Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ProductBOMpq_v4.xlsm

Overview

General Information

Sample name:ProductBOMpq_v4.xlsm
Analysis ID:1590598
MD5:588e6d97831f43a943ee268f00f99006
SHA1:d637a7ffeed63ab16c2ba3b88c9dd66ae8b47e48
SHA256:e833398f914087d210f8052de75b34b50f1223e4db18ac0702e8365406250f2b
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious Microsoft Office Child Process
Abnormal high CPU Usage
Contains long sleeps (>= 3 min)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Suspicious Copy From or To System Directory
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 7316 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 7616 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
    • Microsoft.Mashup.Container.Loader.exe (PID: 6792 cmdline: "C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe" 4776 5168 d1dbbb52-5203-4cfe-bbaf-bf859a3db82a 1 --logfile "C:\Users\user\AppData\Local\Temp\PowerQuery\ContainerLogs\2ee18436-5c13-4886-95c3-ae8d0045175c.log" MD5: 9CDBAE45CA2C8970C41746D9119CEAFB)
      • conhost.exe (PID: 7912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 5216 cmdline: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path L:\P-S_Test\Data\* -Destination C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\ -Force MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 3608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7132 cmdline: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\* -Destination L:\P-S_Test\Data\ -Force MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 4208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Suspicious Microsoft Office Child Process
Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path L:\P-S_Test\Data\* -Destination C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\ -Force, CommandLine: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path L:\P-S_Test\Data\* -Destination C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\ -Force, CommandLine|base64offset|contains: &, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, ParentProcessId: 7316, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path L:\P-S_Test\Data\* -Destination C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\ -Force, ProcessId: 5216, ProcessName: powershell.exe
Sigma detected: Suspicious Copy From or To System Directory
Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path L:\P-S_Test\Data\* -Destination C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\ -Force, CommandLine: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path L:\P-S_Test\Data\* -Destination C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\ -Force, CommandLine|base64offset|contains: &, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, ParentProcessId: 7316, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path L:\P-S_Test\Data\* -Destination C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\ -Force, ProcessId: 5216, ProcessName: powershell.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path L:\P-S_Test\Data\* -Destination C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\ -Force, CommandLine: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path L:\P-S_Test\Data\* -Destination C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\ -Force, CommandLine|base64offset|contains: &, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, ParentProcessId: 7316, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path L:\P-S_Test\Data\* -Destination C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\ -Force, ProcessId: 5216, ProcessName: powershell.exe
Sigma detected: Office Macro File Creation
Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, ProcessId: 7316, TargetFilename: C:\Users\user\Desktop\~$ProductBOMpq_v4.xlsm

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://login.microsoftonline.de/common/oauth2/authorizeAvira URL Cloud: Label: phishing
Source: https://login.microsoftonline.de/common/oauth2/tokenAvira URL Cloud: Label: phishing
Source: https://login.microsoftonline.de/Avira URL Cloud: Label: phishing
Source: https://login.microsoftonline.deAvira URL Cloud: Label: phishing
Source: https://login.microsoftonline.de/common/oauth2/logoutAvira URL Cloud: Label: phishing
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior

Software Vulnerabilities

barindex
Document exploit detected (process start blacklist hit)
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
Source: global trafficDNS query: name: 171.39.242.20.in-addr.arpa
Source: global trafficDNS query: name: 197.87.175.4.in-addr.arpa
Source: global trafficTCP traffic: 192.168.2.4:56007 -> 162.159.36.2:53
Source: global trafficTCP traffic: 162.159.36.2:53 -> 192.168.2.4:56007
Source: global trafficTCP traffic: 192.168.2.4:56007 -> 162.159.36.2:53
Source: global trafficTCP traffic: 162.159.36.2:53 -> 192.168.2.4:56007
Source: global trafficTCP traffic: 192.168.2.4:56007 -> 162.159.36.2:53
Source: global trafficTCP traffic: 162.159.36.2:53 -> 192.168.2.4:56007
Source: global trafficTCP traffic: 192.168.2.4:56007 -> 162.159.36.2:53
Source: excel.exeMemory has grown: Private usage: 2MB later: 186MB
Source: global trafficTCP traffic: 192.168.2.4:56007 -> 162.159.36.2:53
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
Source: global trafficDNS traffic detected: DNS query: 197.87.175.4.in-addr.arpa
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://analyticsadmin.googleapis.com
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://analyticsdata.googleapis.com
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://analyticsreporting.googleapis.com
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api-dogfood.resources.windows-int.net
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hybridproxy.int.powerbi-int.com
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hybridproxy.int2.powerbi-int.com
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hybridproxy.powerbi.com
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login-us.microsoftonline.com
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login-us.microsoftonline.com/
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.chinacloudapi.cn
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.chinacloudapi.cn/
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.chinacloudapi.cn/common/oauth2/authorize
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.chinacloudapi.cn/common/oauth2/logout
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.chinacloudapi.cn/common/oauth2/token
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.de
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.de/
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.de/common/oauth2/authorize
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.de/common/oauth2/logout
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.de/common/oauth2/token
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.us
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.us/
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.us/common/oauth2/authorize
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.us/common/oauth2/logout
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.us/common/oauth2/token
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.partner.microsoftonline.cn
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.partner.microsoftonline.cn/
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/common/oauth2/logout
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/common/oauth2/token
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/logout
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/token
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://management.azure.com
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://management.core.windows.net/
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://marketing-infra.dynamics.com/
Source: Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/analytics.readonly
Source: C:\Windows\splwow64.exeProcess Stats: CPU usage > 49%
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091ACFD09_2_091ACFD0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091ACFC89_2_091ACFC8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A10A89_2_091A10A8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091C22D09_2_091C22D0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091C22C09_2_091C22C0
Source: classification engineClassification label: mal56.expl.winXLSM@12/9@2/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$ProductBOMpq_v4.xlsmJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3608:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7912:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4208:120:WilError_03
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{48E3E2E7-3656-40A5-AE62-478051A6D916} - OProcSessId.datJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe "C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe" 4776 5168 d1dbbb52-5203-4cfe-bbaf-bf859a3db82a 1 --logfile "C:\Users\user\AppData\Local\Temp\PowerQuery\ContainerLogs\2ee18436-5c13-4886-95c3-ae8d0045175c.log"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path L:\P-S_Test\Data\* -Destination C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\ -Force
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\* -Destination L:\P-S_Test\Data\ -Force
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe "C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe" 4776 5168 d1dbbb52-5203-4cfe-bbaf-bf859a3db82a 1 --logfile "C:\Users\user\AppData\Local\Temp\PowerQuery\ContainerLogs\2ee18436-5c13-4886-95c3-ae8d0045175c.log"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path L:\P-S_Test\Data\* -Destination C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\ -ForceJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\* -Destination L:\P-S_Test\Data\ -ForceJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: c2r32.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: msvcp140.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: mscoree.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: vcruntime140.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: odbc32.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeSection loaded: dpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{BE619240-2E03-45AD-8A6A-97CF55210619}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEAutomated click: OK
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEAutomated click: OK
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEAutomated click: OK
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEAutomated click: OK
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_04DC654A push eax; ret 9_2_04DC6561
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_04DC0E61 push 0C072B03h; ret 9_2_04DC0E6D
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_04DCCFCD push ebx; iretd 9_2_04DCCFDA
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A59C0 push es; ret 9_2_091A59D6
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A59E0 push es; ret 9_2_091A59F6
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A5B00 push es; ret 9_2_091A5B16
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A5B61 push es; ret 9_2_091A5B76
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A5B81 push es; ret 9_2_091A5B96
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A5BA0 push es; ret 9_2_091A5BB6
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A5BC1 push es; ret 9_2_091A5B96
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A5BE0 push es; ret 9_2_091A5BF6
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A5A20 push es; ret 9_2_091A5A36
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A5A40 push es; ret 9_2_091A5A56
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A5A60 push es; ret 9_2_091A5A76
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A5A80 push es; ret 9_2_091A5A96
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A5AA1 push es; ret 9_2_091A5AB6
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A5AC1 push es; ret 9_2_091A5AD6
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A5AE1 push es; ret 9_2_091A5AF6
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A5C00 push es; ret 9_2_091A5C16
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091A5C21 push es; ret 9_2_091A5C36
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091ADF00 push es; ret 9_2_091ADF16
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091ADF00 push es; ret 9_2_091ADF36
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091ADF20 push es; ret 9_2_091ADF36
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091ADF40 push es; ret 9_2_091ADF56
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091ADF80 push es; ret 9_2_091ADF96
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091ADFA0 push es; ret 9_2_091ADFB6
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091AE160 push es; ret 9_2_091AE176
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091AE181 push es; ret 9_2_091AE196
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091AE1A0 push es; ret 9_2_091AE1B6
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091AE1C0 push es; ret 9_2_091AE1D6
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeCode function: 9_2_091AE1E1 push es; ret 9_2_091AE1F6
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 2509Jump to behavior
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 7381Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeWindow / User API: threadDelayed 3934
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeWindow / User API: threadDelayed 5337
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3450
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1915
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3868
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2262
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe TID: 8072Thread sleep time: -26747778906878833s >= -30000s
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe TID: 2568Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe TID: 2516Thread sleep count: 3934 > 30
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe TID: 2516Thread sleep count: 5337 > 30
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe TID: 2568Thread sleep count: 54 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4144Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8188Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 600Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2304Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess token adjusted: DebugJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Shims.dll VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.Library45.dll VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
Exploitation for Client Execution		1
DLL Side-Loading		1
Process Injection		2
Masquerading		OS Credential Dumping1
Process Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		21
Virtualization/Sandbox Evasion		LSASS Memory21
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets13
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Extra Window Memory Injection		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1590598 Sample: ProductBOMpq_v4.xlsm Startdate: 14/01/2025 Architecture: WINDOWS Score: 56 24 shed.dual-low.s-part-0017.t-0009.t-msedge.net 2->24 26 s-part-0017.t-0009.t-msedge.net 2->26 28 2 other IPs or domains 2->28 30 Antivirus detection for URL or domain 2->30 32 Document exploit detected (process start blacklist hit) 2->32 34 Sigma detected: Suspicious Microsoft Office Child Process 2->34 8 EXCEL.EXE 224 114 2->8         started        signatures3 process4 process5 10 Microsoft.Mashup.Container.Loader.exe 8->10         started        12 powershell.exe 8->12         started        14 powershell.exe 8->14         started        16 splwow64.exe 8->16         started        process6 18 conhost.exe 10->18         started        20 conhost.exe 12->20         started        22 conhost.exe 14->22         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api-dogfood.resources.windows-int.net0%Avira URL Cloudsafe
https://hybridproxy.powerbi.com0%Avira URL Cloudsafe
https://login.microsoftonline.de/common/oauth2/authorize100%Avira URL Cloudphishing
https://login.microsoftonline.de/common/oauth2/token100%Avira URL Cloudphishing
https://hybridproxy.int.powerbi-int.com0%Avira URL Cloudsafe
https://hybridproxy.int2.powerbi-int.com0%Avira URL Cloudsafe
https://login.microsoftonline.de/100%Avira URL Cloudphishing
https://login.microsoftonline.de100%Avira URL Cloudphishing
https://marketing-infra.dynamics.com/0%Avira URL Cloudsafe
https://login.microsoftonline.de/common/oauth2/logout100%Avira URL Cloudphishing

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    s-part-0017.t-0009.t-msedge.net
    		13.107.246.45
    		truefalse
      		high
      171.39.242.20.in-addr.arpa
      		unknown
      		unknownfalse
        		high
        197.87.175.4.in-addr.arpa
        		unknown
        		unknownfalse
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://management.azure.comMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            https://login.microsoftonline.com/Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://login.windows.netMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://hybridproxy.int2.powerbi-int.comMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://hybridproxy.int.powerbi-int.comMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://login.microsoftonline.us/common/oauth2/tokenMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://login.windows-ppe.net/common/oauth2/authorizeMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://login.microsoftonline.de/common/oauth2/authorizeMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    https://login.chinacloudapi.cn/common/oauth2/logoutMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://login-us.microsoftonline.com/Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://api-dogfood.resources.windows-int.netMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://login.chinacloudapi.cnMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://login-us.microsoftonline.comMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://login.windows-ppe.netMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://login.microsoftonline.us/common/oauth2/logoutMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://login.microsoftonline.usMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://login.windows.net/Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://login.microsoftonline.comMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://login.microsoftonline.de/Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: phishing
                                      		unknown
                                      https://login.windows-ppe.net/common/oauth2/logoutMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://login.microsoftonline.de/common/oauth2/tokenMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: phishing
                                        		unknown
                                        https://login.windows.net/common/oauth2/tokenMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://login.chinacloudapi.cn/common/oauth2/tokenMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://login.windows-ppe.net/common/oauth2/tokenMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://login.windows.net/common/oauth2/logoutMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://marketing-infra.dynamics.com/Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://login.partner.microsoftonline.cn/Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://login.microsoftonline.de/common/oauth2/logoutMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: phishing
                                                  		unknown
                                                  https://login.windows.net/common/oauth2/authorizeMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://login.microsoftonline.us/Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://hybridproxy.powerbi.comMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://login.chinacloudapi.cn/common/oauth2/authorizeMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://login.chinacloudapi.cn/Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://login.microsoftonline.deMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: phishing
                                                          		unknown
                                                          https://login.microsoftonline.us/common/oauth2/authorizeMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://login.windows-ppe.net/Microsoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://login.partner.microsoftonline.cnMicrosoft.Mashup.Container.Loader.exe, 00000009.00000002.7164141496.0000000004FD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high

                                                                World Map of Contacted IPs

                                                                No contacted IP infos

                                                                General Information

                                                                Joe Sandbox version:42.0.0 Malachite
                                                                Analysis ID:1590598
                                                                Start date and time:2025-01-14 10:37:38 +01:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 13m 8s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Number of analysed new started processes analysed:17
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Sample name:ProductBOMpq_v4.xlsm
                                                                Detection:MAL
                                                                Classification:mal56.expl.winXLSM@12/9@2/0
                                                                EGA Information:Failed
                                                                HCA Information:
                                                                • Successful, ratio: 100%
                                                                • Number of executed functions: 244
                                                                • Number of non-executed functions: 7
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .xlsm
                                                                • Found Word or Excel or PowerPoint or XPS Viewer
                                                                • Attach to Office via COM
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object
                                                                • Active Button Object

                                                                Warnings

                                                                • Max analysis timeout: 600s exceeded, the analysis took too long
                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe, MavInject32.exe
                                                                • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.109.76.243, 52.113.194.132, 2.23.242.162, 199.232.214.172, 2.23.246.101, 20.189.173.25, 52.168.112.66, 40.126.32.138, 172.202.163.200, 20.242.39.171, 4.175.87.197, 4.245.163.56, 13.107.246.45
                                                                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, e13678.dscb.akamaiedge.net, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, neu-azsc-000.roaming.officeapps.live.com, ecs-office.s-0005.s-msedge.net, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, roaming.officeapps.live.com, www.microsoft.com-c-3.edgekey.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, onedscolprdeus01.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microso
                                                                • Execution Graph export aborted for target Microsoft.Mashup.Container.Loader.exe, PID 6792 because it is empty
                                                                • Not all processes where analyzed, report is missing behavior information
                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                • Report size getting too big, too many NtCreateFile calls found.
                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                04:38:32API Interceptor33032311x Sleep call for process: splwow64.exe modified
                                                                04:39:39API Interceptor7x Sleep call for process: powershell.exe modified

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                No context

                                                                Domains

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                s-part-0017.t-0009.t-msedge.netRFQ____PC25-1301.xlsxGet hashmaliciousUnknownBrowse
                                                                • 13.107.246.45
                                                                Signature Required_ Retail Technology Asia Employee Benefit for eddie.chan@rtasia.com.hk.emlGet hashmaliciousUnknownBrowse
                                                                • 13.107.246.45
                                                                RFQ____PC25-1301.xlsxGet hashmaliciousUnknownBrowse
                                                                • 13.107.246.45
                                                                https://Rtasia-sharepoint.zonivarnoth.ru/ITb4aThU/#Deddie.chan@rtasia.com.hkGet hashmaliciousUnknownBrowse
                                                                • 13.107.246.45
                                                                RFQ____PC25-1301.xlsxGet hashmaliciousUnknownBrowse
                                                                • 13.107.246.45
                                                                RFQ____PC25-1301.xlsxGet hashmaliciousUnknownBrowse
                                                                • 13.107.246.45
                                                                yTRd6nkLWV.exeGet hashmaliciousLummaCBrowse
                                                                • 13.107.246.45
                                                                009.vbeGet hashmaliciousAgentTeslaBrowse
                                                                • 13.107.246.45
                                                                http://bebizicon.com/Campususa/index.xml#?email=b2xpdmllci5kb3phdEBpbm5vY2FwLmNvbQ==Get hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                • 13.107.246.45
                                                                https://iyztciuamr.cfolks.pl/ppGet hashmaliciousUnknownBrowse
                                                                • 13.107.246.45
                                                                bg.microsoft.map.fastly.net17201670993971103.jsGet hashmaliciousStrela DownloaderBrowse
                                                                • 199.232.214.172
                                                                Scanned-IMGS_from NomanGroup IDT.scr.exeGet hashmaliciousFormBookBrowse
                                                                • 199.232.210.172
                                                                12.exeGet hashmaliciousUnknownBrowse
                                                                • 199.232.214.172
                                                                UoEDaAjHGW.exeGet hashmaliciousPureLog Stealer, QuasarBrowse
                                                                • 199.232.210.172
                                                                PRODUKTY.EXE.exeGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                                • 199.232.210.172
                                                                2330118683179179335.jsGet hashmaliciousStrela DownloaderBrowse
                                                                • 199.232.210.172
                                                                G7T8lHJWWM.exeGet hashmaliciousLummaCBrowse
                                                                • 199.232.210.172
                                                                009.vbeGet hashmaliciousAgentTeslaBrowse
                                                                • 199.232.210.172
                                                                577119676170175151.jsGet hashmaliciousStrela DownloaderBrowse
                                                                • 199.232.210.172
                                                                RFQ.exeGet hashmaliciousQuasar, PureLog StealerBrowse
                                                                • 199.232.210.172

                                                                ASNs

                                                                No context

                                                                JA3 Fingerprints

                                                                No context

                                                                Dropped Files

                                                                No context

                                                                Created / dropped Files

                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):118
                                                                Entropy (8bit):3.5700810731231707
                                                                Encrypted:false
                                                                SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                MD5:573220372DA4ED487441611079B623CD
                                                                SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                Malicious:false
                                                                Reputation:high, very likely benign file
                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                Download File
                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):1244
                                                                Entropy (8bit):5.373715678972722
                                                                Encrypted:false
                                                                SSDEEP:24:3SfWSKco4KmZjKbm51s4RPT6moUebIKo+mZ9tXt/NK3R8qrn:yWSU4xymI4RfoUeW+mZ9tlNWR8qz
                                                                MD5:EC11C84C1A32AF3D7D5AFB7B8F779352
                                                                SHA1:973BEAB86B45A90CF71BC8CE0C9117B6CE438A32
                                                                SHA-256:58ABAEFB2EB44D7DFA9EB9D7C26A7874F8E8C88282C1612771B8830D2521224E
                                                                SHA-512:5F813A128D375CD86439A7EA0A003BC7A66DF3BF37587C665E0E88CEC65CBB7DCCDA20B8390CE457049A9A4F117556710DBE028543B5210DEF90AE31B0924AFE
                                                                Malicious:false
                                                                Preview:@...e.................................:..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.D....................+.H..!...e........System.Configuration.Ins

                                                                C:\Users\user\AppData\Local\Temp\PowerQuery\ContainerLogs\2ee18436-5c13-4886-95c3-ae8d0045175c.log

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):666
                                                                Entropy (8bit):4.943378074773342
                                                                Encrypted:false
                                                                SSDEEP:12:CaiFc91x27UaiFyfEoCaiFnFaiFWTaiF1p1og8aiFNl1aiFy2aiFmxaiFeSy8miv:3ecFweMEo3ense3eqgleseyzemQeeSnT
                                                                MD5:AE630F6ACB63C4FE05347C3B430FAAE7
                                                                SHA1:62F51629561E98660D84C27E0D5F5AFECE7C7405
                                                                SHA-256:27B203013418A0DBC4A8DD5EEFEB294C9E308CD5D5A25621C53A36017AA62851
                                                                SHA-512:BFE37617D5D7C8758973B68838F5C210BCCC5702B4069459263AECB7334D409E26D39067FE506BF3B4CFE7EA05C9B62F61716E89A021312C597E58D09D9B10A6
                                                                Malicious:false
                                                                Preview:EvaluationContainerLoader.cpp(123): Container starting with arguments: 4776 5168 d1dbbb52-5203-4cfe-bbaf-bf859a3db82a 1..EvaluationContainerLoader.cpp(60): Enumerating .net runtimes..EvaluationContainerLoader.cpp(79): v2.0.50727..EvaluationContainerLoader.cpp(79): v4.0.30319..EvaluationContainerLoader.cpp(83): Found match..EvaluationContainerLoader.cpp(157): Loading runtime..EvaluationContainerLoader.cpp(171): Starting runtime..EvaluationContainerLoader.cpp(172): isSTA: 0..EvaluationContainerLoader.cpp(191): Executing managed entry point..Container Managed entry point has started..Container has started to run..Pipes were set up..Running the evaluation host..

                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_15jhgo3n.xew.psm1

                                                                Download File
                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                File Type:ASCII text, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):60
                                                                Entropy (8bit):4.038920595031593
                                                                Encrypted:false
                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                Malicious:false
                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jydfwiwp.atz.ps1

                                                                Download File
                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                File Type:ASCII text, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):60
                                                                Entropy (8bit):4.038920595031593
                                                                Encrypted:false
                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                Malicious:false
                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ono3pthy.3vk.ps1

                                                                Download File
                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                File Type:ASCII text, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):60
                                                                Entropy (8bit):4.038920595031593
                                                                Encrypted:false
                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                Malicious:false
                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xn1yr4lp.4to.psm1

                                                                Download File
                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                File Type:ASCII text, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):60
                                                                Entropy (8bit):4.038920595031593
                                                                Encrypted:false
                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                Malicious:false
                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\61040000 (copy)

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):66
                                                                Entropy (8bit):4.211158462077887
                                                                Encrypted:false
                                                                SSDEEP:3:xJOb71GaqAuon:xU8lo
                                                                MD5:AC855FD97496ABB7A0E1A3D36E21CF4A
                                                                SHA1:9A113D4CBEE5D5C5AD1227F5A83697AC787F9692
                                                                SHA-256:96689CF28517035C5ED24F229FBCA2E0D67BC22BF629DC997888288D6EC69321
                                                                SHA-512:E4E14700781F366575D30EC879921406443937D68C522C76CD1F48812EA3CCBE766036DE8730EEA8A268F7C1DB506726A9ABB94EB21F38ECFCD47D9F52DF8FF1
                                                                Malicious:false
                                                                Preview:Level.Product.Parent.Component.Qty_Per.ComponentOffset.CompCount..

                                                                C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\ProductBOMpq.txt

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):66
                                                                Entropy (8bit):4.211158462077887
                                                                Encrypted:false
                                                                SSDEEP:3:xJOb71GaqAuon:xU8lo
                                                                MD5:AC855FD97496ABB7A0E1A3D36E21CF4A
                                                                SHA1:9A113D4CBEE5D5C5AD1227F5A83697AC787F9692
                                                                SHA-256:96689CF28517035C5ED24F229FBCA2E0D67BC22BF629DC997888288D6EC69321
                                                                SHA-512:E4E14700781F366575D30EC879921406443937D68C522C76CD1F48812EA3CCBE766036DE8730EEA8A268F7C1DB506726A9ABB94EB21F38ECFCD47D9F52DF8FF1
                                                                Malicious:false
                                                                Preview:Level.Product.Parent.Component.Qty_Per.ComponentOffset.CompCount..

