs3s4oIWkjb8BSbBY8DVsawPhRkxkrQyQ4frro4DRqJePmMN0Dx23iUr6oKmEVv3TmsHwtTuE9DBRS95EX6h4X4rjyvDeR964QKn3EaGtCy3fSZooOhrYO86sBi88QPwAHHBIWC960x1iAMQYHYQtRhpRN42gcIdxC3YLYgSMiuibHYrzSj129Csjct4bKdesUEgHxEAkFDLg9OKzNCN2Qkx9Lytpl1CEQ0GC1kBNjQw50LkNiENHQmbtQg59VV8OBHQJHH7nB9T9y2I9OfGhn5xoYXwVoB2ORi4t5bFaGkGQTc5YX5vzObkGTlvuVm99HEsP7ZEwZpaDygV6bY7sQC9z7yZTqVFekHJOtpa818ZjBhRxQyT7oQsEF2SJ9uGEj5crXGMw791RmZyahmC1CI0UYEJ1XR8G1V9GEjZJmg9oZacpD2lXsPCbEITS7UYqAuZRZsV7M2OfIM57ldyfplYmSiB6QGMSITnoALPVgnKzAhT2MVqdf3AZWx81qYrFq6XziQ6aOd8BajluPJt4ZswOSOSNMXoH5EIEKdU5ZQPC588xLNmhoxq8JIhU8sN0y0GWahkvyxeJctTTPeC8uGcIYJ5B6A7qCYOE2mWon1s0SggZzNEeqOGrY77Rljzy0yGDfPamHYV3Xlz1nfLs5c9ySgp4oFCDC4Aeac4kwbWS2MTwIGoGXG2XySv8jg

            C:\Users\Public\Videos\21b1a557fd31cc

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with very long lines (871), with no line terminators
            Category:dropped
            Size (bytes):871
            Entropy (8bit):5.910495703616465
            Encrypted:false
            SSDEEP:24:WBWIzdWZa86D/uPj3ZiC1ABO/RXrOFyBBwv:WAIcZ4IpiGjJXrtUv
            MD5:DB57A4FF75A717AE91F8BF60D291D009
            SHA1:2B070AF930A5D8D77DC9A21F188269573E6D470E
            SHA-256:E3A469BAC9376D4145E83863EF3D058E34985F8B45F1443F9CBAC9CF7B4EE851
            SHA-512:4F61ADCB6B6BDC503CB760166E0479F3E52B5636D604CB17F3CFB009932A122694CB83CD61F5D63971F482541E8D51E4753ECD5528C7AD41D8820B86F8E9E640
            Malicious:false
            Preview:RVfHk4yprMAe5GCa1PW2YoA33L5PTxnvGzkevHtmn02SlAy8GPssiwdmUlNY8iW4jOYFgiptguPhwsS3W7JDE5NTW8JJ4VnEe8tWmtcik8Mxh6zmTUBBYSznAEthYfzKGKDy95QnfldGtZwZIh0jUmqLJFVh94JEJBrW3BmXDXfwzs4kSTZ1pQ0ee1p4jtolbY6rsZgH4df6G3WaLvOpfSZ3KN2BVsxUt4VbwM23wR6Lu3XkePsye8GJ8DhfhfvMqKNMi5n93V2NVOIRzRgG98zuyLcspWVRfufkqLCjlt5JF2yu4QpQ8oNrUcXXc5UgAkrlsiloP7fPCqp5WsyYqFT0hxPNxoGpZZJeKNBWpBAAI7ooxbAuG5z4R0D5TX0k0zznhKvJqctpESsjIkZVoWjejONTJGCRLaKTHBHmq1DoLK08Iewt8e6eQUDS7b9kZcenIYbHcwpxS4TZXPKpUTSqepCw7zpO1dPsqMztCoQLzIMWBo4sRUPFJxJdWpJnGa5yoltLZanpDH0VdpvT477gNJi2DWXXfmEYNYsa5tS0rkCC6x9r30tJdYkfC0HDDPKbCbIF7VYLpGznHf5PWpdp255yxNXElOxbalAfp4tibidWj7Xh41rXwfiGgTRu8TjaTXMffakb64NUciO0z0Juhao5C38Vn9kH9CDMu1BeRPb1RNo7Fb5HKy32sRdlbOy6UFVZeCG7ypdR8xnzPBQMEc7KJKdcYaCCbehM2PdCU7TfVl45noVa8m22ILPTjniYmbzeQb6AiN1GJbyhQhzuElDzmpEr9JdrY534vapMrV2uvvsqWrCBxyTAXA1kXPAYuJrNi3w02nCttSE16XURGb3kl2hviEycUd9

            C:\Users\Public\Videos\IfYiMMRuvSUMKHkp.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\Public\Videos\IfYiMMRuvSUMKHkp.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:false
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Users\Public\Videos\RCX99B7.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204636341215856
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3858344AB6A7BA4A0BB553EDBAA8DA58
            SHA1:B0C7A4E5986C14518069AE37B5985861DCF60860
            SHA-256:3BF2793CF6B179C45136439906E043846C5C0E5B09E7CC59E537620944D1F6B9
            SHA-512:90386A0415AD918EB2012ACB85FFCB8B21C4A876097EDC4D8E0452D10729B29A6713298029B5A55DFBED87F962CC468E10AEEA18FA063212EEA0CF5681494F7A
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..h....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...h.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\Public\Videos\RCXBB84.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204797042163612
            Encrypted:false
            SSDEEP:24576:KIpz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:KQzulw0bg/qAymlV
            MD5:7B740BD24D7770C86D689679475CBB30
            SHA1:28A8177F48D670F1C1C780784F24478D4E07606C
            SHA-256:FEDDCFEF29740136383A91E56CE5833D45141DF828CFD6256A5F283E8511C7F3
            SHA-512:65B61BF89D1FA9BBDB212C22824502BD3D51F72B150A0C1F28DF3121520818CA6D24E7E668B717201B2F4CC04FBCFA44E11F10EF13D7DA603FA6178502627539
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\Public\Videos\dasHost.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\Public\Videos\dasHost.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:false
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Users\user\047efad0ccc033

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with very long lines (668), with no line terminators
            Category:dropped
            Size (bytes):668
            Entropy (8bit):5.889056655793828
            Encrypted:false
            SSDEEP:12:cjDGuC4XhQmVhuNwSzQebVoFCUW9Iw87Bs1N2xkjmCMYowBpVi/jf6hQOg:y1XhtFIQebww8t42xymCMYTBKjyhQ3
            MD5:F05559F45B89FAB2CC20F339AE4CF131
            SHA1:80E16BD4B496013AD90653C76088D71244BBD6A4
            SHA-256:5F82A92636DD044CBAA43EDF9700838B0957B184B41891CF43DFD77992C7209F
            SHA-512:23E0F76F876C2F64E6130D18F299C8BBFBA89AB915119DF63A16CA7AB14C501802707E29C06F9882D281FD65A715B1F96F8E8DD9B64E8639638F60AAFA355908
            Malicious:false
            Preview:62WYCDzQW2Ew0b7ccK7TIQe5aVp2ahLsHreB2jZAEIzZL74uN37kMTgqYb8qX7zyqWoJ66j3u6OAaEtda5pgjlfyKymblsnGSBtzSvxQUEzQEgPUrfQcSSOF008IUIRBTIrZV4KoHYMfvPtoiSuGcKyAwn9cwp6Lwy66y09wUlU4GtUlGUjBXLjITrmr5r2cbAs7SxzsT8v0044DTXWbG5ylOymHNR1mt2dFAXSSf1sZZsSZwiXhVaWgMHseLreBGJH7byD6FD6OMZMgfNUp3TRSg633oxHxXrSQkU87fbbReHTw5L88WyHw1zbe5JRR6I0fG55LOXJc19xYnG8dzJbijfYv3eCWJKUWQyp9Qxt9pp52CC0zKycxqS6lhKSuUxSrobIza9MBZb33kgt0nNLUrhp81EcGf8o1WNNk4BYLlaXPYCABabHHm89HvJ7WhGgbxBhXTI6my9tQKajzDbpE1hPYNFzuDBof46bXfnsSffSmOt7VkISGbcjQvIJNTLiwVNVO8MTZtWiWOnJeIeK5tiDcWLlWee9T7fQAXtWYy3XE3NBI9pEzBmDxJ31wk75OXPZsWIHZHvHzK9jJKdXyaKRUcd0d1kx07IqoxTv0hprPeOmKTsmHkGyN7EQ2Rnhh8Q1CS5V1rgQucCzN1qKJ7pQ1

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\IfYiMMRuvSUMKHkp.exe.log

            Download File
            Process:C:\Recovery\IfYiMMRuvSUMKHkp.exe
            File Type:CSV text
            Category:dropped
            Size (bytes):1281
            Entropy (8bit):5.370111951859942
            Encrypted:false
            SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
            MD5:12C61586CD59AA6F2A21DF30501F71BD
            SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
            SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
            SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
            Malicious:false
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dllhost.exe.log

            Download File
            Process:C:\Program Files (x86)\WindowsPowerShell\dllhost.exe
            File Type:CSV text
            Category:dropped
            Size (bytes):1281
            Entropy (8bit):5.370111951859942
            Encrypted:false
            SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
            MD5:12C61586CD59AA6F2A21DF30501F71BD
            SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
            SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
            SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
            Malicious:false
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\hDKY4f6gEA.exe.log

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:CSV text
            Category:dropped
            Size (bytes):1740
            Entropy (8bit):5.36827240602657
            Encrypted:false
            SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkhHNpaHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkhtpaqZ4x
            MD5:B28E0CCD25623D173B2EB29F3A99B9DD
            SHA1:070E4C4A7F903505259E41AFDF7873C31F90D591
            SHA-256:3A108902F93EF9E952D9E748207778718A2CBAEB0AB39C41BD37E9BB0B85BF3A
            SHA-512:17F5FBF18EE0058F928A4D7C53AA4B1191BA3110EDF8E853F145D720381FCEA650A3C997E3D56597150149771E14C529F1BDFDC4A2BBD3719336259C4DD8B342
            Malicious:true
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            C:\Users\user\Desktop\RCX9531.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204640276827291
            Encrypted:false
            SSDEEP:24576:KIpz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:KQzulw0bg/qAymlV
            MD5:6901D06ADA69FB38B1BDC532983B96DE
            SHA1:548748880C4380BA13B56A074F006CC375E13CA2
            SHA-256:5950F2DF6C537B3A718062591907634F713894F3E1FFEA99500DFF670AB180A8
            SHA-512:BFB5649854506C9F26630C9DCEB779C7D51AF73103D0DECB7A547757D3FBFF15B6BE4FA5B99A88B15634805F6BF7708110758BE36C052E51A95C73A45F06F54E
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..p....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...p.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\Desktop\hDKY4f6gEA.exe (copy)

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204640276827291
            Encrypted:false
            SSDEEP:24576:KIpz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:KQzulw0bg/qAymlV
            MD5:6901D06ADA69FB38B1BDC532983B96DE
            SHA1:548748880C4380BA13B56A074F006CC375E13CA2
            SHA-256:5950F2DF6C537B3A718062591907634F713894F3E1FFEA99500DFF670AB180A8
            SHA-512:BFB5649854506C9F26630C9DCEB779C7D51AF73103D0DECB7A547757D3FBFF15B6BE4FA5B99A88B15634805F6BF7708110758BE36C052E51A95C73A45F06F54E
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..p....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...p.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\IfYiMMRuvSUMKHkp.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\IfYiMMRuvSUMKHkp.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:false
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Users\user\RCXAF2A.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204730616732938
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:A48309FC6BEBC2DA4A6DD3C59369EF70
            SHA1:735A96DB87E2885BC8AC8A2D96708BC9626975E3
            SHA-256:E6A342F6A08FFCCAA6A8EFD71F8F90DFE9A934B3FF4121A1629D9868AEF5EB3A
            SHA-512:50BD897A1186E07837CB240622DA9DBF18C694577FC4298019219C40AB85E1F02EAEF8593D3707A561DAABF95A88197BBE13F0964FBEFB4AE4B8E9E9DB4AB234
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..8....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...8.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\LiveKernelReports\27d1bcfc3c54e0

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):76
            Entropy (8bit):5.352676197426383
            Encrypted:false
            SSDEEP:3:8jOUdDOvXSMy8SCoX8JkovKdRFgapR:yOUdSPLyDrX8JhVaL
            MD5:A3A0DD4444F26A4E1BEA29DA90F7CCAE
            SHA1:04AE426429070C81AF074F9B7037D060376CADDD
            SHA-256:B622C96D9BE2DC461F4B39B3F7AFD23FE6EC6F01C5BCFCC8078F9FE9A57CB02F
            SHA-512:86EC2F905BBEAFED6F72B3C423656580EE74FF2E1542EEDF534CF1460CC154D4EC43837BD15E3A32BCF86562505705C818C5A74420B8B852686C8B47E65C4EAA
            Malicious:false
            Preview:4F10RFki0iyfk8xbgGNP7DCE1VMzMZpihI33DUy7gM21salBNgcwMJG0Dx852uWb3P8bE4YLSQtv

            C:\Windows\LiveKernelReports\RCXAD07.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204703002544532
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:FA88B5A7CEC505B7CAD7946C32E52AB4
            SHA1:69C34BBB4D259E8E39B4D55656F5F724A24C1AD3
            SHA-256:EC8603ACFD5E9F771888335B519CA1D5F6477A0D5FD3F2AEB952A835B3B8DFFD
            SHA-512:644F3FA9EAA9006866793EA10EBDDA38CE66788C4FBA19D95AB135AB444CF05CF698A5BBA1F1E685F9ACFA80C3EC6879FC85B580AE95BEF1C1C65941FC20E764
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..D....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...D.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\LiveKernelReports\System.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\LiveKernelReports\System.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:false
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Windows\Registration\CRMLog\047efad0ccc033

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with very long lines (444), with no line terminators
            Category:dropped
            Size (bytes):444
            Entropy (8bit):5.842195004474722
            Encrypted:false
            SSDEEP:6:3Q0TOeu8RPRYDqRu8PCaNZ2joPycXY9Wk0e9Iqcc3btTb/I6F+rok3v1c8Ucv7vS:3uezR2WAaNIptlGghL7cE8Vv7R5kJXv
            MD5:F5D1590FE6F0CCF5F3A3717B56730B6B
            SHA1:16A42A04AA939CE99CF93BC98D61882A94F04FBE
            SHA-256:331AD061F937D2A2D8587C9E8E9CE75D90B0D219A70C38DB1C21AE70146EE91E
            SHA-512:3782F7B6FB9745140D1976552BBEA36EF7B61CAC419F89FCEB8031CCE8B49BAE78117D53EBB46687E5D3F2FA0A8F00C4F7C2FC2012C1878C2411992334A70F66
            Malicious:false
            Preview:Kll6dGr5FM3wia6q5BmpHr5BQdT6kV0KwpdewKYRHXpvptZlZl5c9pTdpjpAwuUuWs936b3vmUiuBJVhDsh8aYLHVAyMeYeWC5Z7tgo7sJzoHibgOI7ENVU8h2h6nqRO0MrGuYxgDkQQig9xjS8VbaIqlaZ09sUB2ly40UvzUaAnFDZA2uWUs5waDAfT87hVPOY7sE6OgIBBZflhBY7OVAT6yY1zzc1X2pX1pcSyyHxj4vAhZ7Sj9T9P4bIUNGZERnJtIu2iGJaOMuBCXUa1JRXiqH6NU7krrsRRmQZpFtcz2vCKaF72qi4APkDAypOJisgecuaG5uwayiq5EvxOArBJxRBCNY1ZeTRJOirpp075veLr3I5C2AJ1rWqLtY3g3W5fRgqgEHjJtGYTFTIEcyheKac22f6Q7bBYiqaXbZ8ua9Hl7WGZPyDEzaV1

            C:\Windows\Registration\CRMLog\IfYiMMRuvSUMKHkp.exe

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204705864090623
            Encrypted:false
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            MD5:3E40D7F0C47407447C1FA9BE4EC0F714
            SHA1:F8633060AA590DB85A70E9D1AE220B220ED03A98
            SHA-256:497AC5EB72B62C3DB2D5383BC2823BF38596E00D877EC7E9D572A94830F07A0E
            SHA-512:9FC81DB6A6DDF93626529223D5EE8A13717FC3069D90EB66FAD1EF9A3172B776578E844EAD65BF8E6E334BC0AD82910A6844B99CA8643083F2D140D3AAE767CF
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..H....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...H.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\Registration\CRMLog\IfYiMMRuvSUMKHkp.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:false
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Windows\Registration\CRMLog\RCX9C96.tmp

            Download File
            Process:C:\Users\user\Desktop\hDKY4f6gEA.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1501696
            Entropy (8bit):7.204659032239065
            Encrypted:false
            SSDEEP:24576:KIpz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:KQzulw0bg/qAymlV
            MD5:29F241DFA82EA475C97D7908D7F97924
            SHA1:4E18541FFA8101311A4AC5FF7211B3E2D509B58F
            SHA-256:CD67F47FF4B8A347F0BBE8FEF1BFD0A4DEC871AA48728B46BDC6621FEAA723D5
            SHA-512:9A5B16AC7D17D49F26E65199868D8B1803F7AB037575D62751218AC86484E0B88FCB8E22D705040B2E906C51A914AF9803665ECED5E6B49908D95FE8E427AB36
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... ..\....................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc...\.... ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Entropy (8bit):7.204705864090623
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
            • Win32 Executable (generic) a (10002005/4) 49.75%
            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
            • Windows Screen Saver (13104/52) 0.07%
            • Win16/32 Executable Delphi generic (2074/23) 0.01%
            File name:hDKY4f6gEA.exe
            File size:1'501'696 bytes
            MD5:3e40d7f0c47407447c1fa9be4ec0f714
            SHA1:f8633060aa590db85a70e9d1ae220b220ed03a98
            SHA256:497ac5eb72b62c3db2d5383bc2823bf38596e00d877ec7e9d572a94830f07a0e
            SHA512:9fc81db6a6ddf93626529223d5ee8a13717fc3069d90eb66fad1ef9a3172b776578e844ead65bf8e6e334bc0ad82910a6844b99ca8643083f2d140d3aae767cf
            SSDEEP:24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
            TLSH:83658D017E84CE12F0091233C2EF854887F49991B6A6E72B7DBA37AD55163A73C1D9CB
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....rb.....................6......N.... ........@.. .......................`............@................................

            File Icon

            Icon Hash:90cececece8e8eb0

            Static PE Info

            General

            Entrypoint:0x56cf4e
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0x6272A3D7 [Wed May 4 16:03:35 2022 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Entrypoint Preview

            Instruction
            jmp dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x16cf000x4b.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1720000x348.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1740000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000x16af540x16b00043b69748e92618ac6dfa18945aa73f5aFalse0.7234155744232094data7.231943205872588IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .sdata0x16e0000x2fdf0x300066e24b24417cf62fc9d7b543c1e62934False0.310302734375data3.242904404964019IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .rsrc0x1720000x3480x40027596b668db067b956021e0c011c2a56False0.4619140625data4.020386512839293IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0x1740000xc0x200a91ecfa4de994e33259b193d0e9742daFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_VERSION0x1720580x2f0SysEx File - IDPEnglishUnited States0.5585106382978723

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Possible Origin

            Language of compilation systemCountry where language is spokenMap
            EnglishUnited States

            Network Behavior

            No network behavior found

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:20:36:54
            Start date:01/10/2024
            Path:C:\Users\user\Desktop\hDKY4f6gEA.exe
            Wow64 process (32bit):false
            Commandline:"C:\Users\user\Desktop\hDKY4f6gEA.exe"
            Imagebase:0xe20000
            File size:1'501'696 bytes
            MD5 hash:3E40D7F0C47407447C1FA9BE4EC0F714
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1931637010.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Reputation:low
            Has exited:true

            General

            Target ID:17
            Start time:20:36:58
            Start date:01/10/2024
            Path:C:\Program Files (x86)\WindowsPowerShell\dllhost.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files (x86)\windowspowershell\dllhost.exe"
            Imagebase:0x2d0000
            File size:1'501'696 bytes
            MD5 hash:3E40D7F0C47407447C1FA9BE4EC0F714
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000011.00000002.1780556568.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML
            • Detection: 84%, ReversingLabs
            • Detection: 68%, Virustotal, Browse
            Reputation:low
            Has exited:true

            General

            Target ID:20
            Start time:20:36:58
            Start date:01/10/2024
            Path:C:\Program Files (x86)\WindowsPowerShell\dllhost.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files (x86)\windowspowershell\dllhost.exe"
            Imagebase:0x720000
            File size:1'501'696 bytes
            MD5 hash:3E40D7F0C47407447C1FA9BE4EC0F714
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000014.00000002.1780433125.0000000002BAF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000014.00000002.1780433125.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000014.00000002.1780644862.0000000012B81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Reputation:low
            Has exited:true

            General

            Target ID:21
            Start time:20:36:58
            Start date:01/10/2024
            Path:C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Windows Defender\IfYiMMRuvSUMKHkp.exe"
            Imagebase:0xa30000
            File size:1'501'696 bytes
            MD5 hash:3E40D7F0C47407447C1FA9BE4EC0F714
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000015.00000002.1785792731.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Antivirus matches:
            • Detection: 84%, ReversingLabs
            • Detection: 68%, Virustotal, Browse
            Reputation:low
            Has exited:true

            General

            Target ID:24
            Start time:20:36:58
            Start date:01/10/2024
            Path:C:\Recovery\IfYiMMRuvSUMKHkp.exe
            Wow64 process (32bit):false
            Commandline:C:\Recovery\IfYiMMRuvSUMKHkp.exe
            Imagebase:0x10000
            File size:1'501'696 bytes
            MD5 hash:3E40D7F0C47407447C1FA9BE4EC0F714
            Has elevated privileges:false
            Has administrator privileges:false
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000018.00000002.1785959753.0000000002361000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Antivirus matches:
            • Detection: 84%, ReversingLabs
            • Detection: 68%, Virustotal, Browse
            Reputation:low
            Has exited:true