                                                                Static File Info

                                                                General

                                                                File type:Microsoft Excel 2007+
                                                                Entropy (8bit):7.976350486837494
                                                                TrID:
                                                                • Excel Microsoft Office Open XML Format document with Macro (52504/1) 54.97%
                                                                • Excel Microsoft Office Open XML Format document (35004/1) 36.65%
                                                                • ZIP compressed archive (8000/1) 8.38%
                                                                File name:ProductBOMpq_v4.xlsm
                                                                File size:588'253 bytes
                                                                MD5:588e6d97831f43a943ee268f00f99006
                                                                SHA1:d637a7ffeed63ab16c2ba3b88c9dd66ae8b47e48
                                                                SHA256:e833398f914087d210f8052de75b34b50f1223e4db18ac0702e8365406250f2b
                                                                SHA512:e58b33194405f8c6436e7ed87f9aa452534cb346a148a5d032f2c7cd3a5c1721d79f942818b1309ebab59924ae06ebf0fbaf3b9b46036c58f73f9c7275700cc0
                                                                SSDEEP:12288:aLB03Vn/mbs9M9wuseBXHyCnvtSuo+YHVYqbhGGr7euKNAVX:sin/mo69VsRCvMiyVvbAGObWX
                                                                TLSH:87C412099A59BE0CD25AE13CD42C12E0624DF366E822C41F7484F5AF5FC1A9BCB9E71D
                                                                File Content Preview:PK..........!.$..t\....#......[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                File Icon

                                                                Icon Hash:1d356664a4a09519

                                                                Network Behavior

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Jan 14, 2025 10:39:00.302836895 CET5600753192.168.2.4162.159.36.2
                                                                Jan 14, 2025 10:39:00.307655096 CET5356007162.159.36.2192.168.2.4
                                                                Jan 14, 2025 10:39:00.307821989 CET5600753192.168.2.4162.159.36.2
                                                                Jan 14, 2025 10:39:00.312668085 CET5356007162.159.36.2192.168.2.4
                                                                Jan 14, 2025 10:39:00.752464056 CET5600753192.168.2.4162.159.36.2
                                                                Jan 14, 2025 10:39:00.757582903 CET5356007162.159.36.2192.168.2.4
                                                                Jan 14, 2025 10:39:00.757625103 CET5600753192.168.2.4162.159.36.2

                                                                UDP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Jan 14, 2025 10:39:00.302162886 CET5350569162.159.36.2192.168.2.4
                                                                Jan 14, 2025 10:39:00.761936903 CET5480853192.168.2.41.1.1.1
                                                                Jan 14, 2025 10:39:00.770421028 CET53548081.1.1.1192.168.2.4
                                                                Jan 14, 2025 10:39:02.025655031 CET5354853192.168.2.41.1.1.1
                                                                Jan 14, 2025 10:39:02.033505917 CET53535481.1.1.1192.168.2.4

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Jan 14, 2025 10:39:00.761936903 CET192.168.2.41.1.1.10x9742Standard query (0)171.39.242.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                Jan 14, 2025 10:39:02.025655031 CET192.168.2.41.1.1.10x8737Standard query (0)197.87.175.4.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Jan 14, 2025 10:38:33.827028036 CET1.1.1.1192.168.2.40x1116No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                Jan 14, 2025 10:38:33.827028036 CET1.1.1.1192.168.2.40x1116No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                Jan 14, 2025 10:39:00.770421028 CET1.1.1.1192.168.2.40x9742Name error (3)171.39.242.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                Jan 14, 2025 10:39:02.033505917 CET1.1.1.1192.168.2.40x8737Name error (3)197.87.175.4.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                Jan 14, 2025 10:39:27.534903049 CET1.1.1.1192.168.2.40xc179No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                Jan 14, 2025 10:39:27.534903049 CET1.1.1.1192.168.2.40xc179No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                High Level Behavior Distribution

                                                                Click to dive into process behavior distribution

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Target ID:0
                                                                Start time:04:38:29
                                                                Start date:14/01/2025
                                                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                Imagebase:0x340000
                                                                File size:53'161'064 bytes
                                                                MD5 hash:4A871771235598812032C822E6F68F19
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:false

                                                                General

                                                                Target ID:3
                                                                Start time:04:38:32
                                                                Start date:14/01/2025
                                                                Path:C:\Windows\splwow64.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\splwow64.exe 12288
                                                                Imagebase:0x7ff6a98f0000
                                                                File size:163'840 bytes
                                                                MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:false

                                                                General

                                                                Target ID:9
                                                                Start time:04:39:30
                                                                Start date:14/01/2025
                                                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe" 4776 5168 d1dbbb52-5203-4cfe-bbaf-bf859a3db82a 1 --logfile "C:\Users\user\AppData\Local\Temp\PowerQuery\ContainerLogs\2ee18436-5c13-4886-95c3-ae8d0045175c.log"
                                                                Imagebase:0x7ff70f330000
                                                                File size:53'128 bytes
                                                                MD5 hash:9CDBAE45CA2C8970C41746D9119CEAFB
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low
                                                                Has exited:false

                                                                General

                                                                Target ID:11
                                                                Start time:04:39:30
                                                                Start date:14/01/2025
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7699e0000
                                                                File size:862'208 bytes
                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:false

                                                                General

                                                                Target ID:12
                                                                Start time:04:39:38
                                                                Start date:14/01/2025
                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path L:\P-S_Test\Data\* -Destination C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\ -Force
                                                                Imagebase:0xe30000
                                                                File size:433'152 bytes
                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:13
                                                                Start time:04:39:38
                                                                Start date:14/01/2025
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7699e0000
                                                                File size:862'208 bytes
                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:14
                                                                Start time:04:39:50
                                                                Start date:14/01/2025
                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -command Copy-Item -Path C:\Users\pisek.p\OneDrive - Exter BV\P-S_PlanCheckUp\Data\* -Destination L:\P-S_Test\Data\ -Force
                                                                Imagebase:0xe30000
                                                                File size:433'152 bytes
                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:15
                                                                Start time:04:39:50
                                                                Start date:14/01/2025
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7699e0000
                                                                File size:862'208 bytes
                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                Disassembly