            Disassembly

            Reset < >

              Executed Functions

              Function 00007FFD9B8B8BF2 Relevance: 7.6, Strings: 5, Instructions: 1353COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID: "$($K_^$K_^$R
              • API String ID: 0-3287525003
              • Opcode ID: d374a2cbb3fb8326ed2cdc4dfe74a51b5bbcdf6ce4b9bc7b781e35150d79b7bc
              • Instruction ID: 2b4cae0c2605854e226505fcae80c1f672c4dd83d639a77704f20bb9f6910142
              • Opcode Fuzzy Hash: d374a2cbb3fb8326ed2cdc4dfe74a51b5bbcdf6ce4b9bc7b781e35150d79b7bc
              • Instruction Fuzzy Hash: 83B20070A0952D8FDBA9EB68C8A5BA8B3F1FF59300F1145E5D01DD7296DA34AE81CF40
              Function 00007FFD9B8A34C5 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID: L_H
              • API String ID: 0-402390507
              • Opcode ID: 90751d4f60cba055b06eb53c31ea71f2921b655a0d5fc5282e2df37354826b96
              • Instruction ID: 289af50ea197a8f4b788512afe40bcca409245d71ac67d178026ffd0f5ea3e64
              • Opcode Fuzzy Hash: 90751d4f60cba055b06eb53c31ea71f2921b655a0d5fc5282e2df37354826b96
              • Instruction Fuzzy Hash: B691B271A0894D8FEB98EBACD8657ACBBE1FF5A340F5001BAD009C72DADB7428418741
              Function 00007FFD9B8B1110 Relevance: 6.4, Strings: 5, Instructions: 118COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID: $"$#$.$[
              • API String ID: 0-1265171129
              • Opcode ID: c001e43d907b01c9a07dd78d8cade210dbf13994481e658e776f369ffc2bcd55
              • Instruction ID: 1779b44e0f235dc5959f57d1c54c5ac38d5e0ea02c04b5026416561baf9d93e4
              • Opcode Fuzzy Hash: c001e43d907b01c9a07dd78d8cade210dbf13994481e658e776f369ffc2bcd55
              • Instruction Fuzzy Hash: 7551B570E1922D8FEBA4DFA5C4A47BCB6F1AF48701F1144BAD04EA7291CB385A84DF50
              Function 00007FFD9B8BAEBA Relevance: 2.9, Strings: 2, Instructions: 439COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID: _$c
              • API String ID: 0-3186778587
              • Opcode ID: 5ad9d8d7fd04ed08ca61abaeee329acca2f07f67632101702d975b1a68910eb1
              • Instruction ID: 5862852958decae4015573d8105d69cf9f9cfe3952f5e29101105ba06fe703e3
              • Opcode Fuzzy Hash: 5ad9d8d7fd04ed08ca61abaeee329acca2f07f67632101702d975b1a68910eb1
              • Instruction Fuzzy Hash: 23D1C53070995E8FEBB8DB6CC8A56B837D5FF5C310F150179D45EC72A2DE28A9068B80
              Function 00007FFD9B8B1330 Relevance: 2.6, Strings: 2, Instructions: 84COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID: +$/
              • API String ID: 0-2439032044
              • Opcode ID: 1cbc4318d27d976485b4a7b46357b89da8987d4797332ef3b515bcac64f3ea4e
              • Instruction ID: a04726f3954d869851bf014cf9392d46d2cf8de8ac65e5ed2e7e5c882202b49b
              • Opcode Fuzzy Hash: 1cbc4318d27d976485b4a7b46357b89da8987d4797332ef3b515bcac64f3ea4e
              • Instruction Fuzzy Hash: 29419770E1662D8FDB68DFA5C8A47EDB7B1AF58301F1101BAD40EA76A1CB745A84CF40
              Function 00007FFD9B8BA6F2 Relevance: 1.8, Strings: 1, Instructions: 500COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID: BU_H
              • API String ID: 0-1057631176
              • Opcode ID: c9c7371e0fa2f544a2d81fb283224ed70b4216ac8c95830cf88c4dde5ae3a600
              • Instruction ID: c0c4898e106bc5d8886dbb997101395f48759e736eb01f83bd827e84bac3686b
              • Opcode Fuzzy Hash: c9c7371e0fa2f544a2d81fb283224ed70b4216ac8c95830cf88c4dde5ae3a600
              • Instruction Fuzzy Hash: 20C1E922B1ED5E0BEBB8A75C68755F967C2EB9C35171501BAD44EC32EAED18ED0243C0
              Function 00007FFD9B8C1546 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID: {q
              • API String ID: 0-267941131
              • Opcode ID: b075511ba5c2c2e362ed06dcb253a69e3990cabb26a6d62b012f03db9f9ee88b
              • Instruction ID: a8654d924cda26bf0890f99bc88310c4a71d41d38fea7fafeacb0f895bb90ef1
              • Opcode Fuzzy Hash: b075511ba5c2c2e362ed06dcb253a69e3990cabb26a6d62b012f03db9f9ee88b
              • Instruction Fuzzy Hash: 94813971A1E64A8FE338BB6894A547577E0EF49310B16017FD48FC72A2DE29B9028791
              Function 00007FFD9B8B9441 Relevance: 1.5, Strings: 1, Instructions: 245COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID: .
              • API String ID: 0-3618157420
              • Opcode ID: 0a2ba3fad1305ecbc36fbdddc2979dce1da0686c67a47cfb457c4d8f1758e655
              • Instruction ID: ee91618d2aae4ae49fa2d38e3580c132e1e3851fe2de7189aa2ad29c12d406a4
              • Opcode Fuzzy Hash: 0a2ba3fad1305ecbc36fbdddc2979dce1da0686c67a47cfb457c4d8f1758e655
              • Instruction Fuzzy Hash: 4791DF70A09A1D8FDBA9EF58C895BA8B7B5FF59300F5101E9E00DD7295CA34AE81CF40
              Function 00007FFD9B8C24F8 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: 8ad79bf2996b25ef5ddf6c6b594cb07b781fbfabc061cb67c1921c505255fe51
              • Instruction ID: 13e66458fdb5e8304400292cf829fe75e4199562cfd8e8fdf0cfbf02db7f0543
              • Opcode Fuzzy Hash: 8ad79bf2996b25ef5ddf6c6b594cb07b781fbfabc061cb67c1921c505255fe51
              • Instruction Fuzzy Hash: AA516A70E0964E9FDB59EFE8D8645BDB7B1EF48300F1141BAC01AD72E6DA346A02CB51
              Function 00007FFD9B8C6798 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: 4b1ab371de49df20cb8e3196605be79386c70b0f53cec2e03c8d853d2ab79377
              • Instruction ID: a49798accaaa0caf87d13aa2e901f4a1f2c870cfaae4e712bdb1abcceece0614
              • Opcode Fuzzy Hash: 4b1ab371de49df20cb8e3196605be79386c70b0f53cec2e03c8d853d2ab79377
              • Instruction Fuzzy Hash: 295190B0E0964E8FDB58EB98D4605BDB7B1FF58300F1145BED01AE7296DE392A05CB40
              Function 00007FFD9B8BDEB8 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: e067f0e979a968f7dc7a3ff6dbe1198430225514b99ed92732d0eb812d0508e0
              • Instruction ID: 3f0e24fac6eca62dade7b35f0812e86f315fb88cc60df6cd7e74d3389527c473
              • Opcode Fuzzy Hash: e067f0e979a968f7dc7a3ff6dbe1198430225514b99ed92732d0eb812d0508e0
              • Instruction Fuzzy Hash: 9751A531E0965E9FEB69DFA8C4605BCB7B1FF58300F1144BAD01AE7292CA342906CF40
              Function 00007FFD9B8B3C15 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID: P,
              • API String ID: 0-1243182354
              • Opcode ID: faded5fb75d56ae491426a18904af22e297c73da67fb933cef5e2631a87e08a8
              • Instruction ID: 00683d63e5e69d7788cd10ae6b27b65428cefbceef6e74f862fb66427aab5a7b
              • Opcode Fuzzy Hash: faded5fb75d56ae491426a18904af22e297c73da67fb933cef5e2631a87e08a8
              • Instruction Fuzzy Hash: 97410070E0962D9EEBA4EBA8C4657AD77F1FF59300F5100BAD00DD32A2DE346A858F41
              Function 00007FFD9B8B29EB Relevance: 1.4, Strings: 1, Instructions: 116COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID: T
              • API String ID: 0-3785724610
              • Opcode ID: 13479aeedefd6d7df9b4ccf1690f1e29d21f9eb9e3b9d3e56bac461b6e1b7423
              • Instruction ID: 727528fcf5734c6979ffbbcc9b28f21e1734798100789dda459b78c567ac260e
              • Opcode Fuzzy Hash: 13479aeedefd6d7df9b4ccf1690f1e29d21f9eb9e3b9d3e56bac461b6e1b7423
              • Instruction Fuzzy Hash: 1A41AA70E1955D8EDBA4EF98C859BECB7B5FB58300F1141BAD00DE32A1DE346A948F50
              Function 00007FFD9B8A03BD Relevance: 1.3, Strings: 1, Instructions: 84COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID: sQ^
              • API String ID: 0-1726393085
              • Opcode ID: f1d68f161f6e83a05717de2719a277da68f7690f287aa59accdad305ab43e4a7
              • Instruction ID: 6c4079b1a754f7cb89be18eedb9f5dd30c982fa4b5ad44bb630fb6cb407dafe4
              • Opcode Fuzzy Hash: f1d68f161f6e83a05717de2719a277da68f7690f287aa59accdad305ab43e4a7
              • Instruction Fuzzy Hash: 51216E93B0FAD32BE7166B790CA54586FA0FF2264475D40BFC0AC4B0DBD909E8098395
              Function 00007FFD9B8BBE60 Relevance: .7, Instructions: 687COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de46d0abbde726e94ad00f24e70e1f59099157fdf22114e102431f4e739abce7
              • Instruction ID: 8e3939fa300ad3c0213f396e95c61acc8d07933b70dc4b14d18c43d6cc3ed4ec
              • Opcode Fuzzy Hash: de46d0abbde726e94ad00f24e70e1f59099157fdf22114e102431f4e739abce7
              • Instruction Fuzzy Hash: 2F229630B19A1D8FDBA8DB58C8A9A7873E1FF58314B5141B9D01EC72A2DE24ED45CF81
              Function 00007FFD9B8E5EC8 Relevance: .5, Instructions: 464COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2bfd6f0776d2acad4305c6a757c816937c311ab497b6b6f27ec14f89f2e43ee9
              • Instruction ID: 3dae7802e0c25c0230aee9a7053e260b4e5172e2a090043e5c089aa8aceb9ca5
              • Opcode Fuzzy Hash: 2bfd6f0776d2acad4305c6a757c816937c311ab497b6b6f27ec14f89f2e43ee9
              • Instruction Fuzzy Hash: B9E11430B19B4A4FE368DB68D4615B17BE0EF49310B1546BDD09FC75A6EA25FC82C780
              Function 00007FFD9B8ADA69 Relevance: .4, Instructions: 418COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 57150163391b1c92684da7df18f8d118872146891edf2ef50a13dad5e8eb3016
              • Instruction ID: ce773372f5830a0126b9f15be61287e7219527522fa0c37cab2a7c2b070147f3
              • Opcode Fuzzy Hash: 57150163391b1c92684da7df18f8d118872146891edf2ef50a13dad5e8eb3016
              • Instruction Fuzzy Hash: 32E14A71E1965D8FEBA8DBA8D864BB8B7B1FF58300F0441BAD01DD32E6DA346941CB50
              Function 00007FFD9B8A0498 Relevance: .4, Instructions: 416COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1ce2d60f8fecb0009f0283e3284cc3f6568b496a377f14f273885ceca704507a
              • Instruction ID: e5fdac45665f4e7d52e1ec1a4e5d1748e52f0f73a81b316eb33320f0d5af72a1
              • Opcode Fuzzy Hash: 1ce2d60f8fecb0009f0283e3284cc3f6568b496a377f14f273885ceca704507a
              • Instruction Fuzzy Hash: C7C14843B0F6EA4BE32663AC7C754F97B60DF4266870D03F7D09C8A0E7EC19650682A5
              Function 00007FFD9B8BE12F Relevance: .4, Instructions: 366COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ae387796937d5b211558c1af96c5c43b11fed14c848e457a79ffc4169b195f0c
              • Instruction ID: 1c719204d0e524fbda63e4f586b8be648eda041bc4d3ad27a5f283e72d499c6a
              • Opcode Fuzzy Hash: ae387796937d5b211558c1af96c5c43b11fed14c848e457a79ffc4169b195f0c
              • Instruction Fuzzy Hash: F6D1B23061995A8FEB9CCF64C0E05B037A1FF49311B5549BDD84A8BA9BD638F981CF81
              Function 00007FFD9B8BE14F Relevance: .3, Instructions: 337COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53f2542893250669856684f6324f70e7cf8c7bf5a49104d1d5d84fa789ff9dd0
              • Instruction ID: 7001ca3bd7457f37314efeb1ccda0b123b759c3b02e3d8b71bc91453787b036d
              • Opcode Fuzzy Hash: 53f2542893250669856684f6324f70e7cf8c7bf5a49104d1d5d84fa789ff9dd0
              • Instruction Fuzzy Hash: 86C1D33061995A8FEB5CCF64C0E05B037A1FF49301B5549BDD84B8B99BDA38E581CF81
              Function 00007FFD9B8C2019 Relevance: .3, Instructions: 336COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3ffef716de93d13046768bf0e1c23e4646b2ef0f235b99cef2ca8a25390d9cdb
              • Instruction ID: 3df138359f3b2872c48898a387ee4f2b0e1c21662948a6c4a3f5e37ebba20b4d
              • Opcode Fuzzy Hash: 3ffef716de93d13046768bf0e1c23e4646b2ef0f235b99cef2ca8a25390d9cdb
              • Instruction Fuzzy Hash: CDC119706096498FEB59EFA8C4A06B477A1FF49310F5541BAD84ECB2E7CA38E941C741
              Function 00007FFD9B8C6B2A Relevance: .3, Instructions: 320COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6a096c42abe6824f523434c21703c3be6a64c630fa1c84934b7020788358ba8e
              • Instruction ID: 0d2eb10fbd60a007e4c71e3616214686722fdff5bc1fae2fdc4fe44010279c5b
              • Opcode Fuzzy Hash: 6a096c42abe6824f523434c21703c3be6a64c630fa1c84934b7020788358ba8e
              • Instruction Fuzzy Hash: 439167B0B1D64D4FE75CAB5898A16B877E1FB99304F1441BED08FC32A3DD28A9438781
              Function 00007FFD9B8A05A0 Relevance: .3, Instructions: 315COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 212ce7f8479863a65982c786f2e8c393606a8c30d232add6e8e41b087a3fca9a
              • Instruction ID: 089a0e0b0400b9749ce645d816aa4c8442f3b5137627af1bf98d0c463a99a9e4
              • Opcode Fuzzy Hash: 212ce7f8479863a65982c786f2e8c393606a8c30d232add6e8e41b087a3fca9a
              • Instruction Fuzzy Hash: 9D912643B1F6DA4BE32663AC7C390F97B60DF4666870D43F7E09C8A0E7EC1965068295
              Function 00007FFD9B8BB3F3 Relevance: .3, Instructions: 301COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a5b1667e8a2c6ac5e1d4f9d6e5828a9ed2966c0082db014bf4da8abed3c4153
              • Instruction ID: ba64500d93e5d3a81d97cacc07b279391ee1412cef362908e12584b667399cf3
              • Opcode Fuzzy Hash: 3a5b1667e8a2c6ac5e1d4f9d6e5828a9ed2966c0082db014bf4da8abed3c4153
              • Instruction Fuzzy Hash: 7221A252F0F6BB89F27913F9A83147C6644EF5A320F5A027BC04D460E2DC4C6E411AC2
              Function 00007FFD9B8BDA4E Relevance: .3, Instructions: 298COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 92ba7170ba3ed9f85ee1bbdfd3af33e0833750684ea19d3d9a2e25d3b7fb4880
              • Instruction ID: db95e12a5301bd7363d9799eadc09bb8c8dc411b1d7540cbbf69cb01d8d83930
              • Opcode Fuzzy Hash: 92ba7170ba3ed9f85ee1bbdfd3af33e0833750684ea19d3d9a2e25d3b7fb4880
              • Instruction Fuzzy Hash: B1A1E430A0EA5A9FE759DB78C0B06A4B7A0FF59300F5541B9C04EC7A96DB28F951CBC0
              Function 00007FFD9B8B8873 Relevance: .3, Instructions: 295COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2107e9a716fe86cd9b4cfb429f9f7ba8da08b5112fb8504da30c105b068019a1
              • Instruction ID: b5e012c9edf78de0b7f4c4a647cf15cc04a916277377b537344ec0ec035e94fd
              • Opcode Fuzzy Hash: 2107e9a716fe86cd9b4cfb429f9f7ba8da08b5112fb8504da30c105b068019a1
              • Instruction Fuzzy Hash: E9A1BF70A0961DCFEB58EBA8D861AFDB7B1FF59300F25017AD008D72D6DA38A941CB41
              Function 00007FFD9B8C03D0 Relevance: .3, Instructions: 293COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c86d01bee67e005f05f9dd60127c98a98087a6a54dda3f25879752bf585d8169
              • Instruction ID: 256d229017b00fc54c7fdd9fb4753a56dfaf76690cd1f5073f8bb7ac61df17f9
              • Opcode Fuzzy Hash: c86d01bee67e005f05f9dd60127c98a98087a6a54dda3f25879752bf585d8169
              • Instruction Fuzzy Hash: 7581F571F19E0D4FE7A8BB6C54666BE76D2EF98350B01027AD45FC3296DE28AC024781
              Function 00007FFD9B8C37B7 Relevance: .3, Instructions: 291COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a0cff8da73e40c4f0db7af616509a78b95331d11bb184a35297564a7ae4365a3
              • Instruction ID: a3c1698ef3a2f0442bc06473b50f2288c487562fc8175266fee57d765630dd99
              • Opcode Fuzzy Hash: a0cff8da73e40c4f0db7af616509a78b95331d11bb184a35297564a7ae4365a3
              • Instruction Fuzzy Hash: FBA10A70A0EA0A8FD368EB64D0A257477A1FF49304B25457FC04E876A2DB39F953CB81
              Function 00007FFD9B8A060D Relevance: .3, Instructions: 291COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8c2ff94c68882717989fbb056d1b1f706085c4bb65e0e105eb2085d235448ec6
              • Instruction ID: 749ec4ddbe7cd2783a465944319a09af681badaf32870ae1b95e9888f8e2a7ca
              • Opcode Fuzzy Hash: 8c2ff94c68882717989fbb056d1b1f706085c4bb65e0e105eb2085d235448ec6
              • Instruction Fuzzy Hash: 63814743B0F6D94BE32667AC7C390E87B90DF4676870D43F7E09C8A0E7EC1965068291
              Function 00007FFD9B8F31B6 Relevance: .3, Instructions: 287COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7dc6f1eeff0ace71921f9963d8bbf2774d0b0ca694ea6804938d9547339604ae
              • Instruction ID: 6a46c80a079503201f6014e519bfa77fd766adb305587ed93b361550480b766b
              • Opcode Fuzzy Hash: 7dc6f1eeff0ace71921f9963d8bbf2774d0b0ca694ea6804938d9547339604ae
              • Instruction Fuzzy Hash: 25916E31F1891A4FE799FB6894256BC62D2EF98304F5100B9E41EC32EBDE39AD428741
              Function 00007FFD9B8A1638 Relevance: .3, Instructions: 286COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 87690d9f947ff6a15f062bae9b7055123db8a60417a1bb109821b2f9827abacc
              • Instruction ID: 48d294c094986918b381337a8a6793f55a86c30a0158527df2ff4144feb52dc6
              • Opcode Fuzzy Hash: 87690d9f947ff6a15f062bae9b7055123db8a60417a1bb109821b2f9827abacc
              • Instruction Fuzzy Hash: 1381C231B0DA494FDB58EF5C88615A977E2FF99300B15067AE45DC32A2DE34AD02C781
              Function 00007FFD9B8C8B79 Relevance: .3, Instructions: 282COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f7eb360f7d6d5e47f73c488c0dfe27ebf5c39f6298d7c44253ca710f7ffee31a
              • Instruction ID: 9834ef2eb7595a505212722c6316b81cf6a5f58be64e9b59951c178020fd771b
              • Opcode Fuzzy Hash: f7eb360f7d6d5e47f73c488c0dfe27ebf5c39f6298d7c44253ca710f7ffee31a
              • Instruction Fuzzy Hash: 5591F6B1A0EA4D4FDB99DB6898655BD7BE2FF9C300F0501BFE04DE32A2DE2459028751
              Function 00007FFD9B8BCF26 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 136228ef1b6f1c516b71d615905d64ed127212a625615d3b1b208373f09c3eb6
              • Instruction ID: dc7c6fa3dca21be49947ed08f4ed3aebf6577144811ee402c986f22236382af4
              • Opcode Fuzzy Hash: 136228ef1b6f1c516b71d615905d64ed127212a625615d3b1b208373f09c3eb6
              • Instruction Fuzzy Hash: EA813731B0EA5A5FF7385B789465075B7E0EF49310B1601BED48EC31A3DE29B9038B81
              Function 00007FFD9B8A0640 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 692acd33e269f4859a1a7bd11e84c191319015da3c5df0ff4230deceb441c31f
              • Instruction ID: a02ed2fb12e5cf81bf63abf1fa716c55eb0c7c199b1b0b8960d4ac80d3a5eed9
              • Opcode Fuzzy Hash: 692acd33e269f4859a1a7bd11e84c191319015da3c5df0ff4230deceb441c31f
              • Instruction Fuzzy Hash: D4714943B0F6D94BE32667AC7C290F86FA0EF4676470D43F7E09C8A0E7EC1965068295
              Function 00007FFD9B8C6311 Relevance: .2, Instructions: 239COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8ea6ad9eba68047d8093a2f526245d4eb4b36ee2aa00eb619b6ccdd167eeac9b
              • Instruction ID: a81f802bcbabb286c2309e2b07e81f17396d2b5fc8ddfdfa8e66ec76e1691191
              • Opcode Fuzzy Hash: 8ea6ad9eba68047d8093a2f526245d4eb4b36ee2aa00eb619b6ccdd167eeac9b
              • Instruction Fuzzy Hash: AE8197B0719B094FE768EB64C0A0676B3E1FF68310F55497ED04BC3AAADA39F9418740
              Function 00007FFD9B8BBC4B Relevance: .2, Instructions: 234COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 804cdbdeb22b4094e619ad0f832d034c40e96fb504642ba8f8734ed1ccd7d59c
              • Instruction ID: 97894e528ef5d2e5df7c02f249fe8c64838be73581cc879a36b4e5ac3b459039
              • Opcode Fuzzy Hash: 804cdbdeb22b4094e619ad0f832d034c40e96fb504642ba8f8734ed1ccd7d59c
              • Instruction Fuzzy Hash: 2F71C230E1D95E8EEB68DBB488656BCBBB5FF49300F55007AD00ED71E5DE3869418B80
              Function 00007FFD9B8E5F10 Relevance: .2, Instructions: 224COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2227d521d60aa82d15d92c27d35d5c8120a9435954c20141befd971040002d55
              • Instruction ID: 0527bc238e0a7f65b3132fabe6f47d2e16f31af648ddf5011a5b0c1d054520b9
              • Opcode Fuzzy Hash: 2227d521d60aa82d15d92c27d35d5c8120a9435954c20141befd971040002d55
              • Instruction Fuzzy Hash: F661FF30B29A094FE728DB18D4619B1B7E0EF99300B51467DD59FC3AA6EA31FD4386C1
              Function 00007FFD9B8C37BD Relevance: .2, Instructions: 220COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5a9cfab0933de44c580bccd6fdd9f651c5ed6268309a04f23386644ef667e633
              • Instruction ID: ec08588bade09fa120fbc2f2e562443c8e22135ac70f13944c7bac9a8468c861
              • Opcode Fuzzy Hash: 5a9cfab0933de44c580bccd6fdd9f651c5ed6268309a04f23386644ef667e633
              • Instruction Fuzzy Hash: F371097060EA4A8FD369EB64D0A25B077A1FF49300B25457BC04EC7AA6CB39F953C781
              Function 00007FFD9B8C04D8 Relevance: .2, Instructions: 220COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9f61653f8840162c267c75490ab276d7b3911bce1082a1d3636a4d475ca32d82
              • Instruction ID: 8f932d7e9f5b53eb65c3a656f1f4643381d172843d6581a711bfcfd41215c81c
              • Opcode Fuzzy Hash: 9f61653f8840162c267c75490ab276d7b3911bce1082a1d3636a4d475ca32d82
              • Instruction Fuzzy Hash: B6617852F1F6DA4BE775B7A858751B87F90EF49790B0941BBD08C8B1E3EC08AD068281
              Function 00007FFD9B8C04E8 Relevance: .2, Instructions: 217COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 16c95e72de02267e8aaefa058543b4bf8d1786fc404d9c11a52967483c1198af
              • Instruction ID: 98928a24c871be54d077be8b08c0a3f8b6951c5f3c0433617e8a71a7d01e386a
              • Opcode Fuzzy Hash: 16c95e72de02267e8aaefa058543b4bf8d1786fc404d9c11a52967483c1198af
              • Instruction Fuzzy Hash: 8E515952F1F6DA0BE775A7A868751F87F90EF49790B0941BBD08C8B1E3EC08AD0642C5
              Function 00007FFD9B8BF197 Relevance: .2, Instructions: 206COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93d6cf34b7116dfd5a54bfa798935bb2d78f5ebc31ee0d02485aafeb9f7100ab
              • Instruction ID: 7692380bc3e59ceabba80a2e17a732f0ef3e5cb8857afa8f4dbedb6db6db21c4
              • Opcode Fuzzy Hash: 93d6cf34b7116dfd5a54bfa798935bb2d78f5ebc31ee0d02485aafeb9f7100ab
              • Instruction Fuzzy Hash: 5F71D330A0AB5A8FE365DF64D5A45B1B7E1FF08304F11457DC48A87AA2DA39B942CF81
              Function 00007FFD9B8C297F Relevance: .2, Instructions: 201COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8615149a355c0d6b7a11edf42881156dc99f73cf736ae57e5917cbe08c936ea4
              • Instruction ID: 8137a7f949fdee66019dafdd6f3b6ea0d2153a57d102240d361f47c7ccb6388c
              • Opcode Fuzzy Hash: 8615149a355c0d6b7a11edf42881156dc99f73cf736ae57e5917cbe08c936ea4
              • Instruction Fuzzy Hash: 4571E3706196498FEB99DF58C4E06B47BA0FF59310F5441FEC84ECB69BDA38A981CB40
              Function 00007FFD9B8A05B0 Relevance: .2, Instructions: 197COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f661c6e07ac2d5ed39033189a3824cb37bdf23341cc185a7e4289a7aa9e2be00
              • Instruction ID: 47a4086e7d9782adc7bd0cfa3c8d6085342e5b664858b09bb2df14ae5d59ac09
              • Opcode Fuzzy Hash: f661c6e07ac2d5ed39033189a3824cb37bdf23341cc185a7e4289a7aa9e2be00
              • Instruction Fuzzy Hash: FE517B42B1F6D94BE32263B87C390E87BA0EF5576470942F7D09C8B0E7EC1965068395
              Function 00007FFD9B8A1C7D Relevance: .2, Instructions: 193COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d1471977c04062d92d8f78cd658745690e57d0c27265becfb99907e3fa4977e0
              • Instruction ID: 69e6823ce9a04044357cdb2a84bab1d375371f5b1b7a59a56fb75e7298157411
              • Opcode Fuzzy Hash: d1471977c04062d92d8f78cd658745690e57d0c27265becfb99907e3fa4977e0
              • Instruction Fuzzy Hash: 7F51D031B09B894FDB59DF5888A05BA77E2FF99300B15467ED45AC7292DE34E802C781
              Function 00007FFD9B8E5E38 Relevance: .2, Instructions: 191COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fe4534bc9236f15b67c08119be637c49f9763d16019145b21949f4fd8ec7e88b
              • Instruction ID: cab79381c08f231e19603f65da8a3035c80ff2fa266a7266c160d495d1c3319d
              • Opcode Fuzzy Hash: fe4534bc9236f15b67c08119be637c49f9763d16019145b21949f4fd8ec7e88b
              • Instruction Fuzzy Hash: B0514921B1DA0E4FE378A75984656747BE1EF9D320B4901BFD44EC32E6ED18AE428390
              Function 00007FFD9B8C05F2 Relevance: .2, Instructions: 182COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d9fbb2042fe824e45b11e48cff039214c5943fdcd6993cc16a630eeef1e5766f
              • Instruction ID: 2cdb64ab52c33362a1eab9b28eb9cb2a6eaed9c5b8c57cfa00dddd019a456fad
              • Opcode Fuzzy Hash: d9fbb2042fe824e45b11e48cff039214c5943fdcd6993cc16a630eeef1e5766f
              • Instruction Fuzzy Hash: 44410812F1E94E4AF7789B9D58A11B826D1EF8C361B1A417FD44EC32F6EC1C6D4A42D0
              Function 00007FFD9B8C7907 Relevance: .2, Instructions: 179COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 446ee14c35608f327fd8598c8a325e027f06f995778dece72530624bc8d6e2e9
              • Instruction ID: eb077c7f2abb3e25c1e653defa3697e62950a8a86d9c3ec6e01ab414789c40cf
              • Opcode Fuzzy Hash: 446ee14c35608f327fd8598c8a325e027f06f995778dece72530624bc8d6e2e9
              • Instruction Fuzzy Hash: C061D37460A74A8FE365EF64D1A457177E1FF48304B6148BEC44E87AA2DB39F942CB40
              Function 00007FFD9B8C0508 Relevance: .2, Instructions: 178COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d48e1fec8913be209df35b5dc5f96ebc708d9870ed0b93d96e493efa646b81ad
              • Instruction ID: 5860fdd4a5c6c1f6b19d34815550cecc617f89275a416d2a68d292ef74bfa29c
              • Opcode Fuzzy Hash: d48e1fec8913be209df35b5dc5f96ebc708d9870ed0b93d96e493efa646b81ad
              • Instruction Fuzzy Hash: D3513952F0F6DA0BE77573A868751F86F80EF456A4B0941F7D09C4A0A3EC08AD0A8285
              Function 00007FFD9B8BF678 Relevance: .2, Instructions: 173COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93168519791560e6b65190f5162c478a0b7dcf362005ad153861a4f043646ae4
              • Instruction ID: ee6b28a0f1975aabb18f6886c056e7b58fe5621a10f8337a6751ce1a323bab33
              • Opcode Fuzzy Hash: 93168519791560e6b65190f5162c478a0b7dcf362005ad153861a4f043646ae4
              • Instruction Fuzzy Hash: A751F231608A588FDB58FF2CC4999B5B3E1FB6831471405BEE09FC35A2ED24E946CB80
              Function 00007FFD9B8A3115 Relevance: .2, Instructions: 169COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b452137ea01c158fa9b67f0d9bbc1565bc6256d7fafe313c4e32cfa4ccfe1a7e
              • Instruction ID: 96622a17abd0d6719dbd72b158945ae18156efd510532d236bd7ad208dbe1ff5
              • Opcode Fuzzy Hash: b452137ea01c158fa9b67f0d9bbc1565bc6256d7fafe313c4e32cfa4ccfe1a7e
              • Instruction Fuzzy Hash: 5E512C70E1A61E8FEB64DFA8C4A46EDBBB1FF48301F554039D009E72A5DB386A45CB10
              Function 00007FFD9B8C44E1 Relevance: .2, Instructions: 157COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 11b847e9547dac50b01343c65aa7ff5bdc211ba37441ca1414fe79d18834f2f5
              • Instruction ID: 5e881879eee7adea33be4df517189fba4609e3471dc20533e550651c93f2a07a
              • Opcode Fuzzy Hash: 11b847e9547dac50b01343c65aa7ff5bdc211ba37441ca1414fe79d18834f2f5
              • Instruction Fuzzy Hash: 134173A5F2D84E5EE7B8BBAC643117832D1EB8C690B5A01BFE10FC72E6DD186D510391
              Function 00007FFD9B8C1657 Relevance: .2, Instructions: 154COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d0f9f04f81801b16ebfb81df66f4d9fa2b43ac1903a43cdeb22139f571e8f971
              • Instruction ID: 4b70e85269185a0fd3418092f6b742f2ec56f7e66387f807d2db2068b37daaf4
              • Opcode Fuzzy Hash: d0f9f04f81801b16ebfb81df66f4d9fa2b43ac1903a43cdeb22139f571e8f971
              • Instruction Fuzzy Hash: 8F415A70B1E6498FE328B768886597577E0EF4A314F2601BFE48FC71A2DE2879038751
              Function 00007FFD9B8BA840 Relevance: .2, Instructions: 151COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f660762b081e706b49dc6bfb9c040a94796de42a5ad1718ccd1ef00fb9c42d7a
              • Instruction ID: 4cd46187f1a384fe360213177f60e134cc1ff324c02b9c91a8bcb323ca99fee5
              • Opcode Fuzzy Hash: f660762b081e706b49dc6bfb9c040a94796de42a5ad1718ccd1ef00fb9c42d7a
              • Instruction Fuzzy Hash: 8B4115B1B1FB0B4FD338AB68A86247477E1EF49314B1546BFD08EC31A2ED3966478641
              Function 00007FFD9B8C7EFE Relevance: .2, Instructions: 151COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c94ac497070f2788efa6b68f1754be6a4505ed35af45d4e62bad514295dd3c8
              • Instruction ID: c341fc12f994169555e04da410a819bc6f1b0ba277c24670a9df980d5ac1bb83
              • Opcode Fuzzy Hash: 7c94ac497070f2788efa6b68f1754be6a4505ed35af45d4e62bad514295dd3c8
              • Instruction Fuzzy Hash: C1415A91B2EA8A0FE3E5B76854A45752BD1EF8D250B1641FBD04EC71EBDC286C0A8350
              Function 00007FFD9B8C0400 Relevance: .1, Instructions: 149COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f34a418e90d3380db2621a515046cad4a1931184681e5c87d6809d4f811840b
              • Instruction ID: 2bcc1b77e6c03c826bccc890eaef5ae4d1ba6f036b1cc151361766dc28ca7ec2
              • Opcode Fuzzy Hash: 2f34a418e90d3380db2621a515046cad4a1931184681e5c87d6809d4f811840b
              • Instruction Fuzzy Hash: AC41C471F1AA0E4BF774EBA88465ABA76D1FF4C350F010539E45ED3195DE28AD018781
              Function 00007FFD9B8BF64E Relevance: .1, Instructions: 145COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eac746185735ec555c1867aa3b5eb179f04e9980eb3fa74ccd31f40d708a4554
              • Instruction ID: 76463da4470c8a70e6892b933de7946aca3be4749d12714ae6e056ef36324ee4
              • Opcode Fuzzy Hash: eac746185735ec555c1867aa3b5eb179f04e9980eb3fa74ccd31f40d708a4554
              • Instruction Fuzzy Hash: D241E531608A498FDB58FF68C499DB5B7E0FB68314B1401BED04EC35A2EE24F984CB81
              Function 00007FFD9B8C59FB Relevance: .1, Instructions: 142COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8fa7f078b7d69fb9320d22811a6f697dc24b927696631c4a1c7e3c7b44cad739
              • Instruction ID: e264d4eb7b08f839e8c17e3027996c34c9a518990c4d48325e12e1a203aefd98
              • Opcode Fuzzy Hash: 8fa7f078b7d69fb9320d22811a6f697dc24b927696631c4a1c7e3c7b44cad739
              • Instruction Fuzzy Hash: 4B415071B1E74A4FD7396BA8A4620F57FD0DF49310B1605BFD44AC31A2DF197946C281
              Function 00007FFD9B8C7EE7 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1b5654da9343b1f4fc9dbd4b0515aa07a6d47abaca6d284a93a9d84e7d13bdf6
              • Instruction ID: b75a8c895fc377cecf3eca09ae4af50f44446580806f2f9137a31c22970f6fc9
              • Opcode Fuzzy Hash: 1b5654da9343b1f4fc9dbd4b0515aa07a6d47abaca6d284a93a9d84e7d13bdf6
              • Instruction Fuzzy Hash: A43107A2B2E84E4EE3E8F75C54A557553C1FB9C390B2185B7D00EC71EAED28A9064340
              Function 00007FFD9B8A2095 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f6bf911b14ed99e474c3e2a9b0ad356091155f58c4063dd4632d6c434d4260a7
              • Instruction ID: f6246621aec7c32bb44ff10bad19733ea415026d7c7544483388cb83e3cda87f