                                                                Reset < >

                                                                  Executed Functions

                                                                  Function 04DCBAE0 Relevance: 7.7, Strings: 6, Instructions: 221COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: (bq$(bq$(bq$(bq$(bq$Hbq
                                                                  • API String ID: 0-3757352136
                                                                  • Opcode ID: 7ee5d4042840319caf43c908b5e9f7c9deb4c8f0d03acc062e3a427e7941ec64
                                                                  • Instruction ID: feff4771225f26f08739575fec120e79eb95d2745d71fb5c002fed0e55a72c68
                                                                  • Opcode Fuzzy Hash: 7ee5d4042840319caf43c908b5e9f7c9deb4c8f0d03acc062e3a427e7941ec64
                                                                  • Instruction Fuzzy Hash: B461F5307042659FC70AAF79E81066EBBB6EFC5310B24846AD805DB391CE35ED06C7A5
                                                                  Function 04DC5C75 Relevance: 3.9, Strings: 3, Instructions: 193COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: TJcq$Te^q$S
                                                                  • API String ID: 0-3259366094
                                                                  • Opcode ID: d14a7e17a5a4695cfdeffd9d9ac4efd4f2cb04f47a223d104fa8ad09308d9e4e
                                                                  • Instruction ID: 26c1dfe21dba2fbff7fe2f15a27f9807030f75073d3dab85356d9151a81d9db6
                                                                  • Opcode Fuzzy Hash: d14a7e17a5a4695cfdeffd9d9ac4efd4f2cb04f47a223d104fa8ad09308d9e4e
                                                                  • Instruction Fuzzy Hash: 43714A34B002169FCB14DFA8D598A9EBBF2EF88314F248559E805AB355CB34FD45CBA0
                                                                  Function 04DC22A0 Relevance: 3.9, Strings: 3, Instructions: 124COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 4'^q$8cq$TJcq
                                                                  • API String ID: 0-2515257690
                                                                  • Opcode ID: a2441671e02065bdd758c91959207ee1ddd12318d10c4959fe0aafb90ea3f65a
                                                                  • Instruction ID: fbe7b6425be51cdd0304ffa19b49bb7b76431fcd0ba46a136282170aa56eebdd
                                                                  • Opcode Fuzzy Hash: a2441671e02065bdd758c91959207ee1ddd12318d10c4959fe0aafb90ea3f65a
                                                                  • Instruction Fuzzy Hash: 62419D30700205AFD715EF69D658BAEBBA2FB88304F14456CD8469B3A0CB75AD49CBA1
                                                                  Function 04DCE10A Relevance: 3.9, Strings: 3, Instructions: 102COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 4'^q$`Q^q$`_q
                                                                  • API String ID: 0-1700966081
                                                                  • Opcode ID: 1d7768b793b0f38216eb821bde899ca39375d408d24762f011e592c57f5f4670
                                                                  • Instruction ID: 0ff0c0750844ecddc80655278c50ea708ddd72d4697146384e43153dff4924c4
                                                                  • Opcode Fuzzy Hash: 1d7768b793b0f38216eb821bde899ca39375d408d24762f011e592c57f5f4670
                                                                  • Instruction Fuzzy Hash: 05319275B002099FCB04EF74D9545AEBBB6FF84309B1045A9E405EB3A1DF31AD45CBA1
                                                                  Function 04DCE118 Relevance: 3.8, Strings: 3, Instructions: 71COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 4'^q$`Q^q$`_q
                                                                  • API String ID: 0-1700966081
                                                                  • Opcode ID: b2e7ee07ebea9be9430ef521a3282497813ece6378137afe72573b3ecd0ff00e
                                                                  • Instruction ID: 229d451f3dc3efd54eeae92b76a1cad166746406f45f33c681ceea76a914d73c
                                                                  • Opcode Fuzzy Hash: b2e7ee07ebea9be9430ef521a3282497813ece6378137afe72573b3ecd0ff00e
                                                                  • Instruction Fuzzy Hash: 26215674B002099FCB04EF78D5589AE77B6FF84308F104868E515AB365DF35AD45CB61
                                                                  Function 04DCF641 Relevance: 2.6, Strings: 2, Instructions: 74COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: tP^q$tP^q
                                                                  • API String ID: 0-309238000
                                                                  • Opcode ID: e1a9a07768d2714ad9c9dc7db54fb04713f8becf2ad72d7dd835638d35768a91
                                                                  • Instruction ID: 6d177444ef88d904852365c0c79b98db77e893e93d84614e7a3e6adeeef54804
                                                                  • Opcode Fuzzy Hash: e1a9a07768d2714ad9c9dc7db54fb04713f8becf2ad72d7dd835638d35768a91
                                                                  • Instruction Fuzzy Hash: 6F21CF707101148FDB04EB38D418A6D7BF6EF8A718F1040ADE906CB3A1DA75AC00CBA0
                                                                  Function 04DCF650 Relevance: 2.6, Strings: 2, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: tP^q$tP^q
                                                                  • API String ID: 0-309238000
                                                                  • Opcode ID: 02e8a4a3a9c8e76d9ac3ae576ae115d55a87054f45f55685de0e7474c40902c4
                                                                  • Instruction ID: 62cdd56acde31794150d8ed18a997eb177671e1c96240670bda1a38df81704fd
                                                                  • Opcode Fuzzy Hash: 02e8a4a3a9c8e76d9ac3ae576ae115d55a87054f45f55685de0e7474c40902c4
                                                                  • Instruction Fuzzy Hash: FF21AF747101148FDB04EB78E459A6D7BFAFF89718B1040ADE906CB3A1DB75AC04CBA0
                                                                  Function 04DC16E9 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: (bq
                                                                  • API String ID: 0-149360118
                                                                  • Opcode ID: eb85dc97675799a2b18edc5f41eafebba181b25973d5241184f53758527a94dc
                                                                  • Instruction ID: 1dc2fd4b86546721b944d87871818df4fd27aab379edba2d096a5fa96f14aacd
                                                                  • Opcode Fuzzy Hash: eb85dc97675799a2b18edc5f41eafebba181b25973d5241184f53758527a94dc
                                                                  • Instruction Fuzzy Hash: B471EE30A0422ADFDB05DF68C5547ACBBB2FF89300F148569E845AB396DB34AD45CFA1
                                                                  Function 04DC98A1 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: ,
                                                                  • API String ID: 0-3772416878
                                                                  • Opcode ID: 3fb0ecdadd7d2e44c35056b0917e0eebe663635ae1b004b1f91c54899ac8eac1
                                                                  • Instruction ID: 5174e1d7979d05161c8eb4e2eef1d0f32b9cee7c59951d12615982bccbc88886
                                                                  • Opcode Fuzzy Hash: 3fb0ecdadd7d2e44c35056b0917e0eebe663635ae1b004b1f91c54899ac8eac1
                                                                  • Instruction Fuzzy Hash: 84718B70B002059FCB15DF69D594A9EBBF2FF88314B1484A9E806EB365DB34ED45CBA0
                                                                  Function 04DC0868 Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $^q
                                                                  • API String ID: 0-388095546
                                                                  • Opcode ID: 9b44c8c90d9263a7880e17e7b0dd154dc10decd5fcbedb4ef7c9ab78b71657e5
                                                                  • Instruction ID: adfdf5ec2c0e6a81b14deb6cd620c1b74be9b0bc00f020dc1f7be20f7a648de0
                                                                  • Opcode Fuzzy Hash: 9b44c8c90d9263a7880e17e7b0dd154dc10decd5fcbedb4ef7c9ab78b71657e5
                                                                  • Instruction Fuzzy Hash: F651B370A00319EFDB15DFA9C88079EBBB6FF88300F10862DE555AB290DB74A945CB91
                                                                  Function 04DCBFC8 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: PH^q
                                                                  • API String ID: 0-2549759414
                                                                  • Opcode ID: 43dcccf28ea7f96be2fd27e9e3eaf149cb6b47e7119660198f8a354ad213867b
                                                                  • Instruction ID: 09647bb205f0b8e0eccd923847e2e518229f34dbda3ce160163cf295be323baf
                                                                  • Opcode Fuzzy Hash: 43dcccf28ea7f96be2fd27e9e3eaf149cb6b47e7119660198f8a354ad213867b
                                                                  • Instruction Fuzzy Hash: 304191357042099FCB05DF68D9849ADBBF1FF89314B1484A9E909DB361DB31ED45CBA0
                                                                  Function 04DC1767 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: (bq
                                                                  • API String ID: 0-149360118
                                                                  • Opcode ID: 1a19f040c8bf1f96d547844fb349af6e615ea496d211696922908469abd256af
                                                                  • Instruction ID: f34a60f7d30dca98218800574c463fe5b4d4bf85ade85f404290ee583c5514ea
                                                                  • Opcode Fuzzy Hash: 1a19f040c8bf1f96d547844fb349af6e615ea496d211696922908469abd256af
                                                                  • Instruction Fuzzy Hash: CE41B330A0021ADFDB09DFA8D04479CBBF2FF85304F248569D415AB2A5DB74AD41CFA1
                                                                  Function 04DC5E08 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: S
                                                                  • API String ID: 0-1321843395
                                                                  • Opcode ID: caa0f7a46c057b7e9831fe3000cceb4fec865e52fcc66521dafb52115b0a5c73
                                                                  • Instruction ID: abeb1791fcd2c4763790d327559dd54e9bf76cd2df1a6095f02f4875c02ffca0
                                                                  • Opcode Fuzzy Hash: caa0f7a46c057b7e9831fe3000cceb4fec865e52fcc66521dafb52115b0a5c73
                                                                  • Instruction Fuzzy Hash: 46310974700205AFCB14DF68D5A4A9EBBF6EF88264F148419E846AB794DB34FD44CB90
                                                                  Function 04DC5CAC Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: TJcq
                                                                  • API String ID: 0-1911830065
                                                                  • Opcode ID: f9985a66476759b54e2dc00557b88eae3ec7f05fe8987ba32e22db995707a9b2
                                                                  • Instruction ID: 9571d0b28246d370696c225195e864f9f526f07095dfe17447f131fce39a3e39
                                                                  • Opcode Fuzzy Hash: f9985a66476759b54e2dc00557b88eae3ec7f05fe8987ba32e22db995707a9b2
                                                                  • Instruction Fuzzy Hash: 5A311C30B002169FCB14DFA8D598A9EBBF2BF89304F248958D406AB355CB75BD45CF91
                                                                  Function 0922A943 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Q-
                                                                  • API String ID: 0-534226874
                                                                  • Opcode ID: 4d82315e72bcd4a49e3f0f2ada8c7506bcb3185bde08b7e855b50a7ddca19ced
                                                                  • Instruction ID: 289a6c64f7f1340c5b3419951b6fc927ea73e2516dfeaa89e2a8a2973ddea138
                                                                  • Opcode Fuzzy Hash: 4d82315e72bcd4a49e3f0f2ada8c7506bcb3185bde08b7e855b50a7ddca19ced
                                                                  • Instruction Fuzzy Hash: E521E278304201DFC714DF29E884A56B7EABF9C325321446AF586DB3A9CB71E842CB90
                                                                  Function 04DCB568 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: (bq
                                                                  • API String ID: 0-149360118
                                                                  • Opcode ID: 5dffc9d27f48574d863c6b954969e4c26dbd50693ba236c07800e7870f674e28
                                                                  • Instruction ID: 4289177af184baa1e7c3a74bab7cac8f67bf8fd19b450c1ee60c2402465db85c
                                                                  • Opcode Fuzzy Hash: 5dffc9d27f48574d863c6b954969e4c26dbd50693ba236c07800e7870f674e28
                                                                  • Instruction Fuzzy Hash: F011C4317482618FC7069B28E81545A7BA2EFC631130681ABD059CF7A2CA25FD06CBA1
                                                                  Function 04DC5BB9 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: +!
                                                                  • API String ID: 0-3727194539
                                                                  • Opcode ID: fae3454b1727a9075837e419a34a2e01d12bb1f2efc0e3b1ba18f69233a88feb
                                                                  • Instruction ID: 83f5ec3f3662670b9020f63e32b5834b8899cfbca1d9fc8d325e3b438c035c86
                                                                  • Opcode Fuzzy Hash: fae3454b1727a9075837e419a34a2e01d12bb1f2efc0e3b1ba18f69233a88feb
                                                                  • Instruction Fuzzy Hash: 00118BB1A00219ABCB04EFA9EA555ADBFF1EF88350F00852EE815E7344DF346D008FA1
                                                                  Function 04DCE052 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LR^q
                                                                  • API String ID: 0-2625958711
                                                                  • Opcode ID: 9afa050b72e9d87ff066b8946743c6f824d89a7a2aab5b1ab563809cd37e2a28
                                                                  • Instruction ID: bf6e92324f023bc05b503f65cc3b2956ba021395be3604a363e19b2e03e1bd59
                                                                  • Opcode Fuzzy Hash: 9afa050b72e9d87ff066b8946743c6f824d89a7a2aab5b1ab563809cd37e2a28
                                                                  • Instruction Fuzzy Hash: F6213634D05208DFCB05DFB4C58599DBBB2FF89305B2044A9D445A7350DB35AE41CF41
                                                                  Function 09225B41 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 3'
                                                                  • API String ID: 0-491100365
                                                                  • Opcode ID: 730aae189bfe0771cf123ad93a6ab2aa38e8a949c9d01c96aee57368ef3b37a8
                                                                  • Instruction ID: 2c62bd21eec8660cd98a727354b16a0599938af64feb8186b9d941a508def9fc
                                                                  • Opcode Fuzzy Hash: 730aae189bfe0771cf123ad93a6ab2aa38e8a949c9d01c96aee57368ef3b37a8
                                                                  • Instruction Fuzzy Hash: A5017C713002056FC311EA69DA40D5AF79AEB94218B408A38C02A8B365EF70E9498BE4
                                                                  Function 04DC5BC8 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: +!
                                                                  • API String ID: 0-3727194539
                                                                  • Opcode ID: 296e3a1befaee28e53419a21f35147b365f27b7dd4c4e4a3a1b3be70f848d126
                                                                  • Instruction ID: f48c1bfcdb878a3d4d65c43c98bacf6fb55b4f4e4727930990519dbbffd7b1ee
                                                                  • Opcode Fuzzy Hash: 296e3a1befaee28e53419a21f35147b365f27b7dd4c4e4a3a1b3be70f848d126
                                                                  • Instruction Fuzzy Hash: 49116AB0A00219ABCB04EFA9E6545ADBBF1EF89210F00852EE815E7344DF346C008FA4
                                                                  Function 04DCE060 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LR^q
                                                                  • API String ID: 0-2625958711
                                                                  • Opcode ID: b9edb5e7433e8c72a1e6402e01f12503ff140351ee51839c63328843ef86f98c
                                                                  • Instruction ID: 299c3f3d81e456523a1a0aca0c02edf1e09bcab66ed95f8b48928ba3edae67b7
                                                                  • Opcode Fuzzy Hash: b9edb5e7433e8c72a1e6402e01f12503ff140351ee51839c63328843ef86f98c
                                                                  • Instruction Fuzzy Hash: F5112874E01208DFCB04DFB9D28559DBBB2FF88305B2085A9D805A7354DB35AE42CF41
                                                                  Function 09225B50 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 3'
                                                                  • API String ID: 0-491100365
                                                                  • Opcode ID: 3ace46c4cbe19d4be2f56048503316b9e1f3b36c9c6cfd8a4787de9485f85c61
                                                                  • Instruction ID: 9a4498fdcf21dfbdd01c9c0a03f6907662d318121d4e65542547b8f6aa4e47c4
                                                                  • Opcode Fuzzy Hash: 3ace46c4cbe19d4be2f56048503316b9e1f3b36c9c6cfd8a4787de9485f85c61
                                                                  • Instruction Fuzzy Hash: DE018C713002046B8311EA69DA4085EF79AEF94218B408A38C12A8B368EF70FD498BF4
                                                                  Function 09226848 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: #b
                                                                  • API String ID: 0-4179944329
                                                                  • Opcode ID: 6c664f98d66531f1c2fb5ec2d8e54009edfad261b2f0c1a21ebf35af9dc55583
                                                                  • Instruction ID: 7767ac7610de5b3e43322023aec9d2896fc66be6dff6f4b328866c6290473c3a
                                                                  • Opcode Fuzzy Hash: 6c664f98d66531f1c2fb5ec2d8e54009edfad261b2f0c1a21ebf35af9dc55583
                                                                  • Instruction Fuzzy Hash: B8F0C2727002009FC314EB38D5809AEFBE6EFD5254B108979D06ACB730DB31AC098BA0
                                                                  Function 0922CFB3 Relevance: 1.3, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: ,o-
                                                                  • API String ID: 0-3520963020
                                                                  • Opcode ID: 0bb201c654c0334ec7bd3c893589264a9c472fbb39672e3cf1cdebca772b812d
                                                                  • Instruction ID: d0eb7f753332b5bf5174406da860a6886b5201363690236f04967cd4104fe142
                                                                  • Opcode Fuzzy Hash: 0bb201c654c0334ec7bd3c893589264a9c472fbb39672e3cf1cdebca772b812d
                                                                  • Instruction Fuzzy Hash: 0AF05874310200DFC714DF3CE980A0AB7EAAFDC21532080AAE10ADB365CB32EC02CB60
                                                                  Function 04DCA2C8 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 4'^q
                                                                  • API String ID: 0-1614139903
                                                                  • Opcode ID: b22d88c3f5bc83a9f3bb949894598a2c68edd7622bce7744d9412ea52ba63b46
                                                                  • Instruction ID: f05748d919fb8ea769cae05a11d0677c84264780e28921de227bf599fbc8195d
                                                                  • Opcode Fuzzy Hash: b22d88c3f5bc83a9f3bb949894598a2c68edd7622bce7744d9412ea52ba63b46
                                                                  • Instruction Fuzzy Hash: EBE080213086A25FC2076738B5120D8FF51DD411147458D56D4C48B565CF14199E83F6
                                                                  Function 09223488 Relevance: .3, Instructions: 302COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9dfe0f38e29206ccfce35cb7b4d8c1f05b37a137e3749268cae4d0001a4412e6
                                                                  • Instruction ID: 68f8e306db4c5ddc3f0294c2744f06f317ff01a258a4a5860b5c868cf9bec960
                                                                  • Opcode Fuzzy Hash: 9dfe0f38e29206ccfce35cb7b4d8c1f05b37a137e3749268cae4d0001a4412e6
                                                                  • Instruction Fuzzy Hash: 4FE10731D0065A8FCB10EF68C940689F7B2FF95314F21C79AD5587B250EB70AA8ACF90
                                                                  Function 09223480 Relevance: .3, Instructions: 274COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 055055e540ad2304b5189c2f78217a404977ce7de847785b1814e3f9e0ceee61
                                                                  • Instruction ID: 981c124f5004382d078b202273bef63e3f381cbb32bf7534194270053566bce1
                                                                  • Opcode Fuzzy Hash: 055055e540ad2304b5189c2f78217a404977ce7de847785b1814e3f9e0ceee61
                                                                  • Instruction Fuzzy Hash: 35D1F531D1061ACBDB20EF68C940689F7B2FF95314F21C799D5587B254EB70AA8ACF90
                                                                  Function 0922AB08 Relevance: .3, Instructions: 262COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4ecb9b8f731d140bea96126f00c2f74201ceb84bee985b4145d6d11649ebfa4d
                                                                  • Instruction ID: b77f1ff1b617f7a6571bd5e904cb1ff56837a3440aed64a261a4a5585dd62eb3
                                                                  • Opcode Fuzzy Hash: 4ecb9b8f731d140bea96126f00c2f74201ceb84bee985b4145d6d11649ebfa4d
                                                                  • Instruction Fuzzy Hash: B7A1F13155A7E09FD702AF3CD9A45C93FB0AE4722871940DBD4C0CF273D669988ACB99
                                                                  Function 09223B80 Relevance: .2, Instructions: 228COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 47e23d78e0683000cde83b492c7d272fa7241e30637bcd38a0cefeeea28b2373
                                                                  • Instruction ID: 7ff12df0f3c426e528b84c8a79f1dd18be12a0d1bc366e76e03fac5d44f17a8e
                                                                  • Opcode Fuzzy Hash: 47e23d78e0683000cde83b492c7d272fa7241e30637bcd38a0cefeeea28b2373
                                                                  • Instruction Fuzzy Hash: DF917F74B10215DFCB15DF68C584AAEBBF6FF88310B108569E4069B365DB34EC86CBA0
                                                                  Function 09224EE8 Relevance: .2, Instructions: 209COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1b0e4f2198b98bc6f08b558f1d9c62d1c2c309b1c058643c7d82bb641a695845
                                                                  • Instruction ID: 7a3987490725d107324b889ee11d32214e12a0a6d21122eba65d641e49bb60dc
                                                                  • Opcode Fuzzy Hash: 1b0e4f2198b98bc6f08b558f1d9c62d1c2c309b1c058643c7d82bb641a695845
                                                                  • Instruction Fuzzy Hash: 7D71AE31B112159FCB05DF68D8809AEB7F6FF89321B1584AAE516DB361DB31EC41CB90
                                                                  Function 0922A708 Relevance: .2, Instructions: 198COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7aab37780e533d1969741c0ff1034dec1e6fd8a9da18a759d58cd0b4fdf532b1
                                                                  • Instruction ID: c9a590ed79206a54c91ada868077e2d345a95c3b0a4aabbb9e41ae1cb2938eca
                                                                  • Opcode Fuzzy Hash: 7aab37780e533d1969741c0ff1034dec1e6fd8a9da18a759d58cd0b4fdf532b1
                                                                  • Instruction Fuzzy Hash: B761D335B10225DFCB04DF68D5449AEBBF6EF88310B1585AAE406DB7A1DB30EC42CB90
                                                                  Function 04DC98B0 Relevance: .2, Instructions: 185COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5476b002dd825b290ac2515cd22eafc22f6f8bd496a5f3ddc5c4ff355a82a444
                                                                  • Instruction ID: 10ed5c04bafb47180c8b4477946ed1a9c57b0dc1b9cff448c9962cc525a63055
                                                                  • Opcode Fuzzy Hash: 5476b002dd825b290ac2515cd22eafc22f6f8bd496a5f3ddc5c4ff355a82a444
                                                                  • Instruction Fuzzy Hash: 16716B70B002059FCB15DF69D594A9EBBF2FF88314B1484A9E806EB365DB34ED41CBA0
                                                                  Function 0922BEE0 Relevance: .2, Instructions: 154COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: eff84153502a1bac62231e9f42b600c92539ffb6e0c7747bb2d59c06628972d5
                                                                  • Instruction ID: a2fcff2fdd2f6c4787fe7bba3a3e574645bcf41f4237c82aa58f308e2cd54a30
                                                                  • Opcode Fuzzy Hash: eff84153502a1bac62231e9f42b600c92539ffb6e0c7747bb2d59c06628972d5
                                                                  • Instruction Fuzzy Hash: A9512A757046108FC719DF39D88891ABBF6EF8931071685AAE55ACB372DB30EC06CB50
                                                                  Function 092239D8 Relevance: .1, Instructions: 142COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 97d03d2e4586b4ad5c2dee0d7c3058aa1bacab9e644e925bfbf075037d8614af
                                                                  • Instruction ID: fcbffc9ff53fd4ae70606ef76ff1f6aec5adab9063d8752a4f99c98cdbc00b24
                                                                  • Opcode Fuzzy Hash: 97d03d2e4586b4ad5c2dee0d7c3058aa1bacab9e644e925bfbf075037d8614af
                                                                  • Instruction Fuzzy Hash: A3514A74B10615CFCB04DF68C98496EB7F2FF88714B1181A9E906AB365CB35EC42CBA0
                                                                  Function 091AE9AF Relevance: .1, Instructions: 137COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7173852816.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_91a0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1fa5697750302c26ce4c7157684f37dae6abe3241ab3a5ae8e6cd7e7b40e6151
                                                                  • Instruction ID: 301995adf9da8bff40a2d7015e19f4c02dabb5a92e94c6c1b054217f0ce81130
                                                                  • Opcode Fuzzy Hash: 1fa5697750302c26ce4c7157684f37dae6abe3241ab3a5ae8e6cd7e7b40e6151
                                                                  • Instruction Fuzzy Hash: 2241C5347403058FCB11EB79DA5265E7FE6EB86358B504538E01A9B394EFB4EC4A8BD0
                                                                  Function 092239D6 Relevance: .1, Instructions: 135COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d68128d4b51ec12bb14e3433c00f124ac2823f59e0da2391070ecbfdb7456c04
                                                                  • Instruction ID: 08ec8258afd37b5948c5dfd881850c9c0e934b87fa40c23b37cc2f0a0f4dcabc
                                                                  • Opcode Fuzzy Hash: d68128d4b51ec12bb14e3433c00f124ac2823f59e0da2391070ecbfdb7456c04
                                                                  • Instruction Fuzzy Hash: 5C513A74B10615CFC704DF68C98496EB7F6FF88714B1181A9E906AB325DB35EC46CBA0
                                                                  Function 0922BD18 Relevance: .1, Instructions: 130COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e4165f30b71081abcbebc9f9f9aea18b63231440dc77c7186a7921f317ef446
                                                                  • Instruction ID: 36a532ea3fbdfe978a19d3158f5dbcf0bb6da89f7f4cde58d1624a0da5229828
                                                                  • Opcode Fuzzy Hash: 0e4165f30b71081abcbebc9f9f9aea18b63231440dc77c7186a7921f317ef446
                                                                  • Instruction Fuzzy Hash: 7F41AE352046418FC319CF29D884DA6BBF5FF8A320B1585AAE55ACB772DB30EC41CB50
                                                                  Function 091AE9C0 Relevance: .1, Instructions: 128COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7173852816.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_91a0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: af57324d95054fb223f54cd94a8e769350fbc50de0d0776834d168bbaa956681
                                                                  • Instruction ID: b507cf2e018029d43f48f96dacbdb2472768ba10ff279aaf01cf303f73228251
                                                                  • Opcode Fuzzy Hash: af57324d95054fb223f54cd94a8e769350fbc50de0d0776834d168bbaa956681
                                                                  • Instruction Fuzzy Hash: 0841B5347402058FCB10EB69DA5165EBFE6EB85358F408538E11ADB394DF74EC098BD0
                                                                  Function 092242CD Relevance: .1, Instructions: 119COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b89c2d85a55051b60bd2c85cacaf0d15d7aba67079bec5aa8ba78ae9ab7991da
                                                                  • Instruction ID: 08dedd4e644eeb3b0c0371cefb6b29553ff060cd50f55a05f2fb2310c4d59554
                                                                  • Opcode Fuzzy Hash: b89c2d85a55051b60bd2c85cacaf0d15d7aba67079bec5aa8ba78ae9ab7991da
                                                                  • Instruction Fuzzy Hash: 66415934B102148FDB14EF78C5A8A9D7BF5EF89714F2140AAE406DB3B2DA749C46CB94
                                                                  Function 092261E8 Relevance: .1, Instructions: 117COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 310c7ad361c77b6811a3e11efef49332cd73af968fc8ff5956a75524bdf42b11
                                                                  • Instruction ID: c6f3df3390a19c61c38676abf43be243ce6edf110753b17802d1edcbd777a1fa
                                                                  • Opcode Fuzzy Hash: 310c7ad361c77b6811a3e11efef49332cd73af968fc8ff5956a75524bdf42b11
                                                                  • Instruction Fuzzy Hash: 18419A75B10219EFCB04DF68C595AADBBF2EF88314F10802AE516EB360CB359D41CB90
                                                                  Function 09229300 Relevance: .1, Instructions: 106COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 318dba271436ec3fdfbb9845a5bc6039d505f4b81df6cb9b4f433d073db66f2f
                                                                  • Instruction ID: b8a347a828ad2be0c5507d8f41032bf3a064a82a698ef8e39b93cb9931f7c0cf
                                                                  • Opcode Fuzzy Hash: 318dba271436ec3fdfbb9845a5bc6039d505f4b81df6cb9b4f433d073db66f2f
                                                                  • Instruction Fuzzy Hash: A041B374B10219DFCB04DF78D694AADBBF6AF88700F204568E406AB394DB75AC85CB91
                                                                  Function 09229161 Relevance: .1, Instructions: 102COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f92b1ddf048f3867f52f8650119988a72b146655cb9cd7d2574c700996b46c06
                                                                  • Instruction ID: d4a04c577e8aaf693cf50d1092805daa3ec8fade980477b35d69c2b85c9351da
                                                                  • Opcode Fuzzy Hash: f92b1ddf048f3867f52f8650119988a72b146655cb9cd7d2574c700996b46c06
                                                                  • Instruction Fuzzy Hash: 28416A75B502159FDB08DF78C955AADBBF2BF88700F154069E802EB365DB34AC41CB90
                                                                  Function 092292F0 Relevance: .1, Instructions: 100COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 647609d1c151a1b0c4bf20d9714e794fe79b8f4c0512ca0f3201d0a87583e404
                                                                  • Instruction ID: 728db231665404049f45403047a7d52321e7c177a815a64d9525377c68966f83
                                                                  • Opcode Fuzzy Hash: 647609d1c151a1b0c4bf20d9714e794fe79b8f4c0512ca0f3201d0a87583e404
                                                                  • Instruction Fuzzy Hash: D431A271A102099FCB14DF78D694A9DBBF6AF88704F204529E406EB3A4DB74EC85CB91