              • Opcode Fuzzy Hash: f6bf911b14ed99e474c3e2a9b0ad356091155f58c4063dd4632d6c434d4260a7
              • Instruction Fuzzy Hash: 4D413B31B0E64A4FE765DBB888655B97BE0EF4A300B4641FBD04CC71A6DE28B9418351
              Function 00007FFD9B8BF945 Relevance: .1, Instructions: 137COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a34847bc766d6735ec457bf353e99518f36c22a8a28da01aa3f5a297dcdfd329
              • Instruction ID: 00f80989620a66e45e14167d32f6689fe5437ba20170b2caff57356354f58fcb
              • Opcode Fuzzy Hash: a34847bc766d6735ec457bf353e99518f36c22a8a28da01aa3f5a297dcdfd329
              • Instruction Fuzzy Hash: 03412821F0DD5E4FE7A8EB789424A7873D2EF9C34471541B9D00EC72EADD28AD428781
              Function 00007FFD9B8B3AFB Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e5b9d6b8759b9fd86ac944266f52c831a91ba81fb0a8655f5c53edf5a9182af
              • Instruction ID: 1f0a92c79d94475481e983e0faf303adc1a7d017d7eed9840c70ae841174df48
              • Opcode Fuzzy Hash: 9e5b9d6b8759b9fd86ac944266f52c831a91ba81fb0a8655f5c53edf5a9182af
              • Instruction Fuzzy Hash: 7D313C32B0D6595EE716ABBCE8661F97BE0FF45321B1004BBC148C60B7EA35A145CB80
              Function 00007FFD9B8BE4C0 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6475397296663578baf290811c72c1a8c4c431e24e12bc3e041e7391348f05c2
              • Instruction ID: da339de9fed5ac2c00142b7219f63f9be273c6f8d27e74c8e0784f33c5e9dfcd
              • Opcode Fuzzy Hash: 6475397296663578baf290811c72c1a8c4c431e24e12bc3e041e7391348f05c2
              • Instruction Fuzzy Hash: C8415D30E1D96E8FEBF897648474AF477A1FF58301F1449B9C04EC759AD938AA858B80
              Function 00007FFD9B8B966D Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e996e06d67c4e835afd4475e9370bf550ff1eaf0bf942d16306ca965659ee44c
              • Instruction ID: c955545fba30eb36a5ecf3bab956c3d26802473444461be87c52ae16833b79a2
              • Opcode Fuzzy Hash: e996e06d67c4e835afd4475e9370bf550ff1eaf0bf942d16306ca965659ee44c
              • Instruction Fuzzy Hash: AC41DD70A0951DCBDFA9DB68D4A5BF8B3B5FF59300F5144A9D00DA3296CE35AA81CF40
              Function 00007FFD9B8C0925 Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3655361b4f7cc3b88d43a20756e79026f7879a05884a046c26d2807af7c8fd76
              • Instruction ID: e71139ad1bd0d6d9ab7b1a073fb95e246e351df586a74153e346db03e456e3db
              • Opcode Fuzzy Hash: 3655361b4f7cc3b88d43a20756e79026f7879a05884a046c26d2807af7c8fd76
              • Instruction Fuzzy Hash: 0831E521B1D90E4BF778AB9E94A55B937D1EF8C310B19013FE44FC22E6ED28AD4192C0
              Function 00007FFD9B8ABDE9 Relevance: .1, Instructions: 120COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 02d002dde7641be9b62458c3cbbfdb16829ddf446b4db970d7fd7b455b5d1267
              • Instruction ID: 5e16e2e6c1b6086223fbba9326ea2122a0d170ec9f8c6237a5d27e21149f7495
              • Opcode Fuzzy Hash: 02d002dde7641be9b62458c3cbbfdb16829ddf446b4db970d7fd7b455b5d1267
              • Instruction Fuzzy Hash: 89411470A0A64E8FDB68DFA4D4646FD7BF5EF19300F11017ED00AE72A1CA34A950CB60
              Function 00007FFD9B8BF610 Relevance: .1, Instructions: 119COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9bc8f55d0436be6684cf97553528ab031b7bce02dbbb741772ef1c6ca5b82737
              • Instruction ID: b1458ea1d7a6f665933a9fb92d52db35d04ac696526ada5ca592267342d979ce
              • Opcode Fuzzy Hash: 9bc8f55d0436be6684cf97553528ab031b7bce02dbbb741772ef1c6ca5b82737
              • Instruction Fuzzy Hash: 5A41933160CA588FDF99FF68D4A9DA5B7E1FB6831470441AAD04EC35A2EE24E884CB41
              Function 00007FFD9B8C8EC9 Relevance: .1, Instructions: 115COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 03ba4a163578c34d109df80468c6c6c71d555e525f1fbbeea3d9fc1f259eea19
              • Instruction ID: e18da88ab58365f7327396cbe76a74c64655b138386b8a5be0a24259a53c504d
              • Opcode Fuzzy Hash: 03ba4a163578c34d109df80468c6c6c71d555e525f1fbbeea3d9fc1f259eea19
              • Instruction Fuzzy Hash: AF31E77161EA484FD7A9DB28C8749B577E2FF9D300B4945AFE08DC76A2DA24F902C701
              Function 00007FFD9B8C57D9 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 77afceb87fbd80d0048e5e89ad4a758a20ef0f815640d149f3d3cef1a7075cff
              • Instruction ID: 2ec1c7f3d6e5c80f87444999b116bd5addc55879dc9b47881fdba0417cfe0edc
              • Opcode Fuzzy Hash: 77afceb87fbd80d0048e5e89ad4a758a20ef0f815640d149f3d3cef1a7075cff
              • Instruction Fuzzy Hash: 1231A0A1B1E91D8FEF74A79898265FE77A0EF4C301B560077E00EC32B1DE286A009785
              Function 00007FFD9B8C1369 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ed70c9e164da52736b0e92e5a16359a8b7056fe763bc3abbf1e4266f2b1a2581
              • Instruction ID: aa8defa9f9d7b820d94192fca3323577e29552111e7ab92ff100324f6b571d94
              • Opcode Fuzzy Hash: ed70c9e164da52736b0e92e5a16359a8b7056fe763bc3abbf1e4266f2b1a2581
              • Instruction Fuzzy Hash: 0131BEB0B1E91E8FE774F7A898A49BD76A1EF4D318B160177E00EC35A1DA1C6A019352
              Function 00007FFD9B8BCD49 Relevance: .1, Instructions: 108COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3e8d46f521fdef9badae1e871546a2414deeaa48fd7fdd5758bc5da0574c2e94
              • Instruction ID: d7794f9ee4907717b6b6941b9ef55b35b16d72ddfb9991928b4972b92b5ac3fa
              • Opcode Fuzzy Hash: 3e8d46f521fdef9badae1e871546a2414deeaa48fd7fdd5758bc5da0574c2e94
              • Instruction Fuzzy Hash: E6315035B1E92D8FD77487B8946D9BD7BA1EF4C350F1A0176E00EC31A1DA286A015FD1
              Function 00007FFD9B8B1BE5 Relevance: .1, Instructions: 106COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3881e5c91decbbebcbae08858576e17c75aed797c3a9ddf48dbc20bf3ef1903d
              • Instruction ID: 83e3999769f92d4a5a2c15d943d1444825c104825e36cdbaa59254ec8e2dfbc8
              • Opcode Fuzzy Hash: 3881e5c91decbbebcbae08858576e17c75aed797c3a9ddf48dbc20bf3ef1903d
              • Instruction Fuzzy Hash: CA418B7090E7CA4FCB47DB7888795A53FF0EF1B210B0A41EBD489CB0A3C6685959C762
              Function 00007FFD9B8BB879 Relevance: .1, Instructions: 105COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d89f3de333682bb8f7150e12d64815351d615406a94c28268a45d7883efb568a
              • Instruction ID: d67e360e719f0a2b8fb2019bf9cbd3a57162d02feb5e37261ff571b9b9476d26
              • Opcode Fuzzy Hash: d89f3de333682bb8f7150e12d64815351d615406a94c28268a45d7883efb568a
              • Instruction Fuzzy Hash: 4831FE70E1992D9FDFA8DB58D4A5AACB7B1FB5C310F0041BAD00EE3291DA35A9818F40
              Function 00007FFD9B8B2B94 Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a4c4353f4a445ae084584d5f3b9ba5f826f4edf396fcc36d7724c91dfa831ec
              • Instruction ID: d0388148144c2ddbecff4e5227da4c987c85e3868a835303ed168fb4ceec1e28
              • Opcode Fuzzy Hash: 3a4c4353f4a445ae084584d5f3b9ba5f826f4edf396fcc36d7724c91dfa831ec
              • Instruction Fuzzy Hash: 2041A370E1562D8FDB54EFA8D8A5BEDBBB1FF58300F1041A9D00CA3292DE346A858F51
              Function 00007FFD9B8AC31C Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d0f848117afcd27d75963aa330c83dfc7f680f5167ce70e1e5a58c428f822f81
              • Instruction ID: c528e2a6ee3e0dc10a14bd9212ecab5e4251dc76cfac527fb53bb028b96b07eb
              • Opcode Fuzzy Hash: d0f848117afcd27d75963aa330c83dfc7f680f5167ce70e1e5a58c428f822f81
              • Instruction Fuzzy Hash: 4631F870E1D91D9EEBA8EB98D8A5AFCB7B5FF58300F511039D00DD3292DE3869418B50
              Function 00007FFD9B8C0F56 Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a8370ce8c0209c478011529f7c97b116e89dd0ff37e94863f4ded123129d40b9
              • Instruction ID: f5dc1ad9f118db099e1f95bcaf6fdcd0b23b17c84e7631d64dd8d97f2503b698
              • Opcode Fuzzy Hash: a8370ce8c0209c478011529f7c97b116e89dd0ff37e94863f4ded123129d40b9
              • Instruction Fuzzy Hash: E6314470B1990E9FDB54EB98D4A19B8B7A2FF58750B11423AE01DC3695CF347D52CB80
              Function 00007FFD9B8BC92B Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 395360de714a2cce75d7fb9ea367333db7c6268cb922332abb64a1b036ec4982
              • Instruction ID: 0bc112d01db70ea53b7042f2ac2cfa4803d30f7bff04023e4413beea62e4614d
              • Opcode Fuzzy Hash: 395360de714a2cce75d7fb9ea367333db7c6268cb922332abb64a1b036ec4982
              • Instruction Fuzzy Hash: 3D315E71B1991E9FDB68DBA8D4A15A8B3A1FF58310B15423AE01DD3696CF34BC128FC0
              Function 00007FFD9B8ACA0D Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8fcf8d3578c048ce134579133b9c45ce46c30bc336a8066c489332621f61956e
              • Instruction ID: add9091f7b6249ca804942478b6409481c53acccfdfd78497af7e63b90d99470
              • Opcode Fuzzy Hash: 8fcf8d3578c048ce134579133b9c45ce46c30bc336a8066c489332621f61956e
              • Instruction Fuzzy Hash: BA31C571B0D56B8BEB2ABBA8BC295FC3754EF09324F054177D01DCA0E3DE6835458AA1
              Function 00007FFD9B8C121B Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bddb94fa21678aa2bdac88ecbe737813e8171362526f3963020d302800d77b19
              • Instruction ID: 19caa93863fc369f404a40f138e11cfdf9e9130528db34562b553681607302ba
              • Opcode Fuzzy Hash: bddb94fa21678aa2bdac88ecbe737813e8171362526f3963020d302800d77b19
              • Instruction Fuzzy Hash: 1931B355A0F7CB0BE772BBB558B40783FA19F4B660F0A02FBD489CA0E3D9091946C352
              Function 00007FFD9B8AC9A5 Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 13b4f95436af42a4284a46ea11a194642bdd977a8ceda81b91be3fdbe0e6d48f
              • Instruction ID: 6cb97c8bab943030f4bbf9a44d4a191ff4316c6a4b6c14b3b97ffaef94304445
              • Opcode Fuzzy Hash: 13b4f95436af42a4284a46ea11a194642bdd977a8ceda81b91be3fdbe0e6d48f
              • Instruction Fuzzy Hash: 8431D761B0D56E8BE766BBACBC285FD3754EF44324F050673D01DCA0D3DD6435458AA0
              Function 00007FFD9B8B7B9D Relevance: .1, Instructions: 98COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a325f51b502b90fe5c74d4635d199578b876bd71d0c0fd6c9b963c9f3c163ed
              • Instruction ID: 7a993358389a1e9e432397b59c66a7345b7e8c9ef19476183275a65ceccbbe5f
              • Opcode Fuzzy Hash: 3a325f51b502b90fe5c74d4635d199578b876bd71d0c0fd6c9b963c9f3c163ed
              • Instruction Fuzzy Hash: 3321F231A0A65E4FDB55EBB8C8655FEBBB0EF09314F0104BAD41DD71A2CA3566828B80
              Function 00007FFD9B8C52CF Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a7a56f994374adc68d4b80c6ba7a0f5de71eddc61627630fcbc3bd65b95d675a
              • Instruction ID: 7d9856663d968c43f00ab1d2d7f726678c14234ff21329503964c93f503ae448
              • Opcode Fuzzy Hash: a7a56f994374adc68d4b80c6ba7a0f5de71eddc61627630fcbc3bd65b95d675a
              • Instruction Fuzzy Hash: 3921A4A2B0DA4D4FEBA9F7A858331F876D1EF89211F05027BE05EC3292ED5469054381
              Function 00007FFD9B8AC9D3 Relevance: .1, Instructions: 93COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c96f8967b5bc2b0588e153007a81d09ab6afd99690763a61252c400626c7eb02
              • Instruction ID: c5f83fa5d37e325171423602db4be7b707c9afd6c1ee8e6bfc2ca7f2a2a59bb9
              • Opcode Fuzzy Hash: c96f8967b5bc2b0588e153007a81d09ab6afd99690763a61252c400626c7eb02
              • Instruction Fuzzy Hash: 8521F562B0D66A8BEB5ABBE8BC284FC3754EF45328F0501B7D01DC60E3DD6835458AA1
              Function 00007FFD9B8BC9FE Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ee45820997c1341d68fd548937938e8e0023f63811fa4fb0b28de91745a72fa6
              • Instruction ID: 25a2756a2de21fdc2fcd54f42e8fb7d09cd50e14c3dd66ced7c57ddbc213f018
              • Opcode Fuzzy Hash: ee45820997c1341d68fd548937938e8e0023f63811fa4fb0b28de91745a72fa6
              • Instruction Fuzzy Hash: 3E21C2A1E0E99E4FE768E3B898751A8B7E0EF5D350F0911BAE05DC65E3D91869024A80
              Function 00007FFD9B8C0870 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cc0c102dc0b80808f3bc621ab7f41f0173f70a0844a45963b906fe813b0d9062
              • Instruction ID: fce80542b60c9f9f137521d010a12bb3fcb594bc775ad3fa4beccf39f19e4c71
              • Opcode Fuzzy Hash: cc0c102dc0b80808f3bc621ab7f41f0173f70a0844a45963b906fe813b0d9062
              • Instruction Fuzzy Hash: F921D821B0E90E8AD3749B9F946467936D1EF8C311729427FE41FC32E6DD1CAE8592C4
              Function 00007FFD9B8AB03A Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f882cebfb7e9615dcdee033a4ef7b47c9d0d62b338719c8463a5ce0bb36ebcb5
              • Instruction ID: 62ef779eb81fb0f4af823897d322974f72f32db7ee02610f4a889171263dc684
              • Opcode Fuzzy Hash: f882cebfb7e9615dcdee033a4ef7b47c9d0d62b338719c8463a5ce0bb36ebcb5
              • Instruction Fuzzy Hash: 35319330E1A90E4EEB61EBB8C8A96BD77E5FF4D300F0145B6D42CD70B6EE34A6448650
              Function 00007FFD9B8ABEC4 Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8059ee9c6dd5e1eba5ca9061de33bc029e8e36040e85270759d559c0619e2e34
              • Instruction ID: 826224a701474b08eae6bf96d037a76b8ec8182d0001b93d94e1351be669bd50
              • Opcode Fuzzy Hash: 8059ee9c6dd5e1eba5ca9061de33bc029e8e36040e85270759d559c0619e2e34
              • Instruction Fuzzy Hash: 4D319274E0960E8FDB64DFD8D4A46EDB7F4EF18311F11443AE419E72A1DA346A50CB60
              Function 00007FFD9B8B8774 Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5318a460a0c37d5c33ad42aacf0ad8629f4a9409f7bf2732f163745126a1726c
              • Instruction ID: 9916c8ab4de20524fbd0944d5e6b3aee58fe086260d75ed949c6f2e04150e175
              • Opcode Fuzzy Hash: 5318a460a0c37d5c33ad42aacf0ad8629f4a9409f7bf2732f163745126a1726c
              • Instruction Fuzzy Hash: 44217476E1992D8FDBA0DF9888A57E973B0FF19300F4001BAD45DE3191DE746A468F84
              Function 00007FFD9B8BE490 Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 97c0e90be6c513c26453d133b38cd3224fb33b4cec2bba4d9e4bbca748e62534
              • Instruction ID: 6ea325bca13cd8129bede0177e777575ee749e9938a99d691b5db352e90a825a
              • Opcode Fuzzy Hash: 97c0e90be6c513c26453d133b38cd3224fb33b4cec2bba4d9e4bbca748e62534
              • Instruction Fuzzy Hash: AC314B10A1E5BA4EE7B9837844709B07F51EF593027194DB6D08B8B8EFE41CF5858BC0
              Function 00007FFD9B8BCE5D Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9b3eb85fa960bc6456b4092325e7c85904e6d915a66579a4da2b34cd96ba9102
              • Instruction ID: 14233411b0116dbe6dacf1472176c8c2b9394514a3530b2056edf7fd5ab1d995
              • Opcode Fuzzy Hash: 9b3eb85fa960bc6456b4092325e7c85904e6d915a66579a4da2b34cd96ba9102
              • Instruction Fuzzy Hash: 7221685271FBCE4FD76A977888785A2BBE0EF5A25470441FBD099C70E7ED182809CB81
              Function 00007FFD9B8C47C1 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c81f0b9608b02c0f2182b235bb42474038bd936a0b4e1d1ce2c461e6e820648
              • Instruction ID: d3e34ad31b9bb22a072f05b6199c19902eab6bd0f75c4adc365911e7fa2f5917
              • Opcode Fuzzy Hash: 6c81f0b9608b02c0f2182b235bb42474038bd936a0b4e1d1ce2c461e6e820648
              • Instruction Fuzzy Hash: 10312C70E1994D8FDFA4EB98C465ABC77F1FF58300F0541BAD00EE72A1DA38A9818B41
              Function 00007FFD9B8C0CB1 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4cbca4f676b22c9507b229586734afb7512273b0ea77425624adf53809023835
              • Instruction ID: 74e50a670a532e9a5ed20e56fd03cc6c7996009fbd5026730d39eb4fa88b25ce
              • Opcode Fuzzy Hash: 4cbca4f676b22c9507b229586734afb7512273b0ea77425624adf53809023835
              • Instruction Fuzzy Hash: 0E312C70E2990D8FDFA8EBA8D465ABC77F1FF58740F0141BAD00ED72A1DA34A9418B41
              Function 00007FFD9B8C1022 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 246f9aade0ca34ad3b1e1d64ce44ceb600082cd5ec00f1ee61f5ec1d28de1d88
              • Instruction ID: 2bf42d45008071eeaa41c60098d91c77f9e1a58697c61709112a8e4743503c05
              • Opcode Fuzzy Hash: 246f9aade0ca34ad3b1e1d64ce44ceb600082cd5ec00f1ee61f5ec1d28de1d88
              • Instruction Fuzzy Hash: 5321A971F0E98D4FE7A4F7A498B22B8B7E1EF59311F05017AE05DC31E2DD2859068781
              Function 00007FFD9B8BB8C2 Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 96dfd1f204fa164578e87e0befb34b9e9bdbe8179d86c6a0c6fc6abfe9ccc862
              • Instruction ID: f318b73114ac24427b2a0aa41f870cc67397726fc84de60abad98f907f27b3b3
              • Opcode Fuzzy Hash: 96dfd1f204fa164578e87e0befb34b9e9bdbe8179d86c6a0c6fc6abfe9ccc862
              • Instruction Fuzzy Hash: 5B21FB71E0591D9FDF98DB58D4A5AECB3B1FB6C310F0041BAD00EE32A1DA35A9818F40
              Function 00007FFD9B8ABE84 Relevance: .1, Instructions: 84COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f5f1753aea59c26995c8d99d97da6212d2b4315e390985e73bd2543e447b62b4
              • Instruction ID: c4f5bf7d112ace770a465605e5677e2f842d9326254291c24998d54e8c5b7f6a
              • Opcode Fuzzy Hash: f5f1753aea59c26995c8d99d97da6212d2b4315e390985e73bd2543e447b62b4
              • Instruction Fuzzy Hash: D631A2B4E0561D9FDB58DFD8D4A46EDBBF1EF18311F11043AE409E72A1DA346A50CB60
              Function 00007FFD9B8B7D41 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d23806009a8f0a90e1f329a59417c1b7fab83e3838d7f3ee049ed6b72e2e989d
              • Instruction ID: 350d2ff974acc2097f52d9daf49af818f0e9eeb1de5c4409f8b33a9c4ea4ea82
              • Opcode Fuzzy Hash: d23806009a8f0a90e1f329a59417c1b7fab83e3838d7f3ee049ed6b72e2e989d
              • Instruction Fuzzy Hash: 63219134A0A65E8BEB69DBA4C835BF933A0FF08344F05053AD41AC61E5DF78A6058B81
              Function 00007FFD9B8A0805 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6a0521081c29db52a8c7dc631f52a835b290feb129bd0f4930edfd4b76f9f798
              • Instruction ID: 81252aba5a53caae84250a60547af6285bb939ea24bdf2a4291dbb127239a428
              • Opcode Fuzzy Hash: 6a0521081c29db52a8c7dc631f52a835b290feb129bd0f4930edfd4b76f9f798
              • Instruction Fuzzy Hash: B621CC52B1F18B9BD71623BC9C7A5E8BB90FF51318B0902B3C06CCA0D3ED18A05AC2D5
              Function 00007FFD9B8AC4EF Relevance: .1, Instructions: 82COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be4168b3b60294280aebcf7a56a5480e1100e38c9fe85f285e3e719a7cddcd71
              • Instruction ID: f7b4ddf683b4fb26dc3178913a91637b1c1a7369486d34126c8c89c73454c447
              • Opcode Fuzzy Hash: be4168b3b60294280aebcf7a56a5480e1100e38c9fe85f285e3e719a7cddcd71
              • Instruction Fuzzy Hash: 0021A37198E2C95FD7174B705C2A1E53FB4AF07214B0A01EBE448CB0A3CA2C5689C722
              Function 00007FFD9B8C4A68 Relevance: .1, Instructions: 82COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5b6e5c8068a4b7df1fef661ef4b66fbc48132b3ce60a0697556ad4b62dc0369b
              • Instruction ID: 782a091818f9a979354337c71ee52c2d3357bbf5eaa60dd6349031731e3a5f23
              • Opcode Fuzzy Hash: 5b6e5c8068a4b7df1fef661ef4b66fbc48132b3ce60a0697556ad4b62dc0369b
              • Instruction Fuzzy Hash: ED3160B1E0A51E8BDB68EF9484A15FD77B1EF18340F54003EE01A972E6DF386A858744
              Function 00007FFD9B8C4278 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6b037f3da479372344d00c8f716d8898da2dd429e7c33d664c12c9016b50c393
              • Instruction ID: ff16fd792e2e18dd771332a6f645a0d034826aeab75ad33455c2b0ab2119da6a
              • Opcode Fuzzy Hash: 6b037f3da479372344d00c8f716d8898da2dd429e7c33d664c12c9016b50c393
              • Instruction Fuzzy Hash: 3B21D7A1E0E64F5EE751FBA488595B97BE0FF59340F0544BBC418D60A6DD3466848700
              Function 00007FFD9B8C5150 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5ef61fd80720ac4e88384133f0d1e422b4d96eeecaba54470f67cb77ea0f3f68
              • Instruction ID: 712636a7a0d2cbeb45919433c109c57a79979ae644aa5807d2695332d77a45ec
              • Opcode Fuzzy Hash: 5ef61fd80720ac4e88384133f0d1e422b4d96eeecaba54470f67cb77ea0f3f68
              • Instruction Fuzzy Hash: 56216FA198F7C91FD76397741C7A4F53FB49E47610B0A42EBE088CB4A3D95C154A8362
              Function 00007FFD9B8B74E1 Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8102c4f457518bed3609562be01edd2692ac887e2ed52da62eb43b0177875ba8
              • Instruction ID: ac87b64b4ae287354ccd16cf29509985452d3090f126c0626537ab177b9fc1f7
              • Opcode Fuzzy Hash: 8102c4f457518bed3609562be01edd2692ac887e2ed52da62eb43b0177875ba8
              • Instruction Fuzzy Hash: 39214F34A0A61E8FEBA5EFB4C8696FD7BE0FF18305F01047AD41DD21A5DB34A6408B40
              Function 00007FFD9B8B84C8 Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1b4d4da2c7157ad1283591953d71b495ff936bc8715d17cdbb74a416e93a62e1
              • Instruction ID: e4bdd3170aba025eaa3603cda5e15b10d640483a43a700057a8a53610f712232
              • Opcode Fuzzy Hash: 1b4d4da2c7157ad1283591953d71b495ff936bc8715d17cdbb74a416e93a62e1
              • Instruction Fuzzy Hash: 6421D632E0995D8FDB65DF6498616F8B7B0FF18300F4401BAC08DE21A6DE346A828B40
              Function 00007FFD9B8A3318 Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 15ae95ea1230720d58231b0c9c50f2419ee4740ba9a609b729c2316b6959382e
              • Instruction ID: 4dfa4098f3769c2296221eba3db3f7007b9b6a85d72363e8dce9d899bfbacb38
              • Opcode Fuzzy Hash: 15ae95ea1230720d58231b0c9c50f2419ee4740ba9a609b729c2316b6959382e
              • Instruction Fuzzy Hash: 5C21933094E78A9FD752ABB488686A97FF0FF5B310F0545FAD054CB0B2DA389545C721
              Function 00007FFD9B8B939F Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b9947ff63003a172de7eb52d89b2e55adeb6c1ca50fbf45689308e0a781558c3
              • Instruction ID: 8a2bcfbd4fa6224965db600c52d78c5017c96a65db69409f49598075eb679995
              • Opcode Fuzzy Hash: b9947ff63003a172de7eb52d89b2e55adeb6c1ca50fbf45689308e0a781558c3
              • Instruction Fuzzy Hash: 7C21DB70E0A41D8BDFA8DB58D8A5AFDB3B1EF58300F1055A5D00EA32A5CE346E858F40
              Function 00007FFD9B8A33C1 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cd1f0b680deb9e0271f45f088c6bce3cbe6430a4c30eefe3b165f22f95eb5fb
              • Instruction ID: b94b5e42102c89df845cb0a2fa650a4f58912cf40e52defd2bf08e6dc19ebf0e
              • Opcode Fuzzy Hash: 5cd1f0b680deb9e0271f45f088c6bce3cbe6430a4c30eefe3b165f22f95eb5fb
              • Instruction Fuzzy Hash: 96213A30A0A65E8FEB65EBA488292BA76A0FF19304F01087AD41DC61E1DF39A640C750
              Function 00007FFD9B8A3445 Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d19ef40367098f83c70c4a9dc1136c585ecfcf797b17407554c21b4c08eade27
              • Instruction ID: c83617de1a3e79f45d21531ffba1a72e63bead09820b98901b3d05eacfbad9ed
              • Opcode Fuzzy Hash: d19ef40367098f83c70c4a9dc1136c585ecfcf797b17407554c21b4c08eade27
              • Instruction Fuzzy Hash: D1214A30A0A64E8FDB69DFA4C8656BD7AA4FF19304F1104BED41DC21A1DA39A650C710
              Function 00007FFD9B8BAD49 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e078250a7ab5376508c1ff76332342ce7eb5d3a19d5ef48b2d7d562adacc4250
              • Instruction ID: 2afd56997b5b93bfc285effb42a815d2ac67873d2af480e0dcb43bec1a02dd22
              • Opcode Fuzzy Hash: e078250a7ab5376508c1ff76332342ce7eb5d3a19d5ef48b2d7d562adacc4250
              • Instruction Fuzzy Hash: 58218E30E1DA5D9FDB98DBA8D8609ECBBB1FF5C300F45007AD00AE32A1DE3469058B90
              Function 00007FFD9B8C0ACD Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa33b05ff2155b283fd939a480450ee9b980f6da15defc534e888ce942b180b5
              • Instruction ID: 3463ac76eb1072985b12b4528ad0206a6f6634a3a52f36644bddb5e7e39ae3f8
              • Opcode Fuzzy Hash: aa33b05ff2155b283fd939a480450ee9b980f6da15defc534e888ce942b180b5
              • Instruction Fuzzy Hash: BD21F261E1E68D9FDB16E7A498711ED7FB2EF49244F0A00B7C05D971E3CD282A058351
              Function 00007FFD9B8C03E8 Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 87da8d7f13cec37ac517ca8b36a8c8a218fa91df1b4f8be6be5895674cd4bea5
              • Instruction ID: 2833e62aeb82ad25e871e1551c86761e670b8e3fee1120a054bf1712640dcebb
              • Opcode Fuzzy Hash: 87da8d7f13cec37ac517ca8b36a8c8a218fa91df1b4f8be6be5895674cd4bea5
              • Instruction Fuzzy Hash: D8117760B1D80DCFEAB4EB9C44A5A796BD1EF5C34071102B6E01EC72F9DE19AC01C381
              Function 00007FFD9B8C1261 Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 18231a358e18909e08daa08e910913ef467c9304118aa2b376329b8dff134e95
              • Instruction ID: b4ebe1b2c17a1f18ca6c92d0f673163d6e4a49fc67938336d5aa27d7a1873ad8
              • Opcode Fuzzy Hash: 18231a358e18909e08daa08e910913ef467c9304118aa2b376329b8dff134e95
              • Instruction Fuzzy Hash: 78215B85A0F7CB1FE763A7B448750742FA14F5B560B0E46FBD089CE0E3D84D1A4A8322
              Function 00007FFD9B8C529C Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 621227936be57e8c6af8fae6421191b7d58609b7f9b411202ea71d5042ff77d3
              • Instruction ID: ea1edbc855639b4f4fd68b9e38e993b93c031debd3cb3000a260ee9ef74f02e0
              • Opcode Fuzzy Hash: 621227936be57e8c6af8fae6421191b7d58609b7f9b411202ea71d5042ff77d3
              • Instruction Fuzzy Hash: 02115461F29A0D4BDF58F79CA8A29FC73D2EF9CB51B05013AE00AC3296DD2469024381
              Function 00007FFD9B8B75E9 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d46c0de146ba3e0346b4889019b700a881f7f7ed115ea25955f6bfe115e9d2b2
              • Instruction ID: f5c2fdb4750819e41f274bfbc2eeb8b03e47dccaa15c6da22e2e3ee97788c12f
              • Opcode Fuzzy Hash: d46c0de146ba3e0346b4889019b700a881f7f7ed115ea25955f6bfe115e9d2b2
              • Instruction Fuzzy Hash: 3B218134E0E65E8FEB61AB78C8695FD77E1FF09300F0105BAD42DC60A6DE38A6548B41
              Function 00007FFD9B8A0A01 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d152a0cac4158bcad1bc4ea88029913539f352a8dfec5869fc004a80f62469e6
              • Instruction ID: 51425595aa988a39583bf0ec4420a4c6043396af1781f281872a8d017493a112
              • Opcode Fuzzy Hash: d152a0cac4158bcad1bc4ea88029913539f352a8dfec5869fc004a80f62469e6
              • Instruction Fuzzy Hash: EC11B230E1A50E4FE790EBA888595BD77E1FF58700F4146B6D41DC70A6EE34B5448710
              Function 00007FFD9B8B47D5 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 025dff49f1867d471683e73f2ab3a818229e2bd6b12870b57d289af92f5acc67
              • Instruction ID: b08632832e4ccd617384ec2a714382d22717ce472d5871ffc691a8f32420ce96
              • Opcode Fuzzy Hash: 025dff49f1867d471683e73f2ab3a818229e2bd6b12870b57d289af92f5acc67
              • Instruction Fuzzy Hash: 4F11A230A0969E8FEB99DFA8C4662BD3BA0FF29301F1505BED41DC31A1DA34A540CB81
              Function 00007FFD9B8C1B6B Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5e5053d053541f6a1c3e6e1c69e89751e6ddbaeb7d710fadf0a906a7db30aef0
              • Instruction ID: efc98d616cc7a406ad8e0c2440cfe202eef741a22f907f41dbc3ec726ad98797
              • Opcode Fuzzy Hash: 5e5053d053541f6a1c3e6e1c69e89751e6ddbaeb7d710fadf0a906a7db30aef0
              • Instruction Fuzzy Hash: 9811E670B1AA0A8FD769BB7490614F9B3A1EF48381B41067BE04EC75D2DF39E5468780
              Function 00007FFD9B8A1F49 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c8aad137f18fa9631a5423cccf119149083f743934f8ac3a598bb89e0cfa82f
              • Instruction ID: 0139d5da6d25ad4e0c47e0768f49ccbbd3af27e77f911db58c4db5279e159b47
              • Opcode Fuzzy Hash: 7c8aad137f18fa9631a5423cccf119149083f743934f8ac3a598bb89e0cfa82f
              • Instruction Fuzzy Hash: A3119E01A4F6C65EDB2367B948744616FA05F07224B2E46FBD0D8CF0E3DA08594AC322
              Function 00007FFD9B8B36E0 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fd8f8191b91cf594473320b2519feb6eabc6074e5950af5e52638ef49e6ce636
              • Instruction ID: 5b301bc7ef8a33cde13830a674b532101ab591731f94846f2ce274673bd3fb30
              • Opcode Fuzzy Hash: fd8f8191b91cf594473320b2519feb6eabc6074e5950af5e52638ef49e6ce636
              • Instruction Fuzzy Hash: 37112971A0E69E8FE7529BB488285B977F0FF1A300F0604B7E05CC71F7D924AA049791
              Function 00007FFD9B8B24E1 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 84fc541555ba6be62dd2e1c5d0a996d6dfec0f20142d9337c081d7fa45f758cf
              • Instruction ID: 13bfdeca351d985ec44a8450a977e4bc8c069090053a4fca5837787d7ed9ee41
              • Opcode Fuzzy Hash: 84fc541555ba6be62dd2e1c5d0a996d6dfec0f20142d9337c081d7fa45f758cf
              • Instruction Fuzzy Hash: 47118E70A0964D8FDB98DF64D4A55F97FE1FF5C304F02026EE85AC32A5CA34A650CB80
              Function 00007FFD9B8B4C75 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32b5a4a2e9ceece22636342321a46cfb7b2b7984f7b82b7729c463384dc4d8a6
              • Instruction ID: 8939d9ee2becc635897551d7052385562351e044524679a447973cc18becfb71
              • Opcode Fuzzy Hash: 32b5a4a2e9ceece22636342321a46cfb7b2b7984f7b82b7729c463384dc4d8a6
              • Instruction Fuzzy Hash: 74110431A0EA4D4BEB69DBB488B61B83BA0FF18704F0901BED01DC25E6DE796545CA81
              Function 00007FFD9B8BD540 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86d4e1417e85dc8ebe5c9db0c797ddd67237dbea51cbbaf31115787642d8a054
              • Instruction ID: 3976c16d8f817aa3c5518781d1a0390c8b9b16b7070ef7d23bd555ecefeba842
              • Opcode Fuzzy Hash: 86d4e1417e85dc8ebe5c9db0c797ddd67237dbea51cbbaf31115787642d8a054
              • Instruction Fuzzy Hash: 4D112730B0991D5EE768EB74C4218FA73D0EF48351B00467AE04EC74E2CE38B5068BD0
              Function 00007FFD9B8A112D Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c0c030c373e65fc2f3bf4b708c762f645c8bb7cda05a9e92ea4a249bb978dcfc
              • Instruction ID: 7446c5b2aead9cdb51a3c68921d8ebfd44941a6990e2bd001e0d1b702b5836a2
              • Opcode Fuzzy Hash: c0c030c373e65fc2f3bf4b708c762f645c8bb7cda05a9e92ea4a249bb978dcfc
              • Instruction Fuzzy Hash: 59110870E0EA4E4EEB6AAB68C8786B97FE0FF5A314F0116BED019C61E1DF256540C710
              Function 00007FFD9B8B4739 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e9759723d9b8b92e38689dc27b2f15bfae59c647d8ce9009ad328be27cfdea6
              • Instruction ID: c3d09daabde42c51f3fcd94df85bf152218fea9a3d8f193a8c86f15d42924abb
              • Opcode Fuzzy Hash: 9e9759723d9b8b92e38689dc27b2f15bfae59c647d8ce9009ad328be27cfdea6
              • Instruction Fuzzy Hash: 0821D830A0D64E8FDB59DF7484652B97BE0FF19300F1505BED41DC31A2DA345540CB81
              Function 00007FFD9B8C19D9 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5081211206d038766c24b0b6d69418fc64d27f93440211a7bbde427e1427ab2f
              • Instruction ID: 746624247cc7d5bb278c5c9b9dd2059262a3c510197a904c283ace56c18780f1
              • Opcode Fuzzy Hash: 5081211206d038766c24b0b6d69418fc64d27f93440211a7bbde427e1427ab2f
              • Instruction Fuzzy Hash: E7116B3170650A8FE729BB68D4712F57390EF89351F11427BE91ACB6E1DB39A641CB80
              Function 00007FFD9B8BD3BE Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 90e9966455e0e69a606d107f564eae4435f2c4694aedc851cf0cf0b866f09885
              • Instruction ID: 3528ae9ad42dab2c997d050bb49c30ca9c7559db33694703db696ca6a182eb9f
              • Opcode Fuzzy Hash: 90e9966455e0e69a606d107f564eae4435f2c4694aedc851cf0cf0b866f09885
              • Instruction Fuzzy Hash: 4811AB3170650A8FF7189B78D4206F93390EF48354F11423AE81AC75E1DF39E6408BC0
              Function 00007FFD9B8C3CAC Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3edd41027e88f09a1dce8d03bf6b1a1dbc22126bcf965985c49615d6944a055a
              • Instruction ID: 6f51da43f14c3c1281c73656bb90959bf2fb1cb38b1bd8fff253b9ad47f13c57
              • Opcode Fuzzy Hash: 3edd41027e88f09a1dce8d03bf6b1a1dbc22126bcf965985c49615d6944a055a
              • Instruction Fuzzy Hash: 1711A131B1890D8FDF84FB6CD8569A873E0FF5831970100B6E50EC72A6DE24E8418741
              Function 00007FFD9B8B5ED1 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 733e69b9e68f799f90d14a411c164b7a5aa6905043742ec7e366f006eff1780d
              • Instruction ID: af5570d7c84f899f3079e19fb300bfc9511896bc70d31df0bc45f29836f1e77d
              • Opcode Fuzzy Hash: 733e69b9e68f799f90d14a411c164b7a5aa6905043742ec7e366f006eff1780d
              • Instruction Fuzzy Hash: 2511E570A0A68E4FEB59DB74C8795F97BA0FF19300F0605BED81DC61E2DE256640CB41
              Function 00007FFD9B8ACA90 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3624e1e2815963d16fa239edfccb86f722d73ab69c3da35d9937dbd380437e0a
              • Instruction ID: c2432459a2b9472483bd45b7e081df1f81515f795aa50005616b79008c708b24
              • Opcode Fuzzy Hash: 3624e1e2815963d16fa239edfccb86f722d73ab69c3da35d9937dbd380437e0a
              • Instruction Fuzzy Hash: 62116D70A0A64E8FEB5AEF6488686B97BA0FF19304F0105BBD41DC71A2DE746654CB50
              Function 00007FFD9B8C06B0 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53772da82c52a818ed2a541c7d477f80c4fb721e3e7f13f56044a7710a5a3ced
              • Instruction ID: d2d7cf00a89224a4ee5f54b0ee124dafb8b782afb423838763c5059a8506c997
              • Opcode Fuzzy Hash: 53772da82c52a818ed2a541c7d477f80c4fb721e3e7f13f56044a7710a5a3ced
              • Instruction Fuzzy Hash: 6301203070DA0D4FE374976D546957A7AD1EB8C335B19053FE44FC22B1DD28AE8182D0
              Function 00007FFD9B8B4FE9 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7d3ef0324f64f46c5e8584344ac6649dbb02e2babe229a7ad43f066768b4511d
              • Instruction ID: fc37eaafa83e437dd3755da0b7bd90b87c83d878f75c944380ac9c0f2c26d552
              • Opcode Fuzzy Hash: 7d3ef0324f64f46c5e8584344ac6649dbb02e2babe229a7ad43f066768b4511d
              • Instruction Fuzzy Hash: 9C119D31A0AA8E8FEB59EB6488796F97BE0FF19300F0504BED41DC61A2DA3565408B81
              Function 00007FFD9B8B28E1 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a344041133ce4a55c01e277785db93562dd808f400b01e4c121a2dde2aaa2bb9
              • Instruction ID: 2500b0249f597c5eb225e3c0b06ff0693f1c5c45b5d4fc40c4142422772f7813
              • Opcode Fuzzy Hash: a344041133ce4a55c01e277785db93562dd808f400b01e4c121a2dde2aaa2bb9
              • Instruction Fuzzy Hash: B7018031E5955E9EE752ABB4985CAFA7FE4EF1A300F0105B2E41CC6066EA34A2548B41
              Function 00007FFD9B8B4D9D Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ccb0f95c5155aa9eca81688286dfc7e110f3f6566b8c957adab9f96ff6d3cf5a
              • Instruction ID: 48557538131856e69637c378d89473a6903b62cf16aa0f02ed74f165beea1fc9
              • Opcode Fuzzy Hash: ccb0f95c5155aa9eca81688286dfc7e110f3f6566b8c957adab9f96ff6d3cf5a
              • Instruction Fuzzy Hash: 3A11B230A0A65E4FEB55EFB4886A6BD77B0FF18314F0805BED429C31A6DA3462418B81
              Function 00007FFD9B8ABD65 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1d96789c42e5d0b0206b5f347ee01573189bb74ec69afff950cf3f0f61d96f9
              • Instruction ID: 47713b7c5a3d0cc9807f6f6c289f860a1d996bee303e16d58a5d6cee086abb6e
              • Opcode Fuzzy Hash: c1d96789c42e5d0b0206b5f347ee01573189bb74ec69afff950cf3f0f61d96f9
              • Instruction Fuzzy Hash: 0F118E30A0AA4E8FDBA5EF68C8686BD7BE0FF19300F0105BED419C61A1DA35A640C710
              Function 00007FFD9B8B7B14 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f6b3f20cbac816fb79dca2799cac29925ec59d22aa5340c5eba046609938b74a
              • Instruction ID: 7f46641729ae969e311ea662b3994ae81cf7fe79cc17975c0c2cd3c93be2c238
              • Opcode Fuzzy Hash: f6b3f20cbac816fb79dca2799cac29925ec59d22aa5340c5eba046609938b74a
              • Instruction Fuzzy Hash: E911D270E1490D9FDB50EFA8D845AEEBBF5FF48310F10013AE408E3291DB3069868B90
              Function 00007FFD9B8C3CE1 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5f2984844efe78d08f3bae409608e03b943985ce1553bca9bcd1f240ae87963e
              • Instruction ID: 43631909cfab3424ed2d10aa7a88c7a214c28b57add264f9fc22aaa821d906cc
              • Opcode Fuzzy Hash: 5f2984844efe78d08f3bae409608e03b943985ce1553bca9bcd1f240ae87963e
              • Instruction Fuzzy Hash: 7201AD31B2891C8FDB44FB68C855DA873E1EF5C31971104B9E41AC72AADE24E842CB51
              Function 00007FFD9B8B7CC1 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1fd743efb9d1fa6d0c6a23ad6853d108fc8b8a5b37bec8a2ebe86e0646843fa5
              • Instruction ID: d7ab966b8ce74068ce9c3527725cb7e749f4b1d51f83cb8eaf1004ca335dff3e
              • Opcode Fuzzy Hash: 1fd743efb9d1fa6d0c6a23ad6853d108fc8b8a5b37bec8a2ebe86e0646843fa5
              • Instruction Fuzzy Hash: 2C01A134A0A65D4FDB69EF74C4756B97BE0FF19300F1504BED419C60E6DA25A641CB40
              Function 00007FFD9B8B4F5D Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8f442c3025dd59e8022578451ba8daf2eb081f559a10dc15865c4c5e24a7b3ce
              • Instruction ID: 0c83eb6a993d5f0ba9edb8b8e16aed2de20cb2d605a1c78a597a6783f431aa79
              • Opcode Fuzzy Hash: 8f442c3025dd59e8022578451ba8daf2eb081f559a10dc15865c4c5e24a7b3ce
              • Instruction Fuzzy Hash: 0D11B630A0955E8FEB55DB7488665B977A0FF18304F0505BED419C72E6DA64A640CB41
              Function 00007FFD9B8B5F97 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4a2077550f5cdce0468babd8044c80e52243cefb3b0753391777b8a1fadcf3c8
              • Instruction ID: 81f9421ddd37363723bed4a5b8104d53aa3ee101fc84a6ca5d2aecc0bd82cd98
              • Opcode Fuzzy Hash: 4a2077550f5cdce0468babd8044c80e52243cefb3b0753391777b8a1fadcf3c8
              • Instruction Fuzzy Hash: 33110630B0A40F8AEB69EB64D4355F9F361FF48300F2145B9D81EC71DADD35B6408A80
              Function 00007FFD9B8B7461 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 793c7d0130078faf044ae5b518f6b17c3937b49b941b9592510bc76e10bcc6e0
              • Instruction ID: b289df1ebfcfe6cea35c5fbaeaea8d55f0598425071200d7456156d43602b8b8
              • Opcode Fuzzy Hash: 793c7d0130078faf044ae5b518f6b17c3937b49b941b9592510bc76e10bcc6e0
              • Instruction Fuzzy Hash: 4411A534A0EA5E4FE755EBB4C8586A97FF4FF19301F0504B6D418C71A5DA38A6448B50
              Function 00007FFD9B8B8958 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 299f86e7f5e72510ebf44309f61d4360c1c1d7496d6365dfac0d61d401340997
              • Instruction ID: f72f3aae47e34a3a2aed1c4d011e37babfe1b6d8abaff4c8e59c870fe0b2a6e9
              • Opcode Fuzzy Hash: 299f86e7f5e72510ebf44309f61d4360c1c1d7496d6365dfac0d61d401340997
              • Instruction Fuzzy Hash: 61110A70A15A0E8FDF98EF68C459AFA77E0FF58305F11057AE41AD31A4DB34A550CB41
              Function 00007FFD9B8C3D53 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e1fe02b0d63bf17141ba97e1927f178aaa8f8d80aa2adab461f2574731b9ab75
              • Instruction ID: 8882a2fa05a0ea99a847da4db3f8296a7ab0caac6fd12de27a084aaaaae8b24c
              • Opcode Fuzzy Hash: e1fe02b0d63bf17141ba97e1927f178aaa8f8d80aa2adab461f2574731b9ab75
              • Instruction Fuzzy Hash: 92019E31B1854D4FCF44FB2CC8659A873E1EF4821971104B9E00AC72A6DE24EC42CB41
              Function 00007FFD9B8C5641 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 349291084d922cd757c1bf528b65f3ceb80ef370e234ef8720f7cdc2571f3564
              • Instruction ID: cb63e69fb79bb657d79c9016631560e6250437b0280c86311bce0d6d1d6fbbd4
              • Opcode Fuzzy Hash: 349291084d922cd757c1bf528b65f3ceb80ef370e234ef8720f7cdc2571f3564
              • Instruction Fuzzy Hash: D4014C7091964E8FDB95EF68C85A6FA3BE0FF19305F11056BE818C71A1DB3495508B41
              Function 00007FFD9B8C4B1E Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f98703848509a85f1927b0797fd9e212020ac3a1734e56acbed858c000561510
              • Instruction ID: 03b8b5e33ca8d6b33d180d471ef58887e79f58245f4436c3338843c52fdcaa0a
              • Opcode Fuzzy Hash: f98703848509a85f1927b0797fd9e212020ac3a1734e56acbed858c000561510
              • Instruction Fuzzy Hash: 1811A0B2E0560E4FEB18EF88C8A06BC77B1EF58350F44013AD41A9B2E6DE386945C740
              Function 00007FFD9B8A2DB1 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b47a9e3482ec05453f5d69bb32280874cad14e36dd024b7315cdc5d11cbb3daa
              • Instruction ID: 5e786fdf803e11aa655322abe3e3585799ae5ccc8b9ab27cc464a96aea236a11
              • Opcode Fuzzy Hash: b47a9e3482ec05453f5d69bb32280874cad14e36dd024b7315cdc5d11cbb3daa
              • Instruction Fuzzy Hash: 9D01A230A0A10E8FE761EFA4C5596A97BE1EF19310F0649B6C40CC71B7EE38E5818710
              Function 00007FFD9B8A05D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a7da57e47d30838fbc07347e51bfae0c1918d163a558c67cd996801b444e27ca
              • Instruction ID: 45dc3b22a06f316554dd12a2e5a52d69d31ffbc87a5558778bcf40f2c89c3ef5
              • Opcode Fuzzy Hash: a7da57e47d30838fbc07347e51bfae0c1918d163a558c67cd996801b444e27ca
              • Instruction Fuzzy Hash: B6019E30A4A50E8FEB68EF64C0656B977A1FF5E304F11047ED40EC21A5CA36A650CB50
              Function 00007FFD9B8B2371 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6878fd649124e402d2e86123fb3f16d3cad6102d5d3de13c1f72bfadc14ec741
              • Instruction ID: ae79b62dcb487fc7360413ccddff1b901e99269fa5b2f299e484614da305ddf3
              • Opcode Fuzzy Hash: 6878fd649124e402d2e86123fb3f16d3cad6102d5d3de13c1f72bfadc14ec741
              • Instruction Fuzzy Hash: 0901B531A0A64E8FDB59EFB4C4695F97BA0FF1D304F0104BED419C60E6DA35A544CB41
              Function 00007FFD9B8B87F3 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 840c23a068612727fcb2cbfb0d6b4794428ebf5439aa868ce04b62a507c2708f
              • Instruction ID: b0cb94709235dce4363b89ef24c6b15003118536e31369b666679948c8404064
              • Opcode Fuzzy Hash: 840c23a068612727fcb2cbfb0d6b4794428ebf5439aa868ce04b62a507c2708f
              • Instruction Fuzzy Hash: 7B011E35E1952DCFDFA4DF588851BED73B1FB59301F0040A6D05DE3291CA34AA968F91
              Function 00007FFD9B8AAF98 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8b5b31e3e13a13ab92b60e1dce139fe3246f588c05180d2ef199707c09cdbf3e
              • Instruction ID: afdb7edddbb65ea22555d210f0a6707b2842ccdc8eb67f745d853568cc184c3a
              • Opcode Fuzzy Hash: 8b5b31e3e13a13ab92b60e1dce139fe3246f588c05180d2ef199707c09cdbf3e
              • Instruction Fuzzy Hash: 4A014830A1590E8EEB94EBA8C8696BA76E4FF18304F11047AD42ED21A0DB34A6508A10
              Function 00007FFD9B8C5EA9 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 88a576befd732fdce88519af8dcfee740de2d254f37afa7c58c67a551e332b70
              • Instruction ID: 4bc38294598363bf376ead83eb81bd2492696dd495d0cd130a03d0f647eb97ea
              • Opcode Fuzzy Hash: 88a576befd732fdce88519af8dcfee740de2d254f37afa7c58c67a551e332b70
              • Instruction Fuzzy Hash: 60017571719A098FD7A8EB6890515A5B3E1FF5824075049BEC04AC35E6DE35F445C780
              Function 00007FFD9B8AC550 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 02e89e5bf7a2dd59d0d6d1d7ee3785c6a404510f346ccd5cd56848dcbaff7b39
              • Instruction ID: 8166f1bf77a7122ab0ed1360dac5324308bdbfbdb8bb29d273c2c834a03a528e
              • Opcode Fuzzy Hash: 02e89e5bf7a2dd59d0d6d1d7ee3785c6a404510f346ccd5cd56848dcbaff7b39
              • Instruction Fuzzy Hash: BE011E70E1590E8EEB98EF64C8696BD77E4FF1C305F11087AE41DC21A5DE35A690CB10
              Function 00007FFD9B8A2E29 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eeca2d9e941a6257f07145a48bfc70129bc4879dc220aaed3e3f4e6722c8be7c
              • Instruction ID: 42118ed49a8c74f6ff8f475ab339526cb2ec2464115df208c7bc5533e533e76e
              • Opcode Fuzzy Hash: eeca2d9e941a6257f07145a48bfc70129bc4879dc220aaed3e3f4e6722c8be7c
              • Instruction Fuzzy Hash: 5701D430A0E64E4FE762EFB489685A93BE0EF1A300F0605B2D408C60B7DA28A6948710
              Function 00007FFD9B8AABB9 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a8c67daf655736dbf5aede7f411ba6237d4f0b661537ec7f3c0b4ab8a52cd568
              • Instruction ID: 46f2502ef519f6a15dbbbc8b218baa71fea9aeb8286fb2ec47e8e4a688263d3d
              • Opcode Fuzzy Hash: a8c67daf655736dbf5aede7f411ba6237d4f0b661537ec7f3c0b4ab8a52cd568
              • Instruction Fuzzy Hash: 6F016730A5E64E5FE761EBB488596E97BE0EF0A304F0649B7D40CC74B6DE38A6448711
              Function 00007FFD9B8A278D Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: beeddcd2ef57922e0220df8dcf656d50dc46d3f08792815b13f010e007aec014
              • Instruction ID: 4940267325a5b4a9e880eed3420e5a7534d7d6011825af61b31d3c936420ed16
              • Opcode Fuzzy Hash: beeddcd2ef57922e0220df8dcf656d50dc46d3f08792815b13f010e007aec014
              • Instruction Fuzzy Hash: 0F018430A1E64E8FE761EFB488695A97BE0FF59300F0645BAD40CC60A6EE34F6448B51
              Function 00007FFD9B8A0610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b08714521934624829fc4be4de468c7ef3f28359d6430389a5a6f5ec735ce46a
              • Instruction ID: ca5bce82ca9da0d93308afcb616d5c03d8b84dc2bb6a96a2e5129e1cfafe42cb
              • Opcode Fuzzy Hash: b08714521934624829fc4be4de468c7ef3f28359d6430389a5a6f5ec735ce46a
              • Instruction Fuzzy Hash: 33018130A1950ECAEB68EFA4C5686B973E0FF1C304F51087ED41EC61E5DE35B650CA10
              Function 00007FFD9B8A0608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 95a34adb396a657a05268b2b71c76191efd50f9362c04f7fb9d8172899633f5e
              • Instruction ID: b19d3ee9ef104a24c2171fc068fac4e2ac8bcad808a9c3ca17ca29d7fdbae3f1
              • Opcode Fuzzy Hash: 95a34adb396a657a05268b2b71c76191efd50f9362c04f7fb9d8172899633f5e
              • Instruction Fuzzy Hash: 68018630A1A50E8ADB68EFA4C5686B973E1FF1C304F11087ED41EC21E5DE35A250CB10
              Function 00007FFD9B8A1140 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b3c6ae801bc118f61fd4c3b7ff1501b6efd67dd2a9baded56b10c5feb7b58c1
              • Instruction ID: 89d7ad0f724e8bac58fbbe65a9c98711be34fea67353c823573ee3d5f664bad2
              • Opcode Fuzzy Hash: 2b3c6ae801bc118f61fd4c3b7ff1501b6efd67dd2a9baded56b10c5feb7b58c1
              • Instruction Fuzzy Hash: E7F0CD70F1E61E49FB656BA898643FA7BE4FF5A315F00157AD41DC10E1DF341214C651
              Function 00007FFD9B8C03F8 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f95b651bb32315b86dcd5607d0ed8bfc76facd380ab246980b750b151c304f3
              • Instruction ID: 9bbc9cfb62310995398f96e208e87a611afea55ae2fe7104c3e8ba8e59c1ea7b
              • Opcode Fuzzy Hash: 4f95b651bb32315b86dcd5607d0ed8bfc76facd380ab246980b750b151c304f3
              • Instruction Fuzzy Hash: B3F02750F2E91D4BEB7857AC646403A65C0EB8C724F51033BE40EC32A4DC0C6D0141C5
              Function 00007FFD9B8C95D3 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 35f0c97cea8e31861aeabc62df419b609baf18d8abf0654b0a06f338f43197ad
              • Instruction ID: f479ff78ca0c1acc1098c025cff2e8bd3a880fbfdc7993ee8a58f8ce479e022a
              • Opcode Fuzzy Hash: 35f0c97cea8e31861aeabc62df419b609baf18d8abf0654b0a06f338f43197ad
              • Instruction Fuzzy Hash: DBF086A5E1E95E4EEB62EB98C4758FD7BA0FF49300F0108F7C09E961D1ED2525009350
              Function 00007FFD9B8A1BFD Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 25ff1c2852c487c384ff18bd1ee263c7b89887b47d7cf7939c1468df4c895ef2
              • Instruction ID: a678c46b6ae33513e9d5050bc14694dc905e08ca9d346fe0e8293587d89ddb18
              • Opcode Fuzzy Hash: 25ff1c2852c487c384ff18bd1ee263c7b89887b47d7cf7939c1468df4c895ef2
              • Instruction Fuzzy Hash: 8B01A470A0A68E8FEB65EF64C4656F97BA1FF5A300F4610BED80CC61A2DB399650C740
              Function 00007FFD9B8A05D0 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cccba308e054a72b3b889a9bc308392214b3e5dcdaea689efdb3dc5f8e75ff02
              • Instruction ID: 9a59c06145312286ff65f3ff8fbf49cd257c3fe282807071647679da7296fd84
              • Opcode Fuzzy Hash: cccba308e054a72b3b889a9bc308392214b3e5dcdaea689efdb3dc5f8e75ff02
              • Instruction Fuzzy Hash: A5F0F630A0A65E8FEB68FF64D4256FA77A4FF1A308F01047AE80DC30E1DA35A660C740
              Function 00007FFD9B8BBBD2 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b1e6c5e8d02b70cb08f0356d7fe293aea4cf264420fdaf9c0b002a7aaa7f9586
              • Instruction ID: 9871f835aa1163ce6c26bbd35d98d77f5d5b54cca3ed5e27af8b808ad846a418
              • Opcode Fuzzy Hash: b1e6c5e8d02b70cb08f0356d7fe293aea4cf264420fdaf9c0b002a7aaa7f9586
              • Instruction Fuzzy Hash: 4CF0963154F2C99FD722DBB088359D67FA8EF47214F1900F6D495C70B2C96D1646CBA2
              Function 00007FFD9B8AC1FA Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 42e37ab4ec0effaf4988457a4ec596ac997f9991eb922ee7a207f8fbf0f83e85
              • Instruction ID: 2eba903aecd92a8de6ce53f97f7eef01b856481ba59e05c161e6d91cb7b3e384
              • Opcode Fuzzy Hash: 42e37ab4ec0effaf4988457a4ec596ac997f9991eb922ee7a207f8fbf0f83e85
              • Instruction Fuzzy Hash: D0F03631E5A55F4EEF94EFA89C691FD76E4FF18300F01057AD82DC21A1DB7456548B40
              Function 00007FFD9B8A271D Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: acf354c8a0d0bdb1ea1f0d82dd697f496413eaa308fc91e3dca83e663c765e9e
              • Instruction ID: c6e16099f2ccd86971438660903d6b96cd540fc0ab9ef3655b7132697d54c484
              • Opcode Fuzzy Hash: acf354c8a0d0bdb1ea1f0d82dd697f496413eaa308fc91e3dca83e663c765e9e
              • Instruction Fuzzy Hash: 0FF0F630A0E78E8FEB699F6888241A93BA0FF09300F4105BED419C51E2DB38A640CB01
              Function 00007FFD9B8AF27A Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AF000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8af000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 850105fc103fad42c0259a9c2a142610902b23fa7a2785f9871cb8d9fe59b5d2
              • Instruction ID: 6613ab3fc29015b831fc6093f319104eb029d7c4ab845d03068fd2873cff9c30
              • Opcode Fuzzy Hash: 850105fc103fad42c0259a9c2a142610902b23fa7a2785f9871cb8d9fe59b5d2
              • Instruction Fuzzy Hash: 66F03171E19A1D4FDBA4DF58D8697B977B1EF5C311F1001EA944DE22A1CE341A80CF50
              Function 00007FFD9B8A26A9 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a70346a48f3ba45eb1c49b459cdc300c7373d7d012349690f7d3dd8aa7773e7
              • Instruction ID: 47d474765b6f2a9cfb03ac8d35c899a9a4408f3e1a20998c39adc50bed8d535b
              • Opcode Fuzzy Hash: 3a70346a48f3ba45eb1c49b459cdc300c7373d7d012349690f7d3dd8aa7773e7
              • Instruction Fuzzy Hash: 68F0683194F78D8FDB699FA489391A93BA0FF1A204F4604FAD409C60E2DA285554C711
              Function 00007FFD9B8C19BB Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 18048dc7a2e8a386e1e285e2cf9294e24522a7dcf077d83a87ca2e5cbd43e9fe
              • Instruction ID: b821851246675bd19dc9cc15ae6a5139cb3f600fd919532c0a04bee4a7bddb03
              • Opcode Fuzzy Hash: 18048dc7a2e8a386e1e285e2cf9294e24522a7dcf077d83a87ca2e5cbd43e9fe
              • Instruction Fuzzy Hash: 28F0A070B0F60A8AE7397BB080702B973A1EF48341F11457FD49F868E1CA39A6458A41
              Function 00007FFD9B8C5D37 Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5f78da2655a230c854eb7ab48ac4ac2c4a03168f17e107ee64bdf18a79ba2a91
              • Instruction ID: fa2b3ba326cdf4aea74af3b3388662d1e59693935468244f87016040029101a4
              • Opcode Fuzzy Hash: 5f78da2655a230c854eb7ab48ac4ac2c4a03168f17e107ee64bdf18a79ba2a91
              • Instruction Fuzzy Hash: CDF0273220D78A8FE726A35CD8227E4B791EF42324F0A03BAC004CB2E2C56D9181C341
              Function 00007FFD9B8C7CD9 Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 351da63f21204212b9695159b03e1bee6ad76a527da78a1dfcb36b85a8c491be
              • Instruction ID: aafe11e34382e30ca9b4f4a84dd4ccd666eedba320cb2460bbf7b822203e9f25
              • Opcode Fuzzy Hash: 351da63f21204212b9695159b03e1bee6ad76a527da78a1dfcb36b85a8c491be
              • Instruction Fuzzy Hash: 3DF0FE94B0F2CB8BE33A2BB419311782A605F4A250F6704B7D24BC61E7EC0C1A556352
              Function 00007FFD9B8C3BF9 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3d86f9aa6401ebba314377a14ecf88fcb58d4577042cbe5aaaf20e8632523b5c
              • Instruction ID: 90ee1496b79026e94a39a9d7aa116ee81be11e47ecbb78a450e40faa23c27a50
              • Opcode Fuzzy Hash: 3d86f9aa6401ebba314377a14ecf88fcb58d4577042cbe5aaaf20e8632523b5c
              • Instruction Fuzzy Hash: EFF03095A4F3DA5FE72223B549360BC2F609F6A700B8B06F7C089CA1E3DC1D2A475352
              Function 00007FFD9B8B834C Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5f90ee2a35d2af55d7e360d3a2e5039dd5d8199769b38580806ccc87d127f980
              • Instruction ID: 793c1c0a843ab3902b0f1b223ae7f8e7a6d1f417bf6ca387406df0df39aab06b
              • Opcode Fuzzy Hash: 5f90ee2a35d2af55d7e360d3a2e5039dd5d8199769b38580806ccc87d127f980
              • Instruction Fuzzy Hash: 1FF0DA71E15A2D4EEBA4EB6888557ADB3B2FB59300F5140E9844DD2262DE306EC18F01
              Function 00007FFD9B8A0F49 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 82160e576df5ebcd0dac56e030179aa146e31cf83baa663efd093f9f233e68c4
              • Instruction ID: 507b3b6d7198ab83da99ef890c6b992fd1072ca5d01a70c3457ea1287521b60d
              • Opcode Fuzzy Hash: 82160e576df5ebcd0dac56e030179aa146e31cf83baa663efd093f9f233e68c4
              • Instruction Fuzzy Hash: 47F03030A1951ECBEB64EB44D860BFE77B1FB58301F2102B5C00EA32D5DE74AA85CB90
              Function 00007FFD9B8C449D Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a5446ef2936f28ed78de0c57a44c1ef32aca5e191998311e5720140469561227
              • Instruction ID: ee60d2cd566b45c689b6a206e62862aa18a0f803ddb845848f708de1d36b9f46
              • Opcode Fuzzy Hash: a5446ef2936f28ed78de0c57a44c1ef32aca5e191998311e5720140469561227
              • Instruction Fuzzy Hash: 46E0B64294F7C94FD31723B40C790647F706E5B220B8F41DBC584CA1E3E54D59898323
              Function 00007FFD9B8A16A0 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d6cf9797388896da03f38a9e074d656f7ccc1dac019205c0e4e67546ed29bc1c
              • Instruction ID: b66de3eb33a3edc0d302bf477add3388e40ebb4e7e52ca267d462213c8bd173d
              • Opcode Fuzzy Hash: d6cf9797388896da03f38a9e074d656f7ccc1dac019205c0e4e67546ed29bc1c
              • Instruction Fuzzy Hash: 80E0ED20F0A48A4AEB7477998495674A1D19B4A314FBA8675F11DCA2F1EB2CEE82C211
              Function 00007FFD9B8C6E50 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b9d6b24c254bbc915d42f9cdaaaca48490278cb8bd37efcf671df5db141f017a
              • Instruction ID: bc7403d2c3e5e5eefadd461884a5115eb85a51bfe32b0a62f4e94bec0c2200dc
              • Opcode Fuzzy Hash: b9d6b24c254bbc915d42f9cdaaaca48490278cb8bd37efcf671df5db141f017a
              • Instruction Fuzzy Hash: 10F0FFB4D1961D8FDBACDF98D8A1AECB7B1BB58301F60416ED11EA7351CA342A80CF44
              Function 00007FFD9B8C2C70 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 83b32896a4391f330dde9f375cb6bd53592272876e2c6c09f3cb8a2ee20ba5b2
              • Instruction ID: 8b9fb0602d058c73c999b2c31f00a982fd31db299cff1eb4a93bdee2b9086109
              • Opcode Fuzzy Hash: 83b32896a4391f330dde9f375cb6bd53592272876e2c6c09f3cb8a2ee20ba5b2
              • Instruction Fuzzy Hash: F3F05F70D1962D8FDBACDF98C8A1AECB7B1BB4C301F20016E900EA7381CA342A40CF04
              Function 00007FFD9B8C0AC8 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: da71f46f20835cc8bd052eeb37af0d285dfc7ea8b03dc184948bcdc0a8828fc5
              • Instruction ID: c014a3491d2289df4b8e6734ed53b2ac6e1a4dd6dedc7a75b258cf90580fba40
              • Opcode Fuzzy Hash: da71f46f20835cc8bd052eeb37af0d285dfc7ea8b03dc184948bcdc0a8828fc5
              • Instruction Fuzzy Hash: 94E09298B1F04F83E7797FE4293113C10415B4C750F72097BE60F821E9EC0C27412242
              Function 00007FFD9B8C3C10 Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfe33828d2501bd8fde468c0a23cdfcf188dd5e718f2562b3e32c34dcc298946
              • Instruction ID: a87090357bce838c742899a12ca5f88000dda0645db05d02d1040b1aee943541
              • Opcode Fuzzy Hash: cfe33828d2501bd8fde468c0a23cdfcf188dd5e718f2562b3e32c34dcc298946
              • Instruction Fuzzy Hash: C9E099A0B1F58F82E7B877A419320BC10811B4C704FA2093BA00BC62E2EC2D66A23246
              Function 00007FFD9B8AB2DF Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8c590570924a1fe199755ad6aaba959c6634ca4e52563d0d67dae345fb565624
              • Instruction ID: b2ba7a85d0df5c0eb1f8e9b03bc29bd1d9cc91303398cf409188a882440ab9f1
              • Opcode Fuzzy Hash: 8c590570924a1fe199755ad6aaba959c6634ca4e52563d0d67dae345fb565624
              • Instruction Fuzzy Hash: 24D09B3091E91E8ADB74EB94C850FF9B364EF18300F5192F5C00DD2196DD346AC64B50
              Function 00007FFD9B8BFAF2 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb3598f116423f08e1cbc835fb6a973f0437ef540f91559fc705e604944cd91d
              • Instruction ID: 06ae16d05fdd717003696181bf31b95c4f8a556479db1810bea16b0cb45f7ca9
              • Opcode Fuzzy Hash: fb3598f116423f08e1cbc835fb6a973f0437ef540f91559fc705e604944cd91d
              • Instruction Fuzzy Hash: 10C01220B1E6AE8FD3676F7408201B812809F0D30472108B6900EC72AAC8295A4042A0
              Function 00007FFD9B8B53EB Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e6640807879b62b75ef96a86bcabc2d856b3be082ea0e191ddd14c8db464fb9b
              • Instruction ID: e632547a775b3ed7d2616508ae34194bb75be170988f357366273b06d556387d
              • Opcode Fuzzy Hash: e6640807879b62b75ef96a86bcabc2d856b3be082ea0e191ddd14c8db464fb9b
              • Instruction Fuzzy Hash: 96C01292E0942D4EEB64DB5C48AA2F816D1EF1C204B551131D008D3161DE1424124700
              Function 00007FFD9B8BD39B Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4df3d5426a5cbd7c111e9eb6d1bf0f3efd5ab79cdc683058eb422a10010bb25b
              • Instruction ID: a4ab81991de2483ed553cd70dc1bcff04bca8e5cb5108018f416cb6c0a1e10de
              • Opcode Fuzzy Hash: 4df3d5426a5cbd7c111e9eb6d1bf0f3efd5ab79cdc683058eb422a10010bb25b
              • Instruction Fuzzy Hash: 93D09225B0FA2FA5F5785BA14170A3D11915F4C304F26007DC45F418E2DD28B6416B82
              Function 00007FFD9B8C0A98 Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b53f4e1eda8f120e507b66129b9c3c8b264c1dda369605084a08c5ef5abaef02
              • Instruction ID: dc1694f3564fc7deca8fa1cf6c8d7447466eb872f305683a0aca8bfec5371e41
              • Opcode Fuzzy Hash: b53f4e1eda8f120e507b66129b9c3c8b264c1dda369605084a08c5ef5abaef02
              • Instruction Fuzzy Hash: A7C002C8E2F50F81F7343BE1097247810406F4C310FA74173D50E402E35C0D23942243
              Function 00007FFD9B8C5D28 Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3e62c51e5c8235a9f5ba8398ea9c276252ff92c777e400897c2d3407b381002b
              • Instruction ID: ebeef21fd801ef7ed15e723f7ef7ca3d998213bc519afdfd09fb2d3159814c23
              • Opcode Fuzzy Hash: 3e62c51e5c8235a9f5ba8398ea9c276252ff92c777e400897c2d3407b381002b
              • Instruction Fuzzy Hash: BAC040B061A50797E7356750802157552615F48344F21483AD10F476A5DD39B9429640
              Function 00007FFD9B8C3BED Relevance: .0, Instructions: 7COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfe4cc1a2bbc50b957f90769f5bcb9c5c5eacf6908f251b1c7d9a02c2634fe19
              • Instruction ID: d5547d72159106f3b491fd97be8a31784ce2ab9e4552db6f110bfb9c66da0167
              • Opcode Fuzzy Hash: cfe4cc1a2bbc50b957f90769f5bcb9c5c5eacf6908f251b1c7d9a02c2634fe19
              • Instruction Fuzzy Hash: 5DB09280E0F50FA0EB3033D9087317800402F4C310FA70072C00E400A25C2F27826042
              Function 00007FFD9B8C1BEB Relevance: .0, Instructions: 6COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 688a5b8aa9fcece42449d4d7b3d68e9d5408baaeea75ef5f28ba6589da370ea5
              • Instruction ID: 4418cb5377d5da3a6b37c8f3431c6d88041488933539cb1080a56f18b4472c13
              • Opcode Fuzzy Hash: 688a5b8aa9fcece42449d4d7b3d68e9d5408baaeea75ef5f28ba6589da370ea5
              • Instruction Fuzzy Hash: 18C04C3050F2859ED322777484611783BA45F0720475605B7D094861A7C9296519DB55
              Function 00007FFD9B8C7A7A Relevance: .0, Instructions: 6COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a925b9efb6f5e28808bb2f14e46bc4e08ad1d8ab6ea0f620511760f1853e1f69
              • Instruction ID: 4a99a3dd047764d54b1e455e45daf09ce33bc4defead860c7b1198764a3cd628
              • Opcode Fuzzy Hash: a925b9efb6f5e28808bb2f14e46bc4e08ad1d8ab6ea0f620511760f1853e1f69
              • Instruction Fuzzy Hash: FEB01274B0A1098AD3B53B74202013810916F4C200B21047FD00EC22A2CD3995819104
              Function 00007FFD9B8BC8E1 Relevance: .0, Instructions: 6COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b7000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0e730ab2157b4d797773b2b4e7b4029a1790f1020a7bfd4f29e6fe6074300d5b
              • Instruction ID: 78404609c13019025c64f34047f80f8d5220b3d3e7dea12efc439ab68973deba
              • Opcode Fuzzy Hash: 0e730ab2157b4d797773b2b4e7b4029a1790f1020a7bfd4f29e6fe6074300d5b
              • Instruction Fuzzy Hash: 0EB09210F0E22B66E13402F0046803D00800B4C204BA20A30911A851E2DC582A001DD0