                                                                  Function 04DC0F40 Relevance: .1, Instructions: 100COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b179a6aae4c716020dc65df3c65dafdbaaf6965361b8dcd3ad7d9c438a662a66
                                                                  • Instruction ID: c70eb5513ddb202b17dbef92ae2791cab869433a53cd4ab823472372754a62e1
                                                                  • Opcode Fuzzy Hash: b179a6aae4c716020dc65df3c65dafdbaaf6965361b8dcd3ad7d9c438a662a66
                                                                  • Instruction Fuzzy Hash: FB41AD34B002058FCB45DF68D5889AEBBF6FF88300B108969E51ACB365DB34ED05CBA0
                                                                  Function 09229170 Relevance: .1, Instructions: 99COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 35ff3f9899f4a8bf71c4420ddae483139712dab8e1f79184a90eef300dffe0fe
                                                                  • Instruction ID: 14f5ed1c6361c54931e5903b962b5637ccf7ab6e3a4c99822d28499d32858a94
                                                                  • Opcode Fuzzy Hash: 35ff3f9899f4a8bf71c4420ddae483139712dab8e1f79184a90eef300dffe0fe
                                                                  • Instruction Fuzzy Hash: 2C316979B102159FDB08DF78C954AADBBF2AF88710F154069E802EB3A5DF35AC41CB90
                                                                  Function 09224C68 Relevance: .1, Instructions: 98COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e2d6ea1bae0fd8bd38d3dc79d179f2e0c3a8931bbdb738339c456d3798a5a0da
                                                                  • Instruction ID: 53b12c8eda4312d008a25659e092288bd2b46f385586e28c1f3529796c5343ae
                                                                  • Opcode Fuzzy Hash: e2d6ea1bae0fd8bd38d3dc79d179f2e0c3a8931bbdb738339c456d3798a5a0da
                                                                  • Instruction Fuzzy Hash: 9C31F0313442059FCB05EF18EA8099DBB55EF80318B20CA79D5198F369DB72E94F87E4
                                                                  Function 04DC7800 Relevance: .1, Instructions: 98COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 89392ffc68b24d5a5677b4153fe0b46337892c4767b4d4fa8e3d1659dd085fcd
                                                                  • Instruction ID: a725607c2cfc68e3645a35510335e8233ee6413fe2870c7d3ca125f5367c8366
                                                                  • Opcode Fuzzy Hash: 89392ffc68b24d5a5677b4153fe0b46337892c4767b4d4fa8e3d1659dd085fcd
                                                                  • Instruction Fuzzy Hash: C9410C31D10B0BDACB11EFA9C550599FBB1FF59310B21CA1AE49977611EB70BA85CF80
                                                                  Function 09224958 Relevance: .1, Instructions: 97COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 62362c042923b29493ca1f958afebf06df33718b34d2a513fa04ff94089c3ad5
                                                                  • Instruction ID: 8cbfc1d94ebb3518b0213ea359460192817732571fbe244a954864f2cea793f3
                                                                  • Opcode Fuzzy Hash: 62362c042923b29493ca1f958afebf06df33718b34d2a513fa04ff94089c3ad5
                                                                  • Instruction Fuzzy Hash: 4C317C743102109FCB45EF79C998A6EBBE6EF89311B1484A9E50ACB3B1CB35EC45CB50
                                                                  Function 04DC0F50 Relevance: .1, Instructions: 97COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ebbd231f3fb227aaf89266dca349989615a24b5e49eb0e1fec826dfdb4feedcb
                                                                  • Instruction ID: 1b7947a1ef42763135ac10eb8a036634b51377187b8074ddea91e64f6399c763
                                                                  • Opcode Fuzzy Hash: ebbd231f3fb227aaf89266dca349989615a24b5e49eb0e1fec826dfdb4feedcb
                                                                  • Instruction Fuzzy Hash: A9319134B002058FCB44DF68D5849AEBBF6FF88314B108969E41A9B365DF34ED05CBA0
                                                                  Function 0922441D Relevance: .1, Instructions: 96COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e41e15125bd6edb2a6cfa51e04e9d934596b7ce4ea0bf82ff7923ecb479beae0
                                                                  • Instruction ID: eab347a3e17781d7e49d8fd81fd04d0af3913879afe6446ff4fb96a25e1af184
                                                                  • Opcode Fuzzy Hash: e41e15125bd6edb2a6cfa51e04e9d934596b7ce4ea0bf82ff7923ecb479beae0
                                                                  • Instruction Fuzzy Hash: F5411C75A10219DFCB04DFA8C68499DBBF2FF99304B218659E405AB365DB70ED85CF40
                                                                  Function 09224C40 Relevance: .1, Instructions: 94COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 01ba8925eb87f0be540bdb46e2aebc2e4c8987b3e14000ca1a5d3762b9f66d19
                                                                  • Instruction ID: ac99458187122a3b4d32353d89ac401ac1d79e1fdf0ec3a12648ff95dd61f585
                                                                  • Opcode Fuzzy Hash: 01ba8925eb87f0be540bdb46e2aebc2e4c8987b3e14000ca1a5d3762b9f66d19
                                                                  • Instruction Fuzzy Hash: 133186312443059FCB06EF28E94089DBB65EF813197248ABAD0158F366DB72E94F87E0
                                                                  Function 04DCBD71 Relevance: .1, Instructions: 92COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 894a297e7d0d788ea1fe61ec3b300a3bb2c30ba3e38c67926c1d78224d8a961a
                                                                  • Instruction ID: 2ea95bbf1cef1e508a3ac2bbab573968cd1c1d6a2f3700463f12034212b8b824
                                                                  • Opcode Fuzzy Hash: 894a297e7d0d788ea1fe61ec3b300a3bb2c30ba3e38c67926c1d78224d8a961a
                                                                  • Instruction Fuzzy Hash: BF3134B93006118FC704DF68D988C6ABBB6FF8932431145A9E90ADB371CB30EC45CBA0
                                                                  Function 09224310 Relevance: .1, Instructions: 91COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86092436ae3e5597d21eceb42eaf4754b54ff06972fc22eefa3a76eb51c3c3fc
                                                                  • Instruction ID: 995bc29c97dc33fcf5cd5b8bfcdb7bd6df13a08709907b7ec8e67d400d0fd704
                                                                  • Opcode Fuzzy Hash: 86092436ae3e5597d21eceb42eaf4754b54ff06972fc22eefa3a76eb51c3c3fc
                                                                  • Instruction Fuzzy Hash: 7F310534B102159FDB14EF69C598AAEBBF6EF88704F214069E41ADB3A1DB70AC41CF50
                                                                  Function 0922A3A0 Relevance: .1, Instructions: 90COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 773ad10751f80bbd2bafdf345a215a9a9f2e55f2327873c9d3b623d419999548
                                                                  • Instruction ID: 1296e6bbdb6125a6b99ac5422d57407960c0c3c72cbeb578868cbe328f850113
                                                                  • Opcode Fuzzy Hash: 773ad10751f80bbd2bafdf345a215a9a9f2e55f2327873c9d3b623d419999548
                                                                  • Instruction Fuzzy Hash: FA41C778D22122EFCB159F18C64CA15FBB2BF05315B5AC6D6E4155F6A2C336D8C8CB80
                                                                  Function 04DC7938 Relevance: .1, Instructions: 90COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4d7d173cf61342ff10a56036a14c84d741ab76726cd6e495583a2723e86f4dac
                                                                  • Instruction ID: 16f57f86a3e34d09c2cbfaeba81495be8ab7cec9562c803e4d1e87fa55595bb1
                                                                  • Opcode Fuzzy Hash: 4d7d173cf61342ff10a56036a14c84d741ab76726cd6e495583a2723e86f4dac
                                                                  • Instruction Fuzzy Hash: 5A313575A002068FCB10DBA8D29499DBBF2EB88304B258569D459AB356DB34FD81CF50
                                                                  Function 09224C58 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7ab8e04fc8b25dcb3bdbfce149ec478047c2b4cd5e34799fc20caf0186d922ba
                                                                  • Instruction ID: 27082dae1fd465001b5f3e863e656edd181891b48ac59e31bf9469708066f315
                                                                  • Opcode Fuzzy Hash: 7ab8e04fc8b25dcb3bdbfce149ec478047c2b4cd5e34799fc20caf0186d922ba
                                                                  • Instruction Fuzzy Hash: 402166312442059FCB05EF28EA4099DBB65EF813187208A7AD5148F36ADB72E94F87E4
                                                                  Function 09224968 Relevance: .1, Instructions: 84COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6367a47759dce4f444974d64edb35011b87bda47c87d701c2ead72226c7d254c
                                                                  • Instruction ID: f05460520dfe6da27a5c9fceefdd2ee6ec86f15258d7df635afc947d54905c72
                                                                  • Opcode Fuzzy Hash: 6367a47759dce4f444974d64edb35011b87bda47c87d701c2ead72226c7d254c
                                                                  • Instruction Fuzzy Hash: 47212A747002149FC744EF79C998A6EBBEAEF88650B148469E50ADB371DE34EC05CBA0
                                                                  Function 04DC2618 Relevance: .1, Instructions: 84COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a3df0b5f6839716fe4820dc7db0febddbd9dd4a3f1b6acf369720afa5859a758
                                                                  • Instruction ID: 1e93260277b9d10ab01028a8779afd4f956538371b3da4faa5dd9971aa401a4e
                                                                  • Opcode Fuzzy Hash: a3df0b5f6839716fe4820dc7db0febddbd9dd4a3f1b6acf369720afa5859a758
                                                                  • Instruction Fuzzy Hash: 0C314F36E0070A9BCF01DFA4D8544DEB776FFD8300F118629E90677210EB70AA56CB90
                                                                  Function 04DC45D8 Relevance: .1, Instructions: 82COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7e52c05321e3bf3f064ef19f909fca5bbcb9827447c74f78ffff37a04f39fbb9
                                                                  • Instruction ID: 91aac67090c830384dd4c1fc662330abf5da6a2983cd135c8fb55ddf791ec9e4
                                                                  • Opcode Fuzzy Hash: 7e52c05321e3bf3f064ef19f909fca5bbcb9827447c74f78ffff37a04f39fbb9
                                                                  • Instruction Fuzzy Hash: C731B1312002058FCF05DF38D994599BBB2EF95304B05C6A9EC099F35ADB74ED49CBA1
                                                                  Function 04DCA348 Relevance: .1, Instructions: 82COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b1c5878341e70fa22d82612501a4c3ca622af976b9a629d6c6978850b5bd624c
                                                                  • Instruction ID: d26cd76b77c135e49276fd886ed4be4e9f51a147e01919cf0accf6e46aa80487
                                                                  • Opcode Fuzzy Hash: b1c5878341e70fa22d82612501a4c3ca622af976b9a629d6c6978850b5bd624c
                                                                  • Instruction Fuzzy Hash: C431B3717052589BC705AB74F51569DBBE2EB85218B108A6DD0028F362CF79E84ACBE4
                                                                  Function 0922622A Relevance: .1, Instructions: 81COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ecf2c6fcb4736c7ef75519c242add763c59c5d219598b3cae7e21e5dab90d72c
                                                                  • Instruction ID: 63db34691fd1ee35f0b54e0e283a717ca2c552cb888ba8ffebb989730a865c4c
                                                                  • Opcode Fuzzy Hash: ecf2c6fcb4736c7ef75519c242add763c59c5d219598b3cae7e21e5dab90d72c
                                                                  • Instruction Fuzzy Hash: 9F31787571021AAFCB04EF68C594AAD7BF2EF88710B14856AE516DB360DB34EC40CB90
                                                                  Function 09226769 Relevance: .1, Instructions: 79COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9f7518e55714a4c3eb8719e5735c299c4ced6a851452354bc608f23bbe18d173
                                                                  • Instruction ID: 6482363a875299e0168c06025bef4adcd70be7eb1c6e29111b61086c6b9defc4
                                                                  • Opcode Fuzzy Hash: 9f7518e55714a4c3eb8719e5735c299c4ced6a851452354bc608f23bbe18d173
                                                                  • Instruction Fuzzy Hash: F82169757002149FC744EF78D854A6EBBFAEF89640B24846AE90ADB361CE35DC05CBA1
                                                                  Function 04DCBD80 Relevance: .1, Instructions: 79COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f5dc695747487c5e528a063529c55e41f3407561cb38723e676d1a985160c378
                                                                  • Instruction ID: ebecd0b5609106236f0e052c41ff57133c543e33ace01283ebbdd9206070d88d
                                                                  • Opcode Fuzzy Hash: f5dc695747487c5e528a063529c55e41f3407561cb38723e676d1a985160c378
                                                                  • Instruction Fuzzy Hash: 3531F2B97002119FC714DF68D988C2ABBF6FF8822471145A9E91ADB371DB30EC41CBA0
                                                                  Function 04DC2608 Relevance: .1, Instructions: 78COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1d09b4660cb44420c282b9b32f4903da7bf3af9f549bdf943d0517f25466b536
                                                                  • Instruction ID: 25dcc6f1e433aedf63be8a5e6d943146c5eaa45093436cd20ef0a7a674e67fc0
                                                                  • Opcode Fuzzy Hash: 1d09b4660cb44420c282b9b32f4903da7bf3af9f549bdf943d0517f25466b536
                                                                  • Instruction Fuzzy Hash: A9218132E0070A9BDF01DFA8D8544DEB772FF99300F018A6AE94577211EB71AA95DB90
                                                                  Function 04DC9B1D Relevance: .1, Instructions: 78COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ebf309ce14d2751a2a25a330017d6e5428ced39e935283aeef662611d56cc9f4
                                                                  • Instruction ID: b2f409268a7d0e7ab7362c06c32bb232b6c244c2f5ea8a55e3900c2ab989daab
                                                                  • Opcode Fuzzy Hash: ebf309ce14d2751a2a25a330017d6e5428ced39e935283aeef662611d56cc9f4
                                                                  • Instruction Fuzzy Hash: 1B218171B002169FCB00DFACC9948AEBBF5EF88314B14856AE915DB365DB34ED06CB90
                                                                  Function 09225C11 Relevance: .1, Instructions: 77COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e8067bf0f58bb24df03923ff18536f54f0b0562aee682147abfbfc93762644f0
                                                                  • Instruction ID: fe72b30e977f14a171102011fc27a829b6541668931a28a147b757e79eee492b
                                                                  • Opcode Fuzzy Hash: e8067bf0f58bb24df03923ff18536f54f0b0562aee682147abfbfc93762644f0
                                                                  • Instruction Fuzzy Hash: 6521A1747002199FDB05EB78C9546AEBBE7EBC8300F008539E909A3798DF35AD558BE1
                                                                  Function 04DC45E8 Relevance: .1, Instructions: 77COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c10f8177b2c8202b262d438ef63503028966edfe7b420711450e6c0d47b232e0
                                                                  • Instruction ID: a70735dc59c978fdbf9d170bb9d639bfd99b5decab7a77cb628b83686188e4be
                                                                  • Opcode Fuzzy Hash: c10f8177b2c8202b262d438ef63503028966edfe7b420711450e6c0d47b232e0
                                                                  • Instruction Fuzzy Hash: D431BF312002058FCF05EF28D984989BBB2FF85304B04C6A9EC099F35ADB75ED49CBA1
                                                                  Function 0922DCE0 Relevance: .1, Instructions: 76COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9b9b2726958c28ac2d1dea1cfe185185688bea39ce728b3e7651d9ee14879696
                                                                  • Instruction ID: 6ac5ad9c0509feb92cd7fa386f45b89ba556751c431a78ec36537fbec9fcfd27
                                                                  • Opcode Fuzzy Hash: 9b9b2726958c28ac2d1dea1cfe185185688bea39ce728b3e7651d9ee14879696
                                                                  • Instruction Fuzzy Hash: FF315C39A002158FCB14DF64D56CADDBBF2EF88314F188429D806A7390DB75AD85CFA0
                                                                  Function 09224730 Relevance: .1, Instructions: 76COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 727d12d8182d4a0770d7403774aa4c8599188423de5b3176e40ff63d4a7fdd4f
                                                                  • Instruction ID: a87b28f4b59381e2cbf6b0f5fd29fe14190812781373ecd81e07b66f73b4b130
                                                                  • Opcode Fuzzy Hash: 727d12d8182d4a0770d7403774aa4c8599188423de5b3176e40ff63d4a7fdd4f
                                                                  • Instruction Fuzzy Hash: 4C1129313163446FC717EB78DA514A97FAADF8222430440BEE449CB361DE785D0587A6
                                                                  Function 09226690 Relevance: .1, Instructions: 76COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 56556e113d676dc845a380f80c053bb53604fab3063f3116b82fa558a503755a
                                                                  • Instruction ID: b8d292c9a74ed461b11c9616f74d05e6195bce89997b8921a517e9c1c513db57
                                                                  • Opcode Fuzzy Hash: 56556e113d676dc845a380f80c053bb53604fab3063f3116b82fa558a503755a
                                                                  • Instruction Fuzzy Hash: 1D2179757102249FC704EB78D894E6E7BEAEF8965071480AAE50ADB360DE35DC01CBA0
                                                                  Function 04DCA358 Relevance: .1, Instructions: 76COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 12a2fd9a1366087d5646b1c059fd10ce924c9c80eb3d82b83f25c4c1f1149be9
                                                                  • Instruction ID: 4085d95a68307078c2f8480a6bc5aef32b559e0f5904d9c1ec0f1f1f1855a5cd
                                                                  • Opcode Fuzzy Hash: 12a2fd9a1366087d5646b1c059fd10ce924c9c80eb3d82b83f25c4c1f1149be9
                                                                  • Instruction Fuzzy Hash: CC3181717112189BC705AF74F51569DBBE2EB85218B108A2DD0028F365CF79EC46CFE4
                                                                  Function 0922DCF0 Relevance: .1, Instructions: 74COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 388d6fcbf11b86c598fdacf644fe8094caa36e57dbbdf8e256a3401519d37dff
                                                                  • Instruction ID: 9093f1af01d23ea781aa6b7d4df783baf3c0b3bd34ded1f18e232b29082ab7c0
                                                                  • Opcode Fuzzy Hash: 388d6fcbf11b86c598fdacf644fe8094caa36e57dbbdf8e256a3401519d37dff
                                                                  • Instruction Fuzzy Hash: 10314A39A002148FCB14DF64D56CADDBBF2EF88314F198428D806A7390DB75AD85CFA0
                                                                  Function 09226778 Relevance: .1, Instructions: 74COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c0c8273ec8dfc7933fcbc26782e8c65c7535b79e6c33163077280c1288efb731
                                                                  • Instruction ID: 3ff311359fb563a381aeb3a15152e7beba0834e1f7a1d8e6d8b5fa46a3c4c943
                                                                  • Opcode Fuzzy Hash: c0c8273ec8dfc7933fcbc26782e8c65c7535b79e6c33163077280c1288efb731
                                                                  • Instruction Fuzzy Hash: 472168757002149FC744EB79C984A6FBBEAEFC8650B148069E90ADB360CE35EC05CBA0
                                                                  Function 04DC7C70 Relevance: .1, Instructions: 74COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3cc4000e01e6a411c804459003b6c59b05caef7586a3a60078d7682cc4f58508
                                                                  • Instruction ID: edc411fcd06bb4be74a43f6130b68f766161614716beb8a21e9cfaf11649653c
                                                                  • Opcode Fuzzy Hash: 3cc4000e01e6a411c804459003b6c59b05caef7586a3a60078d7682cc4f58508
                                                                  • Instruction Fuzzy Hash: E531D274B00216CFCB04DF69C694AA9BBF2AF8C320B2545A9E405AB365DA35ED41CF60
                                                                  Function 04DC7DD8 Relevance: .1, Instructions: 74COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1e4efd601c83569f90e7db179da71d018edc42760bcc954335e1c6632f2565a1
                                                                  • Instruction ID: d93d8fd3a8e2fa74be6d827c0293fa149370db433b1893b972916db7f56d95f0
                                                                  • Opcode Fuzzy Hash: 1e4efd601c83569f90e7db179da71d018edc42760bcc954335e1c6632f2565a1
                                                                  • Instruction Fuzzy Hash: 3C21E07460020A8FCB44DF69D9888AEBBF5FF89214B108569E40A9B361DB30ED45CBA0
                                                                  Function 09225C20 Relevance: .1, Instructions: 73COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 59ada9bc882d24166e806957a6f602f16a380880308b2f9ba6080e3510de84b1
                                                                  • Instruction ID: d8d3efda7024807b230a2f629bcc2fa03efdd21443282bdf88e7f44d59b047d9
                                                                  • Opcode Fuzzy Hash: 59ada9bc882d24166e806957a6f602f16a380880308b2f9ba6080e3510de84b1
                                                                  • Instruction Fuzzy Hash: 5A219274700219AFCB05AB69C95456FBBABEBC8310F008429E909A7354DF35AD5587E1
                                                                  Function 09223140 Relevance: .1, Instructions: 71COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 12c7ce29dfe0e9ecb84b5ff1daa1640229efd4372c42c6901dca51e57087a459
                                                                  • Instruction ID: 22504ef03fd0fd0c76570da3a7820869d0c2ef9ea715297a5fd90fbe4c8c6d34
                                                                  • Opcode Fuzzy Hash: 12c7ce29dfe0e9ecb84b5ff1daa1640229efd4372c42c6901dca51e57087a459
                                                                  • Instruction Fuzzy Hash: 56219F71B006059FCB19DF6AD64059EFBEAEFC8224B24842AD01EC7715EB70EC4687A1
                                                                  Function 092259B0 Relevance: .1, Instructions: 71COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4eecd198179a93e6c1dc0a678ee9f91e9f58511ee9d739aa0e10d62370ab2ed2
                                                                  • Instruction ID: 5c810e049fea335e5977e66aac6d2312881c12ffb48d12f95f66065de0c0376f
                                                                  • Opcode Fuzzy Hash: 4eecd198179a93e6c1dc0a678ee9f91e9f58511ee9d739aa0e10d62370ab2ed2
                                                                  • Instruction Fuzzy Hash: 7C1159317252659FC7159B28E441AAAB7EAEF84320708C0BAF059CB652CB74EC81C7D0
                                                                  Function 092266A0 Relevance: .1, Instructions: 71COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 74080e8a2f4b764ebd48a48648a20334c01008260b8dc076733dd07743deffa6
                                                                  • Instruction ID: 472a693f809d70963734d5843c899a4d6234264b28208506862ca9356a0767ba
                                                                  • Opcode Fuzzy Hash: 74080e8a2f4b764ebd48a48648a20334c01008260b8dc076733dd07743deffa6
                                                                  • Instruction Fuzzy Hash: 87216A753002249FD744EB79D894E2F7BEAFF8965471480A9E90ADB360DE35DC01CBA0
                                                                  Function 09225528 Relevance: .1, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fe46054e8aa7825067548af729493ecdfa3b782dd6da5ec299e57281618d4b10
                                                                  • Instruction ID: 2c90a8ad2b409b7198d7ecf886a112a4c9ec64c1c1a0d183461f99684b297ba3
                                                                  • Opcode Fuzzy Hash: fe46054e8aa7825067548af729493ecdfa3b782dd6da5ec299e57281618d4b10
                                                                  • Instruction Fuzzy Hash: 6211E6353501108FC758DF3DD898D5ABBEAEF9962131580AAF506CB372DA31EC42CB90
                                                                  Function 04DC73A8 Relevance: .1, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0b93fd822e04fc362af3d8834cae2dfaf2faffae0901210bb2fd251816437e29
                                                                  • Instruction ID: 90f2baf18bc1e8faa8db9f925aabd7f48189ca5a5512064170501ae7e72605f5
                                                                  • Opcode Fuzzy Hash: 0b93fd822e04fc362af3d8834cae2dfaf2faffae0901210bb2fd251816437e29
                                                                  • Instruction Fuzzy Hash: 65212E75B002169F8B10DFADD5808AEFBF9FF88354714806AE915DB365DA31ED018BD0
                                                                  Function 04DCFEB8 Relevance: .1, Instructions: 66COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d1bace8c8909240fc78a636bf9962be64880f4e16455a938e20dcc7e2a404db2
                                                                  • Instruction ID: 331fcd87531a7c78d4683820eb6e51a337f8d8616deaba1a9c181a4c18d4efb2
                                                                  • Opcode Fuzzy Hash: d1bace8c8909240fc78a636bf9962be64880f4e16455a938e20dcc7e2a404db2
                                                                  • Instruction Fuzzy Hash: 2211D2717007458FC7229B38E59456EBBEAFF89214B14452EE506C7750DF38EC0687A1
                                                                  Function 092233A8 Relevance: .1, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e47bbd2bee1bdf3ff1a75bf3c5d6d33a1ab7881458d060562aec5ce595add9ab
                                                                  • Instruction ID: 9ed43ac3eb1490e02dca76d456f86bfa7970d9ebc5a856fd639d37ca0e5a7a86
                                                                  • Opcode Fuzzy Hash: e47bbd2bee1bdf3ff1a75bf3c5d6d33a1ab7881458d060562aec5ce595add9ab
                                                                  • Instruction Fuzzy Hash: 82215470A112099FCB14EF69D9419AFFBFAEF88300B008A39D51597764EB70BD498BD0
                                                                  Function 04DC4506 Relevance: .1, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 643a3b524b1db59f586f0eb56fce5e0f47404a9951217a6f99a9c06cb6ee3096
                                                                  • Instruction ID: 69c7fed29efb098f2f13d3a2df30fbb93f5524bab145a68bf1790a984bfee021
                                                                  • Opcode Fuzzy Hash: 643a3b524b1db59f586f0eb56fce5e0f47404a9951217a6f99a9c06cb6ee3096
                                                                  • Instruction Fuzzy Hash: 0521CF35300205AFDB12DF68D958AAE7FB5FF88344F008529F95987290DB349890CB60
                                                                  Function 04DC7C62 Relevance: .1, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 530968af3c2b00ff051a4e0e7288229ab1051ee581386e68cd7f97b5eedb2be0
                                                                  • Instruction ID: e032def37b0d6590ec731e5361023d34c83442fd68cf13e5b8109bf0610d369d
                                                                  • Opcode Fuzzy Hash: 530968af3c2b00ff051a4e0e7288229ab1051ee581386e68cd7f97b5eedb2be0
                                                                  • Instruction Fuzzy Hash: 0C21E575B00116CFCB14CF69C684AA9BBF2AF4C310F2545AAE805AB365DB35ED45CF60
                                                                  Function 09225388 Relevance: .1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d79d2ab1d3679620b3a11f6a019af3000c1769b00bbfb185c138ae92e2ac8498
                                                                  • Instruction ID: fea27810249c928c448f3b2b4007b33ee14881fdbd51021ead6c882608b78c9c
                                                                  • Opcode Fuzzy Hash: d79d2ab1d3679620b3a11f6a019af3000c1769b00bbfb185c138ae92e2ac8498
                                                                  • Instruction Fuzzy Hash: D9119031A042659FC705EB6CD940C5EBBE9EF89210710816AF509D7311DB70EC458BE1
                                                                  Function 0922D978 Relevance: .1, Instructions: 62COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 78e18d175b226742299f3d96771beb128278deaab462b7d7cb11d006377ea230
                                                                  • Instruction ID: ccb74aa18231ad69dcba280e878b6477bd70ef43f05c936bdaf9a1eec190f11f
                                                                  • Opcode Fuzzy Hash: 78e18d175b226742299f3d96771beb128278deaab462b7d7cb11d006377ea230
                                                                  • Instruction Fuzzy Hash: 6911E930344141AFC705DB38D5518997FA6EF96328318869DE859CF2B1CA729C07CFE4
                                                                  Function 04DC74D8 Relevance: .1, Instructions: 62COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 02fa0bb6fe5132519ec0ff9f27855b6b614ec5fd9e29c3cfa17cad957e8293ab
                                                                  • Instruction ID: f13faa2a86d0fc363142bd7ae870859a9fa51da0bc3a31ae07166595e73d4186
                                                                  • Opcode Fuzzy Hash: 02fa0bb6fe5132519ec0ff9f27855b6b614ec5fd9e29c3cfa17cad957e8293ab
                                                                  • Instruction Fuzzy Hash: 4311BF35700248DFC705DF68E85896D7BB6EF85321B1080AAF905CB3A1CE36EC41CB64
                                                                  Function 04DC57D5 Relevance: .1, Instructions: 62COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0191ea2df5723a505b90314b21e43f0997c4b738294b76d23a63bb7bed58aee2
                                                                  • Instruction ID: 6f91db6926977d04543c838160abfb402f4f8b22433307788392e4492371cd3b
                                                                  • Opcode Fuzzy Hash: 0191ea2df5723a505b90314b21e43f0997c4b738294b76d23a63bb7bed58aee2
                                                                  • Instruction Fuzzy Hash: 2E21AC71A00216AFCB01DFA8D568ADDBFB1EF59320F05455AE401BB391CB34AD45CFA0
                                                                  Function 04DCFEC8 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1d9d1d85ec30d62fc2673dad78b22446e3cf91316450ab18d7d960d3b0a0ed97
                                                                  • Instruction ID: 419840931d086ea7eb87fb2b6d88c6c334533cceeae1a22229832d289e67a6e7
                                                                  • Opcode Fuzzy Hash: 1d9d1d85ec30d62fc2673dad78b22446e3cf91316450ab18d7d960d3b0a0ed97
                                                                  • Instruction Fuzzy Hash: 5711BF713007058FC7269B38E69456EBBEAFFC9614B14452EE91687740DF78FC0A8BA1
                                                                  Function 04DCB9E8 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8006db080d46528f1c536f5d524ff6141a4ee102cbe628e77baead16b6ed4f08
                                                                  • Instruction ID: 299ad1e7af72924a4919188cdb2959c70c065aeca4c30758207406314e612d6b
                                                                  • Opcode Fuzzy Hash: 8006db080d46528f1c536f5d524ff6141a4ee102cbe628e77baead16b6ed4f08
                                                                  • Instruction Fuzzy Hash: EB11B2753047519FC301AF7CE951895BBA5EF8621830585AAD089CF772CA20FC49CBA5
                                                                  Function 09224EC0 Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6cc1180e66b75eb2c3845e2fc5b644f2ae9ffb049b8236eb9bdc960b471e9423
                                                                  • Instruction ID: 2f9ad47516764e318746bbd42de4301784d3ab8c4441d092cb2448a4c80e6b2d
                                                                  • Opcode Fuzzy Hash: 6cc1180e66b75eb2c3845e2fc5b644f2ae9ffb049b8236eb9bdc960b471e9423
                                                                  • Instruction Fuzzy Hash: AB112731624312AFD7099F18C4509E4BBB1FFC1321B0981AEE09ACF6A6C368DC82C790
                                                                  Function 04DCC1B8 Relevance: .1, Instructions: 58COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 37fb6a2cb6011ec4628768c0f99f7b3926ad84e560606bc79c71e48a4e6e4ab9
                                                                  • Instruction ID: 6e275c75bd97883d8116c228269fe82e2eb21033e7afe7a091dbe0d2ddcba2e3
                                                                  • Opcode Fuzzy Hash: 37fb6a2cb6011ec4628768c0f99f7b3926ad84e560606bc79c71e48a4e6e4ab9
                                                                  • Instruction Fuzzy Hash: 98112F31704205AFD704DA78D95ABEEBBEADB88710F108529E515D7390CF756D0587D0
                                                                  Function 0922CED0 Relevance: .1, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 67a1338002d8c5cb8d5520613de85437a54c1b917d733c58323ef4149c0ca8d2
                                                                  • Instruction ID: 3d6b6e4b4e95da66ac2a39b8d1aeb77af645ba814d514e4f77b640fe934968df
                                                                  • Opcode Fuzzy Hash: 67a1338002d8c5cb8d5520613de85437a54c1b917d733c58323ef4149c0ca8d2
                                                                  • Instruction Fuzzy Hash: 3011A075A002159FC700DF6CDA8089ABBF9FF48200B1141AAF555DB321DB31EC11CBD0
                                                                  Function 09229040 Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2d55cc14698c0566eb456131ac61306a19dd3d70b1b10f0e2041659135ebc2fc
                                                                  • Instruction ID: b763e010fc46b9e84a3f2108d31146030b77849b0b7cf8d13424274a536aca40
                                                                  • Opcode Fuzzy Hash: 2d55cc14698c0566eb456131ac61306a19dd3d70b1b10f0e2041659135ebc2fc
                                                                  • Instruction Fuzzy Hash: ED1161763001059FC714EF29EA8486EBBEAEFC82143148579E90ACF365DF31EC058BA1
                                                                  Function 04DC6F08 Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 14c614835577a0411d6b2de4169c1c26449431924f6e6bd186d3a6bf0cea11ef
                                                                  • Instruction ID: d0e22aea9147bfdc44fa9c067b45d128a607037e37c8fd10f3464f35a6f702c9
                                                                  • Opcode Fuzzy Hash: 14c614835577a0411d6b2de4169c1c26449431924f6e6bd186d3a6bf0cea11ef
                                                                  • Instruction Fuzzy Hash: 9911AD747002158FC714DFACD95483A77FAEFC966171009AEE54ACB3A4EA30EC018BA0
                                                                  Function 092299F0 Relevance: .1, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e0322f928d6d6304d262e589bbd6a69e360b2c418077ef615d4b8c09fb2c503
                                                                  • Instruction ID: aa9aa6447979776a31dd949db13ad195618ec87cd16d344fc93928e0e66d1a62
                                                                  • Opcode Fuzzy Hash: 0e0322f928d6d6304d262e589bbd6a69e360b2c418077ef615d4b8c09fb2c503
                                                                  • Instruction Fuzzy Hash: 0411CE74B04358AFCB04DFBCE6146DD7FF6EB95304F1140A6D905CB281EA34A9008BA5
                                                                  Function 04DC76A8 Relevance: .1, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 47577656d8b4f723fa5d7ad316fc7a63f15a257577f05e931fdc0cf7b2e8ac5a
                                                                  • Instruction ID: 99eb92a527783c250a19347d01bfdf3fff5377db695c97effdabd24105ece855
                                                                  • Opcode Fuzzy Hash: 47577656d8b4f723fa5d7ad316fc7a63f15a257577f05e931fdc0cf7b2e8ac5a
                                                                  • Instruction Fuzzy Hash: 49118C3260061ADBCB15DF65D809AADBBB2FF48310F00492DE416A37A0CB39B851CFA0
                                                                  Function 09229030 Relevance: .1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0c52533d213dd69590e04a7a4fb40011c98bd1c805db13ae4596b8d2a854d0fa
                                                                  • Instruction ID: 3527f0308824c10a617e319804a1498cd9b536a2930d1347f7c6e832f431c18b
                                                                  • Opcode Fuzzy Hash: 0c52533d213dd69590e04a7a4fb40011c98bd1c805db13ae4596b8d2a854d0fa
                                                                  • Instruction Fuzzy Hash: AF118E713101019FC7149F39D98896EBBE6EFD920475485B9E90ACF362DF31DD058B51
                                                                  Function 09225AAF Relevance: .1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f35a88fd589f1e46e8fe3c7bd6033163a13282d99baea771b1efb3bc6326eaf3
                                                                  • Instruction ID: 4936e0288b189db79fa851657051cd455b62e4043019eacfca893da402784f3b
                                                                  • Opcode Fuzzy Hash: f35a88fd589f1e46e8fe3c7bd6033163a13282d99baea771b1efb3bc6326eaf3
                                                                  • Instruction Fuzzy Hash: 7B0180753002189FD7059B6DD854A6BBFEEEFC9710B1480AAF509C7361CE31DC418BA0
                                                                  Function 04DCB4A8 Relevance: .1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6b4c2d3eb983d1ff8e037df319767ec8b6fa3a23133f45080f836fab27c0e595
                                                                  • Instruction ID: 678376f90a024b9aafc0a23cba1a91591540e06ecbea3770fcf09bac231aaaa8
                                                                  • Opcode Fuzzy Hash: 6b4c2d3eb983d1ff8e037df319767ec8b6fa3a23133f45080f836fab27c0e595
                                                                  • Instruction Fuzzy Hash: 1611CB71B002198BCB08DB68DA168DEBBF2EF8C300F10446AD405EB361DB35AC02CBA4
                                                                  Function 09224888 Relevance: .1, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d1d8915796c912722b2ae9a85c0ba8578dab42e2ea4129f24a1f66541a61ec2d
                                                                  • Instruction ID: 64931fa40ba8545930a776d792d9c44c01bff83903be80b40ee3a2c4aefec4b1
                                                                  • Opcode Fuzzy Hash: d1d8915796c912722b2ae9a85c0ba8578dab42e2ea4129f24a1f66541a61ec2d
                                                                  • Instruction Fuzzy Hash: 0301F13174D3808FC30A9B39D8188587FF6EF8621131A04EAE10ACB3B2CA658C06CB65
                                                                  Function 04DC7698 Relevance: .1, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 41a7ecab7cf282ebef1fe4719b55173a3ad8804a769e2fb78f53f9321413df5a
                                                                  • Instruction ID: 58b74373719e4d48de62c944c0c7a0e2e9870ada85d36261e1df3f72add49189
                                                                  • Opcode Fuzzy Hash: 41a7ecab7cf282ebef1fe4719b55173a3ad8804a769e2fb78f53f9321413df5a
                                                                  • Instruction Fuzzy Hash: 19115E36A4061ADBCB159F64D819A99BBB2FF4C310F008529E415B77A0DB39A851CF90
                                                                  Function 04DCDF92 Relevance: .1, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c70f1ff4c5c8fa85075059b4fab606cda837701702f0e5de4b321fd967b7efa6
                                                                  • Instruction ID: 9498386464482c32a66acd5c82361e159d5168a38c147eaac0dec4f45a8910f5
                                                                  • Opcode Fuzzy Hash: c70f1ff4c5c8fa85075059b4fab606cda837701702f0e5de4b321fd967b7efa6
                                                                  • Instruction Fuzzy Hash: E50124343052445FCB066B3CB52917D3FE7EBC5219308842BE50ACB754DE28AC06C7A5
                                                                  Function 04DCE6E8 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 40059544626dc75616a496621a726a5bfe125f878fa84c5ed21e66173fe53e68
                                                                  • Instruction ID: 3aea36a50d2d0cf844d2d0d835f426e368dbf7bbd1eb41a866fd008623dbf725
                                                                  • Opcode Fuzzy Hash: 40059544626dc75616a496621a726a5bfe125f878fa84c5ed21e66173fe53e68
                                                                  • Instruction Fuzzy Hash: CB019E3164A3848FC703DB74A91519DBF76EF02214B2405EBC0408B252DA396F8AC7E2
                                                                  Function 04DC5887 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c0cbc4a77489c04360329ca45bbcc57bfc68a32354e6c9a3cef72dd4216d4781
                                                                  • Instruction ID: 8a92f776f205c2aba729b240931d992ee5e653755ca46669bfbe0ff7c9ac3865
                                                                  • Opcode Fuzzy Hash: c0cbc4a77489c04360329ca45bbcc57bfc68a32354e6c9a3cef72dd4216d4781
                                                                  • Instruction Fuzzy Hash: 44112974E00219EFDB05DFA8E468A9DBBB1FF89318F048458E416A73A1CB34AC44CF60
                                                                  Function 0922EDF0 Relevance: .0, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5d341eb02044cce0ad7b68cda62f571ff2736f25cf23c630eb214d1c960f8826
                                                                  • Instruction ID: 2979667222fb973b56f0274cd81c72f430de20f4a0f4ee004a6fe5c83ed5d088
                                                                  • Opcode Fuzzy Hash: 5d341eb02044cce0ad7b68cda62f571ff2736f25cf23c630eb214d1c960f8826
                                                                  • Instruction Fuzzy Hash: 9001D6313106085FD7096F68982876E7BAEEFC8710F14411AF40AD73A1DF7488028B55
                                                                  Function 0922A6EE Relevance: .0, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7407939fe8cad2e1e471782f05b41bb408f242c41f20df84e4dae34220dc9a6d
                                                                  • Instruction ID: ee4cbec9a43c1b95b58cb59797b15383d8df491b882e3d56d4ff0b6d0ae0425a
                                                                  • Opcode Fuzzy Hash: 7407939fe8cad2e1e471782f05b41bb408f242c41f20df84e4dae34220dc9a6d
                                                                  • Instruction Fuzzy Hash: 0C01D631625622AFD7158A05C410AB8F376BF84310B4982A9E056CBE91D7A4EC85C7D4
                                                                  Function 04DC6EF8 Relevance: .0, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f1dd0626c79ad7b892a0ce3d7d3dfa76fbd8b968bce20d9abd870d9331a20830
                                                                  • Instruction ID: 4bffc5da21205dae3f4d3c2c19f5f4e8aaccf8c251ff93eabf1cf2257abfaa28
                                                                  • Opcode Fuzzy Hash: f1dd0626c79ad7b892a0ce3d7d3dfa76fbd8b968bce20d9abd870d9331a20830
                                                                  • Instruction Fuzzy Hash: 06018F313042128FC704CF78D99486A7BFAFF8966571406AAE519CB3B5DB31EC01CB61
                                                                  Function 09224BA6 Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b0a0537c82617f7d8eaab149552780e7ff2236c5b0da35d1ca11001d089dd37a
                                                                  • Instruction ID: 516657b16393a632a212ac2bf40673e0c66651ede5e9aa26e05bb0560c352262
                                                                  • Opcode Fuzzy Hash: b0a0537c82617f7d8eaab149552780e7ff2236c5b0da35d1ca11001d089dd37a
                                                                  • Instruction Fuzzy Hash: 9601D632A0A3909FC3079B38C8514A97B70EF0622231104EBD551CB273C3394C07C751
                                                                  Function 09222CF8 Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7d074a28b90907491ea0a92feee6064d1c2978db6047348a7e8d8a910af842ac
                                                                  • Instruction ID: 53eda01831be5454eb396e0798c40a97d13bb458d54b0cfe318e7a0a8728e2bc
                                                                  • Opcode Fuzzy Hash: 7d074a28b90907491ea0a92feee6064d1c2978db6047348a7e8d8a910af842ac
                                                                  • Instruction Fuzzy Hash: 3E017CB13002109FD7189B699954A6FBBEBEBD8218714856DE10AC7364CE36DC068BA0
                                                                  Function 04DCBAD0 Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 68ab9b7e7699c3cb61b10a34094dd77508ad58512a89b5646291794495484d82
                                                                  • Instruction ID: 9723a2083ecffbeccc59dbd9f2e1ed6a838f0a52c822c8dffbb75601412d4166
                                                                  • Opcode Fuzzy Hash: 68ab9b7e7699c3cb61b10a34094dd77508ad58512a89b5646291794495484d82
                                                                  • Instruction Fuzzy Hash: 5E01D6367082149FC7158A49F815EFEBBA5EBC9730B04806BF949CB351CA31ED01C7A1
                                                                  Function 09223228 Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 752cf39e1e7b28e6b40ae4473cd196bec278c00f7384d393e4c5b37af8a2f820
                                                                  • Instruction ID: 770eab99369997ab104294a5a2e21c7f873db5ddd9a6ebaf48aefe0df08f0e16
                                                                  • Opcode Fuzzy Hash: 752cf39e1e7b28e6b40ae4473cd196bec278c00f7384d393e4c5b37af8a2f820
                                                                  • Instruction Fuzzy Hash: 2C014071F10219AFCB009FA99C41BEEFBF6EF89210F154525E204E7250D771A8518BA0
                                                                  Function 09224820 Relevance: .0, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cf70a184228c24863546ea7db8d5e9369be0bcf53e854c46e0ea0c956b5e30cb
                                                                  • Instruction ID: e2de988bba617f2a2018fe6075693e37abde94491b38cada0f8a3aa60081cfe3
                                                                  • Opcode Fuzzy Hash: cf70a184228c24863546ea7db8d5e9369be0bcf53e854c46e0ea0c956b5e30cb
                                                                  • Instruction Fuzzy Hash: 8C012B313193504FC315DBADE84446ABBFADFC535130644ABE05AC7262CE30EC018795
                                                                  Function 09225AC0 Relevance: .0, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c03f4a3ad2a55120c4812f9c60b7d5f773819eea8a9e1e6785f12337f012625e
                                                                  • Instruction ID: c3d0b1ba57bb8a2b070ac3aeb6a487a466b95105c124ad7262f5c42e17eff202
                                                                  • Opcode Fuzzy Hash: c03f4a3ad2a55120c4812f9c60b7d5f773819eea8a9e1e6785f12337f012625e
                                                                  • Instruction Fuzzy Hash: A30128753002189FD705AA6AD854A6ABBEFEFC9750B10806AF509D7364CE72EC418BA0
                                                                  Function 09222D00 Relevance: .0, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7c1eac2ce6325117b955b3405723b97c68a862846202ea1446767c29ce81f473
                                                                  • Instruction ID: d082aa16f9df2646a9eb1113afeaeb14023cd5098b19b222b34eb2ae4a37dcce
                                                                  • Opcode Fuzzy Hash: 7c1eac2ce6325117b955b3405723b97c68a862846202ea1446767c29ce81f473
                                                                  • Instruction Fuzzy Hash: 25018FB1300214AFD7089B69D954A6BBBEEEBC8214714856DE50AC7365CE36EC0687A0
                                                                  Function 091C11A7 Relevance: .0, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174126709.00000000091C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_91c0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a01e948215d3eefdf1968d07b94bd2bdb2ae083b1f25e45e59a71ac94a51586d
                                                                  • Instruction ID: f5b45ca97f011ccb90ee6ae267ba628d25817d79c6855c71a3fbbe4ea098fe35
                                                                  • Opcode Fuzzy Hash: a01e948215d3eefdf1968d07b94bd2bdb2ae083b1f25e45e59a71ac94a51586d
                                                                  • Instruction Fuzzy Hash: CF01F570B09288DFC746DF78D92455D7FB6DB9A204F2504EED045CB692DE356904C721
                                                                  Function 0922EE00 Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 06e4cb21722b2119ffbdf25ba362a1b58a1458318312f345e1326d48f6ff6b8b
                                                                  • Instruction ID: abcd7e0bf916a6088231dc97ef5ca5347eefbb4238c1c6584bc13411b65e6795
                                                                  • Opcode Fuzzy Hash: 06e4cb21722b2119ffbdf25ba362a1b58a1458318312f345e1326d48f6ff6b8b
                                                                  • Instruction Fuzzy Hash: 5501D6313006196BDB146F69A828B6EBBAEEBC8710F14411AF50AD7391DF74DC418B95
                                                                  Function 04DCC1C8 Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 05498c891044c630aca36746db25b1f2ce8f8f287fa8a8ae25d1a75994770f14
                                                                  • Instruction ID: 7aac8d5c425d3374b0dc25e4e6c6c0f458eccbdf87c26f03fdd676f37385a3c9
                                                                  • Opcode Fuzzy Hash: 05498c891044c630aca36746db25b1f2ce8f8f287fa8a8ae25d1a75994770f14
                                                                  • Instruction Fuzzy Hash: B0017131700205AFDB04EA68C959B6EBBEAEB88710F118529E519DB390DFB5AD048BD0
                                                                  Function 04DC7DD2 Relevance: .0, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 29e103aef8687f92f33edcf1911855ee64fdd4fa3c58c91e6ac04515ce9acb5a
                                                                  • Instruction ID: 863487199735c723dfece47f98444e83444e14fabc879f34c306ccec5f2c85c4
                                                                  • Opcode Fuzzy Hash: 29e103aef8687f92f33edcf1911855ee64fdd4fa3c58c91e6ac04515ce9acb5a
                                                                  • Instruction Fuzzy Hash: 7E011E7560011ADFCB04DFA9C984C9EBBB9FF48354B104569E904DB324D731ED45CBA1
                                                                  Function 04D2D01D Relevance: .0, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7162143096.0000000004D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D2D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4d2d000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0c2d4c7ee89592b802b836c762435a8a2c9c8c401d5fb3809fcf54c7a3715f64
                                                                  • Instruction ID: 358e84e079f36c8165f59486c580b4b6f6728ed2163a8e112ba772384788b104
                                                                  • Opcode Fuzzy Hash: 0c2d4c7ee89592b802b836c762435a8a2c9c8c401d5fb3809fcf54c7a3715f64
                                                                  • Instruction Fuzzy Hash: E2012B302093109AE7104E29DF84767BFD8EF51328F18C429ED484B156C279E841C6B1
                                                                  Function 04D2D005 Relevance: .0, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7162143096.0000000004D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D2D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4d2d000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8751f2c790284c7d37097e451570585ea9f736c4817ce4654e947ed709fe86a9
                                                                  • Instruction ID: 4d50105ff22a66ec8e3e9f44c7f287635cac0f1885bfcac5dbd3a13d63104ff8
                                                                  • Opcode Fuzzy Hash: 8751f2c790284c7d37097e451570585ea9f736c4817ce4654e947ed709fe86a9
                                                                  • Instruction Fuzzy Hash: E1015E6110E3C09EE7128B259D94B52BFB4EF53228F19C4DBD9888F1A3C2699849C772
                                                                  Function 04DCB4B8 Relevance: .0, Instructions: 44COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e45391221958c19240358546a57c784818e927cf269029a8b5b913d4b843e68e
                                                                  • Instruction ID: 1979691c99536c28841ba281a06522b0b73ac3b728c826000ec8e8383af418a4
                                                                  • Opcode Fuzzy Hash: e45391221958c19240358546a57c784818e927cf269029a8b5b913d4b843e68e
                                                                  • Instruction Fuzzy Hash: 33016570A002198BCB08DB68CA5599EBBF6AF8C304F104569D405AB3A0DB39AC05CBA4
                                                                  Function 04DC0C68 Relevance: .0, Instructions: 43COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4fcd336d5902543414dd3fdca92e5048ca05ce60a55c8cb23a42da3ec66832ef
                                                                  • Instruction ID: 9dc2a9518c6501ad224076fd33306be67904842491a44175595cada3cc4f08b6
                                                                  • Opcode Fuzzy Hash: 4fcd336d5902543414dd3fdca92e5048ca05ce60a55c8cb23a42da3ec66832ef
                                                                  • Instruction Fuzzy Hash: 9201D1313043018FC3069BBCEA5845DBBE2EFC521430489AED419CB391EE34ED4ACB62
                                                                  Function 04DC0BD0 Relevance: .0, Instructions: 43COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8ceb46b520d7ebd1be065e05f2dc5887ade9fea9e0054003dee523ce0377105b
                                                                  • Instruction ID: 1bb602cdd6b8fe5d76a5aca5543d74704ee7d78530c3d18f834d5f70dc61949d
                                                                  • Opcode Fuzzy Hash: 8ceb46b520d7ebd1be065e05f2dc5887ade9fea9e0054003dee523ce0377105b
                                                                  • Instruction Fuzzy Hash: 4301B134F40229CBDB159FED94006AEBAF2FB88704F100529D909E7380DA74A9008B91
                                                                  Function 09223130 Relevance: .0, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0c4c304f344a72d457a8e97e3e70a591c177125fc3d7b49b8d2b3501d193ccde
                                                                  • Instruction ID: 400ba6def227716628f0a77b610a5d4afa9345c70b9c4e65171e7d0cba881e41
                                                                  • Opcode Fuzzy Hash: 0c4c304f344a72d457a8e97e3e70a591c177125fc3d7b49b8d2b3501d193ccde
                                                                  • Instruction Fuzzy Hash: C4F0D170B10B919FCB79DE3A958856EBBD6AFC9620B04403EE04AC3712DF3468858791
                                                                  Function 09225518 Relevance: .0, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8a41ed2b379a837ca06471f3085c91a28fb8706b821d30b3433fad7df5d03b67
                                                                  • Instruction ID: 5fa782b2b32cb0b3c205f37e3505a0adb60aad0959efaa7cebc3e1e21c9090cf
                                                                  • Opcode Fuzzy Hash: 8a41ed2b379a837ca06471f3085c91a28fb8706b821d30b3433fad7df5d03b67
                                                                  • Instruction Fuzzy Hash: C001F6353201109FC754DF2AD888D59BBFAEF99A2571680AAF505CB372DA71EC00CB90
                                                                  Function 04DC64B2 Relevance: .0, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 390caf93f1c4aa6843e3f750042add853f29bd93c9ad3431193e056cbb856120
                                                                  • Instruction ID: a4bc70a41e69d47d69471b8c16568ab81875921c168c5b7fe0e6e7fd4140fabd
                                                                  • Opcode Fuzzy Hash: 390caf93f1c4aa6843e3f750042add853f29bd93c9ad3431193e056cbb856120
                                                                  • Instruction Fuzzy Hash: 6E014631204116EFC725DF68F28489DFBF1FB843243148A6DE41987B18CB30F9818BA4
                                                                  Function 04DC9E28 Relevance: .0, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 12be7f513f4cae0d697111675f66c7794d4ff8308917fafe115822bfed446777
                                                                  • Instruction ID: 9e3b35ca595479422fcebf19d14725f6ca67996cf193511cf8d4f8a41ebc4cad
                                                                  • Opcode Fuzzy Hash: 12be7f513f4cae0d697111675f66c7794d4ff8308917fafe115822bfed446777
                                                                  • Instruction Fuzzy Hash: DB01D6F261522A9FCB10ABB4D9197AE7FBAEB44329F100929E100D72D0DF781844CBE5
                                                                  Function 04DCDFA0 Relevance: .0, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: da47d8c37f1fc1d0e18d36d032de5d537633205e471ec9fe26b1575c0f7f8f24
                                                                  • Instruction ID: 334bf781fce50168880ce4c4907fc21ceb58fc838b57a7927331e85f1de8ffe6
                                                                  • Opcode Fuzzy Hash: da47d8c37f1fc1d0e18d36d032de5d537633205e471ec9fe26b1575c0f7f8f24
                                                                  • Instruction Fuzzy Hash: CD0181347012055FCB166F3CF51953D3BE7EBC5619708842EE50AC7354EE28AC06C7A5
                                                                  Function 04DCBA8F Relevance: .0, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fbd763d54b492360c82d7dc9a00467b6cdc39e078119ad4950d0d2bf9a05578d
                                                                  • Instruction ID: 4952ecacd1a131c725575217677d32bf5ee8b6b3acd75102070f57b0c514b6e7
                                                                  • Opcode Fuzzy Hash: fbd763d54b492360c82d7dc9a00467b6cdc39e078119ad4950d0d2bf9a05578d
                                                                  • Instruction Fuzzy Hash: 1801D1B93006009FC304EF78E545859B7E2EF9921831485AED05ACB771CB35FC46CBA1
                                                                  Function 04DCBA10 Relevance: .0, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e9c34ba6c30880c3123a36d17b21c5bf6c8b79a885f09e12d7ad8c0e1b6f22b8
                                                                  • Instruction ID: d844978673fc20f406ef5c911aaedcf26e4b5e353cc940df2004fb38ca16e43c
                                                                  • Opcode Fuzzy Hash: e9c34ba6c30880c3123a36d17b21c5bf6c8b79a885f09e12d7ad8c0e1b6f22b8
                                                                  • Instruction Fuzzy Hash: A20128B5300A15AF8304EB6DEA44C1AB7E6EFC92283158569E15ACB774DB70FC05CBA4
                                                                  Function 09225385 Relevance: .0, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cdc03f8cbd7cba000e7024d1857ac95bf1fa54107eed20b1ef1574d8a49627e7
                                                                  • Instruction ID: 730fac4a993c852f64a6e719904d7fda0c44010a7be9974e2cfa396fe7b9af5b
                                                                  • Opcode Fuzzy Hash: cdc03f8cbd7cba000e7024d1857ac95bf1fa54107eed20b1ef1574d8a49627e7
                                                                  • Instruction Fuzzy Hash: 14F03C76B10626AFCB00DFACDA808AEB7E5FB182147209226F916E7355D770D9418BD0
                                                                  Function 04DC0BE0 Relevance: .0, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 92f30187fdcd714c4ea7bacf8d325e57cf9ad56a8a6a6ccd8c95939ca847024d
                                                                  • Instruction ID: f395870885a185ea6b2ff39519c4aae99ff22574f5f579f07779e9b444dc7614
                                                                  • Opcode Fuzzy Hash: 92f30187fdcd714c4ea7bacf8d325e57cf9ad56a8a6a6ccd8c95939ca847024d
                                                                  • Instruction Fuzzy Hash: D3F0A935F002298BDB15EFED98017EEBAF5FB88714F10002AD909E7385DA75AD018BE1
                                                                  Function 09229968 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 612ec8e341f5fc977fbdd570d277ef8b22bc7316d123b0d468723d297ecdf42c
                                                                  • Instruction ID: bee6d26ad071e99294be0941f9bf3ded4236e659465451f99d2e94a79577d553
                                                                  • Opcode Fuzzy Hash: 612ec8e341f5fc977fbdd570d277ef8b22bc7316d123b0d468723d297ecdf42c
                                                                  • Instruction Fuzzy Hash: 45F0C2313503169BD7049A6EDA80B5FB79AFBC4324F008539E6198B345EFB9FC8487A0
                                                                  Function 04DC9C92 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0c94357d44a4d1c1e82a699654479ac3e22523a2ddd8d86dd15e4f5b64d056af
                                                                  • Instruction ID: 83fed85afb1ccce642649ca13a5de38afa23b0fad8c4fea3e6780467de0f67d9
                                                                  • Opcode Fuzzy Hash: 0c94357d44a4d1c1e82a699654479ac3e22523a2ddd8d86dd15e4f5b64d056af
                                                                  • Instruction Fuzzy Hash: F101D6303056468FC3069B39D414A6A7FE6FFC5311B488169E04ADB7A2CF38AC41C790
                                                                  Function 04DC6DB1 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f28ef7634ab8f15a3d6cae2a67290e45ee3be3172f6f4244113b29aacac5e6d7
                                                                  • Instruction ID: 48c959ebc523d889ad69cc0dce95d113bd64d4ada25f6f8234b0e3a885d28fd8
                                                                  • Opcode Fuzzy Hash: f28ef7634ab8f15a3d6cae2a67290e45ee3be3172f6f4244113b29aacac5e6d7
                                                                  • Instruction Fuzzy Hash: 5A01F374A00206CFDB18DF65C295AAEBBF5AF88704F25846AE405AB265CB35E901CF50
                                                                  Function 04DC0A49 Relevance: .0, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d4da0e36960db1d5367f57f011743a11c8d317187c92edffdb3e4b0ba8e6163d
                                                                  • Instruction ID: 5150dc0f27ff0188e60677c7e709d36ec3158b8745fdde9a69f281edf8b32a4c
                                                                  • Opcode Fuzzy Hash: d4da0e36960db1d5367f57f011743a11c8d317187c92edffdb3e4b0ba8e6163d
                                                                  • Instruction Fuzzy Hash: C4018F70B002159FE715DF68D2293ADBAF2EB88205F20486DC402E7380CF755D098BA5
                                                                  Function 0922DAA3 Relevance: .0, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 48bbd6b8e7974caf7dcf438a0789d88cdec0e9ac2b884e051d31f8c442d43bf0
                                                                  • Instruction ID: 15ca15c06692a49f93e0c9407dc249c76f4435e4805e1e2717112efc8ab7fa14
                                                                  • Opcode Fuzzy Hash: 48bbd6b8e7974caf7dcf438a0789d88cdec0e9ac2b884e051d31f8c442d43bf0
                                                                  • Instruction Fuzzy Hash: 3CF02436A191146BC744C669D8158ECFFB4DBC9360F50C17BE844DB281EE629857C7E1
                                                                  Function 04DCB551 Relevance: .0, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4ce93f2bc22bc6078ca93db9b976abf05638591faced05ba007593e7c4072b5c
                                                                  • Instruction ID: 8ebc814b7d25cba76eaa246b6359e12bebde2e76d3dc4885f9fed297bfff8263
                                                                  • Opcode Fuzzy Hash: 4ce93f2bc22bc6078ca93db9b976abf05638591faced05ba007593e7c4072b5c
                                                                  • Instruction Fuzzy Hash: FCF0B43120C3908FC302972CD954885BFB5DF8621070646E7E094CF673C665ED45C7A1
                                                                  Function 04DC9E38 Relevance: .0, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d08f7bae0471f8e35ebde484819b57dd7f0a9df22cfe9cffb71f431d57256750
                                                                  • Instruction ID: 60de10d6548e1afaffbb3ccd057c9918596a2be067dcfcacaa86375446cc111e
                                                                  • Opcode Fuzzy Hash: d08f7bae0471f8e35ebde484819b57dd7f0a9df22cfe9cffb71f431d57256750
                                                                  • Instruction Fuzzy Hash: F5018BB161521DDFCF10EBA8D9197AE7BB9EB44329F100469D100D7290DF782544CBA5
                                                                  Function 04DC7BBF Relevance: .0, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bfe88fea2f491147c4031a6969fd85c3f5a966cd77644dc679d26d0f1a08d94c
                                                                  • Instruction ID: 6faf63388b228be707c038e56945a1c09a605aafef21e416b314421c1349461f
                                                                  • Opcode Fuzzy Hash: bfe88fea2f491147c4031a6969fd85c3f5a966cd77644dc679d26d0f1a08d94c
                                                                  • Instruction Fuzzy Hash: CFF0A4753046509FC715CF29E490886BFE0EF8A220304869AE98DCB726C730EC44CBE1
                                                                  Function 0922DADE Relevance: .0, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7dd54a8922cc5e1f6bc96f953fb0a4538cf8986a4d7b1b4c1a72defa073a9349
                                                                  • Instruction ID: 7f7c0003652c84b01bf1ad3fae3a54206130cfe326dfb061148428b49d8e03cc
                                                                  • Opcode Fuzzy Hash: 7dd54a8922cc5e1f6bc96f953fb0a4538cf8986a4d7b1b4c1a72defa073a9349