              Non-executed Functions

              Function 00007FFD9B8ACFBE Relevance: 7.6, Strings: 6, Instructions: 138COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8aa000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID: ",$(,$0,$8,$@,$H,
              • API String ID: 0-693994019
              • Opcode ID: b94b2419878e5e97e860ca879bf188ef31f3eda34dafce8f27cdb66080bdda38
              • Instruction ID: 0ebbc3655601ca6d62117d54427c7715af2ea80a4b655d078d6b4a8228f4fb50
              • Opcode Fuzzy Hash: b94b2419878e5e97e860ca879bf188ef31f3eda34dafce8f27cdb66080bdda38
              • Instruction Fuzzy Hash: DA513E70E0960D9BEB58EBD8C865AFDB7B2FF59300F104179D019E72D6DE3829428B91
              Function 00007FFD9B8AF4C0 Relevance: 7.6, Strings: 6, Instructions: 77COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AF000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8af000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID: 3$6$[$f$h$k
              • API String ID: 0-1429170600
              • Opcode ID: e4bcd8f167426c5306d762b92ad5d39d1f11d1e9340cb37601f05686d537ad97
              • Instruction ID: 25ae8943b02a1dd5e11ce32e8ce41a46c04ccea467e04c0578fc6923f9828f01
              • Opcode Fuzzy Hash: e4bcd8f167426c5306d762b92ad5d39d1f11d1e9340cb37601f05686d537ad97
              • Instruction Fuzzy Hash: 48419270E0966E8BEB68DF54C8A47EEB7B1BB48301F0041E9D00DA6690CB795B84CF14
              Function 00007FFD9B8B14E8 Relevance: 5.1, Strings: 4, Instructions: 80COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8b1000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID: "$#$[${
              • API String ID: 0-2794738965
              • Opcode ID: 5656cafb9a99d23fc3872ba3d4db1be28688e972bf5a0cdeff9d53470ac57958
              • Instruction ID: e05655acb6bcf2792aa857f65a3e934f2e2751610fdc7128d4dfb0433f375753
              • Opcode Fuzzy Hash: 5656cafb9a99d23fc3872ba3d4db1be28688e972bf5a0cdeff9d53470ac57958
              • Instruction Fuzzy Hash: D931FB70E1522E8EEB74DFA5D8657FDB7F1AF08301F1144BAD00EA6291DA385A84DF90
              Function 00007FFD9B8AF3D5 Relevance: 5.1, Strings: 4, Instructions: 72COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2005265762.00007FFD9B8AF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AF000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8af000_hDKY4f6gEA.jbxd
              Similarity
              • API ID:
              • String ID: 9$]$_$k
              • API String ID: 0-2668722999
              • Opcode ID: 122b333312c6c88ae70c51f130c022560cf2f0aa3b85e2dbb40a98069e4b575f
              • Instruction ID: 77f50663dae311099226eb39932f4ea735716c4a643aa1c601379a8c8cfa21eb
              • Opcode Fuzzy Hash: 122b333312c6c88ae70c51f130c022560cf2f0aa3b85e2dbb40a98069e4b575f
              • Instruction Fuzzy Hash: 5D31D570A1962D8FEBB9EB54C864BA8B7B5FB08305F1041E9D00DE3295CB386B85CF10

              Executed Functions

              Function 00007FFD9B8834C5 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID: N_H
              • API String ID: 0-343878021
              • Opcode ID: db1ef7fdda48f36d5e0150240a3867f9787514f8f361eeae489d2d32740cf13b
              • Instruction ID: 4e6462416453f4698585016af25bb0f1dda70ec8752e95da6758ff6faae77eb0
              • Opcode Fuzzy Hash: db1ef7fdda48f36d5e0150240a3867f9787514f8f361eeae489d2d32740cf13b
              • Instruction Fuzzy Hash: 5D91C071A1C94D8FEB98DBACD8657ADBBE1FF99340F4101BAE019D32DADB7428018741
              Function 00007FFD9B8803BD Relevance: 1.3, Strings: 1, Instructions: 84COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID: sS^
              • API String ID: 0-472316317
              • Opcode ID: 513c6ce2b41565229a825515947654bcf7259997de5af68a9fc3bb78b2907694
              • Instruction ID: 77f115c34f2c5ef8f1dd879b986971d4ea315ed857f44ae71eecc7d0335fc653
              • Opcode Fuzzy Hash: 513c6ce2b41565229a825515947654bcf7259997de5af68a9fc3bb78b2907694
              • Instruction Fuzzy Hash: 0D213782B0FDD32FE7565B790C654586FA0BF2264475D80BFC0B84B0E7D915E80A8385
              Function 00007FFD9B880498 Relevance: .4, Instructions: 416COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b49337d4dfc278c249ba835156338daa55c72d3c69aac90d8e24beb225c838f1
              • Instruction ID: f0f4875f74ac4e763a3aa6578532e94a3edbaf4542b50f828b1753986c5a2dd8
              • Opcode Fuzzy Hash: b49337d4dfc278c249ba835156338daa55c72d3c69aac90d8e24beb225c838f1
              • Instruction Fuzzy Hash: 51C12943B0FAD64BE72673ADB8755E93F50DF8162870D01F7D0EC8A0E7EC18694A8295
              Function 00007FFD9B8805A0 Relevance: .3, Instructions: 315COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a27e7994dda838596132d92b532f23053e4f410bfc60ac6dfec1d27328b0d70e
              • Instruction ID: 60c520749f6be454b19bac01dcfee58d8358ee5da5218f268f80ce168557d769
              • Opcode Fuzzy Hash: a27e7994dda838596132d92b532f23053e4f410bfc60ac6dfec1d27328b0d70e
              • Instruction Fuzzy Hash: BE914A43B0FAD64BE72673AC78791E92F50EF8566470D01F7E0EC8A0E7EC2469468295
              Function 00007FFD9B88060D Relevance: .3, Instructions: 291COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 90ab26d93983f31c0d97e466d84f70417bb5fdc723948d6152795787b7d20de5
              • Instruction ID: 0bd2fa8c2fe46665a3e117ca1bb20822ce06ef247a67706ed4d8f250db58bb43
              • Opcode Fuzzy Hash: 90ab26d93983f31c0d97e466d84f70417bb5fdc723948d6152795787b7d20de5
              • Instruction Fuzzy Hash: 7A814B43B1FAD54BE72673AC78791E92F50EF8566470D02F7E0EC8A0E7EC2469468285
              Function 00007FFD9B881638 Relevance: .3, Instructions: 286COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb737dbac4c39b00c9774dbe4549db512156a293b4d6b5a786bdf93b15f280c1
              • Instruction ID: b1f36ba2c98b54a3903a1ff84615498232246e835d68acffb43b52ef798a6fa5
              • Opcode Fuzzy Hash: fb737dbac4c39b00c9774dbe4549db512156a293b4d6b5a786bdf93b15f280c1
              • Instruction Fuzzy Hash: 9F81BF31B0DE494FDB59EF5C88A15A977E2FF9C300B15017AE4ADC32A2DE34AD028781
              Function 00007FFD9B880640 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b816097ba809e28b118a4dfec0c0e7fb06af99acbc5702650aa98dd3cddb24a5
              • Instruction ID: ccdf34a3739a44a8426a540f6d7f1e6b2f9d61fee0fc7bc830d838e3f0d5cf0f
              • Opcode Fuzzy Hash: b816097ba809e28b118a4dfec0c0e7fb06af99acbc5702650aa98dd3cddb24a5
              • Instruction Fuzzy Hash: 37714B43B0FAC54BE72673AC7C791E92F50EF8566470902F7E0AC8A0E7EC2569468285
              Function 00007FFD9B8830A1 Relevance: .2, Instructions: 223COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 265a377b7df4ddc4a44bcaef37accdc73bb36cb40d109c63a2bc9af1b793e699
              • Instruction ID: 6999cac84fa3e8db671b38901f67ea66df2ef9c33db4487924c3343ab992f9a6
              • Opcode Fuzzy Hash: 265a377b7df4ddc4a44bcaef37accdc73bb36cb40d109c63a2bc9af1b793e699
              • Instruction Fuzzy Hash: 95819370E0AA5E8FEB55DBA8C4646ED7BF1FF48301F11417AE019D72A6DB38A644CB00
              Function 00007FFD9B8805B0 Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65d0d5481a07edcc2d5c2f5016d81532a0311f687191ca940857949970bb6ef5
              • Instruction ID: 957cc56285c32ae8310cdabbc68a1e0dd0493f9934f6d068085f7e27432a7cfa
              • Opcode Fuzzy Hash: 65d0d5481a07edcc2d5c2f5016d81532a0311f687191ca940857949970bb6ef5
              • Instruction Fuzzy Hash: 0C515E52B1FA964BE72573BCAC791E43F90EF85724B0901F7D0A8CB0E7EC2465458381
              Function 00007FFD9B881C7D Relevance: .2, Instructions: 193COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3256f9cf06220684533c4b99397d351c55ca8067949a6738ed9b892f38cac9f1
              • Instruction ID: 1b3b27ce6207f5e26d8869b962887d9778ba72861e2761c676d552a9e30702a2
              • Opcode Fuzzy Hash: 3256f9cf06220684533c4b99397d351c55ca8067949a6738ed9b892f38cac9f1
              • Instruction Fuzzy Hash: EC51D131B09B894FDB5DDF5888A05BA77E2FF9C300B15467ED46AC7292DE34E8028781
              Function 00007FFD9B882095 Relevance: .1, Instructions: 141COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a22bb4b62e23590e0fb68e8a24d607ff8b988ffe4ef6ad7ae0cee067519a69fe
              • Instruction ID: dc4f9a451e363eeab935d7e4d355df4052882e8a0a049ee9c7e26531710c7e9a
              • Opcode Fuzzy Hash: a22bb4b62e23590e0fb68e8a24d607ff8b988ffe4ef6ad7ae0cee067519a69fe
              • Instruction Fuzzy Hash: 03414A31B0EA4A0FE766DBB894655B977E0EF8A310B4641FBD01DC71E6DE38B9428341
              Function 00007FFD9B880805 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9fd2706c7e8201f0093885631c1c1cb16cbd9b1f9d9beebe016dfbde16fa4600
              • Instruction ID: 81e25d099a5ab138c78b6187769abecc9ec4cd0b6f07ae33b6d035595fc97c26
              • Opcode Fuzzy Hash: 9fd2706c7e8201f0093885631c1c1cb16cbd9b1f9d9beebe016dfbde16fa4600
              • Instruction Fuzzy Hash: 79216052B0E65B5BD71663BCAC796E97B90FF51318F0901B7C06DCE0D3ED249056C281
              Function 00007FFD9B883318 Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4bbce3260368a90fda2149e178b336f4edade80dab1c03c55ae5232436cd989a
              • Instruction ID: f70a66d51c2774d69afdc907a3e58424ccde905ee2dd3a64772bb02a5d0acf5f
              • Opcode Fuzzy Hash: 4bbce3260368a90fda2149e178b336f4edade80dab1c03c55ae5232436cd989a
              • Instruction Fuzzy Hash: 5B21933094E78A9FD752ABB488686A97FF0FF4B310F0505FAD454CB0B2DA389545C711
              Function 00007FFD9B883445 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d8a77f8eb59d4d3da0a50ba588371d055daebf5e733debbdce731fc3dab032d7
              • Instruction ID: 77fb5b7ced72234a0e2aba3404e15285ad97adbd51d50bcf118c1f3683e6eae3
              • Opcode Fuzzy Hash: d8a77f8eb59d4d3da0a50ba588371d055daebf5e733debbdce731fc3dab032d7
              • Instruction Fuzzy Hash: 1A212C30E0AA4E8FDBA9DFA4C8656BD7BA0FF19304F1105BEE42DD61A1DB35A650C740
              Function 00007FFD9B8833C1 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0975b96a49ddfab3e50d9db4a03693708ff64e954088b25daea21e59576f5cc1
              • Instruction ID: 99f6e6ced28a12f6b086e7a8a01104c818222539d8c9a91992ad991ef00bde49
              • Opcode Fuzzy Hash: 0975b96a49ddfab3e50d9db4a03693708ff64e954088b25daea21e59576f5cc1
              • Instruction Fuzzy Hash: 08213C30A0AA5E8FEB65EBA488692B977E0FF18305F01047AE42DD61A1DF35A640C740
              Function 00007FFD9B880A01 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c31bee3f4631c96f713f775c5f267bdf755f656e148529b3aee74ed240c9f9cf
              • Instruction ID: b7279d76647b3944106fbb17dc1212f41bf2cf48b1dff95029a7cbc0ccb46c17
              • Opcode Fuzzy Hash: c31bee3f4631c96f713f775c5f267bdf755f656e148529b3aee74ed240c9f9cf
              • Instruction Fuzzy Hash: B111C431E2A90E4FE7A0EBA8C8595BD77E0FF58700F4245B6D42DC71A6EE34A6418700
              Function 00007FFD9B881F49 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f82adfa7fb02037b18c7a60798cbccc34a80c8af11c3f9d73391ddab66907eaf
              • Instruction ID: 068bfc9a0ef6ee60961f99e329ccf8e3a23723c74f00671ece2d7ecce9b7a6c0
              • Opcode Fuzzy Hash: f82adfa7fb02037b18c7a60798cbccc34a80c8af11c3f9d73391ddab66907eaf
              • Instruction Fuzzy Hash: 4111911164FAC65FDB2367B948744616FA05F0B224B2E46FBD0E8CB0E3DE28594AC302
              Function 00007FFD9B88112D Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 78e59991c0f4ac409996cffb540c90f15cc7ddb74ce0e11ee86663cff79b61c8
              • Instruction ID: 7c5cdaea1c8fc6daec2037c65c0e8bdca6288c26e49423808d934dc1f8ef0e8c
              • Opcode Fuzzy Hash: 78e59991c0f4ac409996cffb540c90f15cc7ddb74ce0e11ee86663cff79b61c8
              • Instruction Fuzzy Hash: E611B674A1AA4E4FEBAAAB68C4686B97BE0FF5D310F0115BED42AC61E1DE356540C700
              Function 00007FFD9B882DB1 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1aa9629faf4fd7bc61215318410b97d4c8c94e1b87d391ce5d332f2dd714bb6
              • Instruction ID: cb3acab141f5c859353ba8ce7aa477b5c2c229bf4c8d685866865cfa62ffdc36
              • Opcode Fuzzy Hash: c1aa9629faf4fd7bc61215318410b97d4c8c94e1b87d391ce5d332f2dd714bb6
              • Instruction Fuzzy Hash: 8901A230A0A50E8FE751EFA4C4596A97BE1EF19310F0645B6C41CC75B6DF38E5418700
              Function 00007FFD9B8805D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8478aae5621f3a6eb39d115afb3daf941f2f7303587ca086d810ae6c1ebd632c
              • Instruction ID: 86fdfafac16d84e891bf3ae835ce066a122bde2edca8d20d1689d19ed2c2a698
              • Opcode Fuzzy Hash: 8478aae5621f3a6eb39d115afb3daf941f2f7303587ca086d810ae6c1ebd632c
              • Instruction Fuzzy Hash: 02015E30A0A90E8FEBA8EF65C4656B977A2FF5D304F51447ED42EC21A5CE36A650CB40
              Function 00007FFD9B882E29 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f18552d4d562238e1babb8caac555936febb1fd214264692c9c6720462cd4188
              • Instruction ID: 9dcd17447e2ef0c99e7f2ec7d6f9fa6318718ba433166b3f142335b78ea5be70
              • Opcode Fuzzy Hash: f18552d4d562238e1babb8caac555936febb1fd214264692c9c6720462cd4188
              • Instruction Fuzzy Hash: 8501D430A0EA4E4FE762EFB488695A93BE0EF0A300F4605B2D428C60F7DA38A5448700
              Function 00007FFD9B88278D Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 618df53fb8df209b60e6130657c8b4395fb5915b684e81230cc413a0c92e2ad3
              • Instruction ID: 05a152da89f0d85e84e9ec2cccac3a5ad98d36fa5710caeccc76fd24f7207ab8
              • Opcode Fuzzy Hash: 618df53fb8df209b60e6130657c8b4395fb5915b684e81230cc413a0c92e2ad3
              • Instruction Fuzzy Hash: 4C018830A1E94D8FE751FFB4C8595A97BE0FF59300F0645B6D418C60A6EE34E5448B41
              Function 00007FFD9B880610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 35b8e270662d16b2eb3426a492cc6f1f3e887b47bb4487c37eef40547bb79786
              • Instruction ID: f8c6b436e33478b2cef21809935da3ec9afb329da0506d84ffcb88e8a30091b3
              • Opcode Fuzzy Hash: 35b8e270662d16b2eb3426a492cc6f1f3e887b47bb4487c37eef40547bb79786
              • Instruction Fuzzy Hash: 63016D30A1990E8BEB58EFA4C4686B973E0FF18304F51087ED42EC61E5DE35A650CA00
              Function 00007FFD9B880608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 13b7a1aea14aef0ec3c54e3f165a066b0722f6072eda1f08ed11d7741b771f01
              • Instruction ID: 0f60c9acf7b0294d29df2bbecea8d80b07cf7e2bf653b7f7e61f2f597ec120e9
              • Opcode Fuzzy Hash: 13b7a1aea14aef0ec3c54e3f165a066b0722f6072eda1f08ed11d7741b771f01
              • Instruction Fuzzy Hash: D9018630A1590E8BDB58EFA4C4685B973E0FF1C304F11087ED42EC21E5DE35A150CB00
              Function 00007FFD9B881140 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4710dc052b7f726fcc366fd71435a6ac9176f7d23a09b8f5c882ea178bde01c5
              • Instruction ID: 74e8a8003de437595f1d5c18354b3910b55d4f463ec8b4e69126cda2822b4189
              • Opcode Fuzzy Hash: 4710dc052b7f726fcc366fd71435a6ac9176f7d23a09b8f5c882ea178bde01c5
              • Instruction Fuzzy Hash: 57F0F974E1AA0E4AFBA6AB9888643FA77E0FF5D214F00153AD42DC10E0DF3422148600
              Function 00007FFD9B881BFD Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 45e6ff20acc08df64131ad574125345d83d2e3beed1925e44f3ccf5ed0f12d3c
              • Instruction ID: dc6161e8be5f8ff54f02f6a5554a6b301a5ae0e7f5ea06729d522f1811f07250
              • Opcode Fuzzy Hash: 45e6ff20acc08df64131ad574125345d83d2e3beed1925e44f3ccf5ed0f12d3c
              • Instruction Fuzzy Hash: 1C018670A0AA8E8FDB65EF64C4655F97BA1FF5D300F45007AD41CC61A1DE759550C740
              Function 00007FFD9B8805D0 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 084410b982bad5d84254e9bcd41370856a3c742b5a8abe65d9ad6cf741030ece
              • Instruction ID: 09d551eb0fd6b86f67f89c13b49ab3267e790c269dad54437cbb57f35549a519
              • Opcode Fuzzy Hash: 084410b982bad5d84254e9bcd41370856a3c742b5a8abe65d9ad6cf741030ece
              • Instruction Fuzzy Hash: F3F0C830A0AA4E8FEB64EF6494255F97795FF1D304F01047AE41DC20A1DE35A650C740
              Function 00007FFD9B88271D Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0e11fe5e23fc65276374e072a20623faaf3f4dbca8023a82a3f7c9869aa878f9
              • Instruction ID: a2f93875757cea9d19f99440a5ee0e2b36e41c346a8be83e89022eaee6bf8a66
              • Opcode Fuzzy Hash: 0e11fe5e23fc65276374e072a20623faaf3f4dbca8023a82a3f7c9869aa878f9
              • Instruction Fuzzy Hash: ADF09C3190EB8D8FDB595F6488251A97BA0FF05700F4105BED429C51E5DB389550C741
              Function 00007FFD9B8826A9 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d5eab37226216aaf7e3fa8964746fbc873b1d2ad14767a7561a5e2bf6a2e9869
              • Instruction ID: cca8f35952c9e9e101fe4b4c7ca86b662dd535627c4f8a1d9b9a1c4fbd9b324e
              • Opcode Fuzzy Hash: d5eab37226216aaf7e3fa8964746fbc873b1d2ad14767a7561a5e2bf6a2e9869
              • Instruction Fuzzy Hash: 99F0683190E78D8FDB59DFA4C8391A93BA0BF06304F4604FBD459C60E2DA389554C741
              Function 00007FFD9B880F49 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6d00edbc9ac6bdae4f6cafbec846fef47fd382a12049b8e80e35d548cf221f37
              • Instruction ID: 909236bbc3f919dbefc95cafcf56d89b8e227eec391c0b9ea20a46a293cac06b
              • Opcode Fuzzy Hash: 6d00edbc9ac6bdae4f6cafbec846fef47fd382a12049b8e80e35d548cf221f37
              • Instruction Fuzzy Hash: 82F01D30A1990ECBEB24DB44D860BAE77B1EB58305F1142B5C01AA3295DE74AA81CB80
              Function 00007FFD9B8816A0 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d6cf9797388896da03f38a9e074d656f7ccc1dac019205c0e4e67546ed29bc1c
              • Instruction ID: 18410e38152b488d1c7cd590a802b96c06982bc284c037170925aa8a57ea08b3
              • Opcode Fuzzy Hash: d6cf9797388896da03f38a9e074d656f7ccc1dac019205c0e4e67546ed29bc1c
              • Instruction Fuzzy Hash: 60E0C920F0AC0A4BEA7477998495674A1D19B4C314FAA8675F03DC62F2EE3CEE82C201
              Function 00007FFD9B885FAD Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.1782290331.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_17_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d65df159a069230d09506b893dd6151e1bfa9dc5e43e7dcc594f2e77961126c8
              • Instruction ID: 2356ccb5546b84afd6d1628d217aaf27afd3e233f98b68797d59b63f57a59735
              • Opcode Fuzzy Hash: d65df159a069230d09506b893dd6151e1bfa9dc5e43e7dcc594f2e77961126c8
              • Instruction Fuzzy Hash: 7CF0F830909D5D8FCBA4EB48CCA46AA77B1FF58302F1111EAC11DE3291DB341A81CF00