                                                                  • Instruction Fuzzy Hash: C101DA30E50219EBDB10DFA4D969BEEBB72EF48701F108029E511BB290DB755905CF60
                                                                  Function 04DCE032 Relevance: .0, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 90a44c80557dfa8282d4d6912bded7648dc5d0b82caf3f74aad8126464116d3e
                                                                  • Instruction ID: 2161e3741f052e3a5efc4985f4876f67c4babee7580ddf329e02c4d09f477c6d
                                                                  • Opcode Fuzzy Hash: 90a44c80557dfa8282d4d6912bded7648dc5d0b82caf3f74aad8126464116d3e
                                                                  • Instruction Fuzzy Hash: A0016978A05208DFCB05CF70D58549CBBB2FF85305B2181AAE8459B364CB36AE42CF91
                                                                  Function 04DC0A58 Relevance: .0, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3637eddb5f3cfd55b12041f7ee6c4f05f4b891895bba19b5847e716ce57d0c0f
                                                                  • Instruction ID: 2feaedee6ef24d2b87e91d2d562268dd54d2e88e3d33ea24c78c21afa66dce8b
                                                                  • Opcode Fuzzy Hash: 3637eddb5f3cfd55b12041f7ee6c4f05f4b891895bba19b5847e716ce57d0c0f
                                                                  • Instruction Fuzzy Hash: 24F0A470B001199BD715DF68D6397AE7AF6EB88209F144429D401F7380DFB56D048BB5
                                                                  Function 04D2D28B Relevance: .0, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7162143096.0000000004D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D2D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4d2d000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1e3fad41225699ea8005ec60d40b9b95c0c43d353a8f84ca115ce2a01e4e5478
                                                                  • Instruction ID: 34c7eb00e89f57bbf1fd270883d3c2dbf966e826c0c3d68d945d3d34b2052916
                                                                  • Opcode Fuzzy Hash: 1e3fad41225699ea8005ec60d40b9b95c0c43d353a8f84ca115ce2a01e4e5478
                                                                  • Instruction Fuzzy Hash: 71F0F976200610AFA7248F0AD984C23FBA9FFD4774319C55AED8A4B712C671FC52CEA0
                                                                  Function 0922DA30 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b8ea6d7b94c865f8f2b33a822246157a1eba0fb9bcf9e72eee91f773c7dc5ad3
                                                                  • Instruction ID: 7af92c7af463a299f16172c4655bfbae6b0471d9319e7687e703ad3c4a415fa4
                                                                  • Opcode Fuzzy Hash: b8ea6d7b94c865f8f2b33a822246157a1eba0fb9bcf9e72eee91f773c7dc5ad3
                                                                  • Instruction Fuzzy Hash: D3F0A9702006059F8210EB29E980C5BFBAAEBC4268300C929E50D8B364DB71FC0A8BF4
                                                                  Function 09224760 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 93fe8cd89ad08026ffc387e9f6251f48eb433cdf0992c6616e31c698a9aaf1fd
                                                                  • Instruction ID: 880a1783f0773bbebc3b5797bb03af1f7e27d545c69d09ba4f6727805f9ad190
                                                                  • Opcode Fuzzy Hash: 93fe8cd89ad08026ffc387e9f6251f48eb433cdf0992c6616e31c698a9aaf1fd
                                                                  • Instruction Fuzzy Hash: 1CF027713203141B9726FA3EAA5086FBBCFDFD02203008439E629CB354EE68EC0547E6
                                                                  Function 04DCC167 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 15342c974fe496daf7fa71f38496da313d80bfa3cd4a640f8ed2a588a3bac2c3
                                                                  • Instruction ID: f6802da1033f8c9dd5e3033abfec2de1f02e9162912752dedcee504567bb6e4f
                                                                  • Opcode Fuzzy Hash: 15342c974fe496daf7fa71f38496da313d80bfa3cd4a640f8ed2a588a3bac2c3
                                                                  • Instruction Fuzzy Hash: 06F05E352082446FC7168E1AE854AAABFE5DFC9770B14806AF948CB361CA359D42CBA1
                                                                  Function 0922D9B8 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f7503b91d20e451e6cfcdfca3e50f302b7635cdcda4657c61604492ec534025d
                                                                  • Instruction ID: 4294dbed5e773bb3a58f69952ed574db04c81469d5ee5c2ce88ed36423d98419
                                                                  • Opcode Fuzzy Hash: f7503b91d20e451e6cfcdfca3e50f302b7635cdcda4657c61604492ec534025d
                                                                  • Instruction Fuzzy Hash: 6FF06231300105AF8700EB29D59085ABBAAEFD5328758C529E80D8B361DA32FC0ACBE4
                                                                  Function 09228C78 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 862de9dc9f39ce2d530dc580b014e28b5c471c51cdf3b6f62d6b3c84f7bcdd49
                                                                  • Instruction ID: 67dc68272521ad886cbada96595183d07fccef5f686f1b2814b88c873dd1996d
                                                                  • Opcode Fuzzy Hash: 862de9dc9f39ce2d530dc580b014e28b5c471c51cdf3b6f62d6b3c84f7bcdd49
                                                                  • Instruction Fuzzy Hash: 48F0C2717001045FC7119B3DD54485EBBE5EF85214300857AE02ACB221CA249C08CBA5
                                                                  Function 04D2D27C Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7162143096.0000000004D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D2D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4d2d000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1ecb11a49e99864c59e430221b3954e131c5dfafb7ccfab9eff5c29eb7ea91bc
                                                                  • Instruction ID: b2ea111b50ca68ca2f052d40f102a488b6677300fbc2175e1e6c35586e71197d
                                                                  • Opcode Fuzzy Hash: 1ecb11a49e99864c59e430221b3954e131c5dfafb7ccfab9eff5c29eb7ea91bc
                                                                  • Instruction Fuzzy Hash: 4AF03C75104640AFE715CF05CD84C22BBB9FF95764719C489E8854B712C671FC42CF60
                                                                  Function 0922BBE8 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0b6e2fa147816e18cd13660e14707b0a29248f36e652afb7915e300a55f752a3
                                                                  • Instruction ID: 22e4f58b023b8d16603f0c76fef2b0a57e33319fca9b9bb2f9fb299fbd7c3ff9
                                                                  • Opcode Fuzzy Hash: 0b6e2fa147816e18cd13660e14707b0a29248f36e652afb7915e300a55f752a3
                                                                  • Instruction Fuzzy Hash: FDF0AC353604149F8708DB6EE548D5ABBEEEFC961531940AAF609CB771CE71DC018B90
                                                                  Function 0922FE91 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ca8b07c65c8e0ee4fc87957a6d3373501c7a1cd40a17f2c2730ec9d165a6fd42
                                                                  • Instruction ID: 3b7d4f82b36419f8e5e1522603f15c2a37fde7e3494c20bfcc27fc95853b2752
                                                                  • Opcode Fuzzy Hash: ca8b07c65c8e0ee4fc87957a6d3373501c7a1cd40a17f2c2730ec9d165a6fd42
                                                                  • Instruction Fuzzy Hash: 28F03775E042199F8B44DFADC8419ADFBF4EF8C324B24846ED808E7301EB729912CB95
                                                                  Function 04DC7648 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b416d58854802a672ee682106303385065bb1f8a3ea70639d3a5a6ef083aa68c
                                                                  • Instruction ID: 32add1361583b70559b57a27b0bbd66134440ba9dd2cce02de9cb68b713909b7
                                                                  • Opcode Fuzzy Hash: b416d58854802a672ee682106303385065bb1f8a3ea70639d3a5a6ef083aa68c
                                                                  • Instruction Fuzzy Hash: A1F082753052404FC315CA5DD8A4D92FBE5FF8D320714859EE445CB361C635BC42CB50
                                                                  Function 04DC9CA0 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3aa5954ff17fac4929e4e3d17972650d7f727523d1ae2517ad99d9dcf6b390c6
                                                                  • Instruction ID: 4bda11c4a22e455b8bbc66b037229be0dee58024d93f48427a955472bb6a3c06
                                                                  • Opcode Fuzzy Hash: 3aa5954ff17fac4929e4e3d17972650d7f727523d1ae2517ad99d9dcf6b390c6
                                                                  • Instruction Fuzzy Hash: 39F062702016068FD315DB39E55566A77E7FFC5315B448138E04AD77A1DF39AC81C790
                                                                  Function 0922C078 Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1a9d552e3299d6085043bfb70b0be4bbacb8b5b06a06b7b48db5bb31e41fc33b
                                                                  • Instruction ID: c929e67a598d9720f491c7d3d25485f52f7386ceec085e6736b430d7a1b433d4
                                                                  • Opcode Fuzzy Hash: 1a9d552e3299d6085043bfb70b0be4bbacb8b5b06a06b7b48db5bb31e41fc33b
                                                                  • Instruction Fuzzy Hash: 92F0F8797006008FC318DF2ED888C06BBEAFF8D62031540A9E51ACB332CA71EC01CB20
                                                                  Function 092250D0 Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7e27a7ff7e7292cfb964130eccde77861b6a2dcbdf74665b66bb566c1ad5c760
                                                                  • Instruction ID: a003c3c0c01df0d57fbe433e5c57918f3e5627e572c4bb4c92d1b128352f99f7
                                                                  • Opcode Fuzzy Hash: 7e27a7ff7e7292cfb964130eccde77861b6a2dcbdf74665b66bb566c1ad5c760
                                                                  • Instruction Fuzzy Hash: 9AF0D4767006149F8314DF5AD884C56F7F9FF8D62431545AAE529C7331CA31EC01CB60
                                                                  Function 0922A640 Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2e6c79f96a662062a1cf6d74d9733cb8796931bb406f649b080c47f3bd260dca
                                                                  • Instruction ID: 237ec7b1dbd9d13fe09dc19e4e8fa35ba6b5d3ffc1624453ce0a584f86f5d163
                                                                  • Opcode Fuzzy Hash: 2e6c79f96a662062a1cf6d74d9733cb8796931bb406f649b080c47f3bd260dca
                                                                  • Instruction Fuzzy Hash: 99F0D4767406149F8314DF5AD884C56B7F9FF8D62431145AAE519C7331CA31EC01CB60
                                                                  Function 04DC0CE1 Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 40017a81ea9f38d71efbb5dbc79fba778b7c37dd1e57467b3908770244ae9cda
                                                                  • Instruction ID: 087493d2410a31dd28ac1c6a6eb1650151779750de7a2c19d7d0e5198666dcf6
                                                                  • Opcode Fuzzy Hash: 40017a81ea9f38d71efbb5dbc79fba778b7c37dd1e57467b3908770244ae9cda
                                                                  • Instruction Fuzzy Hash: 6EF04970A01249EFCB01EFB8E75159DBFB2EF86204F1001AAC808E7655EB356F49CB61
                                                                  Function 04DC9D0F Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4f3dce4ec9309f29b88caaba1d97bb394919f3984c16e716b82bc03c3c5e0009
                                                                  • Instruction ID: 51759d9a78047c2a45d4ec2b6b353b68ee3237e3d8078d4697dd7e4813b64bc4
                                                                  • Opcode Fuzzy Hash: 4f3dce4ec9309f29b88caaba1d97bb394919f3984c16e716b82bc03c3c5e0009
                                                                  • Instruction Fuzzy Hash: FCF02735359350CFC71A6B30F4265A83B75FB8AA29F1000BAE40687780CF786C82CBE1
                                                                  Function 09224810 Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 76454be5a7f03c3c88779d02f509560e4fcc58c04a3fd5e15a915375f89c64f4
                                                                  • Instruction ID: 01c5498d10939f6884ba7b5916f5e5d561ba609f2c345599b0260cd013a251d9
                                                                  • Opcode Fuzzy Hash: 76454be5a7f03c3c88779d02f509560e4fcc58c04a3fd5e15a915375f89c64f4
                                                                  • Instruction Fuzzy Hash: F5F0E2313202618FC3249F18D9848667BFAAF8535130A409AE159CB272C770EC40C791
                                                                  Function 0922A570 Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 02f9dbd4e08239f2ecff397a119414d33a0357b5542073b7fe2a66bcb9636abe
                                                                  • Instruction ID: 5f142c0b33174069bbdb0cc9315ce042a8f849974698ef702355ff9ea09cc55d
                                                                  • Opcode Fuzzy Hash: 02f9dbd4e08239f2ecff397a119414d33a0357b5542073b7fe2a66bcb9636abe
                                                                  • Instruction Fuzzy Hash: 2FF074367504259F8204DB69E584C55B7A9EF8D63531181A6E509CB731CB61EC52CB90
                                                                  Function 09228C88 Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 32d014bba6582ed67fbe9bead0be50fad2ee953bc332fa58292fcce9c8cb0d8b
                                                                  • Instruction ID: c3f391919814331beca32300b62acd86e9327a1b7a0a008caa00c593d3e50e11
                                                                  • Opcode Fuzzy Hash: 32d014bba6582ed67fbe9bead0be50fad2ee953bc332fa58292fcce9c8cb0d8b
                                                                  • Instruction Fuzzy Hash: EBF0A0723001146F8310EB2DEA44C5FBBE9EF882687408539E52ECB321DA20ED088BE5
                                                                  Function 09229498 Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d83c13d611a1b8b66d08091421a643ded06777915ef3f3408e71e6f08a8a335d
                                                                  • Instruction ID: 8839587dbed82c994a4f1758a5888086b7acc0797bb38a0964c3a196a0dc2406
                                                                  • Opcode Fuzzy Hash: d83c13d611a1b8b66d08091421a643ded06777915ef3f3408e71e6f08a8a335d
                                                                  • Instruction Fuzzy Hash: 4DF0A0B23006146F8314EB2DEA84C8EBBD9EF892647408539E51DCF360DA30ED088BE5
                                                                  Function 0922FE39 Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dae5b8703916f10a51835330bd67aa28e1c2d5b0fee0ba2910dfa858fddfd063
                                                                  • Instruction ID: b4ad2dc10936755c7d469e2db745c09778e36d6c292b568f6e8c4b0dfa3ae5d4
                                                                  • Opcode Fuzzy Hash: dae5b8703916f10a51835330bd67aa28e1c2d5b0fee0ba2910dfa858fddfd063
                                                                  • Instruction Fuzzy Hash: F8F0A0317452902FC3065B7E6E6449BBFAACEC666470844AEE0798B262D954980687A1
                                                                  Function 09222E10 Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2858d8dd624e26eb5950248fadfbfcb08055c06610f54ad0609f3735428865a0
                                                                  • Instruction ID: b7fe74594d2b7bae833d5b44bbc5316c39cddafa60f7ed6fd0cf691acea6da19
                                                                  • Opcode Fuzzy Hash: 2858d8dd624e26eb5950248fadfbfcb08055c06610f54ad0609f3735428865a0
                                                                  • Instruction Fuzzy Hash: 50F0A77131A222EF87198A297A0096BBFA79FC571171480AFE1408F265CA228C46D7B2
                                                                  Function 0922E64F Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e87607d0db883b02016c088e6a57a3f1fd5b733d768f84d53e27c5fc841b5b2b
                                                                  • Instruction ID: abf7e4d3131e132ed257080c0139eb7879f5c2528e4038be81fe54af455407c7
                                                                  • Opcode Fuzzy Hash: e87607d0db883b02016c088e6a57a3f1fd5b733d768f84d53e27c5fc841b5b2b
                                                                  • Instruction Fuzzy Hash: C8F04934A20229AFCB05AF54D9286AEBBF2EF88300F14442ED406B3390CF755C40CB94
                                                                  Function 04DCE6C2 Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: de64bb543ae94b7d691563984e7055a0b14a1c7db293372230508e68d9a8698e
                                                                  • Instruction ID: d98c23c68cf148a811cc34842a333167ec5b6686213a4eac33018bdec4fa0874
                                                                  • Opcode Fuzzy Hash: de64bb543ae94b7d691563984e7055a0b14a1c7db293372230508e68d9a8698e
                                                                  • Instruction Fuzzy Hash: 39E09AE639E2915FDA13A220A9110C83F62CB8372670A0197E440CFAE3C538660F86F2
                                                                  Function 04DCBAB0 Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 88117b34a9d3b177de5f416d6ef0158cfafcb63431489c9561ce6c2ca4d26303
                                                                  • Instruction ID: 2fc3ab563d7ccf2b9186a867af4c2edfdbc488c18c0ecc4be46bdf771c1b1b7e
                                                                  • Opcode Fuzzy Hash: 88117b34a9d3b177de5f416d6ef0158cfafcb63431489c9561ce6c2ca4d26303
                                                                  • Instruction Fuzzy Hash: 4CF0ECB23047409FD702ABB8E440818BBF2EF8621931480AED089CB361CB39FC05CBA1
                                                                  Function 09224AF0 Relevance: .0, Instructions: 30COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 98fcd6edf11ed9d4628ab1e7ea9996114881a9bd4da3183ac517a2495b99b08a
                                                                  • Instruction ID: 9f96b68b8dc4aa8668e4888f0c7e180c11c13ac65863794aea0e230eae9e3bda
                                                                  • Opcode Fuzzy Hash: 98fcd6edf11ed9d4628ab1e7ea9996114881a9bd4da3183ac517a2495b99b08a
                                                                  • Instruction Fuzzy Hash: 6AF0393515E7C48FC3079B7089754607FB0AE0762631A00EFC485CF6B3C62A9C0ACB62
                                                                  Function 04DC71D8 Relevance: .0, Instructions: 30COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e04e3a019bdbeb2c03c76f1d3675e76a3b75828a33b5f1a24e18b56bba4f0c7
                                                                  • Instruction ID: d54208008307e91dd645a4107bed17ce5dc2a258f91a781144a35dbbc0ccde78
                                                                  • Opcode Fuzzy Hash: 0e04e3a019bdbeb2c03c76f1d3675e76a3b75828a33b5f1a24e18b56bba4f0c7
                                                                  • Instruction Fuzzy Hash: 31F0E5312047008FC311DF2ED444852BFF9EFCA21030584AAE04DC7731C634AC46CB54
                                                                  Function 04DC7FA8 Relevance: .0, Instructions: 30COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 68c9c51449723bed65119f4969130184c0065606d8fb7150eaedd6520ec0a5a8
                                                                  • Instruction ID: 4c1ca16106bdbc979896689d0f4e5cd21bb40097ca586ac47bd36c2bc3c7190e
                                                                  • Opcode Fuzzy Hash: 68c9c51449723bed65119f4969130184c0065606d8fb7150eaedd6520ec0a5a8
                                                                  • Instruction Fuzzy Hash: 75F015362047029FC312CF2AD894CA2BBB9EFCA210315419AE24AC7721CB30AC119B60
                                                                  Function 0922FEA0 Relevance: .0, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a5355244ec36e0fa71a943c213ae0218b2c1f47fee91554fcbaf0003c9439dc2
                                                                  • Instruction ID: 2e57d8654858c7a1cf5bd7110d3241aa01f6e53b556e245e84b6255ca7e35873
                                                                  • Opcode Fuzzy Hash: a5355244ec36e0fa71a943c213ae0218b2c1f47fee91554fcbaf0003c9439dc2
                                                                  • Instruction Fuzzy Hash: 24F01771E002189F8B44DF99C4415EDFBF4EF8C324B24846ED808E7301D7329902CBA4
                                                                  Function 04DC6FC2 Relevance: .0, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6b5f4d71048d3910ec328ab8167a9ab54b2c25693f9beec918ef84a1cc69957e
                                                                  • Instruction ID: 08f7dde460085aedc85d0f78ca2204433820561f6c7dd9f4dcb9e9b59af38c47
                                                                  • Opcode Fuzzy Hash: 6b5f4d71048d3910ec328ab8167a9ab54b2c25693f9beec918ef84a1cc69957e
                                                                  • Instruction Fuzzy Hash: EDF0F2312606019FC714DF2ED884C0ABBEAFF8572431146AAE186CB735DBB1EC058B80
                                                                  Function 04DC7BD0 Relevance: .0, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9f3870089d99cf44057db3c67e3c096e1d7fa90643615f76300454f375925b12
                                                                  • Instruction ID: 2faa646a5b8939e15be4d2eb4d9d7419c438e5c7bca4dafd71e605542fe112a0
                                                                  • Opcode Fuzzy Hash: 9f3870089d99cf44057db3c67e3c096e1d7fa90643615f76300454f375925b12
                                                                  • Instruction Fuzzy Hash: 18F0F8B5700614AF8314DF5AE584C4ABBE5FF88264310C629E91DC7721DB30FC45CBA4
                                                                  Function 04DC0B21 Relevance: .0, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a8955d43c4a806980ea5fa2a51347fcf9c0a0600939d7a1ef80e5ea9dd57d3e1
                                                                  • Instruction ID: 93e164df45066103cd2e15101aba220ff8cedbfc9ee0f0671ac4b70b101765f0
                                                                  • Opcode Fuzzy Hash: a8955d43c4a806980ea5fa2a51347fcf9c0a0600939d7a1ef80e5ea9dd57d3e1
                                                                  • Instruction Fuzzy Hash: 73F054382053408FC705DF24E5A88997FB2EF4630171584EAE44ACB7B3DA35EC05CB41
                                                                  Function 0922E660 Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 781baab5a8c7dbaeee6f5314b3183714bdd2c1182c2068386bc55af8e15f67c2
                                                                  • Instruction ID: 0f2fbac70786570c2150e8282f83bac04a9dea19efb96755a952df9c4e58ca3b
                                                                  • Opcode Fuzzy Hash: 781baab5a8c7dbaeee6f5314b3183714bdd2c1182c2068386bc55af8e15f67c2
                                                                  • Instruction Fuzzy Hash: 4FF08C75A10229EBCB04AF54D9286AEBBF5FB8C310F14002AD402B3380CFB96D40CBE0
                                                                  Function 0922FE48 Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 06e8f682d75b8a21370d36f2ece9e8fcfbba4dd5b63c3fe13a1a8f497a0e4f45
                                                                  • Instruction ID: 969cb8299e6582ff0350ec1300ce4d120708ce4681e10c61eb111b4e33b3a0cf
                                                                  • Opcode Fuzzy Hash: 06e8f682d75b8a21370d36f2ece9e8fcfbba4dd5b63c3fe13a1a8f497a0e4f45
                                                                  • Instruction Fuzzy Hash: F1E026317006202B82155A6F6A648AFBADEDEC9A70700443EF139CB351DE60DC0647F0
                                                                  Function 04DC6FC8 Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 046cce3e4b528b9701d829552d07c63bafbd796c3dfe408243fc3dde31a16843
                                                                  • Instruction ID: 20a30b2eb3b30416ff89a733bc6f0e2b1fc2c9fd2d442ead468961d890dbf48d
                                                                  • Opcode Fuzzy Hash: 046cce3e4b528b9701d829552d07c63bafbd796c3dfe408243fc3dde31a16843
                                                                  • Instruction Fuzzy Hash: A2F0A5352606058FC754DF2ED844C4AB7EAFF8572531555AAE106CB731DBB1EC058B80
                                                                  Function 0922A2E0 Relevance: .0, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c8b7a8c821d380be40bc9f1cee6bb5fe18693bb34b132d78129259da858b12df
                                                                  • Instruction ID: bc93a642f241293399767d4f5e3504784a37c77e8d34aab9014c5e0091a31e4a
                                                                  • Opcode Fuzzy Hash: c8b7a8c821d380be40bc9f1cee6bb5fe18693bb34b132d78129259da858b12df
                                                                  • Instruction Fuzzy Hash: F1E06D307502259FC714DB6CD9048657BE6EF893503018065E90ACB778DF329C81CB80
                                                                  Function 04DCC178 Relevance: .0, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 55a86ab3ba656f0eb37c2e4a5d90dab9e7dce533ee7a94b4e6d3c81e9c098def
                                                                  • Instruction ID: 4b424f200cdd928664000f0aeaf20611169e45561e1f8748cde3930de96a991b
                                                                  • Opcode Fuzzy Hash: 55a86ab3ba656f0eb37c2e4a5d90dab9e7dce533ee7a94b4e6d3c81e9c098def
                                                                  • Instruction Fuzzy Hash: 83E01235604108AFD758DE0AD458DAABBE9EBC9770B14806AFD09CB350DA36ED41CBA0
                                                                  Function 04DC0CF0 Relevance: .0, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ed7554f2caffcbabfdbf90b3fa71ccceef22c3cefae8b1b0aeb6061d5e7d5f99
                                                                  • Instruction ID: 87d606fa4da6f62d1c7d0a9ca03432001463ee4553cdaec71d22c0c32e5d9570
                                                                  • Opcode Fuzzy Hash: ed7554f2caffcbabfdbf90b3fa71ccceef22c3cefae8b1b0aeb6061d5e7d5f99
                                                                  • Instruction Fuzzy Hash: 8DF0FE70A0020DEFCB44EFF8E65559DBBB5EB84208F1045A9C809A7744EB316F45CB61
                                                                  Function 09225148 Relevance: .0, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1bb7c44d860642728943c91da56e451e689b61588056674cfe8984a0f5c5f057
                                                                  • Instruction ID: e6ec6077c2c1d93c71ffc2194a66ec2bd59d07e77f57b83cd62e4f840692f2e2
                                                                  • Opcode Fuzzy Hash: 1bb7c44d860642728943c91da56e451e689b61588056674cfe8984a0f5c5f057
                                                                  • Instruction Fuzzy Hash: 06F015B1E162489FCB45CF68C541498BFB1EF4A225B2081EED809DB222D2328A06CB50
                                                                  Function 0922A510 Relevance: .0, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ed3b59fac3e6fe223a68a3fe7e1c7dc7c0c5f8b3d7efb91c256864f1890a76e2
                                                                  • Instruction ID: b6348663dbb570cd9d99cb38123728b82b5e21730e48f142b74d7f63bfad7595
                                                                  • Opcode Fuzzy Hash: ed3b59fac3e6fe223a68a3fe7e1c7dc7c0c5f8b3d7efb91c256864f1890a76e2
                                                                  • Instruction Fuzzy Hash: E1F03270D042199F8744DFBCD949AA9BFF0EB08300B1042AAE80DEB320E6309A80CFC1
                                                                  Function 092290DA Relevance: .0, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2eb8d78b9268d38b0acf82b08f52c1824854ca62939e95e9c26c0832a7317b8b
                                                                  • Instruction ID: 1505126f439ebf04b88ff79c25fd70632614549dd253c58bad8a6a9a8e2adaaf
                                                                  • Opcode Fuzzy Hash: 2eb8d78b9268d38b0acf82b08f52c1824854ca62939e95e9c26c0832a7317b8b
                                                                  • Instruction Fuzzy Hash: A5E0D8353242619FC725CE19DA45765B7A1EF85704F04867EE40ACB691EB72D9428B80
                                                                  Function 0922A5B1 Relevance: .0, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 97a1cd0699b05ff05e7d36e502c099bd190bef8511f0865e42b63dc00431707b
                                                                  • Instruction ID: c16fb31e631e27755d36b8020cd9931446d565d751d96fb0b29c16696adf20ec
                                                                  • Opcode Fuzzy Hash: 97a1cd0699b05ff05e7d36e502c099bd190bef8511f0865e42b63dc00431707b
                                                                  • Instruction Fuzzy Hash: B0E0ED74D145199F8740DFBCD54996ABFF0EB08210F1081AAD94DE7751EA709950CBD1
                                                                  Function 04DCA311 Relevance: .0, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a74319f3c10f9e13e0c7d73f5d0438d9530f684c342803888cbe21d548789cb7
                                                                  • Instruction ID: e8cbf465b8e1e930d201a7230e7be129959def704cf08017f1147b413f34e909
                                                                  • Opcode Fuzzy Hash: a74319f3c10f9e13e0c7d73f5d0438d9530f684c342803888cbe21d548789cb7
                                                                  • Instruction Fuzzy Hash: CAE02B2230C3F45BC70622B838160E97FDB9A8602D306429FE001C3A93CC1D0C10C3F5
                                                                  Function 04DC9D20 Relevance: .0, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 88f8cdc4fc8ced6ba4f022cdb2d3d30d903032f1f9faa935aaac37429c501517
                                                                  • Instruction ID: aa5abb62e4857b287457a70c98d1325d2e2f8a3fa7ae0b9a3efd0f82f1531280
                                                                  • Opcode Fuzzy Hash: 88f8cdc4fc8ced6ba4f022cdb2d3d30d903032f1f9faa935aaac37429c501517
                                                                  • Instruction Fuzzy Hash: 66E04834765714DBD7196B30F51A5297775FBC9A2DB100179E50647340CF795C82CB90
                                                                  Function 09223908 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a20011a6228380efeae992a853fe13018968d1e099736ad4f3aa102254320195
                                                                  • Instruction ID: a174ba1a293f178ea936f2a9a3c361be25686158d7a2c3d0e6e46ac082d07d44
                                                                  • Opcode Fuzzy Hash: a20011a6228380efeae992a853fe13018968d1e099736ad4f3aa102254320195
                                                                  • Instruction Fuzzy Hash: E7E08631315168BBCB01BB25AC11BEF3B699FC5131B408262F915CB2D0DB615C5147E1
                                                                  Function 092255F0 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 81d03568bf9945a5bdafee0008cfb818fd7ecd2bc8025da9009f82db5eece356
                                                                  • Instruction ID: 1f6564be2900fcbdf573ca9c1e64db0e9cc409c5a90941a78e33b3d8f8711370
                                                                  • Opcode Fuzzy Hash: 81d03568bf9945a5bdafee0008cfb818fd7ecd2bc8025da9009f82db5eece356
                                                                  • Instruction Fuzzy Hash: 51E04F327042409FC708EF3CE4449993FE6EF49A1470640EEE106CB372DA26DC01CB90
                                                                  Function 092251B8 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9d355963351d3a8e23df1b93a76d38429b707ac5717c8eced8cdcb6460d5ea73
                                                                  • Instruction ID: 489db5bac56ffa41a23af5c854c1c02374cb2a7db9a7684548d0afdbf862db86
                                                                  • Opcode Fuzzy Hash: 9d355963351d3a8e23df1b93a76d38429b707ac5717c8eced8cdcb6460d5ea73
                                                                  • Instruction Fuzzy Hash: 40E04F396852109FC305DB68D855CA5BFF9EF4E72431540DAE60ACB372C632EC41CB90
                                                                  Function 09225188 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 247fcd39e706d0f12a63bc2225e18816856e2fcdd6e9433407ddfdd6c43eb36b
                                                                  • Instruction ID: 227b252af1aa369c58ddb5a5d90861516c849520ef1926fb431f9c8b970a37c3
                                                                  • Opcode Fuzzy Hash: 247fcd39e706d0f12a63bc2225e18816856e2fcdd6e9433407ddfdd6c43eb36b
                                                                  • Instruction Fuzzy Hash: 10E09279790100DFC344DB28D499DA47BF9EF5A62A35140A9F50ACB732DA22EC81CB60
                                                                  Function 04DC7FB8 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 046342466ed5467d2c01eb278c5be8c9239ac90efe01b0e123ad666797146bfb
                                                                  • Instruction ID: 1a9096db82e82d8d8457b74fb75e106afb29dccb364b551e0236b6e1be6dfcfb