              Executed Functions

              Function 00007FFD9B8834C5 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID: N_H
              • API String ID: 0-343878021
              • Opcode ID: b8d3829628fc932f03f2a24813085bbffe2a2bed00d2dc374ce97316c13f6ad3
              • Instruction ID: f987806abed4a03f26afd0a5660bb1bdde77937aa5c2368e3e233ba5f6dca16e
              • Opcode Fuzzy Hash: b8d3829628fc932f03f2a24813085bbffe2a2bed00d2dc374ce97316c13f6ad3
              • Instruction Fuzzy Hash: 8491C271A0894D8FEB98DBACD8657ACBBE1FF99350F4001BAD01DD72DADB7428018741
              Function 00007FFD9B891110 Relevance: 6.4, Strings: 5, Instructions: 118COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID: $"$#$.$[
              • API String ID: 0-1265171129
              • Opcode ID: 8ff43ce39bf247f811d4e5e7917120eb5ad15f13dd197c23f458e0469c6b446c
              • Instruction ID: 63ab3ba76b0524f0920fa802f11c7a0c42f0ce92f8329192398a8f49aab025d8
              • Opcode Fuzzy Hash: 8ff43ce39bf247f811d4e5e7917120eb5ad15f13dd197c23f458e0469c6b446c
              • Instruction Fuzzy Hash: 4651A670E1922DCFEB64DF94C4A47ACBAB1AF48701F2140BAD05DA7291CB385A84DF50
              Function 00007FFD9B891330 Relevance: 2.6, Strings: 2, Instructions: 84COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID: +$/
              • API String ID: 0-2439032044
              • Opcode ID: 25709b54847fb9b595b144da81bec235504d56fcd2c756f37ae5554b0bb5ef42
              • Instruction ID: 97028dbf68a45be0f1f9c892279156592c2938722254b3406258cbeba7f42fb7
              • Opcode Fuzzy Hash: 25709b54847fb9b595b144da81bec235504d56fcd2c756f37ae5554b0bb5ef42
              • Instruction Fuzzy Hash: 54419670E1962D8FEF68DF94C8A47EDB7B1AF58301F1101BAD41DA66A1CB741A84CF00
              Function 00007FFD9B8932F5 Relevance: 1.8, Strings: 1, Instructions: 551COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID: "R^I
              • API String ID: 0-1870646169
              • Opcode ID: 79c3164b029627d1417b0124a675f7960ab519fa000d4c6436c6f3d555fda4c6
              • Instruction ID: aae8e73fa803c18f2f27023ad3231e5cc8cab24a24b3397de5a89fb06a1b98c8
              • Opcode Fuzzy Hash: 79c3164b029627d1417b0124a675f7960ab519fa000d4c6436c6f3d555fda4c6
              • Instruction Fuzzy Hash: 8251E662A0F7D54FEB2397B858791A57FB0EF16214B0944FBD098CB0E7E918A909C352
              Function 00007FFD9B893C15 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID: P,
              • API String ID: 0-1243182354
              • Opcode ID: 5c25d8627bbbfcf72352466938404b5d99b2ef90d208e8654f7e93485392b222
              • Instruction ID: 0aba5da62b963f1f32712fa698f350c568deb53245cc1e1be1aa5659af164678
              • Opcode Fuzzy Hash: 5c25d8627bbbfcf72352466938404b5d99b2ef90d208e8654f7e93485392b222
              • Instruction Fuzzy Hash: CA41E070E0961D9EEFA4EBA8C8657AD7AF1FF59300F5101B9D01DD32A2DE346A818B01
              Function 00007FFD9B8929EB Relevance: 1.4, Strings: 1, Instructions: 116COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID: T
              • API String ID: 0-3785724610
              • Opcode ID: bbb4c9bcb980afe02353986b8a74ca29695cfd725463860ea37b5dae8e640600
              • Instruction ID: 1a85f5d9c919cfa51ac736da343bc94e94c2758d4a61e56907c053fe374aad8c
              • Opcode Fuzzy Hash: bbb4c9bcb980afe02353986b8a74ca29695cfd725463860ea37b5dae8e640600
              • Instruction Fuzzy Hash: 0C419571E0991D8FDBA4EF98C859BECB7B1FB58301F1141BA901DE32A5DE346A948F40
              Function 00007FFD9B8803BD Relevance: 1.3, Strings: 1, Instructions: 84COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID: sS^
              • API String ID: 0-472316317
              • Opcode ID: 513c6ce2b41565229a825515947654bcf7259997de5af68a9fc3bb78b2907694
              • Instruction ID: 77f115c34f2c5ef8f1dd879b986971d4ea315ed857f44ae71eecc7d0335fc653
              • Opcode Fuzzy Hash: 513c6ce2b41565229a825515947654bcf7259997de5af68a9fc3bb78b2907694
              • Instruction Fuzzy Hash: 0D213782B0FDD32FE7565B790C654586FA0BF2264475D80BFC0B84B0E7D915E80A8385
              Function 00007FFD9B88DA69 Relevance: .4, Instructions: 418COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B88D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b88d000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c597a41c83f905e2185603f0d900ed94900cdfa40075b4d58cf75543812e5988
              • Instruction ID: 40147cdd4c67b535912596f7718ce11e268571578da78810eeed67b45910786f
              • Opcode Fuzzy Hash: c597a41c83f905e2185603f0d900ed94900cdfa40075b4d58cf75543812e5988
              • Instruction Fuzzy Hash: 73F12D71E19A5D8FEBA8EB98C8647B8B7B1FF58300F1441BED01DD32A6DA346941CB41
              Function 00007FFD9B880498 Relevance: .4, Instructions: 416COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b49337d4dfc278c249ba835156338daa55c72d3c69aac90d8e24beb225c838f1
              • Instruction ID: f0f4875f74ac4e763a3aa6578532e94a3edbaf4542b50f828b1753986c5a2dd8
              • Opcode Fuzzy Hash: b49337d4dfc278c249ba835156338daa55c72d3c69aac90d8e24beb225c838f1
              • Instruction Fuzzy Hash: 51C12943B0FAD64BE72673ADB8755E93F50DF8162870D01F7D0EC8A0E7EC18694A8295
              Function 00007FFD9B8805A0 Relevance: .3, Instructions: 315COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a27e7994dda838596132d92b532f23053e4f410bfc60ac6dfec1d27328b0d70e
              • Instruction ID: 60c520749f6be454b19bac01dcfee58d8358ee5da5218f268f80ce168557d769
              • Opcode Fuzzy Hash: a27e7994dda838596132d92b532f23053e4f410bfc60ac6dfec1d27328b0d70e
              • Instruction Fuzzy Hash: BE914A43B0FAD64BE72673AC78791E92F50EF8566470D01F7E0EC8A0E7EC2469468295
              Function 00007FFD9B88060D Relevance: .3, Instructions: 291COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 90ab26d93983f31c0d97e466d84f70417bb5fdc723948d6152795787b7d20de5
              • Instruction ID: 0bd2fa8c2fe46665a3e117ca1bb20822ce06ef247a67706ed4d8f250db58bb43
              • Opcode Fuzzy Hash: 90ab26d93983f31c0d97e466d84f70417bb5fdc723948d6152795787b7d20de5
              • Instruction Fuzzy Hash: 7A814B43B1FAD54BE72673AC78791E92F50EF8566470D02F7E0EC8A0E7EC2469468285
              Function 00007FFD9B881638 Relevance: .3, Instructions: 286COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb737dbac4c39b00c9774dbe4549db512156a293b4d6b5a786bdf93b15f280c1
              • Instruction ID: b1f36ba2c98b54a3903a1ff84615498232246e835d68acffb43b52ef798a6fa5
              • Opcode Fuzzy Hash: fb737dbac4c39b00c9774dbe4549db512156a293b4d6b5a786bdf93b15f280c1
              • Instruction Fuzzy Hash: 9F81BF31B0DE494FDB59EF5C88A15A977E2FF9C300B15017AE4ADC32A2DE34AD028781
              Function 00007FFD9B880640 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b816097ba809e28b118a4dfec0c0e7fb06af99acbc5702650aa98dd3cddb24a5
              • Instruction ID: ccdf34a3739a44a8426a540f6d7f1e6b2f9d61fee0fc7bc830d838e3f0d5cf0f
              • Opcode Fuzzy Hash: b816097ba809e28b118a4dfec0c0e7fb06af99acbc5702650aa98dd3cddb24a5
              • Instruction Fuzzy Hash: 37714B43B0FAC54BE72673AC7C791E92F50EF8566470902F7E0AC8A0E7EC2569468285
              Function 00007FFD9B8805B0 Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ca9c28688c33d6c9c1bcc107519cb61870b23df2513e2ef5075dabe0a82e96b4
              • Instruction ID: 957cc56285c32ae8310cdabbc68a1e0dd0493f9934f6d068085f7e27432a7cfa
              • Opcode Fuzzy Hash: ca9c28688c33d6c9c1bcc107519cb61870b23df2513e2ef5075dabe0a82e96b4
              • Instruction Fuzzy Hash: 0C515E52B1FA964BE72573BCAC791E43F90EF85724B0901F7D0A8CB0E7EC2465458381
              Function 00007FFD9B881C7D Relevance: .2, Instructions: 193COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3256f9cf06220684533c4b99397d351c55ca8067949a6738ed9b892f38cac9f1
              • Instruction ID: 1b3b27ce6207f5e26d8869b962887d9778ba72861e2761c676d552a9e30702a2
              • Opcode Fuzzy Hash: 3256f9cf06220684533c4b99397d351c55ca8067949a6738ed9b892f38cac9f1
              • Instruction Fuzzy Hash: EC51D131B09B894FDB5DDF5888A05BA77E2FF9C300B15467ED46AC7292DE34E8028781
              Function 00007FFD9B883115 Relevance: .2, Instructions: 169COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c02f7c2a4c2e2a7b9ddc0c772c9da16a94c07b3897bd9686df66da9d08ba6fe
              • Instruction ID: 1c7efc26c9c1fca970aebf4a899b525913840b5edadf7f1f7251395c4843daa3
              • Opcode Fuzzy Hash: 9c02f7c2a4c2e2a7b9ddc0c772c9da16a94c07b3897bd9686df66da9d08ba6fe
              • Instruction Fuzzy Hash: 2E511B70E1991E8FEB54DFA8C4A46EDB7B1FF48311F514179E019E72A1DB386A41CB40
              Function 00007FFD9B882095 Relevance: .1, Instructions: 141COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be0d9f7cceafdf41ba4f6a4ae7c4dd0fbfa232c7e4e318aaaa597d5abb5ff3aa
              • Instruction ID: 9184244542d88a93066398c1d76b10ab8ffaf726b5c7eac1408469d5b2d24571
              • Opcode Fuzzy Hash: be0d9f7cceafdf41ba4f6a4ae7c4dd0fbfa232c7e4e318aaaa597d5abb5ff3aa
              • Instruction Fuzzy Hash: 92414831B0EA4A0FE766DBB894655B877E0EF8A310B4645FBD01CC71E6DE38B9428341
              Function 00007FFD9B893AFB Relevance: .1, Instructions: 128COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 74e348b4ae7b19c29ff3896745426fbb4c9ab4f74dc2ee500e9a54e2d4957d6a
              • Instruction ID: 8957a5e3f8c64e0107ef470f7df660338d32ff09b14e048bf022a18f4d147465
              • Opcode Fuzzy Hash: 74e348b4ae7b19c29ff3896745426fbb4c9ab4f74dc2ee500e9a54e2d4957d6a
              • Instruction Fuzzy Hash: A3413B32B0D7599FE715BBBCA8651E97FE0EF45325B0004BBC158CB0A3EA20A5448780
              Function 00007FFD9B88BDE9 Relevance: .1, Instructions: 120COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b88a000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 287ca731f34f315f641c52d3896c050dc2deca75940c2f169ada4e8e524b3d45
              • Instruction ID: 5047ffb9da754fb9c1c5559432897be9575ab2615701dca76448250ee66b4a81
              • Opcode Fuzzy Hash: 287ca731f34f315f641c52d3896c050dc2deca75940c2f169ada4e8e524b3d45
              • Instruction Fuzzy Hash: 1A411470A0AA4E8FDB68DF94D4646FD77F5EF59300F11017ED01AE72A1CA39A941CB50
              Function 00007FFD9B892B94 Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 995a6e7974d8fe39b3b0dd2defd037bfa22b5df4717929360379254901ce2ca4
              • Instruction ID: b67bbd957bd5d852dd90d1f9ecfcfcf96c99eee29a26fb6ea87209a77b2a4abf
              • Opcode Fuzzy Hash: 995a6e7974d8fe39b3b0dd2defd037bfa22b5df4717929360379254901ce2ca4
              • Instruction Fuzzy Hash: 4D41A370E1462D8FDB54EF98D8A5BEDBBB1FF58300F5041A9D01CA3296DE346A858F41
              Function 00007FFD9B88BEC4 Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b88a000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8059ee9c6dd5e1eba5ca9061de33bc029e8e36040e85270759d559c0619e2e34
              • Instruction ID: bc0b28298ea41fca4c5679436cf584f80f944aff6d4b4dfd2697d78a59ee3df1
              • Opcode Fuzzy Hash: 8059ee9c6dd5e1eba5ca9061de33bc029e8e36040e85270759d559c0619e2e34
              • Instruction Fuzzy Hash: 6A31B274E09A0E8FDB64DFD8D4A46EDB7F4EF58301F11043AE429E32A1DA356A41CB50
              Function 00007FFD9B88B03A Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b88a000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 091f035de38854c66a05e7c9224df67b7f825b450a65a50650cab32e30d76ac1
              • Instruction ID: bd189270564772cd6312d6778ff365d53e55025e96089e0d9a40bbc56b1ccb2a
              • Opcode Fuzzy Hash: 091f035de38854c66a05e7c9224df67b7f825b450a65a50650cab32e30d76ac1
              • Instruction Fuzzy Hash: 8C213030E1A90E4BE761EBA8C8996BD76E5FF9D300F014976D42CC71A6DE35A6448640
              Function 00007FFD9B88BE84 Relevance: .1, Instructions: 84COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b88a000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f5f1753aea59c26995c8d99d97da6212d2b4315e390985e73bd2543e447b62b4
              • Instruction ID: d7fae174151916c1140666b6e90f56c79f7ae70cda334cfe76619259ea53b30d
              • Opcode Fuzzy Hash: f5f1753aea59c26995c8d99d97da6212d2b4315e390985e73bd2543e447b62b4
              • Instruction Fuzzy Hash: 8531C2B4E05A0D8FDB64DFD8D4A46EDBBF1EF58311F11043AE419E32A1DA386A40CB50
              Function 00007FFD9B880805 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9fd2706c7e8201f0093885631c1c1cb16cbd9b1f9d9beebe016dfbde16fa4600
              • Instruction ID: 81e25d099a5ab138c78b6187769abecc9ec4cd0b6f07ae33b6d035595fc97c26
              • Opcode Fuzzy Hash: 9fd2706c7e8201f0093885631c1c1cb16cbd9b1f9d9beebe016dfbde16fa4600
              • Instruction Fuzzy Hash: 79216052B0E65B5BD71663BCAC796E97B90FF51318F0901B7C06DCE0D3ED249056C281
              Function 00007FFD9B8974E1 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B897000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B897000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b897000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b0e80afb24d123c414ca6571a28067cde726d0c38deff0a44bfb352131c2e0d
              • Instruction ID: bbe0643594e335509f849668f6d29df2e34a886ff69805b1ec2130570fece305
              • Opcode Fuzzy Hash: 4b0e80afb24d123c414ca6571a28067cde726d0c38deff0a44bfb352131c2e0d
              • Instruction Fuzzy Hash: 49213A34A0A50E8FEFA5EBA488696FE7EE0FF18304F01047AD41DD21A6DB35A6408740
              Function 00007FFD9B883318 Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1b9a4ef0f34c4422e82de01a1de12ba715e64f3a7adfd51f141699716a938a38
              • Instruction ID: f70a66d51c2774d69afdc907a3e58424ccde905ee2dd3a64772bb02a5d0acf5f
              • Opcode Fuzzy Hash: 1b9a4ef0f34c4422e82de01a1de12ba715e64f3a7adfd51f141699716a938a38
              • Instruction Fuzzy Hash: 5B21933094E78A9FD752ABB488686A97FF0FF4B310F0505FAD454CB0B2DA389545C711
              Function 00007FFD9B883445 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d8a77f8eb59d4d3da0a50ba588371d055daebf5e733debbdce731fc3dab032d7
              • Instruction ID: 77fb5b7ced72234a0e2aba3404e15285ad97adbd51d50bcf118c1f3683e6eae3
              • Opcode Fuzzy Hash: d8a77f8eb59d4d3da0a50ba588371d055daebf5e733debbdce731fc3dab032d7
              • Instruction Fuzzy Hash: 1A212C30E0AA4E8FDBA9DFA4C8656BD7BA0FF19304F1105BEE42DD61A1DB35A650C740
              Function 00007FFD9B8833C1 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0975b96a49ddfab3e50d9db4a03693708ff64e954088b25daea21e59576f5cc1
              • Instruction ID: 99f6e6ced28a12f6b086e7a8a01104c818222539d8c9a91992ad991ef00bde49
              • Opcode Fuzzy Hash: 0975b96a49ddfab3e50d9db4a03693708ff64e954088b25daea21e59576f5cc1
              • Instruction Fuzzy Hash: 08213C30A0AA5E8FEB65EBA488692B977E0FF18305F01047AE42DD61A1DF35A640C740
              Function 00007FFD9B8975E9 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B897000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B897000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b897000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 33528ae3ebb1ddee289e95fcf478eefe45e4716a4c3245d2a73b83014cd4210a
              • Instruction ID: 1efe76c497fa42e5792f7a75270cf2bb77edcf7102d33208c864af5ab2f4582a
              • Opcode Fuzzy Hash: 33528ae3ebb1ddee289e95fcf478eefe45e4716a4c3245d2a73b83014cd4210a
              • Instruction Fuzzy Hash: CF216234E0A64E8FEFA6AB68C8696FD7BE1FF09300F0105B6D42CC60A5DB34A5508701
              Function 00007FFD9B897CAD Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B897000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B897000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b897000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9522bb3b72ccadc3b6ead658c910481f78cab596158dd2b0a09a82393efd3a94
              • Instruction ID: c4673196111132bdcc8e5868a2f2baa9ae96ce1c549231286ee612c7e6265fa0
              • Opcode Fuzzy Hash: 9522bb3b72ccadc3b6ead658c910481f78cab596158dd2b0a09a82393efd3a94
              • Instruction Fuzzy Hash: 59218E34A5A24E8BEF699F7488656FD3BA0FF09308F0114BED42DC21E6DF35A654C641
              Function 00007FFD9B880A01 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3dfa401319596144e53a08607b0e24806c47cdbb1adc2f620596964447c1296
              • Instruction ID: 27f6f7bb2c4ef387d9009c63e8eb7f2d7ed3a688548515c3f6dc71923b873fe0
              • Opcode Fuzzy Hash: a3dfa401319596144e53a08607b0e24806c47cdbb1adc2f620596964447c1296
              • Instruction Fuzzy Hash: F911C131E2A94E4FEBA0EBA8C8695FD77E0FF58700F4145B6D42CC70A6EE34A6418700
              Function 00007FFD9B8947D5 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e443e9963cca8234ccead881d1945215495b57f12203be8a851a14e1d04f9dd
              • Instruction ID: d0f3ac1461db92df035b3b8fd2afc6f071e66986a5ec52829ee445ca01d994bb
              • Opcode Fuzzy Hash: 6e443e9963cca8234ccead881d1945215495b57f12203be8a851a14e1d04f9dd
              • Instruction Fuzzy Hash: A311A230A0968E8FEFA9EFA8C4652BD7BA0FF29301F0505BED41DC35A5DA34A540C781
              Function 00007FFD9B881F49 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f82adfa7fb02037b18c7a60798cbccc34a80c8af11c3f9d73391ddab66907eaf
              • Instruction ID: 068bfc9a0ef6ee60961f99e329ccf8e3a23723c74f00671ece2d7ecce9b7a6c0
              • Opcode Fuzzy Hash: f82adfa7fb02037b18c7a60798cbccc34a80c8af11c3f9d73391ddab66907eaf
              • Instruction Fuzzy Hash: 4111911164FAC65FDB2367B948744616FA05F0B224B2E46FBD0E8CB0E3DE28594AC302
              Function 00007FFD9B8924E1 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53dca57e4c8b3f2f9c4e6f3e1a1ce15cd022a36f22d04458fba1cfa2b36bda66
              • Instruction ID: 206605c45719541b37b5f6428bc10d13657d00fa7386c4d079c594091e783a38
              • Opcode Fuzzy Hash: 53dca57e4c8b3f2f9c4e6f3e1a1ce15cd022a36f22d04458fba1cfa2b36bda66
              • Instruction Fuzzy Hash: 44118E70A1964D8FDB48DF64C4A55F93BE1FF5C304F01017EE809C32A5CA38A550CB80
              Function 00007FFD9B894C75 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 571f7e478dfd1962c8f16dc7cb4de694a52d13aff87a9157c1602722b1b5a16a
              • Instruction ID: 185f484b13beea6b54de25ae3d2a2d4e967f6f09130e8c8ad15438182d925d17
              • Opcode Fuzzy Hash: 571f7e478dfd1962c8f16dc7cb4de694a52d13aff87a9157c1602722b1b5a16a
              • Instruction Fuzzy Hash: 0A11C471A0EA4D4FEF69DBA488B61B87BA0FF19308F0905BED02DC25E6DE796541C601
              Function 00007FFD9B88112D Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 78e59991c0f4ac409996cffb540c90f15cc7ddb74ce0e11ee86663cff79b61c8
              • Instruction ID: 7c5cdaea1c8fc6daec2037c65c0e8bdca6288c26e49423808d934dc1f8ef0e8c
              • Opcode Fuzzy Hash: 78e59991c0f4ac409996cffb540c90f15cc7ddb74ce0e11ee86663cff79b61c8
              • Instruction Fuzzy Hash: E611B674A1AA4E4FEBAAAB68C4686B97BE0FF5D310F0115BED42AC61E1DE356540C700
              Function 00007FFD9B894739 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f5898fb3cb02c9d7189716738d3bb643b7749ae3252bf11fbb124896b86fd96c
              • Instruction ID: 9ad4ab650331f94bbede8ce298cbe47f42d05a535fbcad8ee35faa5d0c519f03
              • Opcode Fuzzy Hash: f5898fb3cb02c9d7189716738d3bb643b7749ae3252bf11fbb124896b86fd96c
              • Instruction Fuzzy Hash: 5D218130A0968E9FEB69DF6884692B97BA0FF5A300F1505BED419C71A2DA386544C741
              Function 00007FFD9B895ED1 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e11650cf905634595b9c8ab1ce6f9c744c20ccc82660e43b2ce4cf99453d69f2
              • Instruction ID: d350f54983167a73a6edd7233ff7f7c6b48b9822ebb24ad430b0c47d316ad4a4
              • Opcode Fuzzy Hash: e11650cf905634595b9c8ab1ce6f9c744c20ccc82660e43b2ce4cf99453d69f2
              • Instruction Fuzzy Hash: 9311C270A0A64E4FEB69AB64C4695F97EA0FF19310F0205BED81DC61E2DE256644C701
              Function 00007FFD9B894FE9 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b19a2d81d9d4e0916b77e32b8ee16382e81ede095632f82ab88edb405295a93
              • Instruction ID: 9320d5c506ae1324c5746a8d44b840f99e7a98733679671744c033651c40cd6d
              • Opcode Fuzzy Hash: 2b19a2d81d9d4e0916b77e32b8ee16382e81ede095632f82ab88edb405295a93
              • Instruction Fuzzy Hash: 30116D31A0AA8E8FEF69EB6488696F97FE0FF19300F0504BED41DC61E2DA3565548741
              Function 00007FFD9B8928E1 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b435a7437991be444bbc8391034550a13df336926548f00d82a82ae38b29351
              • Instruction ID: bed94fe6a3441d605964cfa19f6789b9255a0e6d701a3d1a61a5a663466e3c08
              • Opcode Fuzzy Hash: 4b435a7437991be444bbc8391034550a13df336926548f00d82a82ae38b29351
              • Instruction Fuzzy Hash: 2C018030E1955E9FEB56ABB4885CAFA7FE4EF1A300F0145B2E418C6066EA34A2548741
              Function 00007FFD9B894D9D Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b35d32b90096b63ebbf9d99869fb53be07c95e903610f38be60b9e8060372906
              • Instruction ID: da2a6c59cb203e88d83f659b751196992290c56e1b7a9409e6539b0916a8327b
              • Opcode Fuzzy Hash: b35d32b90096b63ebbf9d99869fb53be07c95e903610f38be60b9e8060372906
              • Instruction Fuzzy Hash: C611BF34A0A64E4FEF69EB6488696BD7BB0FF18304F0405BED419C35A6DE34A2418741
              Function 00007FFD9B88BD65 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b88a000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8b9750e570ff405523e45a507a150eb74bc147a250f0d829cf40e8347dbbdcf
              • Instruction ID: 3c96fd850d3cef96de6c16fa657d0d02f6ac3a14a5528bd720f9a884737251db
              • Opcode Fuzzy Hash: e8b9750e570ff405523e45a507a150eb74bc147a250f0d829cf40e8347dbbdcf
              • Instruction Fuzzy Hash: 3111A530A0AA4E9FDB95EF64C8685FD7BE1FF59300F4105BED429C61A1DB36A640C700
              Function 00007FFD9B894F5D Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8b41b1838d3145be8fdc1f58b99d48414cd57943bdbc9a53ae98f0043fa66021
              • Instruction ID: eb277ed01108ad11fd56744b7220ca0167f13022c6c602b3105b0396d5c2edfc
              • Opcode Fuzzy Hash: 8b41b1838d3145be8fdc1f58b99d48414cd57943bdbc9a53ae98f0043fa66021
              • Instruction Fuzzy Hash: C411C430A0954E8FEF69EB648869AB97BE0FF18304F0505BED41DC61E6DE64A640C741
              Function 00007FFD9B895F97 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0db628929d77fc7b703343c5d60bd5a2e16f616d5769f12108fe4261377e210e
              • Instruction ID: 7b4c365e9063ce57560d6a5d166f7dc886d37511e69af9e5680444edbc2cef4c
              • Opcode Fuzzy Hash: 0db628929d77fc7b703343c5d60bd5a2e16f616d5769f12108fe4261377e210e
              • Instruction Fuzzy Hash: E111E331A0A50F8AEF68EB54D4255F9B792FF48320F2145B9D81DC60DADE34B640C640
              Function 00007FFD9B897461 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B897000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B897000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b897000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09655f6e7676e30b0dc4118285e3acff05c57d99a727595fb9d83db2471033bc
              • Instruction ID: 8047ca6fd7e8476346e407bb980af522a15ae052025197aa80ddd65baa91b49f
              • Opcode Fuzzy Hash: 09655f6e7676e30b0dc4118285e3acff05c57d99a727595fb9d83db2471033bc
              • Instruction Fuzzy Hash: D4116134A0A54E8FEB51EBB4C8586AA7FF4FF19311F0504BAD418C71A6DB38A6808751
              Function 00007FFD9B8805D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8478aae5621f3a6eb39d115afb3daf941f2f7303587ca086d810ae6c1ebd632c
              • Instruction ID: 86fdfafac16d84e891bf3ae835ce066a122bde2edca8d20d1689d19ed2c2a698
              • Opcode Fuzzy Hash: 8478aae5621f3a6eb39d115afb3daf941f2f7303587ca086d810ae6c1ebd632c
              • Instruction Fuzzy Hash: 02015E30A0A90E8FEBA8EF65C4656B977A2FF5D304F51447ED42EC21A5CE36A650CB40
              Function 00007FFD9B892371 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7b278cea07b2d426b2f33bea4f386d507e62e70901122105ba8a30dcc1ff2742
              • Instruction ID: 2136832023a8a5e9c9920ee39fd15924aef8db4f0c3173640abcd39b2aebcaa1
              • Opcode Fuzzy Hash: 7b278cea07b2d426b2f33bea4f386d507e62e70901122105ba8a30dcc1ff2742
              • Instruction Fuzzy Hash: 7201B130A0A64E8FDB59EFA4C8695F97BA0FF59304F0204BED419C60E2DA35A644D740
              Function 00007FFD9B882E29 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eec8731dba42517874db088c250ec68aded7164b910b555961fad59e36f3fcbb
              • Instruction ID: 9dcd17447e2ef0c99e7f2ec7d6f9fa6318718ba433166b3f142335b78ea5be70
              • Opcode Fuzzy Hash: eec8731dba42517874db088c250ec68aded7164b910b555961fad59e36f3fcbb
              • Instruction Fuzzy Hash: 8501D430A0EA4E4FE762EFB488695A93BE0EF0A300F4605B2D428C60F7DA38A5448700
              Function 00007FFD9B897C39 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B897000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B897000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b897000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 038b38fc82c550dbd113ac4ef6f01947c58a0f95fa97240dcd381fde26178588
              • Instruction ID: db396f110ead51ee91d14a7f797926ce37264f5c0c25d4670bd41cd863ae671b
              • Opcode Fuzzy Hash: 038b38fc82c550dbd113ac4ef6f01947c58a0f95fa97240dcd381fde26178588
              • Instruction Fuzzy Hash: 1001C034A4E68E4FDB599B6488645B93FA0EF09308F0204BAC019C70E2DF29A610C701
              Function 00007FFD9B88ABB9 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b88a000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ee876aa2bce5ea3ca0dae659ec16817f1155a9b5f82817ae0d9c5177ca4d3fb5
              • Instruction ID: 55e2bf203982ace17c8724dc93ce9b2da891c4f491115878d7c6893cc1da8415
              • Opcode Fuzzy Hash: ee876aa2bce5ea3ca0dae659ec16817f1155a9b5f82817ae0d9c5177ca4d3fb5
              • Instruction Fuzzy Hash: 00016730A5E64E5FE751EBB488596E97BE1EF0A304F0649B7D01CC70F6DE38A5448711
              Function 00007FFD9B88278D Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 12bb8496fb9efb6c20edcafb166b013efd08440fb9f571bdf36ece5328f99174
              • Instruction ID: 05a152da89f0d85e84e9ec2cccac3a5ad98d36fa5710caeccc76fd24f7207ab8
              • Opcode Fuzzy Hash: 12bb8496fb9efb6c20edcafb166b013efd08440fb9f571bdf36ece5328f99174
              • Instruction Fuzzy Hash: 4C018830A1E94D8FE751FFB4C8595A97BE0FF59300F0645B6D418C60A6EE34E5448B41
              Function 00007FFD9B880610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 35b8e270662d16b2eb3426a492cc6f1f3e887b47bb4487c37eef40547bb79786
              • Instruction ID: f8c6b436e33478b2cef21809935da3ec9afb329da0506d84ffcb88e8a30091b3
              • Opcode Fuzzy Hash: 35b8e270662d16b2eb3426a492cc6f1f3e887b47bb4487c37eef40547bb79786
              • Instruction Fuzzy Hash: 63016D30A1990E8BEB58EFA4C4686B973E0FF18304F51087ED42EC61E5DE35A650CA00
              Function 00007FFD9B880608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 13b7a1aea14aef0ec3c54e3f165a066b0722f6072eda1f08ed11d7741b771f01
              • Instruction ID: 0f60c9acf7b0294d29df2bbecea8d80b07cf7e2bf653b7f7e61f2f597ec120e9
              • Opcode Fuzzy Hash: 13b7a1aea14aef0ec3c54e3f165a066b0722f6072eda1f08ed11d7741b771f01
              • Instruction Fuzzy Hash: D9018630A1590E8BDB58EFA4C4685B973E0FF1C304F11087ED42EC21E5DE35A150CB00
              Function 00007FFD9B881140 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4710dc052b7f726fcc366fd71435a6ac9176f7d23a09b8f5c882ea178bde01c5
              • Instruction ID: 74e8a8003de437595f1d5c18354b3910b55d4f463ec8b4e69126cda2822b4189
              • Opcode Fuzzy Hash: 4710dc052b7f726fcc366fd71435a6ac9176f7d23a09b8f5c882ea178bde01c5
              • Instruction Fuzzy Hash: 57F0F974E1AA0E4AFBA6AB9888643FA77E0FF5D214F00153AD42DC10E0DF3422148600
              Function 00007FFD9B881BFD Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 45e6ff20acc08df64131ad574125345d83d2e3beed1925e44f3ccf5ed0f12d3c
              • Instruction ID: dc6161e8be5f8ff54f02f6a5554a6b301a5ae0e7f5ea06729d522f1811f07250
              • Opcode Fuzzy Hash: 45e6ff20acc08df64131ad574125345d83d2e3beed1925e44f3ccf5ed0f12d3c
              • Instruction Fuzzy Hash: 1C018670A0AA8E8FDB65EF64C4655F97BA1FF5D300F45007AD41CC61A1DE759550C740
              Function 00007FFD9B8805D0 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 084410b982bad5d84254e9bcd41370856a3c742b5a8abe65d9ad6cf741030ece
              • Instruction ID: 09d551eb0fd6b86f67f89c13b49ab3267e790c269dad54437cbb57f35549a519
              • Opcode Fuzzy Hash: 084410b982bad5d84254e9bcd41370856a3c742b5a8abe65d9ad6cf741030ece
              • Instruction Fuzzy Hash: F3F0C830A0AA4E8FEB64EF6494255F97795FF1D304F01047AE41DC20A1DE35A650C740
              Function 00007FFD9B88271D Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0e11fe5e23fc65276374e072a20623faaf3f4dbca8023a82a3f7c9869aa878f9
              • Instruction ID: a2f93875757cea9d19f99440a5ee0e2b36e41c346a8be83e89022eaee6bf8a66
              • Opcode Fuzzy Hash: 0e11fe5e23fc65276374e072a20623faaf3f4dbca8023a82a3f7c9869aa878f9
              • Instruction Fuzzy Hash: ADF09C3190EB8D8FDB595F6488251A97BA0FF05700F4105BED429C51E5DB389550C741
              Function 00007FFD9B88F27A Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B88F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b88f000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d653bd9e906536f182580544212e4aa2eb1646a1158334210d82071885cd1fd6
              • Instruction ID: 2037a8358bda356e2c3af2b71d8ee125b541ace11ef0589276d11a7154e24e7f
              • Opcode Fuzzy Hash: d653bd9e906536f182580544212e4aa2eb1646a1158334210d82071885cd1fd6
              • Instruction Fuzzy Hash: 9BF03171D19A1D4FEBA4DF58D8693B977B1EF5C311F1001EA945DD22A1CE341A80CF40
              Function 00007FFD9B8826A9 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d5eab37226216aaf7e3fa8964746fbc873b1d2ad14767a7561a5e2bf6a2e9869
              • Instruction ID: cca8f35952c9e9e101fe4b4c7ca86b662dd535627c4f8a1d9b9a1c4fbd9b324e
              • Opcode Fuzzy Hash: d5eab37226216aaf7e3fa8964746fbc873b1d2ad14767a7561a5e2bf6a2e9869
              • Instruction Fuzzy Hash: 99F0683190E78D8FDB59DFA4C8391A93BA0BF06304F4604FBD459C60E2DA389554C741
              Function 00007FFD9B880F49 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b7b342d71f7206c1a7be43296c2ab9cd98f4715c6545487116c962c2c5d8c275
              • Instruction ID: a210a3df09910b8233cbdd9a7e79b306e68a9b1f9f9825b9cd13f1204adfe953
              • Opcode Fuzzy Hash: b7b342d71f7206c1a7be43296c2ab9cd98f4715c6545487116c962c2c5d8c275
              • Instruction Fuzzy Hash: A7F03030B1990ECBEB24DB54D860BFE77B1FB58305F1142B5C019A32D5DE74AA81CB80
              Function 00007FFD9B880FB7 Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f675c81ad324d966965d914b43217afcd7c93891353498c2680cd28fe980c7f
              • Instruction ID: 0850f590f177f4fd94e20b64ca45908a12504970976f04b0d9e01314e35183f7
              • Opcode Fuzzy Hash: 7f675c81ad324d966965d914b43217afcd7c93891353498c2680cd28fe980c7f
              • Instruction Fuzzy Hash: B4F04470E19A1ECFEB20DBD0C454AFEB7F0AF48314F218139C019A62A1DA786684CB90
              Function 00007FFD9B8816A0 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b880000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d6cf9797388896da03f38a9e074d656f7ccc1dac019205c0e4e67546ed29bc1c
              • Instruction ID: 18410e38152b488d1c7cd590a802b96c06982bc284c037170925aa8a57ea08b3
              • Opcode Fuzzy Hash: d6cf9797388896da03f38a9e074d656f7ccc1dac019205c0e4e67546ed29bc1c
              • Instruction Fuzzy Hash: 60E0C920F0AC0A4BEA7477998495674A1D19B4C314FAA8675F03DC62F2EE3CEE82C201
              Function 00007FFD9B88B2DF Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B88A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b88a000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8c6885f114711027a8fb0f330a1afd7e223efa296f98b266993735d41422820a
              • Instruction ID: adbb59319a01f03930dfa85bf8f08a5d6118f548f6b163d2de77d036a3b5c489
              • Opcode Fuzzy Hash: 8c6885f114711027a8fb0f330a1afd7e223efa296f98b266993735d41422820a
              • Instruction Fuzzy Hash: 91D09B2091ED1E8BDB74DB94C850FF9B364EF59301F5192F5C01DD2156DD346AC54B40
              Function 00007FFD9B8953EB Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e0da8b58fc39bf00ee47bf99c0532d80d121c38d46e1531b50ceb0b3edc0ed03
              • Instruction ID: e61698ed49f8fbfc8cf64be9f534469bf4a81a6f283c9a164189eb97c876ec8d
              • Opcode Fuzzy Hash: e0da8b58fc39bf00ee47bf99c0532d80d121c38d46e1531b50ceb0b3edc0ed03
              • Instruction Fuzzy Hash: 33C012A2E0982D4FEFA4DB5C44A62F81AD1EF1C204B510131D009D3551DE2424025700

              Non-executed Functions

              Function 00007FFD9B88F4C0 Relevance: 7.6, Strings: 6, Instructions: 77COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B88F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b88f000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID: 3$6$[$f$h$k
              • API String ID: 0-1429170600
              • Opcode ID: e4bcd8f167426c5306d762b92ad5d39d1f11d1e9340cb37601f05686d537ad97
              • Instruction ID: f7244877e6d62918aade2c3abf408bd48f6c87d464cfaa8843570c3da91756c0
              • Opcode Fuzzy Hash: e4bcd8f167426c5306d762b92ad5d39d1f11d1e9340cb37601f05686d537ad97
              • Instruction Fuzzy Hash: 2F41A470E09A6D8FEB68DF54C8947EEB7B2BB48301F0045E9D01DA6290CB796B84CF05
              Function 00007FFD9B88D000 Relevance: 6.4, Strings: 5, Instructions: 117COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B88D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b88d000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID: (,$0,$8,$@,$H,
              • API String ID: 0-2531009763
              • Opcode ID: 9d9921e2877aa63e944b9b9650402564e82f67047955f57752a2e3e2cba7cfc4
              • Instruction ID: 9d1c7d45b2f9669792c3cd5edefa131aeee9b6a4d3ecbc5fc72d06e373805250
              • Opcode Fuzzy Hash: 9d9921e2877aa63e944b9b9650402564e82f67047955f57752a2e3e2cba7cfc4
              • Instruction Fuzzy Hash: BE413070E15A0D9BEB58EBD8D865BFDB7B2FF98300F104139D419A72D6CE3469428B41
              Function 00007FFD9B8914E8 Relevance: 5.1, Strings: 4, Instructions: 80COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b891000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID: "$#$[${
              • API String ID: 0-2794738965
              • Opcode ID: f44e6acf575d99ebce07fabd05d9651f51f4e1c6b03b0dbc52b732836e0f30e3
              • Instruction ID: f41c71d19ed6ffbba19917deeb8a744dd5bed75666accad61d03a386179e0f59
              • Opcode Fuzzy Hash: f44e6acf575d99ebce07fabd05d9651f51f4e1c6b03b0dbc52b732836e0f30e3
              • Instruction Fuzzy Hash: 5331E270E1962ECFEB74DFA4D8647BDBBB0AB48301F1144BAD01DA6291DA385A84DF50
              Function 00007FFD9B88F3D5 Relevance: 5.1, Strings: 4, Instructions: 72COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000014.00000002.1782303132.00007FFD9B88F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_20_2_7ffd9b88f000_dllhost.jbxd
              Similarity
              • API ID:
              • String ID: 9$]$_$k
              • API String ID: 0-2668722999
              • Opcode ID: f1c7e46c8bae50e10c3495bc7df31267cbf2381df4d4c98265c47149c69cd33a
              • Instruction ID: 4a1dcaade6fdf7fdf93c7080d3aa39c17a408509ca530f0c63a66d4ff0dfa9fb
              • Opcode Fuzzy Hash: f1c7e46c8bae50e10c3495bc7df31267cbf2381df4d4c98265c47149c69cd33a
              • Instruction Fuzzy Hash: D831B770A15A2D8FEB79DB54C854BA8B3B2FB48305F1045E9D01DE7295CB386B85CF00

              Executed Functions

              Function 00007FFD9B8B34C5 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID: K_H
              • API String ID: 0-313846638
              • Opcode ID: 4e7f84665423af1cfe1ed407451b19e694a2adeed1f44676613cff5422ca6765
              • Instruction ID: 7c3a22ea21631faa692bbe51e0a7ec4804f12639aa60c152fd2eafa8d7924dd7
              • Opcode Fuzzy Hash: 4e7f84665423af1cfe1ed407451b19e694a2adeed1f44676613cff5422ca6765
              • Instruction Fuzzy Hash: C291A071A0994D8FEB98DB68D8657A8BBE1FF59300F4041BAD00DD32DADF6428018B81
              Function 00007FFD9B8B03BD Relevance: 2.6, Strings: 2, Instructions: 84COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID: _$sP^
              • API String ID: 0-949092706
              • Opcode ID: ecb8f72b5b5d8ad22d97a29ebb8906b4b4eb9a9c8c01b484e1d1a2b66a0507dc
              • Instruction ID: 8ad81bf4e1bb7c60f665c938d796751833553ac4aeaa304db0f087e4bcdb2863
              • Opcode Fuzzy Hash: ecb8f72b5b5d8ad22d97a29ebb8906b4b4eb9a9c8c01b484e1d1a2b66a0507dc
              • Instruction Fuzzy Hash: 20214C83B0F9E32BE7265B7A0C694586FA0FF2664475D80BFC0A4470E7D905E80983C5
              Function 00007FFD9B8B0498 Relevance: 1.7, Strings: 1, Instructions: 416COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID: _
              • API String ID: 0-701932520
              • Opcode ID: 30a2e047236a475d52278e575033b953c9ff35f993418f65c27d0a18cbbdf4a3
              • Instruction ID: 4f37d1e5a5bfb9a8faead7d87ae0a5c49982c4930a0bee42db21249db3373523
              • Opcode Fuzzy Hash: 30a2e047236a475d52278e575033b953c9ff35f993418f65c27d0a18cbbdf4a3
              • Instruction Fuzzy Hash: CAC11743B1F6E64AE32663BD7C764E93F60DF4266870902F7D0D88A0E7EC09654686C6
              Function 00007FFD9B8B05A0 Relevance: 1.6, Strings: 1, Instructions: 315COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID: _
              • API String ID: 0-701932520
              • Opcode ID: ba9c05812e151ab92439da6d4ce10f7336570353b288d59cff64bc7606b2825f
              • Instruction ID: d113871c2ba5c7e7da76843175a9b8b162175e882207323156161a3c69544ae9
              • Opcode Fuzzy Hash: ba9c05812e151ab92439da6d4ce10f7336570353b288d59cff64bc7606b2825f
              • Instruction Fuzzy Hash: 63915743B1F6E60AE36663BD7C390E93F50DF46664B0902F7E0A84A0E7EC05690686C6
              Function 00007FFD9B8B060D Relevance: 1.5, Strings: 1, Instructions: 291COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID: _
              • API String ID: 0-701932520
              • Opcode ID: 7149dc490d613072be9df77864d53973fc700699d24a39dab8bf4347c61d04e0
              • Instruction ID: 06910aa233d7e8c78ffbb2ac4d916f77128d59982742c6959eded182dc1cb9c7
              • Opcode Fuzzy Hash: 7149dc490d613072be9df77864d53973fc700699d24a39dab8bf4347c61d04e0
              • Instruction Fuzzy Hash: DB815A43B1F6E54AE36623BD6C390E97F50DF46664B0902FBE0A84A0F7EC15690686C6
              Function 00007FFD9B8B0640 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID: _
              • API String ID: 0-701932520
              • Opcode ID: 9cf530cf7fb770b4da2ae7773283bb2bb39031651714e32dba6838a79225d2b2
              • Instruction ID: 654747314d5e3d29cda6baae44d414e83903dbf4b8f1c97925d61b3304e024d2
              • Opcode Fuzzy Hash: 9cf530cf7fb770b4da2ae7773283bb2bb39031651714e32dba6838a79225d2b2
              • Instruction Fuzzy Hash: ED715A43B1F6E54AE36523BD6C291F97F50DF42664B0902FBE0A84A0F7EC15590687C6
              Function 00007FFD9B8B05B0 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID: _
              • API String ID: 0-701932520
              • Opcode ID: 26417199f1aad361108b2605bef3ba1f512daac77ee77ddd86b8de7f3da43cc8
              • Instruction ID: 439f934d84f805b600371e6d4258b30743c35e7176b3707b1fff7def352d76f0
              • Opcode Fuzzy Hash: 26417199f1aad361108b2605bef3ba1f512daac77ee77ddd86b8de7f3da43cc8
              • Instruction Fuzzy Hash: 6F51AF42B1F2A60FE36563B86C391E97FA0DF46324B0942FBD0988B0F7EC14A50587C5
              Function 00007FFD9B8B0805 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID: _
              • API String ID: 0-701932520
              • Opcode ID: 18b7aad79dc9b7b354d7f69b572f6f8c764f509b79d6ab00c9ed52333d38822e
              • Instruction ID: 6fd834d97b05fa37925388bc48ba79b4a72e8ebddf2df6f76fda6ddf2882f7f2
              • Opcode Fuzzy Hash: 18b7aad79dc9b7b354d7f69b572f6f8c764f509b79d6ab00c9ed52333d38822e
              • Instruction Fuzzy Hash: 1A216A62B0E25A5BD71663BC9C796E97B90FF51328F0901B7C06DCA0D3ED14A15AC6C2
              Function 00007FFD9B8B1638 Relevance: .3, Instructions: 286COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2ed8699a7b6121374eaebbb1361850805d93e30abbf13c7ffcd8d4f1956b59bf
              • Instruction ID: 4240bb73f52bd59f16d7db05402b2f39eba831962ec7e76f34b6e80e011c60db
              • Opcode Fuzzy Hash: 2ed8699a7b6121374eaebbb1361850805d93e30abbf13c7ffcd8d4f1956b59bf
              • Instruction Fuzzy Hash: 5F81E131B1DA594FDB58EF6C88615A977E2FF98300B19017EE45DC72A2DE34AD028B80
              Function 00007FFD9B8B1C7D Relevance: .2, Instructions: 193COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 911009511809a4bb4f1ce7beb852a57973919a3e0bed3502b7aa875592bdd417
              • Instruction ID: 20b7ceafc7749c57f4e6afc7deb01b50f10bab7cf46c016fb9dc0bbca8e7e1bf
              • Opcode Fuzzy Hash: 911009511809a4bb4f1ce7beb852a57973919a3e0bed3502b7aa875592bdd417
              • Instruction Fuzzy Hash: C8510331B18B5D4FDB59DF6888615BA77E2FFD8300B15417ED45ACB292DE34E8028B81
              Function 00007FFD9B8B3115 Relevance: .2, Instructions: 169COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 142eabccd3fdfd105d393e7a38519b6beb4dd35115d4d9527301bb80f9428d48
              • Instruction ID: 0968279d2fb52e2e2a1ef900526bde658e050f586bb24e5b29c8f0da3bf531b0
              • Opcode Fuzzy Hash: 142eabccd3fdfd105d393e7a38519b6beb4dd35115d4d9527301bb80f9428d48
              • Instruction Fuzzy Hash: D4512E70E1962E8FEB64DBA8D4646EDBBB1FF58301F51403AD009E72A5DA346A45CF40
              Function 00007FFD9B8B2095 Relevance: .1, Instructions: 141COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8fd7655b625067036aa82efbd47f22ff361d3b3db73d3afbb8e07bda304457e7
              • Instruction ID: e10b366a8cd773f130784987c36886ce10f889abd1ef4d2ec0029ca390836715
              • Opcode Fuzzy Hash: 8fd7655b625067036aa82efbd47f22ff361d3b3db73d3afbb8e07bda304457e7
              • Instruction Fuzzy Hash: F9418C31B0E65A0FE765DBB894655B97BD0EF8A300B0645FBD00CC71A7DE28B9428781
              Function 00007FFD9B8B3318 Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 299ae813f0c063aaace4d3e7d692e3c59f45cc8db7d13bf0598034bbde869fdb
              • Instruction ID: a741f149094767be0d47787238b276c1f587c64636e98875636a30d8a1f69daf
              • Opcode Fuzzy Hash: 299ae813f0c063aaace4d3e7d692e3c59f45cc8db7d13bf0598034bbde869fdb
              • Instruction Fuzzy Hash: AC21A13094E39A8FD752ABB488686AA7FF0FF0A310F0605FBD044CB0B2DA389545CB51
              Function 00007FFD9B8B33C1 Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c551918c4a9fa00ac13b7f3ab09adb598303f15e56d63ed4ab31bebbad57d7a2
              • Instruction ID: 20cbd233ecb1b036a25fd4e999c5e85306955d6f9f86a5b06892ef56855edcb1
              • Opcode Fuzzy Hash: c551918c4a9fa00ac13b7f3ab09adb598303f15e56d63ed4ab31bebbad57d7a2
              • Instruction Fuzzy Hash: 18213031A0A65E8FEB65DB7488692BA76A0FF18304F01087AD419C61E5DF35A600CB40
              Function 00007FFD9B8B3445 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c3fd94a50549e980dc0c6bd56953a9f68eae5163e275cfdedb3dfe73ea9854b5
              • Instruction ID: 38e070d9e12ead57712188fb0292b646b02644466c3676c79866484bcd0d25fe
              • Opcode Fuzzy Hash: c3fd94a50549e980dc0c6bd56953a9f68eae5163e275cfdedb3dfe73ea9854b5
              • Instruction Fuzzy Hash: 1A212C30A0A65E8FDB69DFA4C8656BD7AA0FF19304F1104BED419D61A1DA35A650CB40
              Function 00007FFD9B8B0A01 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 60600ef12706c90fa3025d25d3e5d156d06a443f855aca28f738ceea14f2ec51
              • Instruction ID: 13b55947e269dc24a0f12e24d6461c8b743d5320136115fa6f55f4da3ab04720
              • Opcode Fuzzy Hash: 60600ef12706c90fa3025d25d3e5d156d06a443f855aca28f738ceea14f2ec51
              • Instruction Fuzzy Hash: 8211B230E2A51E4FE790EBB888695FD77E0FF58740F4259B6D41CC70A6EE34A6408B80
              Function 00007FFD9B8B1F49 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: adf36e4a622910b7969f2548cc85d6de45f5c3ce55f9f2481d821e6f918e9fac
              • Instruction ID: 9d3e37e8484a3bbc91898a745667f70546223aa2c6df5e834e5f88045d0451cc
              • Opcode Fuzzy Hash: adf36e4a622910b7969f2548cc85d6de45f5c3ce55f9f2481d821e6f918e9fac
              • Instruction Fuzzy Hash: 2011CE00A5F2D65EDB3363B808704657FA04F07224B2E46FBD0D88F1E3DA08594AC782
              Function 00007FFD9B8B112D Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dcf29fb1123ea4fdf04eab93198129a935a7695ca512fd02f631ebf7191a5e95
              • Instruction ID: b9437602f6477f70d4993350d861a293cc44d30250219d642fb4d818da1e6b75
              • Opcode Fuzzy Hash: dcf29fb1123ea4fdf04eab93198129a935a7695ca512fd02f631ebf7191a5e95
              • Instruction Fuzzy Hash: AD113B30E1E65E4EEB65AB78C4782B93BE0FF1A300F0101BEC009CA0E1DE356100CB41
              Function 00007FFD9B8B05D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f27a7d7dd40ec98e6db6e88708924f02c8c1f88a1d546fcf706bcf8bfe8aaf64
              • Instruction ID: 04bae10bb13b2179388ff2aad4e6870354875a7512428952b3d39f549149421a
              • Opcode Fuzzy Hash: f27a7d7dd40ec98e6db6e88708924f02c8c1f88a1d546fcf706bcf8bfe8aaf64
              • Instruction Fuzzy Hash: EA019230A5551E8FDB98EF64C0656B977A1FF5D304F11047ED40EC61A5CA35A650CB80
              Function 00007FFD9B8B238B Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 82047e2d6fce52c85ddcacb4c1dc80742df42339c01213c75e329893876a0717
              • Instruction ID: 524419d6acae649925e184d80155c8ae626303745f82d11132f1d192f51d4ab1
              • Opcode Fuzzy Hash: 82047e2d6fce52c85ddcacb4c1dc80742df42339c01213c75e329893876a0717
              • Instruction Fuzzy Hash: 0211DA31E1A52E8EEB74EFA4D8547EDB6B0BF19300F4141B9C04DD21A1DE782A889F90
              Function 00007FFD9B8B2DB1 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e57d0d2d4134f4003b72d6a3311e2fe1c7afadb16cd26fe526e287c5592c904b
              • Instruction ID: 7cffa8bc013316f47d6b6f37c0e4e16c273115517e58b959e05bc9c6c6a9d9e3
              • Opcode Fuzzy Hash: e57d0d2d4134f4003b72d6a3311e2fe1c7afadb16cd26fe526e287c5592c904b
              • Instruction Fuzzy Hash: 6701A230E1A51E8FE751EFB8C4996AA7BE0EF19310F0559BAC40CC70B6DE38E5418B40
              Function 00007FFD9B8B2E29 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 95eea9c954bde2d7281e64c6648a7593fc777c1ee5ea733be266bd0766c9542b
              • Instruction ID: 740c8902bc3dda515ad253c35985a0a2b8d5f4d378baaf6d4c794ad7cd3b7053
              • Opcode Fuzzy Hash: 95eea9c954bde2d7281e64c6648a7593fc777c1ee5ea733be266bd0766c9542b
              • Instruction Fuzzy Hash: 7201D430A4E25E5FE762EFB488685A93FE0FF1A300F0609B2D408C60B7DA28A5448B40
              Function 00007FFD9B8B278D Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c500c1738d5e1cec17b806b8c17231cf8d822cd28c893a3d5770faf186afe29c
              • Instruction ID: 93935d7eaf451eaa60cc0940ef01b7debc7e5662315f981b19d3e668eae884be
              • Opcode Fuzzy Hash: c500c1738d5e1cec17b806b8c17231cf8d822cd28c893a3d5770faf186afe29c
              • Instruction Fuzzy Hash: A1018430A1E65E8FE761EFB488695A97FE0FF59300F0645BAD408C60A6EE34E1548F85
              Function 00007FFD9B8B0610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 07f5b7296f72c7af5da73377579a3a61d34470c2f7f9a5c12ff29655f2d2f2e8
              • Instruction ID: c42d47d925f1e6719d6e490d3ea2db74a4ad7ca4fd969be9a170b198adb119f0
              • Opcode Fuzzy Hash: 07f5b7296f72c7af5da73377579a3a61d34470c2f7f9a5c12ff29655f2d2f2e8
              • Instruction Fuzzy Hash: D301AD30A1950E8AEB58EFB4C4686B97BA0FF18304F50087ED41EC21E4DE35B250CE44
              Function 00007FFD9B8B0608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 512a56aea8cb7bb6902e0a4ff5ef0737ddc5a0da8303573484ec8f1e82a879cc
              • Instruction ID: 8c4d43c46bd648d0344bb1d74109a9bfc612d45b6ec92a68d27962b450c07c02
              • Opcode Fuzzy Hash: 512a56aea8cb7bb6902e0a4ff5ef0737ddc5a0da8303573484ec8f1e82a879cc
              • Instruction Fuzzy Hash: 7E018130A1951E8AEB58EFB4D4686B977E0FF1D308F1108BEE41EC21E5DE35A254CB40
              Function 00007FFD9B8B1140 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 500ac5d1ff70abc59f5db47b3aca18282420b2d3321c31537172e6886d34ccd7
              • Instruction ID: 525ee5a16f9e725706eaaf8b20b575261ec28d2d3d7b008215e9d11685365e8e
              • Opcode Fuzzy Hash: 500ac5d1ff70abc59f5db47b3aca18282420b2d3321c31537172e6886d34ccd7
              • Instruction Fuzzy Hash: 6BF0F930E2962E49FBA56BB888643FA77E0FF5A210F00113AD419C50E1DE3412108A81
              Function 00007FFD9B8B1BFD Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c4a6a4b107a74941ec384c1d0cf6afb2bb382e2aab3434d4c3b7ad44c398f19d
              • Instruction ID: 6439cb3a4acf46f80af3ad90725ec71f1ecd806f39846aa4d6c0af2ad9bc1dd3
              • Opcode Fuzzy Hash: c4a6a4b107a74941ec384c1d0cf6afb2bb382e2aab3434d4c3b7ad44c398f19d
              • Instruction Fuzzy Hash: 2501F930A1A69D8FDB64EF64C4355F93BA1FF19300F55007ED40CC60A1DB359550CB80
              Function 00007FFD9B8B05D0 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e9730fb443de60925cad6cfe21586e722354de79050663a1fc48e1985b0f4388
              • Instruction ID: 712f10abbe32945887bf154a0d33fa13562637b80543cced9cc9c665c4b9c59f
              • Opcode Fuzzy Hash: e9730fb443de60925cad6cfe21586e722354de79050663a1fc48e1985b0f4388
              • Instruction Fuzzy Hash: BAF0C830A5A65E8FEB64EF7494355FA7794EF19304F11047AE40DC60A1DA35A660CB80
              Function 00007FFD9B8B271D Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 122b46a250cc5d3b7aa46215a79e43c8c44c45be78a0f8ee9ea52dbafa81eedb
              • Instruction ID: dc6f9d708a36b6679ccf3a238be7c031235e6ba605828b57636b79e1af8e659e
              • Opcode Fuzzy Hash: 122b46a250cc5d3b7aa46215a79e43c8c44c45be78a0f8ee9ea52dbafa81eedb
              • Instruction Fuzzy Hash: 0DF09631A0E79E8FEB699F7888251AD7FA0FF09700F4105BED419C51E6DB38A550CA85
              Function 00007FFD9B8B235D Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d53b012fb67868a4e1a6f70cc6a916906e845f6b51b7eb1409faf9b4fe3e5f5e
              • Instruction ID: 82fbecd2a6a5555ad012d8ad692e271b6dee24315e95d3e34acdeb82a3df726b
              • Opcode Fuzzy Hash: d53b012fb67868a4e1a6f70cc6a916906e845f6b51b7eb1409faf9b4fe3e5f5e
              • Instruction Fuzzy Hash: 7BF0E131A1952E9EDB64EF90C8647EDB7B1FF59300F4141B9C00ED21A1DE746A448F80
              Function 00007FFD9B8B26A9 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c501c8a9d3df7e99dbce71dd17040ebfa52de49e4c18f0a849474303ae75e982
              • Instruction ID: 779f56c307b51d9119c33ac11328059e48c7c0d16634b4ea66dae29cab5d88cd
              • Opcode Fuzzy Hash: c501c8a9d3df7e99dbce71dd17040ebfa52de49e4c18f0a849474303ae75e982
              • Instruction Fuzzy Hash: 31F0683191E78D8FDB59AFB488391A93FA0FF1A304F4604FED419C60E6DA285554CB41
              Function 00007FFD9B8B0F49 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e3c2ffc608dacb43e902921e15c4236259b8f0c8fc15fc65a33e1d840cd03a5d
              • Instruction ID: bb64f6d178cd1f0db4e5a30c062a849e5beba98075fb5729434ae86287e07db9
              • Opcode Fuzzy Hash: e3c2ffc608dacb43e902921e15c4236259b8f0c8fc15fc65a33e1d840cd03a5d
              • Instruction Fuzzy Hash: 84F01D30A1951ECAEB24DB55D861FFE77B1EB58301F2142B5C009A3296DE74AA818FC0
              Function 00007FFD9B8B16A0 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d6cf9797388896da03f38a9e074d656f7ccc1dac019205c0e4e67546ed29bc1c
              • Instruction ID: 1682eb8b4933a92913cc4595945e7d464b728681234672eb820971781f913c77
              • Opcode Fuzzy Hash: d6cf9797388896da03f38a9e074d656f7ccc1dac019205c0e4e67546ed29bc1c
              • Instruction Fuzzy Hash: 08E06520F2A81A46E734736C809457461D15B48304FBA8274F01CCE3F1EB2CDD85CA81
              Function 00007FFD9B8B5FAD Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9adbac2f4e3bef0ea702262625ea37e42612eef9d8a7a3aa91db01bb4148d392
              • Instruction ID: 4d493e7880f909ff2dca112b5265aacdea48c57057450dbf2383b17d918131bf
              • Opcode Fuzzy Hash: 9adbac2f4e3bef0ea702262625ea37e42612eef9d8a7a3aa91db01bb4148d392
              • Instruction Fuzzy Hash: B2F0FE30D09D6D8EC764EB5C8CA46AAB7B1FB58302F5111EAC04DE32A1DB341A81CF40
              Function 00007FFD9B8B232C Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.1787053315.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_21_2_7ffd9b8b0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 870518df6a725b5b2cc5c89ef7a36a29f871abb61f451014adcf08fd115deeca
              • Instruction ID: a2c0e5cc98b7766a01c1356cb5ceddcdc2e078a7b3986446b611f725bdb178b4
              • Opcode Fuzzy Hash: 870518df6a725b5b2cc5c89ef7a36a29f871abb61f451014adcf08fd115deeca
              • Instruction Fuzzy Hash: 01F0FE30A0952E9EEB64DF90C8647E9B7B0FB59300F0141B9C44DD22A0DE786B889F80