                                                                  • Opcode Fuzzy Hash: 046342466ed5467d2c01eb278c5be8c9239ac90efe01b0e123ad666797146bfb
                                                                  • Instruction Fuzzy Hash: 2DE0B63A300A009F8324DA5AD844C67BBEAEFCD6213148469F65AC3720CA61EC019BA0
                                                                  Function 04DC71E8 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 61689f90b0297b9167de7f45eff8ce5283713ee3e0ff7ebff76b651fb1d2c5f1
                                                                  • Instruction ID: 1463c60a7d482b5874d08a6da54f5454a8900606cd3fcb99f1e4650437e0506f
                                                                  • Opcode Fuzzy Hash: 61689f90b0297b9167de7f45eff8ce5283713ee3e0ff7ebff76b651fb1d2c5f1
                                                                  • Instruction Fuzzy Hash: ECE04635200A008F8324DF1ED444C16FBEAEFC8620304846AE55EC7730DA70EC458B90
                                                                  Function 04DC596B Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 44a7a4f27cf896f592efaf8fc2af3aa4c954496c95984b5e1e09fbdc0b7601a1
                                                                  • Instruction ID: 0ba3bf88f71a527ab2a7599da0ea6741d810fc89c2c73d72042060df7f71e08e
                                                                  • Opcode Fuzzy Hash: 44a7a4f27cf896f592efaf8fc2af3aa4c954496c95984b5e1e09fbdc0b7601a1
                                                                  • Instruction Fuzzy Hash: 64F0F234A0020ACFCB08DFA4D5A99AEFBB2AF88320F14805AD411AB261CB34A901CF50
                                                                  Function 09225110 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 499b802aaeb80ebe613ce63622af709e1a1635fc49099943a82a72913bfd8bcf
                                                                  • Instruction ID: b4af6dfa1d7ddf11e4944e7a9fb20fb881f48cc9c18cd81d770c46824acff02d
                                                                  • Opcode Fuzzy Hash: 499b802aaeb80ebe613ce63622af709e1a1635fc49099943a82a72913bfd8bcf
                                                                  • Instruction Fuzzy Hash: 79E012711BA2A08FC74A8F74D4D44D53F20FE0327A31940DAD4448F177D3354406CB50
                                                                  Function 0922FEDB Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cb7fd21b3b9b9d57170ce06588875a4492d31f6377854ae5a4f636d01871ba6c
                                                                  • Instruction ID: 0f2420a4ff67f3c140dab6569555e699ea4daf24006f64ff1a57d5150c5aad4d
                                                                  • Opcode Fuzzy Hash: cb7fd21b3b9b9d57170ce06588875a4492d31f6377854ae5a4f636d01871ba6c
                                                                  • Instruction Fuzzy Hash: DEE0E539A00218CBCB18DFA4D5908DDB7B6EF88325B208069D806A7354CB36ED52CF90
                                                                  Function 04DC77CE Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 967d865cbde126bc917a830259417a72a861c3699344d8c14c8bbd20ae76f0d0
                                                                  • Instruction ID: 2fb9c0764535a7dc485764ab0d062d72ab36f9009b3843f0a6f095159d79cab2
                                                                  • Opcode Fuzzy Hash: 967d865cbde126bc917a830259417a72a861c3699344d8c14c8bbd20ae76f0d0
                                                                  • Instruction Fuzzy Hash: 54E086301097825FC312CB38C9D4A41FFA0AF56340F19C68ED4D9871A2C332F852CB52
                                                                  Function 04DC7F34 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 572bc1a80c866f6ad74a7a73d9132ee64117c2f58dc6612ec779f0e30381a06d
                                                                  • Instruction ID: fd78c7c986d136a2a4aa54f927082a6b0bc454a795e27aaa2592a5dada0ffc77
                                                                  • Opcode Fuzzy Hash: 572bc1a80c866f6ad74a7a73d9132ee64117c2f58dc6612ec779f0e30381a06d
                                                                  • Instruction Fuzzy Hash: C3D05E310193948FCB029B28A4408D17FB4EF0E73075902C7E4888B933D728E810C752
                                                                  Function 09225320 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3e5cf8d4eb780f8fc33b5bfda1d623d20e96206f1c08b1f773b3879f5371d1df
                                                                  • Instruction ID: 646e9e2c101e8eb465208e95674f4dfd98f5e9e78ea714ed171b1a6580b6b50b
                                                                  • Opcode Fuzzy Hash: 3e5cf8d4eb780f8fc33b5bfda1d623d20e96206f1c08b1f773b3879f5371d1df
                                                                  • Instruction Fuzzy Hash: F7E0EC71A51208EF8744CF68D5449E97FF5EB5A31572082EDE809D7321D2329E02DF50
                                                                  Function 09224C08 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5f8deea647c68e303db7ca861236feecce69fea3f2ee2e25a7eec0ac33bec6b7
                                                                  • Instruction ID: 6f1d5ca506977582ab017aded0160966816ae2e35f9d7cdfa1376508e8eb7f2e
                                                                  • Opcode Fuzzy Hash: 5f8deea647c68e303db7ca861236feecce69fea3f2ee2e25a7eec0ac33bec6b7
                                                                  • Instruction Fuzzy Hash: 21D01236200A10AB86349A5AE804D47B7FAEBC9661300853EE15A83660CA31BC018B90
                                                                  Function 09225600 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2b51a1607321ca7e400129fa5493361e33537c0ca039f4b3e844cd498a7e930e
                                                                  • Instruction ID: 338ba91579734e61189608ef02f202182c7337488e3d416e2b27da9a0db6fc22
                                                                  • Opcode Fuzzy Hash: 2b51a1607321ca7e400129fa5493361e33537c0ca039f4b3e844cd498a7e930e
                                                                  • Instruction Fuzzy Hash: D6E017317006148FC708EB6DD448C597BEAEF8AA1030640EAF10ACB372DA61EC008B90
                                                                  Function 04DCE6F8 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 504333b09e4e40efe860cadcde396dbe0056ee0dc5649ca80760de6dc6083518
                                                                  • Instruction ID: 3605807ae7ccd3f9fa79d9215b2d987a34b6223bcb33900f2e17190fb3234333
                                                                  • Opcode Fuzzy Hash: 504333b09e4e40efe860cadcde396dbe0056ee0dc5649ca80760de6dc6083518
                                                                  • Instruction Fuzzy Hash: 5EE04F30A02308DFC711DF74E94564DB7BAEB41205B6044BEC40497214EF36AA41DB90
                                                                  Function 09224B10 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 95dfb4261bebc05cb065da27cebdf0120eae0d0fead351854485e1f4afa0c6cd
                                                                  • Instruction ID: 83e392a50c4367f1ee07b4139b445d72348b63f2174e531eabb88d4e32f2329d
                                                                  • Opcode Fuzzy Hash: 95dfb4261bebc05cb065da27cebdf0120eae0d0fead351854485e1f4afa0c6cd
                                                                  • Instruction Fuzzy Hash: 85D05E361593408FC306CF74D4268A03B74EF0663A32540DAE444CB373C622AC43CB51
                                                                  Function 09225350 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aba91d169c7df84f906aeb84bb7f1ac080180d455d70ecec50c6bd67119f32e8
                                                                  • Instruction ID: dfa8da96c8ee8030e315d7a3fd734b11b30fa6506e3ea967f8da2dd04ffde0e6
                                                                  • Opcode Fuzzy Hash: aba91d169c7df84f906aeb84bb7f1ac080180d455d70ecec50c6bd67119f32e8
                                                                  • Instruction Fuzzy Hash: 50D02233310628578318A66DB8024BFB7DE8BCD232310823AE64EC7780CE216C034BC9
                                                                  Function 09225226 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 64c3d06f34176a2ffd0a626556a787cf8e7b0a2846a351980268231f5a6392f4
                                                                  • Instruction ID: 575e70f5300256a58c130b73516ba6aeba6cbe5cf998f4369451b88827d27e75
                                                                  • Opcode Fuzzy Hash: 64c3d06f34176a2ffd0a626556a787cf8e7b0a2846a351980268231f5a6392f4
                                                                  • Instruction Fuzzy Hash: 89E067393501149FC704DB6CD545C95BBE9EF4D62531581EAE509CB732CA72EC42CB90
                                                                  Function 0922A520 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8dbba0f8ad082489903086668bf2ce657a45774aebbfee705543bad89a503f17
                                                                  • Instruction ID: 4fbeea83f2dc4bedcacde10150d9e864376e331ecd8280c0626f830af5db5768
                                                                  • Opcode Fuzzy Hash: 8dbba0f8ad082489903086668bf2ce657a45774aebbfee705543bad89a503f17
                                                                  • Instruction Fuzzy Hash: 9EE092B4D042199F8B44DFACC54596EBBF4AB08300B1041A9D908E7321E7309A50CFC1
                                                                  Function 0922A5C0 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f444dbca1ed2605d7c09595279b7b78b3bc64eba9e9abdea3cbcf6fc9450ce19
                                                                  • Instruction ID: 5649bd8468f2ccc93034f037455b905cdf9fbb344958a6c930bbd9a34d9cbc24
                                                                  • Opcode Fuzzy Hash: f444dbca1ed2605d7c09595279b7b78b3bc64eba9e9abdea3cbcf6fc9450ce19
                                                                  • Instruction Fuzzy Hash: C6E0B6B4D142199F8B80DFACD54596EBBF4EB08310F1081A9D90CE7321E730AA508F81
                                                                  Function 04DC2720 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 77d87e17bb0792b30097e54ee40538d2b4130df549ea59934eb1ec5bee50fb95
                                                                  • Instruction ID: 61d597d728fd99e171dd0488219abc30fa6c0a38ede74ea45e8218de830d09ca
                                                                  • Opcode Fuzzy Hash: 77d87e17bb0792b30097e54ee40538d2b4130df549ea59934eb1ec5bee50fb95
                                                                  • Instruction Fuzzy Hash: 0CE0BF3240474DAECB01AFA4DC159AABB79FF55310F008545FA585A021EB31D5A0DB91
                                                                  Function 04DC7A90 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6799fb91aade95b6ff9c8e33eb3ef03fb47cd08142b1abb125a093330bcf6262
                                                                  • Instruction ID: bdc72bc0bdb3c79367a67f14f8485ae2e22a43af92c4d3a12995468c01f08fae
                                                                  • Opcode Fuzzy Hash: 6799fb91aade95b6ff9c8e33eb3ef03fb47cd08142b1abb125a093330bcf6262
                                                                  • Instruction Fuzzy Hash: F8D05E3250A7908FC31E8B38B4444D1BFA0AF4F21031545DED144CAD66C7359CC1CBA1
                                                                  Function 0922453D Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e1304d074cd80e40c1eca88b47a85ae8249e7779489afd3a5952ee20a12bd626
                                                                  • Instruction ID: f50d8866ace2a8e970442d8c2217e7770b4e8ecada7b1b766e2c5cf772c2c428
                                                                  • Opcode Fuzzy Hash: e1304d074cd80e40c1eca88b47a85ae8249e7779489afd3a5952ee20a12bd626
                                                                  • Instruction Fuzzy Hash: 91D05E72B04004CBAF08F6B5E8500ECB373DFC5110BA0817AC025A7144EE313E02CB82
                                                                  Function 0922BE88 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b066e896272ad28728044f0ea9310ba340292448e9b8c6d33a87f0f030d52d86
                                                                  • Instruction ID: 9f3e9b6f3bd3a17c7bd900139e8fcba86e8f8f99a62a29d04460cab5bba631fd
                                                                  • Opcode Fuzzy Hash: b066e896272ad28728044f0ea9310ba340292448e9b8c6d33a87f0f030d52d86
                                                                  • Instruction Fuzzy Hash: 51E042793505149FC708DF58D588C557BE9EF4D62531640D9E909CB332CA72EC42CBA1
                                                                  Function 04DC271E Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3ecacc94f3d1b52aaceb474af0bcf20dd672a50f8e8e9098cc18db9f950d25d9
                                                                  • Instruction ID: dfb61eab13f2c935b0759b63250cfbd6a42fcd383a55a846aa495a9995155b4b
                                                                  • Opcode Fuzzy Hash: 3ecacc94f3d1b52aaceb474af0bcf20dd672a50f8e8e9098cc18db9f950d25d9
                                                                  • Instruction Fuzzy Hash: 63E04632400709EECB02AFA4D9059AA7B75FF49300F04868AFA586A030EB31C1B0EB90
                                                                  Function 09225120 Relevance: .0, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5127ecb0d22368096d1600fd67bf877c6dbdb54eab6cd41d2b49a2e08797d705
                                                                  • Instruction ID: e404bf3d0ace3a6c577879dfecb8587e0356b6bb56c8ae8931ea4da93e41e444
                                                                  • Opcode Fuzzy Hash: 5127ecb0d22368096d1600fd67bf877c6dbdb54eab6cd41d2b49a2e08797d705
                                                                  • Instruction Fuzzy Hash: 17D06C39250A148FC318DF69D488C56B7E9FF4D62531245E9E95ACB732CA71FC41CB90
                                                                  Function 09225158 Relevance: .0, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dfd4226a85e8861dc893495933111f8c7d3aa349f13df27a7dc9e0faf213ff44
                                                                  • Instruction ID: 34797973fdec411eeb48723b6a9427d577c7002910819cd3bc4718af18c952c7
                                                                  • Opcode Fuzzy Hash: dfd4226a85e8861dc893495933111f8c7d3aa349f13df27a7dc9e0faf213ff44
                                                                  • Instruction Fuzzy Hash: 21E0E2B4E00208EF8B44DFA8D58488CBBF4EF48214F2081E9D80CD7321E631AA41CB80
                                                                  Function 09225190 Relevance: .0, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f948124c2a5f39deefcbb2e57c24fd074904afe6be05341bac7b799918726f9d
                                                                  • Instruction ID: 68fd05bf799a789fe02eafd7ca5f50c87afe5634e8efcdafb678ae882981ea7a
                                                                  • Opcode Fuzzy Hash: f948124c2a5f39deefcbb2e57c24fd074904afe6be05341bac7b799918726f9d
                                                                  • Instruction Fuzzy Hash: F0E024382805048FC744EB28C598D18BBE9EF49A2931680A9E90ACB372DA22EC41CB40
                                                                  Function 092251C8 Relevance: .0, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bef4ea50c2c08c1a17fecce91fed44f63a275475857b382ef4ebcd7adfe1c2cd
                                                                  • Instruction ID: 4155b63554a117527317805b80a6f1c8fc31af12e2eae4a93557ca13d87e18b6
                                                                  • Opcode Fuzzy Hash: bef4ea50c2c08c1a17fecce91fed44f63a275475857b382ef4ebcd7adfe1c2cd
                                                                  • Instruction Fuzzy Hash: 5DD067397501149FC704DB68D544C55B7E9EF4D62531580D9E509CB332CA72EC42CB90
                                                                  Function 09225228 Relevance: .0, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5edb3977f8eb3701e67e9ceb55f0217a7f135a6a1cc804712b05944868f93d5b
                                                                  • Instruction ID: 9f73916ec8162341bf5ebb98bf66d6d716e26ac767d002326c3c58a85973c486
                                                                  • Opcode Fuzzy Hash: 5edb3977f8eb3701e67e9ceb55f0217a7f135a6a1cc804712b05944868f93d5b
                                                                  • Instruction Fuzzy Hash: 0ED067393501149FC704DB68D544C55B7E9EF4D62531580D9E509CB332CA72EC02CB90
                                                                  Function 09226620 Relevance: .0, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7cad500a5a2e2b74244c457e2a5ee0764159855ffb6b67af471b9101443885d7
                                                                  • Instruction ID: 5162d803f9ae7f65345360568731901b9b886b18aa0c2c0b59e5c9f311cfd6eb
                                                                  • Opcode Fuzzy Hash: 7cad500a5a2e2b74244c457e2a5ee0764159855ffb6b67af471b9101443885d7
                                                                  • Instruction Fuzzy Hash: 5BD0A936520204EFC3009E28E811D807FA8AFAAF20B104099F6408B632D633F800CB92
                                                                  Function 0922A690 Relevance: .0, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b5bca6bf42f63471f887963dbf138354a80f67750753a0ddc88136b7e332c0ae
                                                                  • Instruction ID: 83c0ce7dfb3759fb07249a761c9ffb7ee6e88a6cdf66a9cf2ce5cf6cb0aa1b0c
                                                                  • Opcode Fuzzy Hash: b5bca6bf42f63471f887963dbf138354a80f67750753a0ddc88136b7e332c0ae
                                                                  • Instruction Fuzzy Hash: 24D06C39250A148FC318DF69D488C56B7E9EF4D62531241A9E94ACB732CA71FC41CB90
                                                                  Function 091C11F8 Relevance: .0, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174126709.00000000091C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_91c0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: db2faf319197232ec329eb353146db94730def1262ef53b06c7afc1fca2d0f7b
                                                                  • Instruction ID: 983e53567115b669af816f2341a32070e6f0208af5a02dd9c9427069e172dab1
                                                                  • Opcode Fuzzy Hash: db2faf319197232ec329eb353146db94730def1262ef53b06c7afc1fca2d0f7b
                                                                  • Instruction Fuzzy Hash: 97D01230B0120CEF8B40DFA8EA0155DBBB9DB84215B1045A9D408E7250DA316E0097A1
                                                                  Function 09226948 Relevance: .0, Instructions: 15COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 76edc90519a7905e3bf149155f75e96809b705a0fb2b578044338656c0be2bd7
                                                                  • Instruction ID: 7e8ad4faf1eab19ec045a9a0e6a86ce109ec1436862c4495b91aa1a1f0c9ecb4
                                                                  • Opcode Fuzzy Hash: 76edc90519a7905e3bf149155f75e96809b705a0fb2b578044338656c0be2bd7
                                                                  • Instruction Fuzzy Hash: A9D05E31B0D6911FC309E769AA41984BFD29FC0218B0A80BAC10887236DA24986983E8
                                                                  Function 0922525D Relevance: .0, Instructions: 15COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8cfe0331023ee05b6036afd7d77f432b88b89dfbb4c1bb1371d78d6c5b425673
                                                                  • Instruction ID: d0c805c5336f8ae165b0cbd1f5ddaf2a6aded949cfab215b89731ee78bcb5d2a
                                                                  • Opcode Fuzzy Hash: 8cfe0331023ee05b6036afd7d77f432b88b89dfbb4c1bb1371d78d6c5b425673
                                                                  • Instruction Fuzzy Hash: FEC01232700524578614A1ADB8115DBBBCA8BC95603008126E10DC3651DE605C0206D5
                                                                  Function 09224C06 Relevance: .0, Instructions: 15COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0ac74605cee4f0d8f797034e4fd1218d2babbcf16896eafd85e1cd17526c9f5d
                                                                  • Instruction ID: 566a79158b576540c594e68a96166c5038432d9bd0706ace8c4cafa16d88fa37
                                                                  • Opcode Fuzzy Hash: 0ac74605cee4f0d8f797034e4fd1218d2babbcf16896eafd85e1cd17526c9f5d
                                                                  • Instruction Fuzzy Hash: 7FD09E36210A10ABC624AA59E454D57B7F3EBC8651310C929D15B83A70C731BC159B50
                                                                  Function 04DCA320 Relevance: .0, Instructions: 15COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 13a16e2ed3445588ca0b5e14d980d9ee6a07ed02977e92a9c27e623ebe2393d7
                                                                  • Instruction ID: a57addbd2dfd3ce27170bb9475b02cd2fee96aa2f5f2f633d15c5bc1dec90d51
                                                                  • Opcode Fuzzy Hash: 13a16e2ed3445588ca0b5e14d980d9ee6a07ed02977e92a9c27e623ebe2393d7
                                                                  • Instruction Fuzzy Hash: 44C012317042A8538A0836BD74190A976CEE7D952E301452AE506C3391CD695C1097F4
                                                                  Function 04DC7B5A Relevance: .0, Instructions: 15COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1889e1a6f6fd590e9a90e629e6c7a6775662a2a68c9d94de1fa288cabed0894e
                                                                  • Instruction ID: 5f4226f2c148951789aaae053cb123eda2fbd24a7bf0b16434877d6a771cf33c
                                                                  • Opcode Fuzzy Hash: 1889e1a6f6fd590e9a90e629e6c7a6775662a2a68c9d94de1fa288cabed0894e
                                                                  • Instruction Fuzzy Hash: 75E0BD3AA00109DFCB04CB94E8889DCBBB1FB88322F248065E605A7260C731A995CF60
                                                                  Function 09225328 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a8ea83052a291dd680beb38acb2ce6cb0562033857557a7c9a3227dabc1e97d6
                                                                  • Instruction ID: 59c9010d2ecf3d5cab42f7a40fcf79938562df959d7e9a1042f9c4c97f52137e
                                                                  • Opcode Fuzzy Hash: a8ea83052a291dd680beb38acb2ce6cb0562033857557a7c9a3227dabc1e97d6
                                                                  • Instruction Fuzzy Hash: 5DD09E75A05108EF8704CF68D644859BBF9EB4921471181D9E80CD7321D632EE01DB91
                                                                  Function 09225358 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 738e858d2d47b8bdc655c67316b177dc37055f3122a685eabf66ad569706b236
                                                                  • Instruction ID: 38829e56e5869c59defda57c326a003d8ced193ddc6258de718ec188e5af5d9d
                                                                  • Opcode Fuzzy Hash: 738e858d2d47b8bdc655c67316b177dc37055f3122a685eabf66ad569706b236
                                                                  • Instruction Fuzzy Hash: 2AC08C32700638578718A66EA40186BB7DE8BCC620310C23AE50EC3340DE60AC0103C8
                                                                  Function 09225260 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0c959079510cdeedabd2846b46e9f482727e364ef62fa947f8f91662f36fd9ab
                                                                  • Instruction ID: 18463281b13d1fb1d9927960e070cacd3f9eecd96e102e364c7949f5d8772b2a
                                                                  • Opcode Fuzzy Hash: 0c959079510cdeedabd2846b46e9f482727e364ef62fa947f8f91662f36fd9ab
                                                                  • Instruction Fuzzy Hash: CAC08C32700534578608B2AEB811A9BBBCF8BC9660300C03AE00EC3321DF60AC0107C4
                                                                  Function 04DC7C40 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6e65021a719106e727572f7297815b5faa93400c6e8fd0053409a400d01909ad
                                                                  • Instruction ID: d4b5a249d56b6a45b89e6f6c1a077a5fb6cb1d4225f0c2015afe29580c8a09ff
                                                                  • Opcode Fuzzy Hash: 6e65021a719106e727572f7297815b5faa93400c6e8fd0053409a400d01909ad
                                                                  • Instruction Fuzzy Hash: 21C08C6144A6C95FE30BABB049620C0BFA4AD832A038705C3C8D0CB56AC63C8607829F
                                                                  Function 0922A610 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 46239fc17000472e700348062569b6c164fb57a4ea66b4363e84104dc3461859
                                                                  • Instruction ID: 0a7b381a303db304e2f75c5ff850ce6c1f5ce3fba7a66b60b86cdfbc6c78ebd7
                                                                  • Opcode Fuzzy Hash: 46239fc17000472e700348062569b6c164fb57a4ea66b4363e84104dc3461859
                                                                  • Instruction Fuzzy Hash: DCD0CA382902048FC380DB29C488C24BBF8EF09A2530A80E5F909CB333CA31EC00CB50
                                                                  Function 091A221C Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7173852816.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_91a0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4a3921b9c988acc232066e06cce532ebc4e93925b761bb3af2d48c06aa40ca99
                                                                  • Instruction ID: 13b4c4c1086acba3524997ca254f1734585dbfbad7c3622383f0618142864807
                                                                  • Opcode Fuzzy Hash: 4a3921b9c988acc232066e06cce532ebc4e93925b761bb3af2d48c06aa40ca99
                                                                  • Instruction Fuzzy Hash: 10C04C3D1501049FC300DB68F9C5C91BBE8EB49A1531585D5E50E4B722DA22FC528A91
                                                                  Function 04DC5788 Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 50aa6be2716b1137b803168a29e616b9c4f5f5395027ce7d07686bece610516a
                                                                  • Instruction ID: 637987d778d9d3fafd375ecfe85780d9b465c40e2473ddeb9e2d4815aac60bad
                                                                  • Opcode Fuzzy Hash: 50aa6be2716b1137b803168a29e616b9c4f5f5395027ce7d07686bece610516a
                                                                  • Instruction Fuzzy Hash: 34D012351042119FC354C608D480A52FBD19F99314F14C85EF49E87351C672FC83CB54
                                                                  Function 04DC6BE0 Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1c414af21430603d395dbf31be3a12440903bf33a3050c3725ba8043a7f1229e
                                                                  • Instruction ID: 9e4a7865dd86ca28d0cf680052e92a6e27e6cea18bdf6cd393d491f3173e4fc0
                                                                  • Opcode Fuzzy Hash: 1c414af21430603d395dbf31be3a12440903bf33a3050c3725ba8043a7f1229e
                                                                  • Instruction Fuzzy Hash: DCD0C9B5005280DFCF16AF30E169C807F32EF4634532645CDD8858A167CB35852ACB41
                                                                  Function 09222B08 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3010fe16f19b6e6766d226eeb1822d33deca7d278338a1e14cdfc49fef728d1a
                                                                  • Instruction ID: f17fa78266207a64d0483f6ff76fbdb8fa9cbf89fe15c9e6b7ba41de7c570fbb
                                                                  • Opcode Fuzzy Hash: 3010fe16f19b6e6766d226eeb1822d33deca7d278338a1e14cdfc49fef728d1a
                                                                  • Instruction Fuzzy Hash: B3C012B020010CEBCB016A11E90182ABF2AEB40220700C122FC4806320DA329CA1DAA0
                                                                  Function 0922E630 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 03997d0d6e9f4f86f906b6fe91797ac14959b9179fcdda38cd47bc042751bdba
                                                                  • Instruction ID: 454d7d7919750ea46a0ff7cd4a18c16b663f768b5f4a5c33e3f8e46c1fe4fb03
                                                                  • Opcode Fuzzy Hash: 03997d0d6e9f4f86f906b6fe91797ac14959b9179fcdda38cd47bc042751bdba
                                                                  • Instruction Fuzzy Hash: 91C080300153449FC7035F7CFA191917F59EB85514F04449ED40446153D713B835DBC6
                                                                  Function 09226630 Relevance: .0, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 48c6ebf958e5165e32086d1a1a0777a9377da335032da538182b22dea467f7cc
                                                                  • Instruction ID: 800d9ef85e738d885f8b38cd4f1241f11b01d4cad96165a0d6da631e3ffa7408
                                                                  • Opcode Fuzzy Hash: 48c6ebf958e5165e32086d1a1a0777a9377da335032da538182b22dea467f7cc
                                                                  • Instruction Fuzzy Hash: D1C04C35250208DFC700DF59D444C557BB9BF59B147508095F6454B731C732F811DB94
                                                                  Function 04DC05D3 Relevance: .0, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c27c62064d8b38d044af0095d8e916ee0b17ae0f332ffb558d185920ab57172b
                                                                  • Instruction ID: 61c7402733105a7998cdaf3f71e64c62326b6067976e659304a032ed691d8c9c
                                                                  • Opcode Fuzzy Hash: c27c62064d8b38d044af0095d8e916ee0b17ae0f332ffb558d185920ab57172b
                                                                  • Instruction Fuzzy Hash: C0C04C3420A280DFC707CB50C861461BB359F8611471984CFD4898F293CA27ED07D751
                                                                  Function 09224B20 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 01d7773e4767fa52debadd09e0a1caa45eb21dd5ab9fe5156457fe6b5e6c0fc9
                                                                  • Instruction ID: b423bb65748722c8ac5141cebe3ab10ea4bed4eb96c881f550d5fc81f41235df
                                                                  • Opcode Fuzzy Hash: 01d7773e4767fa52debadd09e0a1caa45eb21dd5ab9fe5156457fe6b5e6c0fc9
                                                                  • Instruction Fuzzy Hash: 16C048352402088F8204DB58D584C10B7A8AB49A1831540D8E5098B332CA22FC02CA80
                                                                  Function 091A2220 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7173852816.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_91a0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: faabb3b8c579a5bca101869c56eebb99d859de9499f6ddac1600156f8d213545
                                                                  • Instruction ID: 1b52247a3b7322f06e685557b9819019f1cf175490aa5bf953bf40f489ad6b88
                                                                  • Opcode Fuzzy Hash: faabb3b8c579a5bca101869c56eebb99d859de9499f6ddac1600156f8d213545
                                                                  • Instruction Fuzzy Hash: 9AC09239250208CFC300DB68E688C10BBF8EF4DA18325C0D8E50D8B332CB22FC01CA80
                                                                  Function 04DC7F50 Relevance: .0, Instructions: 7COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 406dac5c139cdb57122e67df7a8140eb07c55dea271d7c8adc793fd4354e830c
                                                                  • Instruction ID: b6a7e1941b05a5c068b030d6def5ecb392f4329ff73610c73c6f0e5c76012305
                                                                  • Opcode Fuzzy Hash: 406dac5c139cdb57122e67df7a8140eb07c55dea271d7c8adc793fd4354e830c
                                                                  • Instruction Fuzzy Hash: 95B092311402088F8200DB58D444C0073A8AB08A1430100D0E1088B232C621FC008A40
                                                                  Function 0922E640 Relevance: .0, Instructions: 6COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174469871.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_9220000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f40993977d72b672f630c1e8611183559dd922c2245e0ff307326caa80699181
                                                                  • Instruction ID: ea8ef08f884256e35c757c3a39cb21cee3539705e3352c7f65266004a2222f7f
                                                                  • Opcode Fuzzy Hash: f40993977d72b672f630c1e8611183559dd922c2245e0ff307326caa80699181
                                                                  • Instruction Fuzzy Hash: 0FA012300002088781006B44E519454779CD6885047044054940D022014B12FC018580
                                                                  Function 04DC0F2E Relevance: .0, Instructions: 5COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 007c32f7c54516c1b7ca4801b6175f09468565fe06050d8d0cffc704c89b25bb
                                                                  • Instruction ID: 459489b13aee869d508d34b8a8ed6a162159104ab4aadc3684e917716b71f63e
                                                                  • Opcode Fuzzy Hash: 007c32f7c54516c1b7ca4801b6175f09468565fe06050d8d0cffc704c89b25bb
                                                                  • Instruction Fuzzy Hash: EEA01271100000479900DA04C841800F750DB8120C31CC089A4158B205CB27FC03D600

                                                                  Non-executed Functions

                                                                  Function 091C22C0 Relevance: .5, Instructions: 535COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174126709.00000000091C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_91c0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ef4385bd4d01867e7d0e113f9ada4adbfdd43260e817f65003cce9d4790d76dc
                                                                  • Instruction ID: 6f72ebe06f6a640666d3282351a04a26db198cd50a6507fa42b9266209d3985d
                                                                  • Opcode Fuzzy Hash: ef4385bd4d01867e7d0e113f9ada4adbfdd43260e817f65003cce9d4790d76dc
                                                                  • Instruction Fuzzy Hash: 30422938A40219DFDB05DFB4DA50A9D7BB3FB98304F108458DA056B364CB396D86DFA1
                                                                  Function 091C22D0 Relevance: .5, Instructions: 524COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174126709.00000000091C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_91c0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fc2b7ce15a58ea8de888534b2487ce2656987cdb39afba2527f36d55a8d2257c
                                                                  • Instruction ID: bfd324e62738feee2a87483bebe550371cce5b0f6f5c4dc36ed2759e30cc63ee
                                                                  • Opcode Fuzzy Hash: fc2b7ce15a58ea8de888534b2487ce2656987cdb39afba2527f36d55a8d2257c
                                                                  • Instruction Fuzzy Hash: D2322938B40219DFDB09DFA4DA50A9D7BB3FB98304F108518DA056B364CB396D86DFA1
                                                                  Function 091A10A8 Relevance: .5, Instructions: 457COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7173852816.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_91a0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7cf6909a5152478277a0ca1d671db8346c264b176320216027aca1a57cc6fd03
                                                                  • Instruction ID: ca7208362d507111ef12afb4e7aa96eb9827b9ae9382483fc4867de113a9a7c8
                                                                  • Opcode Fuzzy Hash: 7cf6909a5152478277a0ca1d671db8346c264b176320216027aca1a57cc6fd03
                                                                  • Instruction Fuzzy Hash: 6D029D75F0021ACBDB10AFB4D9546ADB7B2FF85304F1085AAD509BB340EB746E85CB91
                                                                  Function 091ACFC8 Relevance: .2, Instructions: 239COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7173852816.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_91a0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 25143ca46fac3e912c41a27eb41a480c7d3d870b9c90177625316a3e7271f792
                                                                  • Instruction ID: 4bf3406e63d14a87e17db66d6a08efc2430601ccfa5942c1e2d4feb6fb05ced9
                                                                  • Opcode Fuzzy Hash: 25143ca46fac3e912c41a27eb41a480c7d3d870b9c90177625316a3e7271f792
                                                                  • Instruction Fuzzy Hash: A8A1EE74A40208DFDB05EBA4DA51AAEBFB7EF88300F108469E81577764CE396D45CF61
                                                                  Function 091ACFD0 Relevance: .2, Instructions: 235COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7173852816.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_91a0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5ea90ae1bb9ce45292509653fc36dcfcc752ef6bafb1f187f8313cea909c9fa3
                                                                  • Instruction ID: a7f12e8638822bf899630f09270ac526f7e7fb530d2cf627496105690e96b4d3
                                                                  • Opcode Fuzzy Hash: 5ea90ae1bb9ce45292509653fc36dcfcc752ef6bafb1f187f8313cea909c9fa3
                                                                  • Instruction Fuzzy Hash: FCA1EE74A40308DFDB05EBA4DA50AAEBFB7EF88300F108469E91577754CE39AD45CBA1
                                                                  Function 04DC2EA0 Relevance: 7.8, Strings: 6, Instructions: 271COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7163784375.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_4dc0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: p`^q$p`^q$p`^q$p`^q$p`^q$p`^q
                                                                  • API String ID: 0-2056467497
                                                                  • Opcode ID: 5d579e22a7c851237df698f4ab3ddc21bf228fdae6908aae515589992ea7ff7d
                                                                  • Instruction ID: 79f4898207ebbf96e45702b8e25488d899446063c2757389100b8e639a517dc7
                                                                  • Opcode Fuzzy Hash: 5d579e22a7c851237df698f4ab3ddc21bf228fdae6908aae515589992ea7ff7d
                                                                  • Instruction Fuzzy Hash: 62A14435B002058FCB19DF69D898A6DBBF2FF88715F1481A9E906DB3A1DA34EC45CB50
                                                                  Function 091C2CF8 Relevance: 7.7, Strings: 6, Instructions: 218COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.7174126709.00000000091C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_91c0000_Microsoft.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: (bq$(bq$(bq$(bq$(bq$(bq
                                                                  • API String ID: 0-3607145362
                                                                  • Opcode ID: 4ad479834b824df2b63cd2682ebbca1bf78cbd4fd3892d9cffe1d7e03574bf95
                                                                  • Instruction ID: 8defc087dff37fbe5a114ccf9abd0df2e1d4be712d829ef6a252a95b15f6682b
                                                                  • Opcode Fuzzy Hash: 4ad479834b824df2b63cd2682ebbca1bf78cbd4fd3892d9cffe1d7e03574bf95
                                                                  • Instruction Fuzzy Hash: 2F71EE347042558FDB09AF29C61476E3BE6EBA1389F14896DE8068B3D0CF78DD45CBA1