              Executed Functions

              Function 00007FFD9B8A34C5 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID: L_H
              • API String ID: 0-402390507
              • Opcode ID: 5082befbef524a575a911edb81705db08d72bd41bb3f85e5ecfcc9e7c1b5f527
              • Instruction ID: 7429e8c08fdd0441126c87ea89218f169843c6c0cf2fb1061b72c224df952f7a
              • Opcode Fuzzy Hash: 5082befbef524a575a911edb81705db08d72bd41bb3f85e5ecfcc9e7c1b5f527
              • Instruction Fuzzy Hash: 4091A071A09A4D8FEB98DBA8D8657B87BE1EF99350F4001BAD00DD72DADB7428018741
              Function 00007FFD9B8A03BD Relevance: 1.3, Strings: 1, Instructions: 84COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID: sQ^
              • API String ID: 0-1726393085
              • Opcode ID: f1d68f161f6e83a05717de2719a277da68f7690f287aa59accdad305ab43e4a7
              • Instruction ID: 6c4079b1a754f7cb89be18eedb9f5dd30c982fa4b5ad44bb630fb6cb407dafe4
              • Opcode Fuzzy Hash: f1d68f161f6e83a05717de2719a277da68f7690f287aa59accdad305ab43e4a7
              • Instruction Fuzzy Hash: 51216E93B0FAD32BE7166B790CA54586FA0FF2264475D40BFC0AC4B0DBD909E8098395
              Function 00007FFD9B8A0498 Relevance: .4, Instructions: 416COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1ce2d60f8fecb0009f0283e3284cc3f6568b496a377f14f273885ceca704507a
              • Instruction ID: e5fdac45665f4e7d52e1ec1a4e5d1748e52f0f73a81b316eb33320f0d5af72a1
              • Opcode Fuzzy Hash: 1ce2d60f8fecb0009f0283e3284cc3f6568b496a377f14f273885ceca704507a
              • Instruction Fuzzy Hash: C7C14843B0F6EA4BE32663AC7C754F97B60DF4266870D03F7D09C8A0E7EC19650682A5
              Function 00007FFD9B8A05A0 Relevance: .3, Instructions: 315COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 212ce7f8479863a65982c786f2e8c393606a8c30d232add6e8e41b087a3fca9a
              • Instruction ID: 089a0e0b0400b9749ce645d816aa4c8442f3b5137627af1bf98d0c463a99a9e4
              • Opcode Fuzzy Hash: 212ce7f8479863a65982c786f2e8c393606a8c30d232add6e8e41b087a3fca9a
              • Instruction Fuzzy Hash: 9D912643B1F6DA4BE32663AC7C390F97B60DF4666870D43F7E09C8A0E7EC1965068295
              Function 00007FFD9B8A060D Relevance: .3, Instructions: 291COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8c2ff94c68882717989fbb056d1b1f706085c4bb65e0e105eb2085d235448ec6
              • Instruction ID: 749ec4ddbe7cd2783a465944319a09af681badaf32870ae1b95e9888f8e2a7ca
              • Opcode Fuzzy Hash: 8c2ff94c68882717989fbb056d1b1f706085c4bb65e0e105eb2085d235448ec6
              • Instruction Fuzzy Hash: 63814743B0F6D94BE32667AC7C390E87B90DF4676870D43F7E09C8A0E7EC1965068291
              Function 00007FFD9B8A1638 Relevance: .3, Instructions: 286COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 87690d9f947ff6a15f062bae9b7055123db8a60417a1bb109821b2f9827abacc
              • Instruction ID: 48d294c094986918b381337a8a6793f55a86c30a0158527df2ff4144feb52dc6
              • Opcode Fuzzy Hash: 87690d9f947ff6a15f062bae9b7055123db8a60417a1bb109821b2f9827abacc
              • Instruction Fuzzy Hash: 1381C231B0DA494FDB58EF5C88615A977E2FF99300B15067AE45DC32A2DE34AD02C781
              Function 00007FFD9B8A0640 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 692acd33e269f4859a1a7bd11e84c191319015da3c5df0ff4230deceb441c31f
              • Instruction ID: a02ed2fb12e5cf81bf63abf1fa716c55eb0c7c199b1b0b8960d4ac80d3a5eed9
              • Opcode Fuzzy Hash: 692acd33e269f4859a1a7bd11e84c191319015da3c5df0ff4230deceb441c31f
              • Instruction Fuzzy Hash: D4714943B0F6D94BE32667AC7C290F86FA0EF4676470D43F7E09C8A0E7EC1965068295
              Function 00007FFD9B8A05B0 Relevance: .2, Instructions: 197COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f661c6e07ac2d5ed39033189a3824cb37bdf23341cc185a7e4289a7aa9e2be00
              • Instruction ID: 47a4086e7d9782adc7bd0cfa3c8d6085342e5b664858b09bb2df14ae5d59ac09
              • Opcode Fuzzy Hash: f661c6e07ac2d5ed39033189a3824cb37bdf23341cc185a7e4289a7aa9e2be00
              • Instruction Fuzzy Hash: FE517B42B1F6D94BE32263B87C390E87BA0EF5576470942F7D09C8B0E7EC1965068395
              Function 00007FFD9B8A1C7D Relevance: .2, Instructions: 193COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d1471977c04062d92d8f78cd658745690e57d0c27265becfb99907e3fa4977e0
              • Instruction ID: 69e6823ce9a04044357cdb2a84bab1d375371f5b1b7a59a56fb75e7298157411
              • Opcode Fuzzy Hash: d1471977c04062d92d8f78cd658745690e57d0c27265becfb99907e3fa4977e0
              • Instruction Fuzzy Hash: 7F51D031B09B894FDB59DF5888A05BA77E2FF99300B15467ED45AC7292DE34E802C781
              Function 00007FFD9B8A3115 Relevance: .2, Instructions: 169COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d06ea3cb70df40ddf9b0b3c912a4e233df1c6953469f0119e0f96a8209896528
              • Instruction ID: afd24aded600b87a0830ce69e25b5f0c34f60b1a747b6048ff0c790edee6f1c5
              • Opcode Fuzzy Hash: d06ea3cb70df40ddf9b0b3c912a4e233df1c6953469f0119e0f96a8209896528
              • Instruction Fuzzy Hash: BF512C71E1A61E8FEB64DFA8C4A46EDBBB1FF48301F554039D009E72A1DB386A45CB10
              Function 00007FFD9B8A2095 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 734ddc5e2ca952cc7e8b5ad40fb73170ed84c0381612156d14df59af3b236eab
              • Instruction ID: f0374503780bc1117ee6f9ee2c4702771ad6e540f2a9df6b169c2e8352e681d9
              • Opcode Fuzzy Hash: 734ddc5e2ca952cc7e8b5ad40fb73170ed84c0381612156d14df59af3b236eab
              • Instruction Fuzzy Hash: BA413A31B0E64A4FE765DBB888655B97BE0EF8A300B4645FBD04CC71E6DE28B9418351
              Function 00007FFD9B8A0805 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6a0521081c29db52a8c7dc631f52a835b290feb129bd0f4930edfd4b76f9f798
              • Instruction ID: 81252aba5a53caae84250a60547af6285bb939ea24bdf2a4291dbb127239a428
              • Opcode Fuzzy Hash: 6a0521081c29db52a8c7dc631f52a835b290feb129bd0f4930edfd4b76f9f798
              • Instruction Fuzzy Hash: B621CC52B1F18B9BD71623BC9C7A5E8BB90FF51318B0902B3C06CCA0D3ED18A05AC2D5
              Function 00007FFD9B8A3318 Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 15ae95ea1230720d58231b0c9c50f2419ee4740ba9a609b729c2316b6959382e
              • Instruction ID: 4dfa4098f3769c2296221eba3db3f7007b9b6a85d72363e8dce9d899bfbacb38
              • Opcode Fuzzy Hash: 15ae95ea1230720d58231b0c9c50f2419ee4740ba9a609b729c2316b6959382e
              • Instruction Fuzzy Hash: 5C21933094E78A9FD752ABB488686A97FF0FF5B310F0545FAD054CB0B2DA389545C721
              Function 00007FFD9B8A33C1 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cd1f0b680deb9e0271f45f088c6bce3cbe6430a4c30eefe3b165f22f95eb5fb
              • Instruction ID: b94b5e42102c89df845cb0a2fa650a4f58912cf40e52defd2bf08e6dc19ebf0e
              • Opcode Fuzzy Hash: 5cd1f0b680deb9e0271f45f088c6bce3cbe6430a4c30eefe3b165f22f95eb5fb
              • Instruction Fuzzy Hash: 96213A30A0A65E8FEB65EBA488292BA76A0FF19304F01087AD41DC61E1DF39A640C750
              Function 00007FFD9B8A3445 Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d19ef40367098f83c70c4a9dc1136c585ecfcf797b17407554c21b4c08eade27
              • Instruction ID: c83617de1a3e79f45d21531ffba1a72e63bead09820b98901b3d05eacfbad9ed
              • Opcode Fuzzy Hash: d19ef40367098f83c70c4a9dc1136c585ecfcf797b17407554c21b4c08eade27
              • Instruction Fuzzy Hash: D1214A30A0A64E8FDB69DFA4C8656BD7AA4FF19304F1104BED41DC21A1DA39A650C710
              Function 00007FFD9B8A0A01 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 33ee18eaa2541cb30b71de8f7831372cc9c15b195e1a19996237e561f17790a9
              • Instruction ID: e783fb696ead72ad62ba3b2d1e4b2c91573ca820f993427bbdb176b155cf1604
              • Opcode Fuzzy Hash: 33ee18eaa2541cb30b71de8f7831372cc9c15b195e1a19996237e561f17790a9
              • Instruction Fuzzy Hash: DD11B230E1A50E4FE790EBA888595BD77E1FF58700F4146B6D41CC70A6EE34B6448710
              Function 00007FFD9B8A1F49 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c8aad137f18fa9631a5423cccf119149083f743934f8ac3a598bb89e0cfa82f
              • Instruction ID: 0139d5da6d25ad4e0c47e0768f49ccbbd3af27e77f911db58c4db5279e159b47
              • Opcode Fuzzy Hash: 7c8aad137f18fa9631a5423cccf119149083f743934f8ac3a598bb89e0cfa82f
              • Instruction Fuzzy Hash: A3119E01A4F6C65EDB2367B948744616FA05F07224B2E46FBD0D8CF0E3DA08594AC322
              Function 00007FFD9B8A112D Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c0c030c373e65fc2f3bf4b708c762f645c8bb7cda05a9e92ea4a249bb978dcfc
              • Instruction ID: 7446c5b2aead9cdb51a3c68921d8ebfd44941a6990e2bd001e0d1b702b5836a2
              • Opcode Fuzzy Hash: c0c030c373e65fc2f3bf4b708c762f645c8bb7cda05a9e92ea4a249bb978dcfc
              • Instruction Fuzzy Hash: 59110870E0EA4E4EEB6AAB68C8786B97FE0FF5A314F0116BED019C61E1DF256540C710
              Function 00007FFD9B8A2DB1 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b47a9e3482ec05453f5d69bb32280874cad14e36dd024b7315cdc5d11cbb3daa
              • Instruction ID: 5e786fdf803e11aa655322abe3e3585799ae5ccc8b9ab27cc464a96aea236a11
              • Opcode Fuzzy Hash: b47a9e3482ec05453f5d69bb32280874cad14e36dd024b7315cdc5d11cbb3daa
              • Instruction Fuzzy Hash: 9D01A230A0A10E8FE761EFA4C5596A97BE1EF19310F0649B6C40CC71B7EE38E5818710
              Function 00007FFD9B8A05D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a7da57e47d30838fbc07347e51bfae0c1918d163a558c67cd996801b444e27ca
              • Instruction ID: 45dc3b22a06f316554dd12a2e5a52d69d31ffbc87a5558778bcf40f2c89c3ef5
              • Opcode Fuzzy Hash: a7da57e47d30838fbc07347e51bfae0c1918d163a558c67cd996801b444e27ca
              • Instruction Fuzzy Hash: B6019E30A4A50E8FEB68EF64C0656B977A1FF5E304F11047ED40EC21A5CA36A650CB50
              Function 00007FFD9B8A2E29 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eeca2d9e941a6257f07145a48bfc70129bc4879dc220aaed3e3f4e6722c8be7c
              • Instruction ID: 42118ed49a8c74f6ff8f475ab339526cb2ec2464115df208c7bc5533e533e76e
              • Opcode Fuzzy Hash: eeca2d9e941a6257f07145a48bfc70129bc4879dc220aaed3e3f4e6722c8be7c
              • Instruction Fuzzy Hash: 5701D430A0E64E4FE762EFB489685A93BE0EF1A300F0605B2D408C60B7DA28A6948710
              Function 00007FFD9B8A278D Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: beeddcd2ef57922e0220df8dcf656d50dc46d3f08792815b13f010e007aec014
              • Instruction ID: 4940267325a5b4a9e880eed3420e5a7534d7d6011825af61b31d3c936420ed16
              • Opcode Fuzzy Hash: beeddcd2ef57922e0220df8dcf656d50dc46d3f08792815b13f010e007aec014
              • Instruction Fuzzy Hash: 0F018430A1E64E8FE761EFB488695A97BE0FF59300F0645BAD40CC60A6EE34F6448B51
              Function 00007FFD9B8A0610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b08714521934624829fc4be4de468c7ef3f28359d6430389a5a6f5ec735ce46a
              • Instruction ID: ca5bce82ca9da0d93308afcb616d5c03d8b84dc2bb6a96a2e5129e1cfafe42cb
              • Opcode Fuzzy Hash: b08714521934624829fc4be4de468c7ef3f28359d6430389a5a6f5ec735ce46a
              • Instruction Fuzzy Hash: 33018130A1950ECAEB68EFA4C5686B973E0FF1C304F51087ED41EC61E5DE35B650CA10
              Function 00007FFD9B8A0608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 95a34adb396a657a05268b2b71c76191efd50f9362c04f7fb9d8172899633f5e
              • Instruction ID: b19d3ee9ef104a24c2171fc068fac4e2ac8bcad808a9c3ca17ca29d7fdbae3f1
              • Opcode Fuzzy Hash: 95a34adb396a657a05268b2b71c76191efd50f9362c04f7fb9d8172899633f5e
              • Instruction Fuzzy Hash: 68018630A1A50E8ADB68EFA4C5686B973E1FF1C304F11087ED41EC21E5DE35A250CB10
              Function 00007FFD9B8A1140 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b3c6ae801bc118f61fd4c3b7ff1501b6efd67dd2a9baded56b10c5feb7b58c1
              • Instruction ID: 89d7ad0f724e8bac58fbbe65a9c98711be34fea67353c823573ee3d5f664bad2
              • Opcode Fuzzy Hash: 2b3c6ae801bc118f61fd4c3b7ff1501b6efd67dd2a9baded56b10c5feb7b58c1
              • Instruction Fuzzy Hash: E7F0CD70F1E61E49FB656BA898643FA7BE4FF5A315F00157AD41DC10E1DF341214C651
              Function 00007FFD9B8A1BFD Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 25ff1c2852c487c384ff18bd1ee263c7b89887b47d7cf7939c1468df4c895ef2
              • Instruction ID: a678c46b6ae33513e9d5050bc14694dc905e08ca9d346fe0e8293587d89ddb18
              • Opcode Fuzzy Hash: 25ff1c2852c487c384ff18bd1ee263c7b89887b47d7cf7939c1468df4c895ef2
              • Instruction Fuzzy Hash: 8B01A470A0A68E8FEB65EF64C4656F97BA1FF5A300F4610BED80CC61A2DB399650C740
              Function 00007FFD9B8A05D0 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cccba308e054a72b3b889a9bc308392214b3e5dcdaea689efdb3dc5f8e75ff02
              • Instruction ID: 9a59c06145312286ff65f3ff8fbf49cd257c3fe282807071647679da7296fd84
              • Opcode Fuzzy Hash: cccba308e054a72b3b889a9bc308392214b3e5dcdaea689efdb3dc5f8e75ff02
              • Instruction Fuzzy Hash: A5F0F630A0A65E8FEB68FF64D4256FA77A4FF1A308F01047AE80DC30E1DA35A660C740
              Function 00007FFD9B8A271D Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: acf354c8a0d0bdb1ea1f0d82dd697f496413eaa308fc91e3dca83e663c765e9e
              • Instruction ID: c6e16099f2ccd86971438660903d6b96cd540fc0ab9ef3655b7132697d54c484
              • Opcode Fuzzy Hash: acf354c8a0d0bdb1ea1f0d82dd697f496413eaa308fc91e3dca83e663c765e9e
              • Instruction Fuzzy Hash: 0FF0F630A0E78E8FEB699F6888241A93BA0FF09300F4105BED419C51E2DB38A640CB01
              Function 00007FFD9B8A26A9 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a70346a48f3ba45eb1c49b459cdc300c7373d7d012349690f7d3dd8aa7773e7
              • Instruction ID: 47d474765b6f2a9cfb03ac8d35c899a9a4408f3e1a20998c39adc50bed8d535b
              • Opcode Fuzzy Hash: 3a70346a48f3ba45eb1c49b459cdc300c7373d7d012349690f7d3dd8aa7773e7
              • Instruction Fuzzy Hash: 68F0683194F78D8FDB699FA489391A93BA0FF1A204F4604FAD409C60E2DA285554C711
              Function 00007FFD9B8A0F49 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 80302c5fc1069609e2b1b97859f6ba0a38e6cdb1bebfc6c6626abeb346b344a4
              • Instruction ID: 2095c38a99fa6325407bd2febc2529cb8875df23181a17aa372b92cce29600ff
              • Opcode Fuzzy Hash: 80302c5fc1069609e2b1b97859f6ba0a38e6cdb1bebfc6c6626abeb346b344a4
              • Instruction Fuzzy Hash: ACF01D30A1951ECAEB24DB44D860BBE77B1EB58301F1102B5C00DA32D5DE74AA858B90
              Function 00007FFD9B8A16A0 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d6cf9797388896da03f38a9e074d656f7ccc1dac019205c0e4e67546ed29bc1c
              • Instruction ID: b66de3eb33a3edc0d302bf477add3388e40ebb4e7e52ca267d462213c8bd173d
              • Opcode Fuzzy Hash: d6cf9797388896da03f38a9e074d656f7ccc1dac019205c0e4e67546ed29bc1c
              • Instruction Fuzzy Hash: 80E0ED20F0A48A4AEB7477998495674A1D19B4A314FBA8675F11DCA2F1EB2CEE82C211
              Function 00007FFD9B8A5FAD Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.1787654737.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffd9b8a0000_IfYiMMRuvSUMKHkp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 70f89900c4a550c0b6d56e75ab83a5f3c4806635babbb283db9a64e70a2ed321
              • Instruction ID: a42558b7368060be8c703fe0126c1c628ffe398c0f83fed18193ad7370e310ce
              • Opcode Fuzzy Hash: 70f89900c4a550c0b6d56e75ab83a5f3c4806635babbb283db9a64e70a2ed321
              • Instruction Fuzzy Hash: BAF0FE70909D5D8ECB64EB4C8CA46AA77B1FB58302F1101EAC00DE7291D6341B81CF10